Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 480200 (CVE-2013-4205)

Summary: Kernel : CLONE_NEWUSER local DoS (CVE-2013-4205)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED FIXED    
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2013/08/06/1
Whiteboard:
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-08-07 19:00:46 UTC 
From ${URL} :

spender reported [1] a local DoS triggerable by unprivileged user when
user namespaces are enabled (CONFIG_USER_NS).

  [1] https://twitter.com/grsecurity/status/364566062336978944

Reproducer:

b836010000bb00000010cd80ebf2 is for(;;)unshare(1<<28);
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2013-08-30 01:08:07 UTC 
CVE-2013-4205 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4205):
  Memory leak in the unshare_userns function in kernel/user_namespace.c in the
  Linux kernel before 3.10.6 allows local users to cause a denial of service
  (memory consumption) via an invalid CLONE_NEWUSER unshare call.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-25 15:30:14 UTC 
In 3.12 onwards