Bug 628400 (CVE-2017-10661)

Summary:	kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)
Product:	Gentoo Security	Reporter:	D'juan McDonald (domhnall) <flopwiki>
Component:	Kernel	Assignee:	Gentoo Kernel Security <security-kernel>
Status:	RESOLVED FIXED
Severity:	normal	CC:	security-kernel
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10661
Whiteboard:
Package list:		Runtime testing required:	---

Description D'juan McDonald (domhnall) 2017-08-20 18:00:18 UTC

From $URL:

Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-08-20 19:43:37 UTC

Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6

Comment 2 John Helmert III archtester

2022-03-26 00:09:11 UTC

Fix in 4.9.27, 4.11