Bug 914155 (CVE-2022-47022)

Summary:	<sys-apps/hwloc-2.9.3: Denial of service
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	IN_PROGRESS ---
Severity:	normal	CC:	cluster
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://github.com/open-mpi/hwloc/issues/544
Whiteboard:	B3 [stable?]
Package list:		Runtime testing required:	---

Description Sam James archtester

2023-09-14 03:01:51 UTC

+Version 2.9.3
+-------------
+* Handle Linux glibc allocation errors in binding routines (CVE-2022-47022).
+* Fix hwloc-calc when searching objects on heterogeneous memory platforms,
+  thanks to Antoine Morvan for the report.
+* Fix hwloc_get_next_child() when there are some memory-side caches.
+* Don't crash if the topology is empty because Linux cgroups are wrong.
+* Improve some hwloc-bind warnings in case of command-line parsing errors.
+* Many documentation improvements all over the place, including:
+  + hwloc_topology_restrict() and hwloc_topology_insert_group() may reorder
+    children, causing the logical indexes of objects to change.
+

"An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c."

Comment 1 Larry the Git Cow gentoo-dev

2023-09-14 03:41:07 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7852d7a47a8c2f8c68c063680c38aa4c12a3d04d

commit 7852d7a47a8c2f8c68c063680c38aa4c12a3d04d
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-09-14 03:15:43 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-09-14 03:15:49 +0000

    sys-apps/hwloc: add 2.9.3
    
    Bug: https://bugs.gentoo.org/914155
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-apps/hwloc/Manifest           |   1 +
 sys-apps/hwloc/hwloc-2.9.3.ebuild | 120 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 121 insertions(+)