628400 – (CVE-2017-10661) kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)

Bug 628400 (CVE-2017-10661) - kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)

Summary: kernel: Handling of might_cancel queueing is not properly pretected against r...

Status:	RESOLVED FIXED

Alias:	CVE-2017-10661

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Kernel Security

URL:	https://web.nvd.nist.gov/view/vuln/de...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-08-20 18:00 UTC by D'juan McDonald (domhnall)
Modified:	2022-03-26 00:09 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description D'juan McDonald (domhnall) 2017-08-20 18:00:18 UTC

From $URL:

Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-08-20 19:43:37 UTC

Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6

Comment 2 John Helmert III archtester

2022-03-26 00:09:11 UTC

Fix in 4.9.27, 4.11