Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 220691 (CVE-2008-1669) - Kernel: SMP ordering hole in fcntl_setlk() (CVE-2008-1669)
Summary: Kernel: SMP ordering hole in fcntl_setlk() (CVE-2008-1669)
Alias: CVE-2008-1669
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: [linux > 2.4.19 <]
Depends on:
Reported: 2008-05-06 23:16 UTC by Robert Buchholz (RETIRED)
Modified: 2013-09-05 03:02 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-05-06 23:16:22 UTC
[PATCH] fix SMP ordering hole in fcntl_setlk()

fcntl_setlk()/close() race prevention has a subtle hole - we need to
make sure that if we *do* have an fcntl/close race on SMP box, the
access to descriptor table and inode->i_flock won't get reordered.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-05-08 18:01:44 UTC
Name:      CVE-2008-1669

Linux kernel before does not apply a certain protection mechanism for
fcntl functionality, which allows local users to (1) execute code in parallel
or (2) exploit a race condition to obtain "re-ordered access to the descriptor