Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 405545 (CVE-2012-0879) - linux < 2.6.33(-rc1) kernel: block: CLONE_IO io_context refcounting issues (CVE-2012-0879)
Summary: linux < 2.6.33(-rc1) kernel: block: CLONE_IO io_context refcounting issues (C...
Alias: CVE-2012-0879
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Kernel Security
Whiteboard: [linux < 2.6.33(-rc1)]
Keywords: PATCH
Depends on:
Reported: 2012-02-24 10:09 UTC by Michael Harrison
Modified: 2018-04-04 18:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Michael Harrison 2012-02-24 10:09:59 UTC
With CLONE_IO, copy_io() increments both ioc->refcount and ioc->nr_tasks.
However exit_io_context() only decrements ioc->refcount if ioc->nr_tasks
reaches 0.

With CLONE_IO, parent's io_context->nr_tasks is incremented, but never
decremented whenever copy_process() fails afterwards, which prevents
xit_io_context() from calling IO schedulers exit functions.

An unprivileged local user could use these flaws cause denial of service.

Upstream fixes:

Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 18:08:38 UTC
There are no longer any 2.x kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.