oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request -- kernel: epoll: can leak file descriptors when returning -ELOOP

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 04 Jul 2012 10:31:45 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/04/2012 01:19 AM, Petr Matousek wrote:

An epoll_ctl(,EPOLL_CTL_ADD,,) operation can return '-ELOOP' to
prevent circular epoll dependencies from being created.  However,
in that case we do not properly clear the 'tfile_check_list'.

An unprivileged local user could use this flaw to crash the
system.

Regression introduced via 28d82dc1c4edbc352129f97f4ca22624d1fe61de 
commit.

Upstream fix: 13d518074a952d33d47c428419693f63389547e9

References: https://lkml.org/lkml/2012/3/27/65 
https://lkml.org/lkml/2012/4/17/247 
https://bugzilla.redhat.com/show_bug.cgi?id=837502

Thanks,


Please use CVE-2012-3375 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP9G/uAAoJEBYNRVNeJnmTQ0gQAKEDLP9MS+7TfgdvZwW0WvUp
/yn9FiWGZ7I9J0cXfPA/UNF4DOb4kZ4SbZBRwPwPKm8+KlP2CczDfSIXqHniyTWP
DYA1bahNPjesFIDuLWm7aZE+Joj3S2ptQzrrlGLmMEM/SzftI9cAs63bBVj0FgP1
cyckX/qkvhla5OlD3lrHmqFUpXE5z375mR26g7pvQPSwUibdVSPz1AQCydiUjU00
BnTWbhXfWBAzLh38phj1Fi9McoefzBG4Ih0ACf/WqkP3SnJzNpNccMpMK57qqICK
B1hXmkIIjK+taa7/URJJmXz62wEYkC1COaXgbXx6fwc0xsCIjAQoOx4ZBCqlK69D
WYV9qQz3whByMtAF210MiHvUaH6V3it2UU02v+YKO+LYi40TRBH6DiIpNKg/ghrV
Pnwn8Q4Hp7YjKEoQqo33WjyH3U/PXjLIkIOpf/DAQeTJ1ERuhNH0TsQzVMLbYCCd
N9mmUNJQbfPWxH5g5JfxzZXmGYfYcrvUNQechfwrZ9ZOwrUDyP+ip0tKvWWqu54/
7UiZ/QJoUGACqqFyX6FcUw2nQladfYtDmyKHJZE9uvwz8DeZhB8OnMomTDjoUWsU
Ep3+Fla8lUvEzUa7XZ4sirDlP58l2PDb6x2ylYDIRY3zGuRMpwz1LKz0TZoldhFu
MyPWFd6InJk96QZ64PVn
=jYse
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: