oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request -- Linux kernel: bridge: BUG at kernel/timer.c:729

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 15 Jul 2013 22:38:55 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/15/2013 03:12 PM, Petr Matousek wrote:

Several people reported the oops: "kernel BUG at
kernel/timer.c:729!" and the stack trace is:

#7 [ffff880214d25c10] mod_timer+501 at ffffffff8106d905 #8
[ffff880214d25c50] br_multicast_del_pg.isra.20+261 at 
ffffffffa0731d25 [bridge] #9 [ffff880214d25c80]
br_multicast_disable_port+88 at ffffffffa0732948 [bridge] #10
[ffff880214d25cb0] br_stp_disable_port+154 at ffffffffa072bcca 
[bridge] #11 [ffff880214d25ce8] br_device_event+520 at
ffffffffa072a4e8 [bridge] #12 [ffff880214d25d18]
notifier_call_chain+76 at ffffffff8164aafc #13 [ffff880214d25d50]
raw_notifier_call_chain+22 at ffffffff810858f6 #14
[ffff880214d25d60] call_netdevice_notifiers+45 at ffffffff81536aad 
#15 [ffff880214d25d80] dev_close_many+183 at ffffffff81536d17 #16
[ffff880214d25dc0] rollback_registered_many+168 at 
ffffffff81537f68 #17 [ffff880214d25de8] rollback_registered+49 at
ffffffff81538101 #18 [ffff880214d25e10]
unregister_netdevice_queue+72 at ffffffff815390d8 #19
[ffff880214d25e30] __tun_detach+272 at ffffffffa074c2f0 [tun] #20
[ffff880214d25e88] tun_chr_close+45 at ffffffffa074c4bd [tun] #21
[ffff880214d25ea8] __fput+225 at ffffffff8119b1f1 #22
[ffff880214d25ef0] ____fput+14 at ffffffff8119b3fe #23
[ffff880214d25f00] task_work_run+159 at ffffffff8107cf7f #24
[ffff880214d25f30] do_notify_resume+97 at ffffffff810139e1 #25
[ffff880214d25f50] int_signal+18 at ffffffff8164f292

The bug was usually hit when shutting down a KVM guest.

Upstream fix: 
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c7e8e8a8f7a70b343ca1e0f90a31e35ab2d16de1

 Introduced by: 
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9f00b2e7cf241fa389733d41b6

 Introduced in upstream version: v3.11-rc1 (but we had it in Fedora
because of bz#880035)

References: https://bugzilla.redhat.com/show_bug.cgi?id=984743 
https://bugzilla.redhat.com/show_bug.cgi?id=980254 
http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f19&id=a993279a9bb538ae524fca69ec23c5c1b428f47e



Please use CVE-2013-4129 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR5M5fAAoJEBYNRVNeJnmTdfQP/jTf5JrZPdnseaAHCieVx9Fp
8N1vX8yIENjs9axhYex2kS/2YqJEy+9XFLeepdvVZsXsY8hwKzXP8rEfgSI9vvAT
fj0lBQPFZMflnoRlH1pRlleiAV+ooCJFKevTtH5s5oj7hpNVwJ5jptmeE+HCy94p
xwnm4A5GE7pe3ZIx8bc2JTfDxmt+Sol6RE2kzVhSZjBkvp9p1BHE5iptgp0i7OnL
wuK48tMezMxhCzqsHlISCzlIsIzWMvSlAS7mA3+6GVeaTz15vB7pyDGrUNgwNREq
BN/AYgzjgFJ0qcCgLO3WNuD/ZSrIL6F2DnXJiP75Vbxq6VqUSZ5ZR8r7SAH1m7ED
7Ycig3f3ix0o20cqTc3qmsnbiaZMbfxxp7i12UG6UgXxHytz6q6uAF/NL1DEo2Yf
xww8kyUVcM1/UO3cvZGry/CVuytK+pMIpX9YJQ8lMSz/ViODXMEvjY5vr6gvICM1
LTkLxgajg6xtl/tvEVX7z/l+9M1KmLy/Wrfy0BBB/AyEzWsu+HkO7bCQ3fAyMyD6
1xlk/zMIUbhEeLJgF0Z1r5Zis4e9TLPVHZlGIziAlP+8fhSEHkh9KungH89wknxx
KLgRWjJhGm5M/ckH+u97rqqwijr3buKd/yfNwyBmZPkZyZSNRhULuPkaNft8e+yE
jQK2mulRmj9Gy116FClW
=XDNd
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: