Bug 1140325 (CVE-2014-3631)
Summary: | CVE-2014-3631 kernel: keys: incorrect termination condition in assoc array garbage collection | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Petr Matousek <pmatouse> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | agordeev, aquini, bhu, dhoward, dhowells, esammons, fhrbata, fj-lsoft-kernel-it, gansalmon, iboverma, itamar, jforbes, jkacur, jonathan, jross, jwboyer, kernel-maint, kernel-mgr, lgoncalv, lwang, madhu.chinakonda, matt, mchehab, mcressma, nmurray, plougher, rt-maint, rvrbovsk, williams | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: |
A flaw was found in the way the Linux kernel's keys subsystem handled the termination condition in the associative array garbage collection functionality. A local, unprivileged user could use this flaw to crash the system.
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2018-02-01 16:58:26 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1116347, 1139431, 1155136 | ||||||
Bug Blocks: | 829181 | ||||||
Attachments: |
|
Description
Petr Matousek
2014-09-10 16:59:19 UTC
Created attachment 936266 [details]
Upstream patch proposal
Statement: This issue does not affect versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue. The patch has been posted upstream: https://lkml.org/lkml/2014/9/10/788 The patch has been applied upstream: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95389b08d93d5c06ec63ab49bd732b0069b7c35e *** Bug 1154979 has been marked as a duplicate of this bug. *** Acknowledgements: Red Hat would like to thank Frey Alfredsson for reporting this issue. IssueDescription: A flaw was found in the way the Linux kernel's keys subsystem handled the termination condition in the associative array garbage collection functionality. A local, unprivileged user could use this flaw to crash the system. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1971 https://rhn.redhat.com/errata/RHSA-2014-1971.html |