Bug 1290642 (CVE-2015-8785)

Summary: CVE-2015-8785 kernel: fuse: possible denial of service in fuse_fill_write_pages()
Product: [Other] Security Response Reporter: Wade Mealing <wmealing>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: agordeev, aquini, arm-mgr, bhu, blc, carnil, dhoward, fhrbata, gansalmon, itamar, jforbes, jkacur, joelsmith, jonathan, jwboyer, kernel-maint, kernel-mgr, kstutsma, lgoncalv, lwang, madhu.chinakonda, mchehab, mguzik, mlangsdo, nmurray, pholasek, plougher, rt-maint, rvrbovsk, slawomir, slong, vgoyal, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
An infinite-loop flaw was found in the kernel. When a local user calls the sys_writev syscall with a specially crafted sequence of iov structs, the fuse_fill_write_pages kernel function might never terminate, instead continuing in a tight loop. This process cannot be terminated and requires a reboot.
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-24 07:23:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1291129    
Bug Blocks: 1271601    

Description Wade Mealing 2015-12-11 02:03:32 UTC
A patch was posted to fix an issue regarding unkillable task eating CPU.

The problem is in the fuse_fill_write_pages() function.  When a user
calls the sys_writev syscall with specially crafted sequence of iovs
the kernel function may never terminate and continue in a tight loop,
the process is unable to be killed.

Introduced in commit ea9b9907b82a09bd1a708004454f7065de77c5b0
Fixed in commit 3ca8138f014a913f98e6ef40e939868e1e9ea876

Upstream patch:
https://lkml.org/lkml/2015/10/12/329

Comment 7 Wade Mealing 2015-12-17 01:11:42 UTC
Statement:

This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6 and 7 and does not plan to be fixed in future updates.