Bug 133110
| Summary: | CAN-2004-0814 input/serio local DOS | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 2.1 | Reporter: | Josh Bressers <bressers> |
| Component: | kernel | Assignee: | Jim Paradis <jparadis> |
| Status: | CLOSED WONTFIX | QA Contact: | Brian Brock <bbrock> |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | 2.1 | CC: | mjc, peterm, riel |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | ia64 | ||
| OS: | Linux | ||
| Whiteboard: | impact=important,public=20040907 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-06-14 17:28:42 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 132992 | ||
This is a dup of bug 131672, but I'll leave this open since it's for Derry (as opposed to Pensacola). For reference the fix that got committed upstream into 2.4.29: http://linux.bkbits.net:8080/linux-2.4/cset@41c3801dxJnuBSRCpUiMRkwItPHjWA Jim - Update with information regarding U7 target. This is a dup of 131672, which is assigned to jbaron. Neither of these are likely to make U7 The fix has been deemed too invasive for a RHEL2.1 update at this time. Closing as WONTFIX. |
drivers/input/serio/serport.c can lead to kernel panic in serio code followed by jbd's panic (probably due to random memory write, I don't now) and/or system lockup. Steps to exploit it: process 1: open() a tty device; TIOCSETD it to N_MOUSE; read() it. it will block. after that, process 2: open() the same device; TIOCSETD it to 0; TIOCSETD it to N_MOUSE; (not sure if it's necessary) kill() process 1;