Bug 1358840 (CVE-2010-5328)
Summary: | CVE-2010-5328 kernel: Processes having the same group as `init` can crash kernel | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | agordeev, apmukher, aquini, arm-mgr, bhu, dhoward, esammons, fhrbata, gansalmon, harshula, iboverma, ichavero, itamar, jforbes, jkacur, jkastner, joelsmith, jonathan, jross, jwboyer, kent, kernel-maint, kernel-mgr, kstutsma, labbott, lgoncalv, lwang, madhu.chinakonda, matt, mchehab, mcressma, mguzik, nmurray, pholasek, plougher, rt-maint, rvrbovsk, sparks, vdronov, williams, wmealing |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A process that is in the same process group as the ''init'' process (group id zero) can crash the Linux kernel with several system calls by passing in a process ID or process group ID of zero; a special value that indicates the current process ID or process group.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-02-16 13:37:55 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1358842 |
Description
Adam Mariš
2016-07-21 15:11:27 UTC
CVE assignment: http://seclists.org/oss-sec/2017/q1/160 Statement: This flaw affects Red Hat Enteprise Linux 5 and 6 and is not able to be exploited in the default configuration. Administrators would need to replace the init daemon with alternative systems to exploit this system crash correctly. No update is planned to be released for this flaw. I've just removed that from the comment #0 and doctxt. |