Bug 1358840 (CVE-2010-5328)

Summary: CVE-2010-5328 kernel: Processes having the same group as `init` can crash kernel
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: agordeev, apmukher, aquini, arm-mgr, bhu, dhoward, esammons, fhrbata, gansalmon, harshula, iboverma, ichavero, itamar, jforbes, jkacur, jkastner, joelsmith, jonathan, jross, jwboyer, kent, kernel-maint, kernel-mgr, kstutsma, labbott, lgoncalv, lwang, madhu.chinakonda, matt, mchehab, mcressma, mguzik, nmurray, pholasek, plougher, rt-maint, rvrbovsk, sparks, vdronov, williams, wmealing
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A process that is in the same process group as the ''init'' process (group id zero) can crash the Linux kernel with several system calls by passing in a process ID or process group ID of zero; a special value that indicates the current process ID or process group.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2017-02-16 13:37:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1358842    

Description Adam Mariš 2016-07-21 15:11:27 UTC 
A process that is in the same process group as the ``init'' process (group id zero) can crash the Linux kernel with several system calls by passing in a process ID or process group ID of zero. The value zero is a special value that indicates the current process ID or process group. However, in this case it is also the process group ID of the process.

Upstream fixes:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f106eee10038c2ee5b6056aaf3f6d5229be6dcdd
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f20011457f41c11edb5ea5038ad0c8ea9f392023
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa2755e20ab0c7215d99c2dc7c262e98a09b01df
Comment 4 Andrej Nemec 2017-01-23 09:46:21 UTC 
CVE assignment:

http://seclists.org/oss-sec/2017/q1/160
Comment 5 Wade Mealing 2017-02-08 07:20:08 UTC 
Statement:

This flaw affects Red Hat Enteprise Linux 5 and 6 and is not able to be exploited in the default configuration.  Administrators would need to replace the init daemon with alternative systems to exploit this system crash correctly.

No update is planned to be released for this flaw.
Comment 10 Wade Mealing 2017-02-09 07:04:51 UTC 
I've just removed that from the comment #0 and doctxt.