Bug 175769
Summary: | CVE-2005-3359 incorrect inrement/decrement in atm module leads to panic | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Doug Chapman <dchapman> | ||||
Component: | kernel | Assignee: | Thomas Graf <tgraf> | ||||
Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 4.0 | CC: | jbaron, rkhan, security-response-team | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | ia64 | ||||||
OS: | Linux | ||||||
Whiteboard: | reported=20051214,public=20051214,source=redhat,impact=important | ||||||
Fixed In Version: | RHSA-2006-0493 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2006-05-24 09:27:44 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Doug Chapman
2005-12-14 20:14:23 UTC
asssign correct CVE name, CVE-2005-3359 The call to sk_set_owner() in vcc_create() is using THIS_MODULE instead of sock->ops->owner which would correspond to the correct socket family module reference. For a module to take a reference on another module, it must be referenced by someone else first. __sock_create in net/socket.c ensures this by taking a reference on net_families[family]->owner (equals sock->ops->owner above) just before invoking the family specific ->create() callback. I attached a patch which should fix the problem but I'm very short on time and two other issues having higher priority should be resolved first. So if someone has the opportunity to test this, I'd appreciate it. Created attachment 123918 [details]
proposed patch
Upstream changeset http://linux.bkbits.net:8080/linux-2.6/cset@4339c66aLroC1_zunYKhEIbtIWrnwg therefore fixed in 2.6.14 This issue is on Red Hat Engineering's list of planned work items for the upcoming Red Hat Enterprise Linux 4.4 release. Engineering resources have been assigned and barring unforeseen circumstances, Red Hat intends to include this item in the 4.4 release. Looks like the fix for this is in the latest RHEL4 kernel. I tested 2.6.9-34.27 and it is OK. thanks, - Doug An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0493.html |