Bug 2144910

Summary: kernel: Out of memory in local cgroup's memory may cause denial of service outside its area
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: acaringi, adscvr, airlied, alciregi, allarkin, aquini, bhu, brdeoliv, bskeggs, carnil, chwhite, crwood, ddepaula, debarbos, dfreiber, dvlasenk, ezulian, fhrbata, hdegoede, hkrzesin, hpa, jarod, jarodwilson, jburrell, jfaracco, jferlan, jforbes, jglisse, jlelli, joe.lawrence, josef, jshortt, jstancek, jwboyer, jwyatt, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, lleshchi, llong, lzampier, masami256, mchehab, nmurray, ptalbert, qzhao, rogbas, rvrbovsk, scweaver, security-response-team, steved, tyberry, vkumar, walters, williams
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw memory overflow in the Linux kernel cgroup’s memory management was found in the way user triggers memcg (v1) kmem limit and the kernel allocation fails as a result. A local user could use this flaw to crash the system. This bug not CVE worthy, because kmem has never really been in production yet.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-16 17:12:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1839057, 2158118, 2158119, 2158127, 2159089, 2159090, 2159091, 2159093, 2159094, 2162442, 2162443    
Bug Blocks: 2144911    

Description Pedro Sampaio 2022-11-22 17:51:37 UTC 
A Linux Kernel flaw found in memory management. If allocation failure happens in pagefault_out_of_memory with VM_FAULT_OOM, then it can lead to memory overflow when many tasks trigger this. An issue may cause multi-tenant denial of service (memory overflow). It was reported that a malicious workload may be allowed to OOM-kill random other workloads on the same node.

Upstream fix:

https://github.com/torvalds/linux/commit/60e2793d440a3ec95abb5d6d4fc034a4b480472d
Comment 3 Alex 2023-01-04 11:07:11 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2158127]
Comment 4 Justin M. Forbes 2023-01-04 14:57:20 UTC 
This was fixed for Fedora with the 5.14.19 stable kernel updates.
Comment 15 Rohit Keshri 2023-01-27 04:58:11 UTC 
CVE-2023-0047 is rejected based on https://bugzilla.suse.com/show_bug.cgi?id=1206896#c2
Comment 16 Salvatore Bonaccorso 2023-01-28 08:28:23 UTC 
(In reply to Rohit Keshri from comment #15)
> CVE-2023-0047 is rejected based on
> https://bugzilla.suse.com/show_bug.cgi?id=1206896#c2

Can you as well drop the CVE id from the Alias field accordingly?