Bug 227394
Summary: | CVE-2007-0006 spinlock cpu recursion | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | devon kerr <support> | ||||||
Component: | kernel | Assignee: | David Howells <dhowells> | ||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Brian Brock <bbrock> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | 5 | CC: | wtogami | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | x86_64 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | 2.6.19-1.2288.fc5 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2007-02-22 20:24:04 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
devon kerr
2007-02-05 19:31:51 UTC
Created attachment 147394 [details]
This is the error log of the spinlock recursion
*** Bug 227395 has been marked as a duplicate of this bug. *** This is the real problem: Unable to handle kernel NULL pointer dereference at 0000000000000010 RIP: [<ffffffff80225942>] __rb_rotate_left+0x7/0x5b PGD 3a828067 PUD 3d934067 PMD 0 Oops: 0000 [1] SMP last sysfs file: /block/hdb/size\ CPU 1 Modules linked in: ipv6 nfs lockd fscache nfs_acl rfcomm l2cap bluetooth sunrpc dm_mirror dm_mod video sbs i2c_ec i2c_core button battery asus_acpi ac lp parport_pc parport sg tg3 ide_cd cdrom shpchp k8_edac edac_mc ohci_hcd serio_raw floppy ehci_hcd pcspkr raid1 ext3 jbd sata_svw libata sd_mod scsi_mod Pid: 27406, comm: suexec Not tainted 2.6.18-1.2239.fc5 #1 RIP: 0010:[<ffffffff80225942>] [<ffffffff80225942>] __rb_rotate_left+0x7/0x5b RSP: 0018:ffff810151397df0 EFLAGS: 00010282\ RAX: ffff81005a1ded48 RBX: ffff810102505508 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff806de5e0 RDI: ffff810203166088 RBP: ffff810203166088 R08: ffff8102031668c8 R09: 0000000000000000 R10: 000000005e4ae5f3 R11: ffff810151397c70 R12: ffff810102505508 R13: ffff81005a1ded48 R14: ffffffff806de5e0 R15: 0000000000000026 FS: 00002aaaaaabb850(0000) GS:ffff810103c3b1c0(0000) knlGS: 00000000f7fee8d0 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000010 CR3: 00000000da38b000 CR4: 00000000000006e0 Process suexec (pid: 27406, threadinfo ffff810151396000, task ffff8101d7cf5080) Stack: ffffffff80212aff ffff81005a1ded40 ffff810102505518 0000000000000000 ffff81005a1ded40 ffff810151397eb8 ffffffff80312779 0000000046f0a978 0000000000000000 1f3f0000aa8adfff ffff8101d7cf5080 000003eaffffffff Call Trace: [<ffffffff80212aff>] rb_insert_color+0xb2/0xda [<ffffffff80312779>] key_alloc+0x2b0/0x384 [<ffffffff8031377b>] keyring_alloc+0x29/0x5f [<ffffffff80314ea2>] alloc_uid_keyring+0x3d/0xa6 [<ffffffff80293a5c>] alloc_uid+0xa9/0x16f [<ffffffff802963d6>] set_user+0xf/0x97 [<ffffffff80297b5c>] sys_setuid+0x7d/0x154 [<ffffffff8025c00e>] system_call+0x7e/0x83 Code: 48 8b 51 10 49 83 e0 fc 48 85 d2 48 89 57 08 74 0c 48 8b 02 Duplicate of http://bugzilla.kernel.org/show_bug.cgi?id=7727 Created attachment 147464 [details]
Patch to fix the key serial no. collision problem
|