Bug 439999 (CVE-2007-6712)

Summary: CVE-2007-6712 kernel: infinite loop in highres timers (kernel hang)
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: anton, armbru, dhoward, kreilly, lwang, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-22 23:47:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 440001, 440002, 453136    
Bug Blocks:    
Attachments:
Description Flags
Testcase to reproduce the kernel hang none

Description Jan Lieskovsky 2008-04-01 10:04:53 UTC 
Description of problem:
=======================

Thomas Glexner has provided patch for the following kernel issue:

hrtimer_forward() does not check for the possible overflow of
timer->expires.  This can happen on 64 bit machines with large interval
values and results currently in an endless loop in the softirq because the
expiry value becomes negative and therefor the timer is expired all the
time.

Check for this condition and set the expiry value to the max.  expiry time
in the future.  The fix should be applied to stable kernel series as well.

Steps to reproduce:  See the next comment for the reproducer.
===================

Actual result:    Kernel hang.
==============

Expected result:  No kernel hang.
================

Solution: 
=========

Proposed patch from Thomas:

http://git.kernel.org/?p=linux/kernel/git/chris/linux-2.6.git;a=commitdiff;h=13788ccc41ceea5893f9c747c59bc0b28f2416c2
Comment 9 Vincent Danen 2010-12-22 23:47:25 UTC 
This was addressed via:

Red Hat Enterprise Linux version 5 (RHSA-2008:0275)
MRG Realtime for RHEL 5 Server (RHSA-2008:0585)