Bug 446031 (CVE-2008-2136)

Summary: CVE-2008-2136 kernel: sit memory leak
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: anton, bobgus, dhoward, lwang, qcai, skakar, vgoyal, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-23 18:14:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 446032, 446033, 446034, 446035, 446036, 446037, 446038, 446039, 447501, 453136    
Bug Blocks:    

Description Jan Lieskovsky 2008-05-12 08:53:44 UTC 
Description of problem:

sit: Add missing kfree_skb() on pskb_may_pull() failure.

Noticed by Paul Marks <paul>.

Additional info:

Proposed upstream patch:

http://repo.or.cz/w/linux-2.6/zen-sources.git?a=commitdiff;h=1be05a5eda841014c1151cb0f8dc791862bd40a5;hp=a864928f5e50a872735e58ff5de483625e3608ee
Comment 2 Fedora Update System 2008-05-14 22:14:53 UTC 
kernel-2.6.25.3-18.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 3 Tomas Hoger 2008-05-19 08:13:20 UTC 
Fixed upstream in 2.6.25.3:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3

Upstream patch in Linus' git tree:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=36ca34cc3b8335eb1fe8bd9a1d0a2592980c3f02
Comment 5 Bob Gustafson 2008-06-27 16:00:23 UTC 
I don't know if this is related, but I updated to a new kernel (Fed8) and this
kernel is unusable because of a memory leak. I have 3GB and it takes about 10-20
minutes to fill, then I need to reboot.

I went back a kernel using the boot/grub.conf option.

The kernel with a problem is 2.6.25.6-27.fc8
The kernel that runs ok   is 2.6.25.4-10.fc8

System is x86_64 and processor is Intel Pentium Dual CPU E2160 @1.80Ghz

Stopped most servers (httpd, asterisk, bluetooth,dhdpd, sepostgresql, tomcat)
for above tests (and currently).

I can provide additional information - let me know.
Comment 6 Mark J. Cox 2008-07-23 13:05:34 UTC 
text used in RHSA:

* a possible kernel memory leak was found in the Linux kernel Simple
Internet Transition (SIT) INET6 implementation. This could allow a local
unprivileged user to cause a denial of service. (CVE-2008-2136, Important)
Comment 11 Vincent Danen 2010-12-23 18:14:45 UTC 
This was addressed via:

MRG Realtime for RHEL 5 Server (RHSA-2008:0585)
Red Hat Enterprise Linux version 4 (RHSA-2008:0607)
Red Hat Enterprise Linux version 5 (RHSA-2008:0612)
Red Hat Linux Advanced Workstation 2.1 (RHSA-2008:0787)
Red Hat Enterprise Linux version 3 (RHSA-2008:0973)
Red Hat Enterprise Linux version 2.1 (RHSA-2009:0001)