Bug 562597

Summary: kernel: ima: fix null pointer dereference
Product: [Other] Security Response Reporter: Eugene Teo (Security Response) <eteo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: arozansk, aviro, cebbert, davej, eparis, jmorris, kmcmartin, lwang, rcvalle
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-06-21 00:51:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 562598    
Bug Blocks:    
Attachments:
Description Flags
mainline fix none

Description Eugene Teo (Security Response) 2010-02-07 15:48:54 UTC 
Description of problem:
This was introduced in 6c21a7fb4 (v2.6.33-rc1).

It was first reported here http://lkml.org/lkml/2009/12/29/13, and subsequently here http://lkml.org/lkml/2010/2/5/76 (backtraces).

This can be reproduced by running ltp test pipe07.

http://groups.google.com/group/linux.kernel/msg/95986c94ea55c81a.
https://bugzilla.redhat.com/show_bug.cgi?id=562597

Mainline fix: https://bugzilla.redhat.com/show_bug.cgi?id=562597#c3
Comment 1 Eugene Teo (Security Response) 2010-02-07 15:49:08 UTC 
How to mitigate against NULL pointer dereference vulnerabilities?
http://kbase.redhat.com/faq/docs/DOC-20536
Comment 3 Alexander Viro 2010-02-07 17:09:56 UTC 
Created attachment 389395 [details]
mainline fix
Comment 4 Eugene Teo (Security Response) 2010-02-09 08:10:00 UTC 
Upstream patch:
http://git.kernel.org/linus/89068c576bf324ef6fbd50dfc745148f7def202c
Comment 6 Eugene Teo (Security Response) 2010-06-21 00:46:40 UTC 
This patch was not needed as the problem it fixed was not backported from upstream.