Bug 711245 (CVE-2011-2189)
Summary: | CVE-2011-2189 kernel: net_ns: oom killer fires because of slow net_ns cleanup | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Eugene Teo (Security Response) <eteo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | arozansk, bhu, dhoward, fhrbata, jkacur, kernel-mgr, kmcmartin, lgoncalv, lwang, mskinner, nobody, plougher, pmatouse, rkhan, rt-maint, sforsber, tcallawa, vgoyal, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-29 12:48:46 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 711246, 711247, 711248, 749061, 761354 | ||
Bug Blocks: |
Description
Eugene Teo (Security Response)
2011-06-06 23:53:28 UTC
Created kernel tracking bugs for this issue Affects: fedora-all [bug 749061] This issue is rated 4.6/AV:L/AC:L/Au:S/C:N/I:N/A:C. AV is L instead of N because this is not a flaw in a network service. It can be triggered by any processes that do namespaces isolation. Au is S because to call clone(2) with CLONE_NEWNET, the process has to be privileged (CAP_SYS_ADMIN). The current /known/ attack vector, vsftpd, does not affect us as it is explained here, https://bugzilla.redhat.com/show_bug.cgi?id=711134#c16. [Updated: 2011-11-11] Statement: This did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not include support for Network Namespaces. A future kernel update in Red Hat Enterprise MRG may address this issue. The risks associated with fixing this flaw outweigh the benefits of the fix, therefore Red Hat does not plan to fix this flaw in Red Hat Enterprise Linux 6. |