A flaw was found in the way the termination condition in the associative array garbage collection functionality was handled when used from the keys subsystem. A local unprivileged user could use this flaw to crash the system. Introduced by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b2a4df200d570b2c33a57e1ebfa5896e4bc81b69
Created attachment 936266 [details] Upstream patch proposal
Statement: This issue does not affect versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.
The patch has been posted upstream: https://lkml.org/lkml/2014/9/10/788
The patch has been applied upstream: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95389b08d93d5c06ec63ab49bd732b0069b7c35e
*** Bug 1154979 has been marked as a duplicate of this bug. ***
Acknowledgements: Red Hat would like to thank Frey Alfredsson for reporting this issue.
IssueDescription: A flaw was found in the way the Linux kernel's keys subsystem handled the termination condition in the associative array garbage collection functionality. A local, unprivileged user could use this flaw to crash the system.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1971 https://rhn.redhat.com/errata/RHSA-2014-1971.html