1198457 – (CVE-2014-8173) CVE-2014-8173 kernel: NULL pointer dereference in madvise(MADV_WILLNEED) support

Bug 1198457 (CVE-2014-8173) - CVE-2014-8173 kernel: NULL pointer dereference in madvise(MADV_WILLNEED) support

Summary: CVE-2014-8173 kernel: NULL pointer dereference in madvise(MADV_WILLNEED) support

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2014-8173
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1072385 1198460
Blocks:	1198459
TreeView+	depends on / blocked

Reported:	2015-03-04 08:29 UTC by Petr Matousek
Modified:	2021-10-20 10:50 UTC (History)
CC List:	23 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	A NULL pointer dereference flaw was found in the way the Linux kernel's madvise MADV_WILLNEED functionality handled page table locking. A local, unprivileged user could use this flaw to crash the system.
Clone Of:
Environment:
Last Closed:	2021-10-20 10:50:43 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:0290	0	normal	SHIPPED_LIVE	Important: kernel security, bug fix, and enhancement update	2015-03-05 16:13:58 UTC
Red Hat Product Errata	RHSA-2015:0694	0	normal	SHIPPED_LIVE	Important: kernel-rt security, bug fix, and enhancement update	2015-03-17 18:39:44 UTC

Description Petr Matousek 2015-03-04 08:29:30 UTC

A NULL pointer dereference flaw was found in the way Linux kernel's madvise
MADV_WILLNEED functionality handled page table locking. An unprivileged
local user could use this flaw to crash the system.

Upstream patch:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee53664bda169f519ce3c6a22d378f0b946c8178

Comment 2 Petr Matousek 2015-03-04 08:33:40 UTC

Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6. This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future updates for the respective releases may address this issue.

Comment 4 errata-xmlrpc 2015-03-05 13:05:29 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:0290 https://rhn.redhat.com/errata/RHSA-2015-0290.html

Comment 5 errata-xmlrpc 2015-03-17 14:41:36 UTC

This issue has been addressed in the following products:

  MRG for RHEL-6 v.2

Via RHSA-2015:0694 https://rhn.redhat.com/errata/RHSA-2015-0694.html

Note You need to log in before you can comment on or make changes to this bug.

aquini
bhu
carnil
dhoward
fhrbata
gansalmon
iboverma
itamar
jforbes
jkacur
jonathan
jross
jwboyer
kernel-maint
kernel-mgr
lgoncalv
madhu.chinakonda
mchehab
mcressma
nmurray
rt-maint
rvrbovsk
williams