1198503 – (CVE-2014-8172) CVE-2014-8172 kernel: soft lockup on aio

Bug 1198503 (CVE-2014-8172) - CVE-2014-8172 kernel: soft lockup on aio

Summary: CVE-2014-8172 kernel: soft lockup on aio

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2014-8172
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1095072 1112805 1198505
Blocks:	1095320 1198504
TreeView+	depends on / blocked

Reported:	2015-03-04 09:51 UTC by Petr Matousek
Modified:	2021-02-17 05:35 UTC (History)
CC List:	31 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	It was found that due to excessive files_lock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system.
Clone Of:
Environment:
Last Closed:	2015-03-30 08:13:04 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:0290	0	normal	SHIPPED_LIVE	Important: kernel security, bug fix, and enhancement update	2015-03-05 16:13:58 UTC
Red Hat Product Errata	RHSA-2015:0694	0	normal	SHIPPED_LIVE	Important: kernel-rt security, bug fix, and enhancement update	2015-03-17 18:39:44 UTC

Description Petr Matousek 2015-03-04 09:51:34 UTC

It was found that Linux kernel is susceptible to soft lockup when performing
Asynchronous I/O operations due to files_lock excessive locking. An
unprivileged local user could use this flaw to crash the system.

Upstream patch:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eee5cc2702929fd41cce28058dc6d6717f723f87

Comment 3 errata-xmlrpc 2015-03-05 13:05:34 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:0290 https://rhn.redhat.com/errata/RHSA-2015-0290.html

Comment 4 errata-xmlrpc 2015-03-17 14:41:47 UTC

This issue has been addressed in the following products:

  MRG for RHEL-6 v.2

Via RHSA-2015:0694 https://rhn.redhat.com/errata/RHSA-2015-0694.html

Comment 5 Prasad Pandit 2015-03-18 13:00:03 UTC

Statement:

This issue does not affect the versions of the kernel package as shipped with
Red Hat Enterprise Linux 5 and 6.

Note You need to log in before you can comment on or make changes to this bug.

agordeev
aquini
bhu
carnil
dhoward
esammons
fhrbata
gansalmon
iboverma
itamar
jforbes
jkacur
jonathan
jross
jwboyer
kernel-maint
kernel-mgr
lgoncalv
lwang
madhu.chinakonda
matt
mchehab
mcressma
mguzik
nmurray
pholasek
plougher
ppandit
rt-maint
rvrbovsk
williams