Bug 126411 - CVE-2004-0491 mlock accounting issue
Summary: CVE-2004-0491 mlock accounting issue
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel   
(Show other bugs)
Version: 3.0
Hardware: All Linux
Target Milestone: ---
Assignee: Ernie Petrides
QA Contact: Brian Brock
Whiteboard: impact=important,public=20040621
Keywords: Security
: 139881 (view as bug list)
Depends On:
Blocks: 156320
TreeView+ depends on / blocked
Reported: 2004-06-21 10:28 UTC by Mark J. Cox
Modified: 2007-11-30 22:07 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-05-25 16:42:34 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:472 normal SHIPPED_LIVE Important: kernel security update 2005-05-25 04:00:00 UTC

Description Mark J. Cox 2004-06-21 10:28:20 UTC
The linux-2.4.21-mlock.patch included in RHEL3 has a hole.  It is
intended to allow normal uses to mlock within it's rlimit's however
the accounting can be broken in the case of IPC: one process/user can
mlock, another process can unlock.  The later process gets it's pages
mlocked decremented even though the former process got the increment.
 This could lead to unprivileged users getting rights to mlock memory.

This issue was reported by Arjan around Jun07 and fixed in FC2 (1.427
on Jun11).

See also:

Comment 5 Ernie Petrides 2005-04-28 01:27:13 UTC
Non-kABI-breaking patch posted for review on 27-Apr-2005,
removing this bug from precluded-kABI-breakage blocker list.

Comment 6 Ernie Petrides 2005-05-05 00:41:33 UTC
A fix for this problem has just been committed to the RHEL3 U6
patch pool this evening (in kernel version 2.4.21-32.3.EL).

Comment 9 Ernie Petrides 2005-05-17 22:12:22 UTC
A fix for this problem has also been committed to the RHEL3 E6
patch pool this evening (in kernel version 2.4.21-32.0.1.EL).

Comment 10 Josh Bressers 2005-05-25 16:42:34 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Comment 11 Ernie Petrides 2005-06-06 23:54:57 UTC
*** Bug 139881 has been marked as a duplicate of this bug. ***

Comment 14 Ernie Petrides 2005-07-22 02:11:42 UTC
*** Bug 139881 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.