Bug 126411 - CVE-2004-0491 mlock accounting issue
CVE-2004-0491 mlock accounting issue
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel (Show other bugs)
3.0
All Linux
medium Severity high
: ---
: ---
Assigned To: Ernie Petrides
Brian Brock
impact=important,public=20040621
: Security
: 139881 (view as bug list)
Depends On:
Blocks: 156320
  Show dependency treegraph
 
Reported: 2004-06-21 06:28 EDT by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:07 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-25 12:42:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2004-06-21 06:28:20 EDT
The linux-2.4.21-mlock.patch included in RHEL3 has a hole.  It is
intended to allow normal uses to mlock within it's rlimit's however
the accounting can be broken in the case of IPC: one process/user can
mlock, another process can unlock.  The later process gets it's pages
mlocked decremented even though the former process got the increment.
 This could lead to unprivileged users getting rights to mlock memory.

This issue was reported by Arjan around Jun07 and fixed in FC2 (1.427
on Jun11).

See also:
http://marc.theaimsgroup.com/?l=linux-kernel&m=108087017610947&w=2
Comment 5 Ernie Petrides 2005-04-27 21:27:13 EDT
Non-kABI-breaking patch posted for review on 27-Apr-2005,
removing this bug from precluded-kABI-breakage blocker list.
Comment 6 Ernie Petrides 2005-05-04 20:41:33 EDT
A fix for this problem has just been committed to the RHEL3 U6
patch pool this evening (in kernel version 2.4.21-32.3.EL).
Comment 9 Ernie Petrides 2005-05-17 18:12:22 EDT
A fix for this problem has also been committed to the RHEL3 E6
patch pool this evening (in kernel version 2.4.21-32.0.1.EL).
Comment 10 Josh Bressers 2005-05-25 12:42:34 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-472.html
Comment 11 Ernie Petrides 2005-06-06 19:54:57 EDT
*** Bug 139881 has been marked as a duplicate of this bug. ***
Comment 14 Ernie Petrides 2005-07-21 22:11:42 EDT
*** Bug 139881 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.