Bug 1290642 - (CVE-2015-8785) CVE-2015-8785 kernel: fuse: possible denial of service in fuse_fill_write_pages()
CVE-2015-8785 kernel: fuse: possible denial of service in fuse_fill_write_pag...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 1291129
Blocks: 1271601
  Show dependency treegraph
Reported: 2015-12-10 21:03 EST by Wade Mealing
Modified: 2016-05-24 03:24 EDT (History)
33 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
An infinite-loop flaw was found in the kernel. When a local user calls the sys_writev syscall with a specially crafted sequence of iov structs, the fuse_fill_write_pages kernel function might never terminate, instead continuing in a tight loop. This process cannot be terminated and requires a reboot.
Story Points: ---
Clone Of:
Last Closed: 2016-05-24 03:23:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Wade Mealing 2015-12-10 21:03:32 EST
A patch was posted to fix an issue regarding unkillable task eating CPU.

The problem is in the fuse_fill_write_pages() function.  When a user
calls the sys_writev syscall with specially crafted sequence of iovs
the kernel function may never terminate and continue in a tight loop,
the process is unable to be killed.

Introduced in commit ea9b9907b82a09bd1a708004454f7065de77c5b0
Fixed in commit 3ca8138f014a913f98e6ef40e939868e1e9ea876

Upstream patch:
Comment 7 Wade Mealing 2015-12-16 20:11:42 EST

This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6 and 7 and does not plan to be fixed in future updates.

Note You need to log in before you can comment on or make changes to this bug.