Bug 1290642 (CVE-2015-8785) - CVE-2015-8785 kernel: fuse: possible denial of service in fuse_fill_write_pages()
Summary: CVE-2015-8785 kernel: fuse: possible denial of service in fuse_fill_write_pag...
Status: CLOSED WONTFIX
Alias: CVE-2015-8785
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20151012,reported=2...
Keywords: Security
Depends On: 1291129
Blocks: 1271601
TreeView+ depends on / blocked
 
Reported: 2015-12-11 02:03 UTC by Wade Mealing
Modified: 2019-06-08 20:53 UTC (History)
33 users (show)

(edit)
An infinite-loop flaw was found in the kernel. When a local user calls the sys_writev syscall with a specially crafted sequence of iov structs, the fuse_fill_write_pages kernel function might never terminate, instead continuing in a tight loop.  This process cannot be terminated and requires a reboot.
Clone Of:
(edit)
Last Closed: 2016-05-24 07:23:34 UTC


Attachments (Terms of Use)

Description Wade Mealing 2015-12-11 02:03:32 UTC
A patch was posted to fix an issue regarding unkillable task eating CPU.

The problem is in the fuse_fill_write_pages() function.  When a user
calls the sys_writev syscall with specially crafted sequence of iovs
the kernel function may never terminate and continue in a tight loop,
the process is unable to be killed.

Introduced in commit ea9b9907b82a09bd1a708004454f7065de77c5b0
Fixed in commit 3ca8138f014a913f98e6ef40e939868e1e9ea876

Upstream patch:
https://lkml.org/lkml/2015/10/12/329

Comment 7 Wade Mealing 2015-12-17 01:11:42 UTC
Statement:

This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6 and 7 and does not plan to be fixed in future updates.


Note You need to log in before you can comment on or make changes to this bug.