Bug 1290642 (CVE-2015-8785) - CVE-2015-8785 kernel: fuse: possible denial of service in fuse_fill_write_pages()
Summary: CVE-2015-8785 kernel: fuse: possible denial of service in fuse_fill_write_pag...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2015-8785
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1291129
Blocks: 1271601
TreeView+ depends on / blocked
 
Reported: 2015-12-11 02:03 UTC by Wade Mealing
Modified: 2021-02-17 04:37 UTC (History)
33 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
An infinite-loop flaw was found in the kernel. When a local user calls the sys_writev syscall with a specially crafted sequence of iov structs, the fuse_fill_write_pages kernel function might never terminate, instead continuing in a tight loop. This process cannot be terminated and requires a reboot.
Clone Of:
Environment:
Last Closed: 2016-05-24 07:23:34 UTC
Embargoed:

Attachments (Terms of Use)

Description Wade Mealing 2015-12-11 02:03:32 UTC 
A patch was posted to fix an issue regarding unkillable task eating CPU.

The problem is in the fuse_fill_write_pages() function.  When a user
calls the sys_writev syscall with specially crafted sequence of iovs
the kernel function may never terminate and continue in a tight loop,
the process is unable to be killed.

Introduced in commit ea9b9907b82a09bd1a708004454f7065de77c5b0
Fixed in commit 3ca8138f014a913f98e6ef40e939868e1e9ea876

Upstream patch:
https://lkml.org/lkml/2015/10/12/329
Comment 7 Wade Mealing 2015-12-17 01:11:42 UTC 
Statement:

This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6 and 7 and does not plan to be fixed in future updates.
Note You need to log in before you can comment on or make changes to this bug.