This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
First Last Prev Next    This bug is not in your last search results.
Bug 133110 - CAN-2004-0814 input/serio local DOS
CAN-2004-0814 input/serio local DOS
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: kernel (Show other bugs)
2.1
ia64 Linux
medium Severity high
: ---
: ---
Assigned To: Jim Paradis
Brian Brock
impact=important,public=20040907
: Security
Depends On:
Blocks: 132992
  Show dependency treegraph
 
Reported: 2004-09-21 14:43 EDT by Josh Bressers
Modified: 2013-08-05 21:08 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-14 13:28:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Josh Bressers 2004-09-21 14:43:44 EDT 
drivers/input/serio/serport.c can lead to kernel panic in serio code
followed by jbd's panic (probably due to random memory write, I don't
       now) and/or system lockup.

        Steps to exploit it:
        process 1:
            open() a tty device;
            TIOCSETD it to N_MOUSE;
            read() it. it will block.
        after that, process 2:
            open() the same device;
            TIOCSETD it to 0;
            TIOCSETD it to N_MOUSE; (not sure if it's necessary)
            kill() process 1;
Comment 1 Ernie Petrides 2004-09-21 22:28:00 EDT 
This is a dup of bug 131672, but I'll leave this open since
it's for Derry (as opposed to Pensacola).
Comment 5 Mark J. Cox (Product Security) 2005-02-16 10:40:40 EST 
For reference the fix that got committed upstream into 2.4.29:
http://linux.bkbits.net:8080/linux-2.4/cset@41c3801dxJnuBSRCpUiMRkwItPHjWA
Comment 6 Peter Martuccelli 2005-02-18 15:58:53 EST 
Jim - Update with information regarding U7 target.
Comment 7 Jim Paradis 2005-02-25 17:52:08 EST 
This is a dup of 131672, which is assigned to jbaron.  Neither of these are
likely to make U7
Comment 8 Jim Paradis 2005-06-14 13:28:42 EDT 
The fix has been deemed too invasive for a RHEL2.1 update at this time.  Closing
as WONTFIX.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.