Bug 1358840 (CVE-2010-5328) - CVE-2010-5328 kernel: Processes having the same group as `init` can crash kernel
Summary: CVE-2010-5328 kernel: Processes having the same group as `init` can crash kernel
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2010-5328
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1358842
TreeView+ depends on / blocked
 
Reported: 2016-07-21 15:11 UTC by Adam Mariš
Modified: 2019-09-29 13:53 UTC (History)
41 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A process that is in the same process group as the ''init'' process (group id zero) can crash the Linux kernel with several system calls by passing in a process ID or process group ID of zero; a special value that indicates the current process ID or process group.
Clone Of:
Environment:
Last Closed: 2017-02-16 13:37:55 UTC


Attachments (Terms of Use)

Description Adam Mariš 2016-07-21 15:11:27 UTC
A process that is in the same process group as the ``init'' process (group id zero) can crash the Linux kernel with several system calls by passing in a process ID or process group ID of zero. The value zero is a special value that indicates the current process ID or process group. However, in this case it is also the process group ID of the process.

Upstream fixes:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f106eee10038c2ee5b6056aaf3f6d5229be6dcdd
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f20011457f41c11edb5ea5038ad0c8ea9f392023
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa2755e20ab0c7215d99c2dc7c262e98a09b01df

Comment 4 Andrej Nemec 2017-01-23 09:46:21 UTC
CVE assignment:

http://seclists.org/oss-sec/2017/q1/160

Comment 5 Wade Mealing 2017-02-08 07:20:08 UTC
Statement:

This flaw affects Red Hat Enteprise Linux 5 and 6 and is not able to be exploited in the default configuration.  Administrators would need to replace the init daemon with alternative systems to exploit this system crash correctly.

No update is planned to be released for this flaw.

Comment 10 Wade Mealing 2017-02-09 07:04:51 UTC
I've just removed that from the comment #0 and doctxt.


Note You need to log in before you can comment on or make changes to this bug.