A flaw was found in the Linux kernels implementation of associative arrays introduced in 3.13. The Red Hat Enterprise Linux 7 kernel had back ported this functionality to the 3.10 kernels and was affected by this flaw. The flaw involved a null pointer dereference in assoc_array_apply_edit() due to incorrect node-splitting in assoc_array implementation. This did not affect all callers of of the associative array code, only those that would try todereference the assigned value, a kernel panic will occur.
Created attachment 1337630 [details]
Proposed upstream patch
Name: Fan Wu (University of Hong Kong), Haoran Qiu (University of Hong Kong), Shixiong Zhao (University of Hong Kong), Heming Cui (University of Hong Kong)
This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.
This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7,MRG-2 and realtime kernels. Future Linux kernel updates for the respective releases may address this issue.
This is now public, commit ea6789980fdaa610d7eb63602c746bf6ec70cd2b in Linus tree.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1508717]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:0151 https://access.redhat.com/errata/RHSA-2018:0151