Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1525218 - (CVE-2017-15127) CVE-2017-15127 kernel: Improper error handling of VM_SHARED hugetlbfs mapping in mm/hugetlb.c
CVE-2017-15127 kernel: Improper error handling of VM_SHARED hugetlbfs mapping...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20171208,reported=2...
: Security
Depends On: 1536998 1536999 1537000 1545040
Blocks: 1518303
  Show dependency treegraph
 
Reported: 2017-12-12 14:57 EST by Pedro Sampaio
Modified: 2018-04-10 05:38 EDT (History)
48 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A flaw was found in the Linux kernel when freeing pages in hugetlbfs. This could trigger a local denial of service by crashing the kernel.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-01-28 21:36:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:0676 None None None 2018-04-10 04:14 EDT
Red Hat Product Errata RHSA-2018:1062 None None None 2018-04-10 05:38 EDT

  None (edit)
Description Pedro Sampaio 2017-12-12 14:57:20 EST 
A flaw was found in the Linux kernel where an additional implicit page unlock for VM_SHARED hugetlbfs mapping could trigger local denial of service by crashing the kernel with the message:

page dumped because: VM_BUG_ON_PAGE(!PageLocked(page))

kernel BUG at mm/filemap.c:964! 
invalid opcode: 0000 [#1] SMP 
CPU: 1 PID: 22582 Comm: qemu-system-x86 Not tainted 4.11.11-300.fc26.x86_64 #1 RIP: unlock_page+0x4a/0x50 
Call Trace: hugetlb_mcopy_atomic_pte+0xc0/0x320 
            mcopy_atomic+0x96f/0xbe0 
            userfaultfd_ioctl+0x218/0xe90 
            do_vfs_ioctl+0xa5/0x600
            SyS_ioctl+0x79/0x90
            entry_SYSCALL_64_fastpath+0x1a/0xa9

References:

https://marc.info/?l=linux-mm&m=150169274317930

An upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995
Comment 2 Wade Mealing 2018-01-22 04:01:07 EST 
Statement:
This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 and kernel-alt.

This issue affects the Linux kernel packages as shipped with Red Hat
Enterprise Linux 7, MRG-2 and kernel-rt  prior to version kernel-3.10.0-781.
Comment 6 Wade Mealing 2018-02-14 01:07:30 EST 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1545040]
Comment 7 Justin M. Forbes 2018-02-14 09:39:35 EST 
This was fixed for Fedora with the 4.13 rebases.
Comment 8 errata-xmlrpc 2018-04-10 04:14:06 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:0676
Comment 9 errata-xmlrpc 2018-04-10 05:37:48 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1062
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.