Red Hat Bugzilla – Bug 152560
CAN-2005-0937 futex mmap_sem deadlock
Last modified: 2013-03-06 00:58:30 EST
"Some futex functions do get_user calls while holding mmap_sem
for reading. If get_user() faults, and another thread happens
to be in mmap (or somewhere else holding waiting on down_write
for the same semaphore), then do_page_fault will
deadlock. Most architectures seem to be exposed to this."
This would allow a local user to easily cause a system crash. CVE applied for.
This is fixed by linux-2.6.9-futex-mmap_sem-deadlock.patch in RHSA-2005:420