Bug 1568011 (CVE-2018-10087) - CVE-2018-10087 kernel: Undefined behavior in kernel/exit.c:kernel_wait4() function allows local denial of service
Summary: CVE-2018-10087 kernel: Undefined behavior in kernel/exit.c:kernel_wait4() fun...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2018-10087
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1569960
Blocks: 1568015
TreeView+ depends on / blocked
 
Reported: 2018-04-16 15:12 UTC by Adam Mariš
Modified: 2021-02-17 00:30 UTC (History)
44 users (show)

Fixed In Version: kernel 4.13
Doc Type: If docs needed, set a value
Doc Text:
The kernel_wait4 function in kernel/exit.c in the Linux kernel, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.
Clone Of:
Environment:
Last Closed: 2018-04-20 11:54:49 UTC


Attachments (Terms of Use)

Description Adam Mariš 2018-04-16 15:12:28 UTC
The kernel_wait4 function in kernel/exit.c in the Linux kernel, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.

References:

https://marc.info/?l=linux-mm&m=149726503820915&w=2

An upstream fix:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dd83c161fbcc5d8be637ab159c0de015cbff5ba4

Comment 3 Vladis Dronov 2018-04-20 11:49:34 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1569960]

Comment 4 Vladis Dronov 2018-04-20 11:53:23 UTC
Note:

This bug is present in certain Red Hat products, but the security impact is absent. Therefore, we do not consider this bug to be a security flaw.

Comment 5 Justin M. Forbes 2018-04-20 17:22:16 UTC
This was fixed for Fedora with the 4.14 kernel updates.


Note You need to log in before you can comment on or make changes to this bug.