Red Hat Bugzilla – Bug 188935
CVE-2006-0741 kernel DoS issue
Last modified: 2007-04-18 13:41:35 EDT
This effects all 2.4 kernels at the very least.
[PATCH] Always check that RIPs are canonical during signal handling master
author Andi Kleen <email@example.com>
Tue, 11 Apr 2006 10:34:45 +0000 (12:34 +0200)
committer Marcelo Tosatti <firstname.lastname@example.org>
Wed, 12 Apr 2006 20:16:58 +0000 (15:16 -0500)
tree 5ce75f4f0a50a2dba708533cb2b855f20cc2894d tree
parent 09d3b3dcfa80c9094f1748c1be064b9326c9ef2b commit | commitdiff
[PATCH] Always check that RIPs are canonical during signal handling
First the already existing check in COPY_CANON for sigreturn
wasn't correct. Replace it with a better check against TASK_SIZE.
Also add a check to sigaction which was missing it previously.
This works around a problem in handling non canonical RIPs on SYSRET on Intel
CPUs. They report the #GP on the SYSRET, not the next instruction
as Linux expects it. With these changes this path should never
see a non canonical user RIP.
Roughly based on a patch by Ernie Petrides, but redone by AK.
This is CVE-2006-0741
Signed-off-by: Andi Kleen <email@example.com>
arch/x86_64/kernel/signal.c blob | diff | history
Created attachment 127720 [details]
Patch for CVE-2006-0741
Thanks for posting this here, James, and for the patch. The CVE says, "Linux
kernel before 188.8.131.52, when running on Intel processors, allows local users to
cause a denial of service ('endless recursive fault') via unknown attack vectors
related to a 'bad elf entry address.'"
Is this an x86_64-only condition?? Am noticing that the patch is for the x86_64
architecture kernel directory...
Potentially affects legacy kernels:
Distro i386? x86_64? Package
--------- ----- ------- ------------------------------
RHL7.3 X kernel-2.4.20-46.7.legacy
RHL9 X kernel-2.4.20-46.9.legacy
FC1 X kernel-2.4.22-1.2199.8.legacy.nptl
FC2 X kernel-2.6.10-2.3.legacy_FC2
FC3 X X kernel-2.6.12-2.3.legacy_FC3
If this is i386 and x86_64, then it affects all distros we support. If it's
x86_64 only, then it affects only FC3, as Legacy doesn't support x86_64 packages
for any other distros...
It may be a security issue if anyone builds their own kernel for x86_64 on the
platforms that legacy only ships i386 packages for. From the sources provided
by such packages.
It is just for x86_64 though. The file patched is in that directory.
The author is still working on the issue. I've attached another ammended patch
to help fix the issue.
Created attachment 128037 [details]
Ammended patch for CVE-2006-0741
This patch goes with the last patch. We can build a single patch when
*** This bug has been marked as a duplicate of 200034 ***