Bug 439999 (CVE-2007-6712) - CVE-2007-6712 kernel: infinite loop in highres timers (kernel hang)
Summary: CVE-2007-6712 kernel: infinite loop in highres timers (kernel hang)
Status: CLOSED ERRATA
Alias: CVE-2007-6712
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: reported=20070316,public=20070316,imp...
Keywords: Security
Depends On: 440001 440002 453136
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-04-01 10:04 UTC by Jan Lieskovsky
Modified: 2019-06-08 12:29 UTC (History)
6 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2010-12-22 23:47:25 UTC


Attachments (Terms of Use)
Testcase to reproduce the kernel hang (3.51 KB, text/x-csrc)
2008-04-01 10:09 UTC, Jan Lieskovsky
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0275 normal SHIPPED_LIVE Important: kernel security and bug fix update 2008-05-20 09:58:29 UTC
Red Hat Product Errata RHSA-2008:0585 normal SHIPPED_LIVE Important: kernel security and bug fix update 2008-08-26 19:56:57 UTC

Description Jan Lieskovsky 2008-04-01 10:04:53 UTC
Description of problem:
=======================

Thomas Glexner has provided patch for the following kernel issue:

hrtimer_forward() does not check for the possible overflow of
timer->expires.  This can happen on 64 bit machines with large interval
values and results currently in an endless loop in the softirq because the
expiry value becomes negative and therefor the timer is expired all the
time.

Check for this condition and set the expiry value to the max.  expiry time
in the future.  The fix should be applied to stable kernel series as well.

Steps to reproduce:  See the next comment for the reproducer.
===================

Actual result:    Kernel hang.
==============

Expected result:  No kernel hang.
================

Solution: 
=========

Proposed patch from Thomas:

http://git.kernel.org/?p=linux/kernel/git/chris/linux-2.6.git;a=commitdiff;h=13788ccc41ceea5893f9c747c59bc0b28f2416c2

Comment 9 Vincent Danen 2010-12-22 23:47:25 UTC
This was addressed via:

Red Hat Enterprise Linux version 5 (RHSA-2008:0275)
MRG Realtime for RHEL 5 Server (RHSA-2008:0585)


Note You need to log in before you can comment on or make changes to this bug.