454237 – (CVE-2008-2944) CVE-2008-2944 crash - mmput()/unmap_vmas() - gdb testsuite

Bug 454237 (CVE-2008-2944) - CVE-2008-2944 crash - mmput()/unmap_vmas() - gdb testsuite

Summary: CVE-2008-2944 crash - mmput()/unmap_vmas() - gdb testsuite

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2008-2944
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	207002 209118
Blocks:
TreeView+	depends on / blocked

Reported:	2008-07-07 05:42 UTC by Eugene Teo (Security Response)
Modified:	2019-09-29 12:25 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2010-12-24 01:25:29 UTC
Embargoed:

Attachments	(Terms of Use)

Description Eugene Teo (Security Response) 2008-07-07 05:42:11 UTC

Description of problem:
Running gdb testsuite crashes the machine. Only with kernel patched by the
attached patch, though - so feel free to ignore this bugreport.
I believe the patch is innocent and just enables the full functionality of
ptrace/utrace Linux kernel debugging for gdb. The attached patch should be
obsoleted/contained in kernel-2.6.17-1.2633 as announced in Bug 205179.

Version-Release number of selected component (if applicable):
kernel-2.6.17-1.2630_jkratoch0.ia64
gdb-6.5-7.src

How reproducible:
It crashed 3 times - each time I tried it.

Steps to Reproduce:
1. Install gdb-6.5-7.src.rpm
2. (possibly not needed) patch gdb.spec
<http://cvs.jankratochvil.net/viewcvs/nethome/src/gdb.spec-debug.patch?rev=HEAD
3. rpmbuild -bc gdb.spec
4. cd gdb-6.5/gdb/testsuite
5. make check

Actual results:
Kernel crash.

Expected results:
No kernel crash, just userland testsuite PASSes/FAILs.

Additional info:
It was crashing while executing "gdb.base/checkpoint.exp".
Removing "gdb.base/checkpoint.exp" testcase made the testsuite non-crashing.
Running just specifically "gdb.base/checkpoint.exp" did not crash it, though.

-- Additional comment from jkratoch on 2006-09-18 14:00 EST --
Created an attachment (id=136560) [edit]
oops log - Unable to handle kernel paging request at virtual address
6b6b6b6b6b6b6b6b


-- Additional comment from jkratoch on 2006-09-18 14:01 EST --
Created an attachment (id=136561) [edit]
Enable full debugging, should be obsoleted by Bug 205179


-- Additional comment from jkratoch on 2006-09-26 07:02 EST --
Crash again during gdb testsuite:
  Running ../.././gdb/testsuite/gdb.base/checkpoint.exp ...
occured for me today again - but on x86_64. So it is not architecture specific.
I do not have the crash dump, though.


-- Additional comment from jkratoch on 2006-09-26 07:04 EST --
BTW this time it was stock RawHide: kernel-2.6.18-1.2689.fc6.x86_64


-- Additional comment from jkratoch on 2006-09-27 11:59 EST --
And so far it appears to me the crash is on gdb/testsuite/gdb.base/chng-syms.exp
- recompiling of the executable binary while it is still running (and being
debugged by gdb).

Note You need to log in before you can comment on or make changes to this bug.