Bug 473259 (CVE-2008-5300) - CVE-2008-5300 kernel: fix soft lockups/OOM issues with unix socket garbage collector
Summary: CVE-2008-5300 kernel: fix soft lockups/OOM issues with unix socket garbage co...
Status: CLOSED ERRATA
Alias: CVE-2008-5300
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,source=lkml,public=2...
Keywords: Security
Depends On: CVE-2008-5029 473263 473264 473265 473266 473267 473268 473269 473270
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-11-27 12:55 UTC by Eugene Teo (Security Response)
Modified: 2019-06-08 12:38 UTC (History)
12 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2011-09-30 21:07:35 UTC


Attachments (Terms of Use)
Proposed patch for real-time kernel (2.49 KB, patch)
2008-11-27 12:58 UTC, Eugene Teo (Security Response)
no flags Details | Diff
Upstream patch (3.21 KB, patch)
2008-12-03 05:55 UTC, Eugene Teo (Security Response)
no flags Details | Diff
Upstream kernel 2.4 patch (3.63 KB, patch)
2009-04-14 02:40 UTC, Eugene Teo (Security Response)
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:0014 normal SHIPPED_LIVE Important: kernel security and bug fix update 2009-01-14 18:05:34 UTC
Red Hat Product Errata RHSA-2009:0021 normal SHIPPED_LIVE Important: kernel security update 2009-02-25 01:04:12 UTC
Red Hat Product Errata RHSA-2009:0053 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2009-02-04 15:05:12 UTC
Red Hat Product Errata RHSA-2009:1550 normal SHIPPED_LIVE Important: kernel security and bug fix update 2009-11-03 21:59:47 UTC

Description Eugene Teo (Security Response) 2008-11-27 12:55:25 UTC
Reported and fixed by Dann Frazier <dannf@hp.com>:
This is an implementation of David Miller's suggested fix in:
  https://bugzilla.redhat.com/show_bug.cgi?id=470201

Paraphrasing the description from the above report, it makes sendmsg() block while UNIX garbage collection is in progress. This avoids a situation where child processes continue to queue new FDs over a AF_UNIX socket to a parent which is in the exit path and running garbage collection on these FDs. This contention can result in soft lockups and oom-killing of unrelated processes.

This bug was triggerable after fixing CVE-2008-5029. From Dave Miller, "It's a different bug, but triggerable by the same test program."

Reproducers:
https://bugzilla.redhat.com/show_bug.cgi?id=470201#c1
https://bugzilla.redhat.com/show_bug.cgi?id=470201#c7

Comment 1 Eugene Teo (Security Response) 2008-11-27 12:56:16 UTC
Patch for this bug: http://marc.info/?l=linux-netdev&m=122771908731133&w=2

Comment 2 Eugene Teo (Security Response) 2008-11-27 12:58:57 UTC
Created attachment 324874 [details]
Proposed patch for real-time kernel

This patch is to be applied on top of the CVE-2008-5029 fixes. I have tested it with unix.c in a tight loop, and I did not encounter any soft lock-ups or oom-killer problems. Kindly review/test.

Comment 5 Eugene Teo (Security Response) 2008-12-03 05:55:27 UTC
Created attachment 325484 [details]
Upstream patch

Comment 6 Fedora Update System 2008-12-17 16:21:17 UTC
kernel-2.6.27.9-159.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/kernel-2.6.27.9-159.fc10

Comment 7 Fedora Update System 2008-12-17 16:22:19 UTC
kernel-2.6.27.9-73.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/kernel-2.6.27.9-73.fc9

Comment 8 Fedora Update System 2008-12-24 18:45:26 UTC
kernel-2.6.27.9-159.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2008-12-24 18:47:43 UTC
kernel-2.6.27.9-73.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2009-01-07 09:17:41 UTC
kernel-2.6.26.8-57.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Mark J. Cox 2009-01-26 15:20:38 UTC
Note that for Red Hat Enterprise Linux 5, the patch for CVE-2008-5029 included the fix for this issue.  I've updated RHSA-2009:0225 to show that CVE-2008-5300 was addressed.

Comment 13 Eugene Teo (Security Response) 2009-04-14 02:40:09 UTC
Created attachment 339407 [details]
Upstream kernel 2.4 patch

Comment 15 errata-xmlrpc 2009-11-03 22:00:22 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3

Via RHSA-2009:1550 https://rhn.redhat.com/errata/RHSA-2009-1550.html


Note You need to log in before you can comment on or make changes to this bug.