Bug 582076 - (CVE-2010-1162) CVE-2010-1162 kernel: tty: release_one_tty() forgets to put pids
CVE-2010-1162 kernel: tty: release_one_tty() forgets to put pids
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 579408 582077 582444
  Show dependency treegraph
Reported: 2010-04-13 22:55 EDT by Eugene Teo (Security Response)
Modified: 2016-03-29 06:15 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-03-29 06:15:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Eugene Teo (Security Response) 2010-04-13 22:55:34 EDT
Description of problem:
release_one_tty(tty) can be called when tty still has a reference to pgrp/session. In this case we leak the pid.

Upstream commit:
Comment 6 Eugene Teo (Security Response) 2010-04-14 20:41:20 EDT
pgrp member in struct tty_struct was converted to struct pid in commit ab521dc0, so kernels of version v2.6.21-rc1 and above are affected by this. mrg-1 backported this patch.


This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5 as they did not include upstream commit ab521dc0 that introduced the problem. This issue was addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0631.html.
Comment 8 errata-xmlrpc 2010-08-17 11:54:25 EDT
This issue has been addressed in following products:

  MRG for RHEL-5

Via RHSA-2010:0631 https://rhn.redhat.com/errata/RHSA-2010-0631.html
Comment 9 Mike McCune 2016-03-28 19:33:48 EDT
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions

Note You need to log in before you can comment on or make changes to this bug.