Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 624604 - Backport official CVE-2010-2240 fixes
Backport official CVE-2010-2240 fixes
Status: CLOSED ERRATA
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: realtime-kernel (Show other bugs)
1.2
All Linux
high Severity high
: ---
: ---
Assigned To: Luis Claudio R. Goncalves
David Sommerseth
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-08-17 04:22 EDT by Eugene Teo (Security Response)
Modified: 2016-05-22 19:30 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
The RHSA-2010:0631 kernel-rt update resolved an issue (CVE-2010-2240) where, when an application has a stack overflow, the stack could silently overwrite another memory mapped area instead of a segmentation fault occurring. This update implements the official upstream fixes for that issue. Note: This is not a security regression. The original fix was complete.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-10-07 22:12:56 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0758 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2010-10-07 22:12:02 EDT

  None (edit)
Description Eugene Teo (Security Response) 2010-08-17 04:22:12 EDT 
Description of problem:
I filed this bug to make sure we revert the unofficial heap-stack patch and backport the upstream CVE-2010-2240 fixes. This is not a regression.

See https://bugzilla.redhat.com/show_bug.cgi?id=606611#c31
Comment 2 Eugene Teo (Security Response) 2010-09-06 04:25:44 EDT 
- mm: make stack guard page logic use vm_prev pointer
  0e8e50e20c837eeec8323bba7dcd25fe5479194c
- mm: make the mlock() stack guard page checks stricter
  7798330ac8114c731cfab83e634c6ecedaa233d7
- guard page for stacks that grow upwards
  8ca3eb08097f6839b2206e2242db4179aee3cfb3
- mm: fix up some user-visible effects of the stack guard page
  d7824370e26325c881b665350ce64fb0a4fde24a
- mm: fix page table unmap for stack guard page properly
  11ac552477e32835cb6970bf0a70c210807f5673
- mm: fix missing page table unmap for stack guard page failure case
  5528f9132cf65d4d892bcbc5684c61e7822b21e9
- mm: keep a guard page below a grow-down stack segment
  320b2b8de12698082609ebbc1a17165727f4c893
- x86: don't send SIGBUS for kernel page faults
  96054569190bdec375fe824e48ca1f4e3b53dd36
Comment 6 David Sommerseth 2010-09-30 13:25:25 EDT 
Reviewed by code review.  The following 8 patches was found applied to kernel-rt-2.6.24.7-166.src.rpm

bz607853-CVE-2010-2240-000-mm-pass-correct-mm-when-growing-stack.patch
bz607853-CVE-2010-2240-001-mm-keep-a-guard-page-below-a-grow-down-stack-segment.patch
bz607853-CVE-2010-2240-002-mm-fix-missing-page-table-unmap-for-stack-guard-page-failure-case.patch
bz607853-CVE-2010-2240-003-mm-fix-page-table-unmap-for-stack-guard-page-properly.patch
bz607853-CVE-2010-2240-004-mm-fix-user-visible-effects-of-the-stack-guard-page.patch
bz607853-CVE-2010-2240-005-mm-make-the-vma-list-be-doubly-linked.patch
bz607853-CVE-2010-2240-006-mm-make-the-mlock-stack-guard-page-checks-stricter.patch
bz607853-CVE-2010-2240-007-mm-make-stack-guard-page-logic-use-vm_prev-pointer.patch

Verified that we have no regressions against 2.6.24.7-161 by running the reproducers available.
Comment 8 errata-xmlrpc 2010-10-07 22:12:56 EDT 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2010-0758.html
Comment 9 Florian Nadge 2010-10-18 12:41:11 EDT 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
The RHSA-2010:0631 kernel-rt update resolved an issue (CVE-2010-2240) where, when an application has a stack overflow, the stack could silently overwrite another memory mapped area instead of a segmentation fault occurring. This update implements the official upstream fixes for that issue. Note: This is not a security regression. The original fix was complete.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.