Bug 678209 - (CVE-2011-0999) CVE-2011-0999 kernel: thp: prevent hugepages during args/env copying into the user stack
CVE-2011-0999 kernel: thp: prevent hugepages during args/env copying into the...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
public=20110215,reported=20110217,sou...
: Security
Depends On: 674147 678212 678213
Blocks:
  Show dependency treegraph
 
Reported: 2011-02-17 01:44 EST by Eugene Teo (Security Response)
Modified: 2015-07-29 13:47 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-07-29 09:53:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Eugene Teo (Security Response) 2011-02-17 01:44:34 EST
Transparent hugepages can only be created if rmap is fully functional. A specially crafted binary could allow the user stack to grow huge and backed by hugepages without this patch while is_vma_temporary_stack() is true.

This also optmizes away some harmless but unnecessary setting of khugepaged_scan.address and it switches some BUG_ON to VM_BUG_ON.
Comment 2 Eugene Teo (Security Response) 2011-02-17 01:48:31 EST
Upstream commit:
http://git.kernel.org/linus/a7d6e4ecdb7648478ddec76d30d87d03d6e22b31
Comment 5 errata-xmlrpc 2011-05-19 07:58:39 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0542 https://rhn.redhat.com/errata/RHSA-2011-0542.html
Comment 7 errata-xmlrpc 2011-06-21 19:53:09 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6.0.Z - Server Only

Via RHSA-2011:0883 https://rhn.redhat.com/errata/RHSA-2011-0883.html
Comment 8 Eugene Teo (Security Response) 2011-06-28 21:41:14 EDT
Statement:

This issue only affects Red Hat Enterprise Linux 6. The version of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not include upstream commit 71e3aac0 that introduced the problem. We have addressed this in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-0542.html.

Note You need to log in before you can comment on or make changes to this bug.