Bug 678209 (CVE-2011-0999) - CVE-2011-0999 kernel: thp: prevent hugepages during args/env copying into the user stack
Summary: CVE-2011-0999 kernel: thp: prevent hugepages during args/env copying into the...
Status: CLOSED ERRATA
Alias: CVE-2011-0999
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: public=20110215,reported=20110217,sou...
Keywords: Security
Depends On: 674147 678212 678213
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-02-17 06:44 UTC by Eugene Teo (Security Response)
Modified: 2019-06-08 18:45 UTC (History)
8 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2015-07-29 13:53:25 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0542 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 6.1 kernel security, bug fix and enhancement update 2011-05-19 11:58:07 UTC
Red Hat Product Errata RHSA-2011:0883 normal SHIPPED_LIVE Important: kernel security and bug fix update 2011-06-21 23:52:55 UTC

Description Eugene Teo (Security Response) 2011-02-17 06:44:34 UTC
Transparent hugepages can only be created if rmap is fully functional. A specially crafted binary could allow the user stack to grow huge and backed by hugepages without this patch while is_vma_temporary_stack() is true.

This also optmizes away some harmless but unnecessary setting of khugepaged_scan.address and it switches some BUG_ON to VM_BUG_ON.

Comment 2 Eugene Teo (Security Response) 2011-02-17 06:48:31 UTC
Upstream commit:
http://git.kernel.org/linus/a7d6e4ecdb7648478ddec76d30d87d03d6e22b31

Comment 5 errata-xmlrpc 2011-05-19 11:58:39 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0542 https://rhn.redhat.com/errata/RHSA-2011-0542.html

Comment 7 errata-xmlrpc 2011-06-21 23:53:09 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6.0.Z - Server Only

Via RHSA-2011:0883 https://rhn.redhat.com/errata/RHSA-2011-0883.html

Comment 8 Eugene Teo (Security Response) 2011-06-29 01:41:14 UTC
Statement:

This issue only affects Red Hat Enterprise Linux 6. The version of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not include upstream commit 71e3aac0 that introduced the problem. We have addressed this in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-0542.html.


Note You need to log in before you can comment on or make changes to this bug.