473259 – (CVE-2008-5300) CVE-2008-5300 kernel: fix soft lockups/OOM issues with unix socket garbage collector

Bug 473259 (CVE-2008-5300) - CVE-2008-5300 kernel: fix soft lockups/OOM issues with unix socket garbage collector

Summary: CVE-2008-5300 kernel: fix soft lockups/OOM issues with unix socket garbage co...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2008-5300
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	CVE-2008-5029 473263 473264 473265 473266 473267 473268 473269 473270
Blocks:
TreeView+	depends on / blocked

Reported:	2008-11-27 12:55 UTC by Eugene Teo (Security Response)
Modified:	2019-09-29 12:27 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-09-30 21:07:35 UTC
Embargoed:

Attachments	(Terms of Use)
Proposed patch for real-time kernel (2.49 KB, patch) 2008-11-27 12:58 UTC, Eugene Teo (Security Response)	no flags	Details \| Diff
Upstream patch (3.21 KB, patch) 2008-12-03 05:55 UTC, Eugene Teo (Security Response)	no flags	Details \| Diff
Upstream kernel 2.4 patch (3.63 KB, patch) 2009-04-14 02:40 UTC, Eugene Teo (Security Response)	no flags	Details \| Diff
View All

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2009:0014	normal	SHIPPED_LIVE	Important: kernel security and bug fix update	2009-01-14 18:05:34 UTC
Red Hat Product Errata	RHSA-2009:0021	normal	SHIPPED_LIVE	Important: kernel security update	2009-02-25 01:04:12 UTC
Red Hat Product Errata	RHSA-2009:0053	normal	SHIPPED_LIVE	Important: kernel-rt security and bug fix update	2009-02-04 15:05:12 UTC
Red Hat Product Errata	RHSA-2009:1550	normal	SHIPPED_LIVE	Important: kernel security and bug fix update	2009-11-03 21:59:47 UTC

Description Eugene Teo (Security Response) 2008-11-27 12:55:25 UTC

Reported and fixed by Dann Frazier <dannf>:
This is an implementation of David Miller's suggested fix in:
  https://bugzilla.redhat.com/show_bug.cgi?id=470201

Paraphrasing the description from the above report, it makes sendmsg() block while UNIX garbage collection is in progress. This avoids a situation where child processes continue to queue new FDs over a AF_UNIX socket to a parent which is in the exit path and running garbage collection on these FDs. This contention can result in soft lockups and oom-killing of unrelated processes.

This bug was triggerable after fixing CVE-2008-5029. From Dave Miller, "It's a different bug, but triggerable by the same test program."

Reproducers:
https://bugzilla.redhat.com/show_bug.cgi?id=470201#c1
https://bugzilla.redhat.com/show_bug.cgi?id=470201#c7

Comment 1 Eugene Teo (Security Response) 2008-11-27 12:56:16 UTC

Patch for this bug: http://marc.info/?l=linux-netdev&m=122771908731133&w=2

Comment 2 Eugene Teo (Security Response) 2008-11-27 12:58:57 UTC

Created attachment 324874 [details]
Proposed patch for real-time kernel

This patch is to be applied on top of the CVE-2008-5029 fixes. I have tested it with unix.c in a tight loop, and I did not encounter any soft lock-ups or oom-killer problems. Kindly review/test.

Comment 4 Eugene Teo (Security Response) 2008-12-03 05:52:02 UTC

Upstream patch:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5f23b734963ec7eaa3ebcd9050da0c9b7d143dd3

Comment 5 Eugene Teo (Security Response) 2008-12-03 05:55:27 UTC

Created attachment 325484 [details]
Upstream patch

Comment 6 Fedora Update System 2008-12-17 16:21:17 UTC

kernel-2.6.27.9-159.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/kernel-2.6.27.9-159.fc10

Comment 7 Fedora Update System 2008-12-17 16:22:19 UTC

kernel-2.6.27.9-73.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/kernel-2.6.27.9-73.fc9

Comment 8 Fedora Update System 2008-12-24 18:45:26 UTC

kernel-2.6.27.9-159.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2008-12-24 18:47:43 UTC

kernel-2.6.27.9-73.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2009-01-07 09:17:41 UTC

kernel-2.6.26.8-57.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Mark J. Cox 2009-01-26 15:20:38 UTC

Note that for Red Hat Enterprise Linux 5, the patch for CVE-2008-5029 included the fix for this issue.  I've updated RHSA-2009:0225 to show that CVE-2008-5300 was addressed.

Comment 13 Eugene Teo (Security Response) 2009-04-14 02:40:09 UTC

Created attachment 339407 [details]
Upstream kernel 2.4 patch

Comment 15 errata-xmlrpc 2009-11-03 22:00:22 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 3

Via RHSA-2009:1550 https://rhn.redhat.com/errata/RHSA-2009-1550.html

Note You need to log in before you can comment on or make changes to this bug.