1083270 – (CVE-2013-7348) CVE-2013-7348 kernel: aio: double free in ioctx_alloc

Bug 1083270 (CVE-2013-7348) - CVE-2013-7348 kernel: aio: double free in ioctx_alloc

Summary: CVE-2013-7348 kernel: aio: double free in ioctx_alloc

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2013-7348
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1083271
Blocks:	1083273
TreeView+	depends on / blocked

Reported:	2014-04-01 19:21 UTC by Petr Matousek
Modified:	2021-02-17 06:42 UTC (History)
CC List:	31 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-04-01 19:22:25 UTC
Embargoed:

Attachments	(Terms of Use)

Description Petr Matousek 2014-04-01 19:21:19 UTC

ioctx_alloc() calls aio_setup_ring() to allocate a ring. If aio_setup_ring() fails to do so it would call aio_free_ring() before returning, but ioctx_alloc() would call aio_free_ring() again causing a double free of the ring. 

Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d558023207e008a4476a3b7bb8706b2a2bf5d84f

References:
http://seclists.org/oss-sec/2014/q1/711

Comment 1 Petr Matousek 2014-04-01 19:22:25 UTC

Statement:

Not vulnerable.

This issued does not affect Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.

Comment 2 Petr Matousek 2014-04-01 19:22:59 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1083271]

Note You need to log in before you can comment on or make changes to this bug.

agordeev
anton
aquini
bhu
davej
dhoward
esammons
fhrbata
gansalmon
iboverma
itamar
jforbes
jkacur
jkurik
jonathan
jross
jwboyer
kernel-maint
kernel-mgr
lgoncalv
lwang
madhu.chinakonda
matt
mchehab
mcressma
npajkovs
pholasek
plougher
rt-maint
rvrbovsk
williams