A flaw was found in the way reference counting was handled in the Linux kernel's VFS subsystem when unmount on symlink was performed. On Red Hat Enterprise Linux 6 an unprivileged local user could use this flaw to cause OOM conditions leading to denial of service or, potentially, trigger use-after-free error. On Red Hat Enterprise Linux 7 a privileged local user with CAP_SYS_ADMIN capability (also in a container) could use this flaw to cause OOM conditions leading to denial of service or, potentially, trigger use-after-free error. Acknowledgements: Red Hat would like to thank Vasily Averin of Parallels for reporting this issue.
Statement: This issue does not affect Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. Future Linux kernel updates for Red Hat Enterprise Linux 6 and 7 may address this issue.
Proposed upstream patch: https://lkml.org/lkml/2014/7/21/98
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1122482]
CVE-2014-5045 was assigned for this issue
IssueDescription: A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2014:1392 https://rhn.redhat.com/errata/RHSA-2014-1392.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1971 https://rhn.redhat.com/errata/RHSA-2014-1971.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 EUS - Server and Compute Node Only Via RHSA-2015:0062 https://rhn.redhat.com/errata/RHSA-2015-0062.html