Bug 1290642 (CVE-2015-8785) - CVE-2015-8785 kernel: fuse: possible denial of service in fuse_fill_write_pages()
Summary: CVE-2015-8785 kernel: fuse: possible denial of service in fuse_fill_write_pag...
Alias: CVE-2015-8785
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1291129
Blocks: 1271601
TreeView+ depends on / blocked
Reported: 2015-12-11 02:03 UTC by Wade Mealing
Modified: 2021-02-17 04:37 UTC (History)
33 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
An infinite-loop flaw was found in the kernel. When a local user calls the sys_writev syscall with a specially crafted sequence of iov structs, the fuse_fill_write_pages kernel function might never terminate, instead continuing in a tight loop. This process cannot be terminated and requires a reboot.
Clone Of:
Last Closed: 2016-05-24 07:23:34 UTC

Attachments (Terms of Use)

Description Wade Mealing 2015-12-11 02:03:32 UTC
A patch was posted to fix an issue regarding unkillable task eating CPU.

The problem is in the fuse_fill_write_pages() function.  When a user
calls the sys_writev syscall with specially crafted sequence of iovs
the kernel function may never terminate and continue in a tight loop,
the process is unable to be killed.

Introduced in commit ea9b9907b82a09bd1a708004454f7065de77c5b0
Fixed in commit 3ca8138f014a913f98e6ef40e939868e1e9ea876

Upstream patch:

Comment 7 Wade Mealing 2015-12-17 01:11:42 UTC

This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6 and 7 and does not plan to be fixed in future updates.

Note You need to log in before you can comment on or make changes to this bug.