Bug 1447676 (CVE-2015-9004) - CVE-2015-9004 kernel: Allows creating groups that can't be co-scheduled
Summary: CVE-2015-9004 kernel: Allows creating groups that can't be co-scheduled
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2015-9004
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1209607 1265262
Blocks: 1447678
TreeView+ depends on / blocked
 
Reported: 2017-05-03 13:13 UTC by Andrej Nemec
Modified: 2021-02-17 02:11 UTC (History)
34 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
It was found that kernel/events/core.c in the Linux kernel mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.
Clone Of:
Environment:
Last Closed: 2017-06-01 13:19:47 UTC


Attachments (Terms of Use)

Description Andrej Nemec 2017-05-03 13:13:27 UTC
kernel/events/core.c in the Linux kernel mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c3c87e770458aa004bd7ed3f29945ff436fd6511

References:

https://source.android.com/security/bulletin/2017-05-01#eop-in-kernel-performance-subsystem

Comment 3 Vladis Dronov 2017-06-01 13:19:47 UTC
Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in this product.

This issue does not affect the versions of the Linux kernel as shipped with
Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 as the fix for this flaw is already present in the products listed.


Note You need to log in before you can comment on or make changes to this bug.