[kernel-sec-discuss] r1583 - active
Michael Gilbert
gilbert-guest at alioth.debian.org
Mon Nov 9 18:33:20 UTC 2009
Author: gilbert-guest
Date: 2009-11-09 18:33:20 +0000 (Mon, 09 Nov 2009)
New Revision: 1583
Added:
active/CVE-2009-nommu-null-ptrs
Log:
new issue
Added: active/CVE-2009-nommu-null-ptrs
===================================================================
--- active/CVE-2009-nommu-null-ptrs (rev 0)
+++ active/CVE-2009-nommu-null-ptrs 2009-11-09 18:33:20 UTC (rev 1583)
@@ -0,0 +1,24 @@
+Candidate: requested on oss-sec
+Description:
+ Don't pass NULL pointers to fput() in the error handling paths of the
+ NOMMU do_mmap_pgoff() as it can't handle it.
+ .
+ The following can be used as a test program:
+ int main() { static long long a[1024 * 1024 * 20] = { 0 }; return a;}
+ .
+ Without the patch, the code oopses in atomic_long_dec_and_test() as
+ called by fput() after the kernel complains that it can't allocate
+ that big a chunk of memory. With the patch, the kernel just complains
+ about the allocation size and then the program segfaults during execve()
+ as execve() can't complete the allocation of all the new ELF program
+ segments.
+References:
+ http://www.openwall.com/lists/oss-security/2009/11/09/2
+ http://xorl.wordpress.com/2009/11/05/linux-kernel-nommu-fput-null-pointer-dereference/
+Notes:
+Bugs:
+upstream: released (2.6.32-rc6) [89a8640279f8bb78aaf778d1fc5c4a6778f18064]
+linux-2.6: needed
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
More information about the kernel-sec-discuss
mailing list