[kernel-sec-discuss] r3448 - active
Ben Hutchings
benh at moszumanska.debian.org
Sun Jul 20 21:46:44 UTC 2014
Author: benh
Date: 2014-07-20 21:46:44 +0000 (Sun, 20 Jul 2014)
New Revision: 3448
Modified:
active/CVE-2014-4171
Log:
Update status of fixes for CVE-2014-4171
Modified: active/CVE-2014-4171
===================================================================
--- active/CVE-2014-4171 2014-07-20 21:46:29 UTC (rev 3447)
+++ active/CVE-2014-4171 2014-07-20 21:46:44 UTC (rev 3448)
@@ -1,11 +1,13 @@
Description: shmem reader can block hole punch indefinitely
References:
Notes:
- bwh> shmem supports MADV_REMOVE since 2.6.16 but FALLOC_FL_PUNCH_HOLE
- bwh> was only added in 3.5. I'm not sure whether this is exploitable
- bwh> before 3.5; in any case the fix looks difficult to backport.
jmm> Initial patch (f00cdc6df7d7cfcabb5b740911e6788cb0802bdb) was wrong:
jmm> https://lkml.org/lkml/2014/7/2/518
+ bwh> Additional fixes required on top of that initial patch are
+ bwh> "shmem: fix faulting into a hole, not taking i_mutex" and
+ bwh> "shmem: fix splicing from a hole while it's punched", neither of
+ bwh> which has been applied by Linus yet. Hugh says Linux 3.1+ need
+ bwh> these fixes but it's not known whether earlier versions do.
Bugs:
upstream: needed
2.6.32-upstream-stable: N/A "Vulnerable code introduced later"
More information about the kernel-sec-discuss
mailing list