[kernel-sec-discuss] r3448 - active

Ben Hutchings benh at moszumanska.debian.org
Sun Jul 20 21:46:44 UTC 2014


Author: benh
Date: 2014-07-20 21:46:44 +0000 (Sun, 20 Jul 2014)
New Revision: 3448

Modified:
   active/CVE-2014-4171
Log:
Update status of fixes for CVE-2014-4171

Modified: active/CVE-2014-4171
===================================================================
--- active/CVE-2014-4171	2014-07-20 21:46:29 UTC (rev 3447)
+++ active/CVE-2014-4171	2014-07-20 21:46:44 UTC (rev 3448)
@@ -1,11 +1,13 @@
 Description: shmem reader can block hole punch indefinitely
 References:
 Notes:
- bwh> shmem supports MADV_REMOVE since 2.6.16 but FALLOC_FL_PUNCH_HOLE
- bwh> was only added in 3.5.  I'm not sure whether this is exploitable
- bwh> before 3.5; in any case the fix looks difficult to backport.
  jmm> Initial patch (f00cdc6df7d7cfcabb5b740911e6788cb0802bdb) was wrong:
  jmm> https://lkml.org/lkml/2014/7/2/518
+ bwh> Additional fixes required on top of that initial patch are
+ bwh> "shmem: fix faulting into a hole, not taking i_mutex" and
+ bwh> "shmem: fix splicing from a hole while it's punched", neither of
+ bwh> which has been applied by Linus yet.  Hugh says Linux 3.1+ need
+ bwh> these fixes but it's not known whether earlier versions do.
 Bugs:
 upstream: needed
 2.6.32-upstream-stable: N/A "Vulnerable code introduced later"




More information about the kernel-sec-discuss mailing list