Re: CVE Request -- kernel: huge pages: memory leak on mmap failure

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/23/2012 04:35 AM, Petr Matousek wrote:
> Description of problem: When called for anonymous (non-shared)
> mappings, hugetlb_reserve_pages() does a resv_map_alloc(). It
> depends on code in hugetlbfs's vm_ops->close() to release that
> allocation.
>
> However, in the mmap() failure path, we do a plain unmap_region() 
> without the remove_vma() which actually calls vm_ops->close().
>
> An unprivileged local user could use this flaw to crash the
> system.
>
> References: https://bugzilla.redhat.com/show_bug.cgi?id=824345 
> http://www.spinics.net/lists/linux-mm/msg34763.html
>
> Proposed upstream fix: https://lkml.org/lkml/2012/5/21/385
>
> Thanks,

Please use CVE-2012-2390 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPvSZcAAoJEBYNRVNeJnmTr8oQANqp/NZct0rBOM4TjvWZZGNy
htHC5hF9dBCkSLV1Kvn97kmLjFJkyV3Uk733/JF3nPHdQGY5C1toUTT0XFC0tvMU
Pq1y2o6feaxn65pQW6vu4b2a7HJrOw2LNw6/SFNIG6oSg3uomhhhMUi2cNZ8gB5S
R3qy56sdmhzKkeTon20ql9ZNHORYH5n9Ig6zliqqjJa217H2kz6JQRItFvNS2hp8
bEFLx8JAVdBVILgPSQ9cIrA7G2rNn2DpisW7++2J0JDMYTqHmDcAN4ZEiXvcd7ZO
0hHTsR8Qx1rey0EjPL+40tG6h7B5e96B8Waj0ZEfuL4/XK1CWcp+VlA61WRrRNvM
D2OeUzDKMCDqkyP4ZHCS/5Pr+OTuU2bm8jkDETn1lomIh64mFRlpJbD6riRZrCV3
z3MQPT817gELvKYPEtmtGfI+SAgoTCh5ky7j0O8YzkXZHqWzux5qcx6RN+dewFsd
NMm7tbDrep+nKbnqKDdWautDPch90I0lxBq82XnPVdUq2u+XEP7pgJUbp9iHWw17
6zDWNh0X4P//qfXTTZVLxBds4Xj6McvQs8M9NdubG8ZFKaOFtV22uff0PWZO3mbi
3qlEXElSrBx/h91RfC3qgcgGse9jwpGdWzQGUrqgZPV9lQJr1Je3KvHIPYgObJOd
BTvTwY/Y/lYD/2bmuh/9
=BPUl
-----END PGP SIGNATURE-----