oss-sec mailing list archives
CVE Request -- kernel: epoll: can leak file descriptors when returning -ELOOP
From: Petr Matousek <pmatouse () redhat com>
Date: Wed, 4 Jul 2012 09:19:50 +0200
An epoll_ctl(,EPOLL_CTL_ADD,,) operation can return '-ELOOP' to prevent circular epoll dependencies from being created. However, in that case we do not properly clear the 'tfile_check_list'. An unprivileged local user could use this flaw to crash the system. Regression introduced via 28d82dc1c4edbc352129f97f4ca22624d1fe61de commit. Upstream fix: 13d518074a952d33d47c428419693f63389547e9 References: https://lkml.org/lkml/2012/3/27/65 https://lkml.org/lkml/2012/4/17/247 https://bugzilla.redhat.com/show_bug.cgi?id=837502 Thanks, -- Petr Matousek / Red Hat Security Response Team
Current thread:
- CVE Request -- kernel: epoll: can leak file descriptors when returning -ELOOP Petr Matousek (Jul 04)
- Re: CVE Request -- kernel: epoll: can leak file descriptors when returning -ELOOP Kurt Seifried (Jul 04)