Re: CVE request: kernel: Unix sockets kernel panic

[Eugene Teo <eteo () redhat com>]

dann frazier wrote:
> On Tue, Nov 11, 2008 at 05:41:44PM +0800, Eugene Teo wrote:
> > Eugene Teo wrote:
> > > We need a CVE name for this issue. This was reported in netdev today.
> > >
> > > "The following code causes a kernel panic on Linux 2.6.26:
> > > http://darkircop.org/unix.c
> > >
> > > I haven't investigated the bug so I'm not sure what is causing it, and
> > > don't know if it's exploitable.  The code passes unix sockets from one
> > > process to another using unix sockets.  The bug probably has to do
> > > with closing file descriptors."
> > >
> > > http://marc.info/?l=linux-netdev&m=122593044330973&w=2
> > > https://bugzilla.redhat.com/show_bug.cgi?id=470201
> > >
> > > There isn't a fix yet. Dave is working on it.
> > There's a fix now.
> >
> > Upstream commits: f8d570a, 3b53fbf, and 6209344.
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=470201#c10
> > https://bugzilla.redhat.com/show_bug.cgi?id=470201#c14
> > https://bugzilla.redhat.com/show_bug.cgi?id=470201#c9
> > https://bugzilla.redhat.com/show_bug.cgi?id=470201#c13
>
> Thanks for following up.
>
> fyi, our testing of this fix has uncovered additional issues.
> Local/unprivileged users can cause soft lockups and take out system
> processes by triggering the OOM killer:
>   http://marc.info/?l=linux-netdev&m=122721862313564&w=2

This additional bug is assigned with CVE-2008-5300.

Thanks, Eugene