Re: CVE request: kernel: mm: avoid wrapping vm_pgoff in mremap() and stack expansions

[Eugene Teo <eteo () redhat com>]

On 06/25/2011 04:19 AM, Petr Matousek wrote:
> Description of the problem:
> The normal mmap paths all avoid creating a mapping where the pgoff
> inside the mapping could wrap around due to overflow.  However, an
> expanding mremap() can take such a non-wrapping mapping and make it
> bigger and cause a wrapping condition. There is also another case
> where we expand mappings hiding in plain sight: the automatic stack
> expansion.
>
> The wrapping condition can cause a BUG_ON() due to terminally
> confusing the vma_prio_tree code.

Please use CVE-2011-2496.

Eugene