oss-sec mailing list archives

CVE request - Linux kernel - perf on ppp64 - unbounded checks in perf_callchain_user_64 denial of service.

From: Wade Mealing <wmealing () redhat com>
Date: Tue, 18 Aug 2015 01:38:29 -0400 (EDT)

Gday,

A malicious user could create a special stack layout that fools
the perf_callchain_user_64 function (called by perf record) into 
an infinite loop, tying up that particular CPU and the process 
can not be killed.

A kernel patch was committed upstream capping the maximum user-level
stacktrace collected by perf to PERF_MAX_STACK_DEPTH on 64bit powerpc
architectures. This affects ppc64 kernels that support perf.

Thanks,

Wade Mealing

Upstream fix
------------
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a5cbce421a283e6aea3c4007f141735bf9da8c3

Red Hat Bugzilla:
- https://bugzilla.redhat.com/show_bug.cgi?id=1218454

Current thread:

CVE request - Linux kernel - perf on ppp64 - unbounded checks in perf_callchain_user_64 denial of service. Wade Mealing (Aug 17)
- Re: CVE request - Linux kernel - perf on ppp64 - unbounded checks in perf_callchain_user_64 denial of service. cve-assign (Aug 20)