oss-sec mailing list archives
Re: CVE request - Linux kernel - perf on ppp64 - unbounded checks in perf_callchain_user_64 denial of service.
From: cve-assign () mitre org
Date: Thu, 20 Aug 2015 12:23:51 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
A malicious user could create a special stack layout that fools the perf_callchain_user_64 function (called by perf record) into an infinite loop, tying up that particular CPU and the process can not be killed. A kernel patch was committed upstream capping the maximum user-level stacktrace collected by perf to PERF_MAX_STACK_DEPTH on 64bit powerpc architectures. https://bugzilla.redhat.com/show_bug.cgi?id=1218454 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a5cbce421a283e6aea3c4007f141735bf9da8c3
We cap 32bit userspace backtraces to PERF_MAX_STACK_DEPTH (currently 127), but we forgot to do the same for 64bit backtraces.
Use CVE-2015-6526. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJV1f6MAAoJEL54rhJi8gl5KroP/0uXkRzhODlvbLPJsU0xNmhc RR/C+5ugnZsrjC3H0RHKe7C7msCcFoGtXG+UKArCsLgN/ub+lcwf7p5tMcGr57h8 F3uEGMa+BAvb+A8Y2mnRVfLzZ5PS94qklRngZDsJdO3NfY/R0W0oJT5FTjX74+MJ yvGz2xikpeE5sgfnPtMNBwCfSyICfsNCUnwqYjp9tdN4E+RKuNXSlf9vsUeMHdj9 M0/oHuC7y6e+EiNestFPpPNwjKypvKnvCqZIFR43ty558GxRNWQZEmNlaPMZfZ8o OgKEwcHUpk96567Jyld9k3l9BR3wEggAR3ayoHSAvNkck2Y2NTt80y33uTdHhm9V 9tVY6hSEUMt7xUoU1ePN1cZMvledTM3z450vkPnAdMUt0MilUBL46+dHULEo7qAE vq/tWtO8d4kC84rOggfgcJK4np/qf8ffTSJITpv4YnHy00bFTIhRCPcLGPfDgqNv Lelaz5G24nUIFKIzSzDns4E4JClr6xRq4tzIUziAVvg4TAeYZgXfJjCk95xaFk7F NLUCFYCpg0nc0zIPdt4fBAhuiUHhxhOVENeVKAxLAKRoHGHCt2uIN+pdGJerK5R/ vo/HA/CFuos7qojBgnuvAmeCHGGcfMLXHiGcS8TaDwqQvRyTNCZ9UpH6I/MfVjun QA2LWaIGj3s4a6xMmQiX =CCb4 -----END PGP SIGNATURE-----
Current thread:
- CVE request - Linux kernel - perf on ppp64 - unbounded checks in perf_callchain_user_64 denial of service. Wade Mealing (Aug 17)
- Re: CVE request - Linux kernel - perf on ppp64 - unbounded checks in perf_callchain_user_64 denial of service. cve-assign (Aug 20)