Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel

[Greg KH <greg () kroah com>]

On Fri, Jan 20, 2017 at 01:41:52PM +1100, Harshula wrote:
> Hi Folks,
>
> Red Hat Product Security has been notified of a kernel vulnerability
> that a local attacker can exploit to crash/panic the kernel and cause a
> denial of service.
>
> This was reported to Red Hat by Jesse Hertz (CC'd) (reproducer:
> rt411016):
>
> "A process that is in the same process group as the ``init'' process
> (group id zero) can crash the Linux 2 kernel with several system calls
> by passing in a process ID or process group ID of zero. The value zero
> is a special value that indicates the current process ID or process
> group. However, in this case it is also the process group ID of the
> process."
>
> I've been testing whether RHEL is vulnerable and found the following:
>
> * Upstream/mainline is not vulnerable

Is this true for the mainline kernel tree that RHEL 6 was based on?

> * RHEL 7 is not vulnerable
> * RHEL 6 is vulnerable
> * RHEL 5 is partially vulnerable

So this is only due to a specific set of patches that were added to RHEL
6 and RHEL 5 yet never made it upstream?  I ask as we want to make sure
some of the older LTS mainline kernels might be affected and it would be
good to ensure they are not.

thanks,

greg k-h