[Bug 8662] [warty] CAN-2005-0937: DoS in futex handling
bugzilla-daemon at bugzilla.ubuntu.com
bugzilla-daemon at bugzilla.ubuntu.com
Tue Apr 5 09:15:56 UTC 2005
Please do not reply to this email. You can add comments at
http://bugzilla.ubuntu.com/show_bug.cgi?id=8662
Ubuntu | linux
------- Additional Comments From debzilla at ubuntu.com 2005-04-05 10:15 UTC -------
Message-ID: <20050405081649.GF31640 at verge.net.au>
Date: Tue, 5 Apr 2005 17:16:51 +0900
From: Horms <horms at debian.org>
To: Moritz Muehlenhoff <jmm at inutil.org>, 303140 at bugs.debian.org
Cc: control at bugs.debian.org
Subject: Re: Bug#303140: CAN-2005-0937: DoS in futex handling
tag 303140 +pending
thanks
On Mon, Apr 04, 2005 at 11:51:28PM +0200, Moritz Muehlenhoff wrote:
> Package: kernel-source-2.6.8
> Version: 2.6.8-15
> Severity: important
> Tags: security
>
> Hi,
> CAN-2005-0937 describes the following Denial-of-Service vulnerability:
>
> Some futex functions in futex.c for Linux kernel 2.6.x perform get_user
> calls while holding the mmap_sem semaphore, which could allow local
> users to cause a deadlock condition in do_page_fault by triggering
> get_user faults while another thread is executing mmap or other functions.
>
> Patch is available at:
> http://linux.bkbits.net:8080/linux-2.6/cset@421cfc11zFsK9gxvSJ2t__FCmuUd3Q
Thanks, I have added this into SVN for 2.6.8.
2.6.11 appears to already have the patch from upstream.
And futexes aren't in 2.4.27.
--
Horms
--
Configure bugmail: http://bugzilla.ubuntu.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the kernel-bugs
mailing list