Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 01 Apr 2009 12:12:24 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE request: kernel: udp: Wrong locking code in udp seq_file infrastructure

According to the upstream commit 30842f298, reading zero bytes from
/proc/net/udp or other similar files which use the same seq_file udp
infrastructure panics kernel in that way:

=====================================
[ BUG: bad unlock balance detected! ]
-------------------------------------
read/1985 is trying to release lock (&table->hash[i].lock) at:
[<ffffffff81321d83>] udp_seq_stop+0x27/0x29
but there are no more locks to release!
[...]

This bug was introduced and fixed within a short timeframe. It was
introduced in 645ca708 (Follows: v2.6.28-rc2; Precedes: v2.6.29-rc1).

http://git.kernel.org/linus/645ca708f936b2fbeb79e52d7823e3eb2c0905f8
http://git.kernel.org/linus/30842f2989aacfaba3ccb39829b3417be9313dbe

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.