oss-security - Re: CVE request - kernel: thp: prevent hugepages during args/env copying into the user stack

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Thu, 17 Feb 2011 15:34:55 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request - kernel: thp: prevent hugepages
 during args/env copying into the user stack

Please use CVE-2011-0999.

Thanks.

-- 
    JB

----- Original Message -----
> "Transparent hugepages can only be created if rmap is fully
> functional.
> A specially crafted binary could allow the user stack to grow huge and
> backed by hugepages without this patch while is_vma_temporary_stack()
> is
> true.
> 
> This also optmizes away some harmless but unnecessary setting of
> khugepaged_scan.address and it switches some BUG_ON to VM_BUG_ON."
> 
> mm/huge_memory.c - introduced in 71e3aac0 (v2.6.38-rc1)
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=678209
> http://git.kernel.org/linus/a7d6e4ecdb7648478ddec76d30d87d03d6e22b31
> 
> Thanks, Eugene

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.