Bug#303140: CAN-2005-0937: DoS in futex handling
tag 303140 +pending
thanks
On Mon, Apr 04, 2005 at 11:51:28PM +0200, Moritz Muehlenhoff wrote:
> Package: kernel-source-2.6.8
> Version: 2.6.8-15
> Severity: important
> Tags: security
>
> Hi,
> CAN-2005-0937 describes the following Denial-of-Service vulnerability:
>
> Some futex functions in futex.c for Linux kernel 2.6.x perform get_user
> calls while holding the mmap_sem semaphore, which could allow local
> users to cause a deadlock condition in do_page_fault by triggering
> get_user faults while another thread is executing mmap or other functions.
>
> Patch is available at:
> http://linux.bkbits.net:8080/linux-2.6/cset@421cfc11zFsK9gxvSJ2t__FCmuUd3Q
Thanks, I have added this into SVN for 2.6.8.
2.6.11 appears to already have the patch from upstream.
And futexes aren't in 2.4.27.
--
Horms
Reply to: