[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE request: kernel: splice: fix bad unlock_page() in error case
From: Eugene Teo <eteo () redhat ! com>
Date: 2008-09-16 9:01:03
Message-ID: 48CF75CF.8020404 () redhat ! com
[Download RAW message or body]
Hi Steve,
This bug requires a CVE name. Please allocate one.
This upstream commit addressed a user triggerable DoS:
6a860c979b35469e4d77da781a96bdb2ca05ae64
Summary:
[PATCH] splice: fix bad unlock_page() in error case
If add_to_page_cache_lru() fails, the page will not be locked. But
splice jumps to an error path that does a page release and unlock,
causing a BUG() in unlock_page().
Reproducer:
http://lkml.org/lkml/2007/7/30/448
(different issue, but same reproducer)
References:
http://lkml.org/lkml/2007/7/20/168
https://bugzilla.redhat.com/show_bug.cgi?id=462434
Thanks, Eugene
--
Eugene Teo / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic