[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] BUG_ON() on mips linux kernels 4.17.2 and earlier (old but alive)
From: Georgi Guninski <guninski () guninski ! com>
Date: 2018-06-30 6:25:08
Message-ID: 20180630062508.oynnfspfl3ak35b7 () sivokote ! iziade ! m$
[Download RAW message or body]
From
https://j.ludost.net/blog/archives/2018/06/30/bug_on_on_mips_kernels_4_17_2_and_earlier_old_but_alive/index.html
This is old but alive.
On mips linux kernel 4.17.2 and earlier unprivileged user can trigger
BUG_ON() possibly causing denial of service on the whole machine.
Suggested patches from 2013 are in the thread at:
https://www.spinics.net/lists/mips/msg73398.html
in 4.17.2 ./kernel/exit.c
do_group_exit(int exit_code)
{
struct signal_struct *sig = current->signal;
BUG_ON(exit_code & 0x80);
|do_group_exit| is called from
./kernel/signal.c:2482: do_group_exit(ksig->info.si_signo);
Appears to me si_signo can be 0x80 (in decimal 128) because of:
arch/mips/include/uapi/asm/signal.h:15:#define _NSIG 128
Probably testcase will be:
$kill -128 `pidof program`
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic