diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-07-14 12:49:04 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-07-14 12:49:04 +0200 |
commit | fd9178c9656b6126ea6c7138133856a4e3333e09 (patch) | |
tree | 1e8732c9a6a531ef9ef393b38cec0b68e65f96ba /retired/CVE-2016-10723 | |
parent | 415f68afb4865c75eff63d4b854268710441715e (diff) |
retire CVE-2016-10723
Diffstat (limited to 'retired/CVE-2016-10723')
-rw-r--r-- | retired/CVE-2016-10723 | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/retired/CVE-2016-10723 b/retired/CVE-2016-10723 new file mode 100644 index 00000000..3f65a967 --- /dev/null +++ b/retired/CVE-2016-10723 @@ -0,0 +1,23 @@ +Description: Don't call schedule_timeout_killable() with oom_lock held +References: + https://patchwork.kernel.org/patch/10395909/ + https://patchwork.kernel.org/patch/9842889/ + https://www.spinics.net/lists/linux-mm/msg117896.html + https://www.spinics.net/lists/linux-mm/msg117960.html +Notes: + carnil> Commit 9bfe5ded054b ("mm, oom: remove sleep from under oom_lock") + carnil> is a mitigation for CVE-2016-10723. + carnil> https://lore.kernel.org/lkml/cb2d635c-c14d-c2cc-868a-d4c447364f0d@i-love.sakura.ne.jp/ + bwh> On 3.16 the OOM killer usually kills the reproducer fairly quickly, + bwh> but not always. It still spams the kernel log and in some cases + bwh> it seemed to cause a filesystem error causing / to go read-only. + bwh> I assume 4.9 is also affected. +Bugs: +upstream: ignored "Negligible security impact, long-standing limitation" +4.19-upstream-stable: ignored "Negligible security impact, long-standing limitation" +4.9-upstream-stable: ignored "Negligible security impact, long-standing limitation" +3.16-upstream-stable: ignored "Negligible security impact, long-standing limitation" +sid: ignored "Negligible security impact, long-standing limitation" +4.19-buster-security: ignored "Negligible security impact, long-standing limitation" +4.9-stretch-security: ignored "Negligible security impact, long-standing limitation" +3.16-jessie-security: ignored "Negligible security impact, long-standing limitation" |