Candidate: CVE-2010-4249 Description: References: http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=9915672d41273f5b77f1b3c29b391ffb7732b84b http://thread.gmane.org/gmane.linux.network/179049/focus=179051 http://www.spinics.net/lists/netdev/msg147946.html > From Eugene Teo: > Reproducer: http://lkml.org/lkml/2010/11/23/395 > Partial fix: http://lkml.org/lkml/2010/11/23/450 > Reference: https://bugzilla.redhat.com/show_bug.cgi?id=656756 Notes: Note from Neil Horman in the RH bugtracker: Note that9915672d41273f5b77f1b3c29b391ffb7732b84b is only part of the solution. We also need bba14de98753cb6599a2dae0e520714b2153522d from net-next. . jmm> Looks like the following commits are needed from Linus git? jmm> 25888e30319f8896fc656fc68643e6a078263060 jmm> 9915672d41273f5b77f1b3c29b391ffb7732b84b jmm> bba14de98753cb6599a2dae0e520714b2153522d (from net-next) dannf> fyi, i have the last two queued up in my tree; it has an dannf> abi change which i need to address properly before commit. dannf> tests show this was sufficient to avoid OOM'ing w/ the reproducer in dannf> http://lkml.org/lkml/2010/11/23/395. dannf> The reproducer associated with 25888e303 dannf> (https://lkml.org/lkml/2010/11/25/8) is different; and has dannf> different symptoms (unkillable process vs. OOM) - perhaps it should dannf> have a different CVE? dannf> dannf> I've added CVE-2010-af_unix-recursion to track that issue. jmm> 2.6.32.40 is missing bba14, it was added in 2.6.32.47 Bugs: upstream: released (2.6.38) [25888e30319f8896fc656fc68643e6a078263060, 9915672d41273f5b77f1b3c29b391ffb7732b84b, bba14de98753cb6599a2dae0e520714b2153522d] 2.6.32-upstream-stable: released (2.6.32.47) sid: released (2.6.32-30) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch] 2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch] 2.6.32-squeeze-security: released (2.6.32-30) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch, bugfix/all/af_unix-limit-recursion-level.patch]