blob: bae468a83f4e11d6f238726142269892266083a2 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
Candidate: CVE-2009-1388
Description:
The OpenVZ Linux kernel team has found deadlock between ptrace and
coredump code. It affects 2.6.18 but does not affect the upstream kernel.
.
"ptrace_start() spins waiting for child->state ==
TASK_TRACED/TASK_STOPPED. If we race with the coredumping, we have to
wait until it completes.
.
If the tracer participates in coredumping too, we deadlock.
do_coredump() waits for tracer to exit and report
complete(mm->core_startup_done), the tracer spins in an endless loop.
.
Change ptrace_start() to abort if child->mm->core_waiters != 0."
References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1388
https://bugzilla.redhat.com/attachment.cgi?id=346742
Ubuntu-Description:
Notes:
I can't find the ptrace_start() code in any of the debian kernels, so i
believe this to be a redhat-specific issue
Bugs:
upstream: N/A
linux-2.6: N/A
2.6.18-etch-security: N/A
2.6.24-etch-security: N/A
2.6.26-lenny-security: N/A
2.6.15-dapper-security:
2.6.22-gutsy-security:
2.6.24-hardy-security:
2.6.27-intrepid-security:
|