path: root/retired/CVE-2019-11487

Description: page->_refcount overflow via FUSE with ~140GiB RAM usage
References:
 https://bugs.chromium.org/p/project-zero/issues/detail?id=1752
 https://lwn.net/Articles/786044/
Notes:
 bwh> I'm having trouble backporting to this to 3.16 because we don't
 bwh> have commit ddc58f27f9ee "mm: drop tail page refcounting".
 carnil> 604d7b594c6d ("mm: add 'try_get_page()' helper function") was
 carnil> already added in 4.9.175, possibly for preparation.
Bugs:
upstream: released (5.1-rc5) [15fab63e1e57be9fdb5eec1bbc5916e9825e9acb, 88b1a17dfc3ed7728316478fae0f5ad508f50397, 8fde12ca79aff9b5ba951fce1a2641901b8d8e64, f958d7b528b1b40c44cfda5eabe2d82760d868c3]
4.19-upstream-stable: released (4.19.39) [0311ff82b70fa12e80d188635bff24029ec06ae1, 0612cae7ec6b79d2ff1b34562bab79d5bf96327a, d972ebbf42ba6712460308ae57c222a0706f2af3, 9f6da5fd05577ef4a05c1744cc7098d0173823af]
4.9-upstream-stable: released (4.9.175) [604d7b594c6d18582650dd06b201643b15202232], released (4.9.181) [9557090582a33801349f0a0920a55d134a27e740, 2ed768cfd8956df77f60dd073251699ad3e56cd4, 96019c69145840a498e4e988f56a7524dc0c59b7]
3.16-upstream-stable: ignored "Minor issue and high risk of regression"
sid: released (4.19.37-1) [bugfix/all/0001-mm-make-page-ref-count-overflow-check-tighter-and-mo.patch, bugfix/all/0002-mm-add-try_get_page-helper-function.patch, bugfix/all/0003-mm-prevent-get_user_pages-from-overflowing-page-refc.patch, bugfix/all/0004-fs-prevent-page-refcount-overflow-in-pipe_buf_get.patch]
4.19-buster-security: N/A "Fixed before branching point"
4.9-stretch-security: released (4.9.184-1)
3.16-jessie-security: ignored "Minor issue and high risk of regression"