Bug 1481136 (CVE-2017-10661) - CVE-2017-10661 kernel: Handling of might_cancel queueing is not properly pretected against race
Summary: CVE-2017-10661 kernel: Handling of might_cancel queueing is not properly pret...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2017-10661
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1485404 1485405 1485406 1485407 1485408 1485409 1485410 1740278 1740279
Blocks: 1481154
TreeView+ depends on / blocked
 
Reported: 2017-08-14 08:16 UTC by Adam Mariš
Modified: 2021-12-10 15:12 UTC (History)
34 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2019-06-08 03:20:44 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:3083 0 None None None 2018-10-30 07:30:56 UTC
Red Hat Product Errata RHSA-2018:3096 0 None None None 2018-10-30 07:37:04 UTC
Red Hat Product Errata RHSA-2019:4057 0 None None None 2019-12-03 08:07:00 UTC
Red Hat Product Errata RHSA-2019:4058 0 None None None 2019-12-03 08:25:49 UTC
Red Hat Product Errata RHSA-2020:0036 0 None None None 2020-01-07 12:26:12 UTC

Description Adam Mariš 2017-08-14 08:16:55 UTC 
The handling of the might_cancel queueing is not properly protected, so parallel operations on the file descriptor can race with each other and lead to list corruptions or use after free.

References:

https://marc.info/?l=linux-fsdevel&m=148587265720603&w=2

https://marc.info/?t=148587273100007&r=1&w=2

https://source.android.com/security/bulletin/2017-08-01#kernel-components

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6
Comment 4 Vladis Dronov 2017-08-25 15:20:24 UTC 
Statement:

This issue does not affect Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.

This issue affects Red Hat Enterprise Linux 6 and 7. Future updates for the respective releases may address this issue.

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux MRG-2. This flaw is not currently planned to be addressed in future updates due to MRG-2 being an EUS release. For additional information, refer to the Extended Update Support (EUS) Guide: https://access.redhat.com/articles/rhel-eus.
Comment 5 errata-xmlrpc 2018-10-30 07:30:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3083
Comment 6 errata-xmlrpc 2018-10-30 07:36:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2018:3096
Comment 8 errata-xmlrpc 2019-12-03 08:06:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2019:4057 https://access.redhat.com/errata/RHSA-2019:4057
Comment 9 errata-xmlrpc 2019-12-03 08:25:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2019:4058 https://access.redhat.com/errata/RHSA-2019:4058
Comment 10 errata-xmlrpc 2020-01-07 12:26:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2020:0036 https://access.redhat.com/errata/RHSA-2020:0036
Note You need to log in before you can comment on or make changes to this bug.