** Description changed: - With CLONE_IO, copy_io() increments both ioc->refcount and - ioc->nr_tasks. However exit_io_context() only decrements ioc->refcount - if ioc->nr_tasks reaches 0. With CLONE_IO, parent's - io_context->nr_tasks is incremented, but never decremented whenever - copy_process() fails afterwards, which prevents exit_io_context() from - calling IO schedulers exit functions. An unprivileged local user could - use these flaws cause denial of service. + The I/O implementation for block devices in the Linux kernel before + 2.6.33 does not properly handle the CLONE_IO feature, which allows local + users to cause a denial of service (I/O instability) by starting + multiple processes that share an I/O context. Break-Fix: fadad878cc0640cc9cd5569998bf54b693f7b38b 61cc74fbb87af6aa551a06a370590c9bc07e29d9 Break-Fix: fadad878cc0640cc9cd5569998bf54b693f7b38b b69f2292063d2caf37ca9aec7d63ded203701bf3
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/940743 Title: CVE-2012-0879 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/940743/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
