Bug 804652 (CVE-2013-0309) - VUL-1: CVE-2013-0309: kernel: mm: thp: pmd_present and PROT_NONE local DoS
Summary: VUL-1: CVE-2013-0309: kernel: mm: thp: pmd_present and PROT_NONE local DoS
Status: RESOLVED FIXED
Alias: CVE-2013-0309
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Major
Target Milestone: ---
Assignee: Mel Gorman
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-02-20 10:47 UTC by Marcus Meissner
Modified: 2014-03-12 11:28 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2013-02-20 10:47:57 UTC 
is public, via oss-security

CVE-2013-0309

From: Petr Matousek <pmatouse@redhat.com>
Subject: [oss-security] CVE request -- Linux kernel: mm: thp: pmd_present and PROT_NONE local DoS
Date: Wed, 20 Feb 2013 01:40:18 +0100

Most VM places are using pmd_none but a few are still using pmd_present.
The meaning is about the same for the pmd. However pmd_present would
return the wrong value on PROT_NONE ranges. When the code using
pmd_present gets a false negative, the kernel will crash.

An unprivileged local user could use this flaw to crash the system.

Upstream fix:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=027ef6c8

References:
https://bugzilla.redhat.com/show_bug.cgi?id=912898
Comment 1 Swamp Workflow Management 2013-02-20 23:00:10 UTC 
bugbot adjusting priority
Comment 2 Mel Gorman 2013-02-21 10:26:35 UTC 
(In reply to comment #0)
> Upstream fix:
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=027ef6c8
> 

This bug has been in upstream -stable kernels since 3.0.46 and have been included in SLES SP2 kernels since rpm-3.0.51-0.7.9 . It is also included in openSUSE 12.3 and 12.2 kernels via upstream -stable and has now been pushed for openSUSE 12.1
Comment 3 Marcus Meissner 2013-02-21 10:34:58 UTC 
Thanks!

I think we can then mark this resolved/fixed, especially as SLE 11 SP2 fix was shipped already (and openSUSEs will get a update round soonish for the local root exploit)
Comment 4 Swamp Workflow Management 2013-03-05 17:11:46 UTC 
openSUSE-SU-2013:0396-1: An update that solves 10 vulnerabilities and has 25 fixes is now available.

Category: security (important)
Bug References: 714906,720226,733148,755546,762693,765524,768506,769784,769896,770695,773406,773831,774285,774523,774859,776144,778630,779432,781134,783515,784192,786013,787168,792500,793671,797175,799209,800280,801178,801782,802153,802642,804154,804652,804738
CVE References: CVE-2012-0957,CVE-2012-2745,CVE-2012-3412,CVE-2012-4530,CVE-2013-0160,CVE-2013-0216,CVE-2013-0231,CVE-2013-0268,CVE-2013-0309,CVE-2013-0871
Sources used:
openSUSE 12.1 (src):    kernel-docs-3.1.10-1.19.2, kernel-source-3.1.10-1.19.1, kernel-syms-3.1.10-1.19.1
Comment 5 Marcus Meissner 2014-02-18 22:20:32 UTC 
Mel, would this affect the SLES 11 SP1 codebase?  (2.6.32 based)

The arch/x86/include/asm/pgtable.h code looks like the patch woudl apply?
Comment 7 Mel Gorman 2014-03-12 11:28:37 UTC 
Closing again as SP1 is not affected.