Bug 881101 (CVE-2014-3940) - VUL-1: CVE-2014-3940: kernel: missing check during hugepage migration
Summary: VUL-1: CVE-2014-3940: kernel: missing check during hugepage migration
Status: RESOLVED FIXED
Alias: CVE-2014-3940
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: E-mail List
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/99266/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-06-03 13:39 UTC by Johannes Segitz
Modified: 2016-04-27 20:08 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2014-06-03 13:39:45 UTC 
Linux kernel built with the HugeTLB file system(CONFIG_HUGETLBFS
+ CONFIG_HUGETLB_PAGE) along with Non Uniform Memory Access(CONFIG_NUMA)
support is vulnerable to possible race conditions. It could occur when kernel
attempts to perform hugepage migration.

Upstream fix:
https://lkml.org/lkml/2014/3/18/784  (only part 1 of the 2 patches)

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1104097
http://seclists.org/oss-sec/2014/q2/399
Comment 1 SMASH SMASH 2014-06-03 14:45:20 UTC 
Affected packages:

SLE-11-SP3: kernel-source
Comment 2 Swamp Workflow Management 2014-06-03 22:00:19 UTC 
bugbot adjusting priority
Comment 3 Michal Hocko 2014-06-11 09:22:17 UTC 
IIUC this issue effectively exists only if hugetlb pages are migratebale which
is 3.12+.

This means that none of TD branches are affected.

pushed to SLE12 no other branches need this
Comment 4 Marcus Meissner 2014-06-23 09:09:03 UTC 
then its done already I think