Bugzilla – Bug 933969
VUL-0: CVE-2015-4178: kernel-source: [ns: user namespaces panic -- lack of internal consistency of a datastructure]
Last modified: 2015-06-14 12:19:32 UTC
CVE-2015-4178 http://seclists.org/oss-sec/2015/q2/640 Mitre: Use CVE-2015-4178 for the issue fixed in 820f9f147dcce2602eefd9b575bbbd9ea14f0953. This code change is not present in 4.0.2.
was introduced in the 4.0 series as far as I see. original post: Hello, Linux kernel built with the user namespaces support(CONFIG_USER_NS) is vulnerable to a NULL pointer dereference flaw. It could occur when users in user namespaces do unmount mounts. An unprivileged user could use this flaw to crash the system resulting in DoS. Upstream fixes: --------------- -> https://git.kernel.org/linus/820f9f147dcce2602eefd9b575bbbd9ea14f0953 -> https://git.kernel.org/linus/cd4a40174b71acd021877341684d8bb1dc8ea4ae It was introduced by: --------------------- -> https://git.kernel.org/linus/ce07d891a0891d3c0d0c2d73d577490486b809e1 Thank you Drew Fisher for reporting this issue to Fedora Security Team.
bugbot adjusting priority
Doesn't affect TD branches
What Eric Biedermann said: Neither commit (e0c9c0afd2fc... or cd4a4017...) missing is a problem unless ce07d891a089 ("mnt: Honor MNT_LOCKED when detaching mounts") is present. (I fixed the commit references.) And ce07d891a089 is not present in any of our trees - it came in in 4.1-rc1 so it'll be in the not yet released 4.1. Btw, the fixes came in at the same time too. Concerning that pin_fs thing: 820f9f147dcc ("fs_pin: Allow for the possibility that m_list or s_list go unused.") that's also not in our trees - it materialized in 3.17. So we're not affected AFAICT. Bouncing back to sec team.
*** Bug 933970 has been marked as a duplicate of this bug. ***
problem does not exist in our products.