Bugzilla – Bug 988964
VUL-1: CVE-2016-6213: kernel-source: Overflowing kernel mount table using shared bind mount
Last modified: 2020-06-11 12:18:23 UTC
from http://seclists.org/oss-sec/2016/q3/58 It was reported that the mount table expands by a power-of-two with each bind mount command. If the system is configured in the way that a non-root user allows bind mount even if with limit number of bind mount allowed, a non-root user could cause a local DoS by quickly overflow the mount table. it will cause a deadlock for the whole system, form of unlimited memory consumption that is causing the problem Use CVE-2016-6213. Not clear if an improperly configured system warrants a CVE or a fix. References: https://bugzilla.redhat.com/show_bug.cgi?id=1356471 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6213 http://seclists.org/oss-sec/2016/q3/58
bugbot adjusting priority
Adding needinfo
My opinion on this falls between calling it a CVE and GregKH's "not-a-bug" response. Yeah, it's a stupid configuration but stupid configurations shouldn't soft lockup the kernel. Goldwyn, here's an actual VFS bug for you. :)
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d29216842a85c7970c536108e093963f02714498 is referenced upstream
any idea on how to proceed?
openSUSE 42.2, SLE12-SP2/SP3 is covered by (backported): c50fd34e1089 ("mnt: Add a per mount namespace limit on the number of mounts")
fixed in newer productgs.