** Changed in: linux (Ubuntu Hardy)
Status: New => Invalid
** Description changed:
With CLONE_IO, copy_io() increments both ioc->refcount and
ioc->nr_tasks. However exit_io_context() only decrements ioc->refcount
if ioc->nr_tasks reaches 0. With CLONE_IO, parent's
io_context->nr_tasks is incremented, but never decremented whenever
copy_process() fails afterwards, which prevents exit_io_context() from
calling IO schedulers exit functions. An unprivileged local user could
use these flaws cause denial of service.
- Break-Fix: - 61cc74fbb87af6aa551a06a370590c9bc07e29d9
- Break-Fix: - b69f2292063d2caf37ca9aec7d63ded203701bf3
+ Break-Fix: fadad878cc0640cc9cd5569998bf54b693f7b38b
61cc74fbb87af6aa551a06a370590c9bc07e29d9
+ Break-Fix: fadad878cc0640cc9cd5569998bf54b693f7b38b
b69f2292063d2caf37ca9aec7d63ded203701bf3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/940743
Title:
CVE-2012-0879
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/940743/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
