oss-sec mailing list archives
Re: CVE request: linux kernel - local DoS with cgroup offline code
From: <cve-assign () mitre org>
Date: Sat, 5 Nov 2016 11:59:56 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
A malicious user who can run an arbitrary image with a non-privileged user in a Container-as-a-service cloud environment could use the exploit to deadlock the container nodes to deny the service for other users.
container> $ trinity -D --disable-fds=memfd --disable-fds=timerfd \ --disable-fds=pipes --disable-fds=testfile \ --disable-fds=sockets --disable-fds=perf \ --disable-fds=epoll --disable-fds=eventfd \ --disable-fds=drm
# systemctl status docker <hang...>
task kworker/45:4:146035 blocked for more than 120 seconds.
"cgroup is trying to offline a cpuset css, which takes place under cgroup_mutex. The offlining ends up trying to drain active usages of a sysctl table which apparently is not happening." There is no fix at this time as far as I can tell.
Use CVE-2016-9191. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYHgGZAAoJEHb/MwWLVhi2lQsP/1q0DTwdkQ5NOL3xfeD48Lye JiAOHPKs+X9iAfnpB/3rNiq6RvBPLXr12LPfKGcxiBasPf5mAq4sa1xzNhcXGerD 678Ch0m+sMKjTfLLTusSeu2WFDKG07Fs7yoiQs4juIfbjJ178nh7RJDz/V7lao0+ pBv1SUYrIgrZ5dRNNzUp380eOdVNmi5fWPiHvXxIR6PwXZsCu5GZNjowMAIOFgBB XedYPtBhG+lbbrvQm9kyj/IoSsw8cKfyhCcDy+T5JE4UcOYWrYpixmgwNZTUXn0l BUM8uMWeI2DgMEFDjzjdVL4KY3ktkcXUTbBh7EGYg5zpDiMm3oNbqsS1kv+m+/BQ /BHikPAkC+x2W35fzWp/lIJZojBUkkeDCNHU+tc+lVBVVZpo+zEq6puv61GwSTEE G2GgnHEeA33XW3AixqFpe2rGY9PIKw92kSIRfAH1aPg1i77Y34m1uqrpJ+HifuK/ qxowp64tKzwiDgzJqZmTdEYX22EVWqhb1DbukY1cgVM9BkEuI0+ZwrVeAmvy7k/7 Scp2LmwwN2AdLRagOhzKUSwORKeg6xd5gHDm5F9rhI/GhX/+soNMXKcYKBbq0jDh +jBAl2oGnhELCnf026nVtrqmqMLS9SquwBXmtHTjdUV88co2NqstBR+oAlAeKrnd W1Lyt8V0wHy00wNFmEJs =jJL2 -----END PGP SIGNATURE-----
Current thread:
- CVE request: linux kernel - local DoS with cgroup offline code CAI Qian (Nov 04)
- Re: CVE request: linux kernel - local DoS with cgroup offline code cve-assign (Nov 05)