Re: CVE request: linux kernel - local DoS with cgroup offline code

[<cve-assign () mitre org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> A malicious user who can run an arbitrary image with a non-privileged user
> in a Container-as-a-service cloud environment could use the exploit to
> deadlock the container nodes to deny the service for other users.

> container> $ trinity -D --disable-fds=memfd --disable-fds=timerfd \
>              --disable-fds=pipes --disable-fds=testfile \
>              --disable-fds=sockets --disable-fds=perf \
>              --disable-fds=epoll --disable-fds=eventfd \
>              --disable-fds=drm

> # systemctl status docker
> <hang...>

> task kworker/45:4:146035 blocked for more than 120 seconds.

> "cgroup is trying to offline a cpuset css, which
> takes place under cgroup_mutex. The offlining ends up trying to drain
> active usages of a sysctl table which apparently is not happening." There is
> no fix at this time as far as I can tell.

Use CVE-2016-9191.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYHgGZAAoJEHb/MwWLVhi2lQsP/1q0DTwdkQ5NOL3xfeD48Lye
JiAOHPKs+X9iAfnpB/3rNiq6RvBPLXr12LPfKGcxiBasPf5mAq4sa1xzNhcXGerD
678Ch0m+sMKjTfLLTusSeu2WFDKG07Fs7yoiQs4juIfbjJ178nh7RJDz/V7lao0+
pBv1SUYrIgrZ5dRNNzUp380eOdVNmi5fWPiHvXxIR6PwXZsCu5GZNjowMAIOFgBB
XedYPtBhG+lbbrvQm9kyj/IoSsw8cKfyhCcDy+T5JE4UcOYWrYpixmgwNZTUXn0l
BUM8uMWeI2DgMEFDjzjdVL4KY3ktkcXUTbBh7EGYg5zpDiMm3oNbqsS1kv+m+/BQ
/BHikPAkC+x2W35fzWp/lIJZojBUkkeDCNHU+tc+lVBVVZpo+zEq6puv61GwSTEE
G2GgnHEeA33XW3AixqFpe2rGY9PIKw92kSIRfAH1aPg1i77Y34m1uqrpJ+HifuK/
qxowp64tKzwiDgzJqZmTdEYX22EVWqhb1DbukY1cgVM9BkEuI0+ZwrVeAmvy7k/7
Scp2LmwwN2AdLRagOhzKUSwORKeg6xd5gHDm5F9rhI/GhX/+soNMXKcYKBbq0jDh
+jBAl2oGnhELCnf026nVtrqmqMLS9SquwBXmtHTjdUV88co2NqstBR+oAlAeKrnd
W1Lyt8V0wHy00wNFmEJs
=jJL2
-----END PGP SIGNATURE-----