Bug 81852 (CVE-2005-0937)

Summary: VUL-0: CVE-2005-0937: possible futex lock for all 2.6 kernels
Product: [Novell Products] SUSE Security Incidents Reporter: Wolfgang Wilde <wwilde>
Component: IncidentsAssignee: Hubert Mantel <mantel>
Status: VERIFIED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: security-team, werner
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Linux   
Whiteboard: CVE-2005-0937: CVSS v2 Base Score: 1.2 (AV:L/AC:H/Au:N/C:N/I:N/A:P)
Found By: Development Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Wolfgang Wilde 2005-05-04 14:35:08 UTC 
Problem reported by ticket from Werner Fink
Running process can't be terminated, neither by kill nor by "kill -9". Process
stays in status "Futex_wait"

====================8<====================
Hi,

   das Starten von zB vim ist broken. Vim haengt in einem
futex, der nie zurueck kommt:

/suse/werner> strace -p 7897
Process 7897 attached - interrupt to quit
futex(0x4018f500, FUTEX_WAIT, 2, NULL <unfinished ...>
Process 7897 detached
/suse/werner> kill 7897
/suse/werner> kill 7897
/suse/werner> kill 7897
/suse/werner> kill -9 7897


          Werner

-- 
  "Having a smoking section in a restaurant is like having
          a peeing section in a swimming pool." -- Edward Burr
====================8<====================
could possibly be related to this bug:

"Linux Kernel Futex Local Deadlock Denial Of Service Vulnerability"

http://securityfocus.org/bid/12959/solution/

bugtraq id 	12959
object 	
class 	Design Error
cve 	CAN-2005-0937
remote 	No
local 	Yes
published 	Mar 31, 2005
Comment 1 Hubert Mantel 2005-05-04 14:58:46 UTC 
Is this something we need to release a security update for? Andrea, can you
please have a look at the proposed solution? We will probably need fixes for all
our trees then :/
Comment 2 Marcus Meissner 2005-05-04 15:05:35 UTC 
same as this,  
https://bugzilla.novell.com/show_bug.cgi?id=66418 
 
fix is in SP2 branch at least.
Comment 3 Hubert Mantel 2005-05-04 15:14:33 UTC 

*** This bug has been marked as a duplicate of 66418 ***
Comment 4 Andrea Arcangeli 2005-05-04 20:57:51 UTC 
The fix looks correct to me.
Comment 5 Thomas Biege 2009-10-13 21:21:21 UTC 
CVE-2005-0937: CVSS v2 Base Score: 1.2 (AV:L/AC:H/Au:N/C:N/I:N/A:P)