Bugzilla – Bug 963764
VUL-0: CVE-2008-7316: kernel: writev regression: pan hanging unkillable and un-straceable
Last modified: 2016-09-08 22:20:59 UTC
rh#1302009 A flaw was discovered in Linux kernel. Zero length iovecs can go into an infinite loop in writev, because the iovec iterator does not always advance over them. Fixed in 124d3b7041f9a0ca7c43a6293e1cae4576c32fd5 References: https://bugzilla.redhat.com/show_bug.cgi?id=1302009 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7316 http://seclists.org/oss-sec/2016/q1/189 http://people.canonical.com/~ubuntu-security/cve/2008/CVE-2008-7316.html
The fix is 2.6.24 material so basically everything we have is not affected. I will check and push this into cve/linux-2.6.16 if application.
write iterator has been added by 2f718ffc16c4 ("mm: buffered write iterator") in 2.6.24-rc1 the fix was introduced $ git describe --contains 124d3b7041f9a0ca7c43a6293e1cae4576c32fd5 v2.6.24-git14~14 later in the _same_ release cycle? How come something like that gets a CVE 8 years later?
(In reply to Michal Hocko from comment #2) > write iterator has been added by 2f718ffc16c4 ("mm: buffered write > iterator") in 2.6.24-rc1 the fix was introduced > > $ git describe --contains 124d3b7041f9a0ca7c43a6293e1cae4576c32fd5 > v2.6.24-git14~14 Ohh, this is misleading. Linus used to create tagged pre-releases it seems. The *-git tags no longer exist in his repo and my clone simply kept them because I didn't tell them to go away. This has been in fact released in $ git describe --contains 124d3b7041f9a0ca7c43a6293e1cae4576c32fd5 v2.6.25-rc1~1069 So one release cycle later. This means that this is anything we care about. The question why this popped out 8 years later still holds, though. None of the long term stable/ltss kernels are based on 2.6.24 AFAIR.