SB2017051821 - Improper resource shutdown or release in Linux kernel lockd
Published: May 18, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper resource shutdown or release (CVE-ID: CVE-2017-9059)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource shutdown or release error within the svc_rdma_destroy_ctxts(), svc_rdma_wc_send(), rdma_create_xprt(), svc_rdma_accept() and __svc_rdma_free() functions in net/sunrpc/xprtrdma/svc_rdma_transport.c, within the xdr_padsize(), svc_rdma_get_write_arrays(), svc_rdma_prep_reply_hdr() and svc_rdma_sendto() functions in net/sunrpc/xprtrdma/svc_rdma_sendto.c, within the rdma_read_complete() and svc_rdma_recvfrom() functions in net/sunrpc/xprtrdma/svc_rdma_recvfrom.c, within the dprintk() function in net/sunrpc/xprtrdma/svc_rdma_marshal.c, within the svc_rdma_handle_bc_reply(), svc_rdma_send() and svc_rdma_bc_sendto() functions in net/sunrpc/xprtrdma/svc_rdma_backchannel.c, within the svc_rdma_init() function in net/sunrpc/xprtrdma/svc_rdma.c, within the rpcrdma-$() function in net/sunrpc/xprtrdma/makefile, within the svc_create_pooled() and svc_set_num_threads() functions in net/sunrpc/svc.c, within the nfsd_cross_mnt() and nfsd_lookup_parent() functions in fs/nfsd/vfs.c, within the nfssvc_decode_readargs(), nfssvc_decode_readlinkargs() and nfssvc_decode_readdirargs() functions in fs/nfsd/nfsxdr.c, within the nfsd4_encode_getdeviceinfo() and nfsd4_encode_layoutget() functions in fs/nfsd/nfs4xdr.c, within the copy_clid() function in fs/nfsd/nfs4state.c, within the nfsd4_layout_verify() function in fs/nfsd/nfs4proc.c, within the nfs3svc_decode_readargs(), nfs3svc_decode_readlinkargs(), nfs3svc_decode_readdirargs() and nfs3svc_decode_readdirplusargs() functions in fs/nfsd/nfs3xdr.c, within the nfs4_callback_svc(), nfs41_callback_svc(), defined() and nfs_callback_create_svc() functions in fs/nfs/callback.c, within the nlmsvc_grant_reply() function in fs/lockd/svclock.c, within the lockd() and lockd_down_net() functions in fs/lockd/svc.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c70422f760c120480fee4de6c38804c72aa26bc1
- http://www.securityfocus.com/bid/98551
- https://bugzilla.redhat.com/show_bug.cgi?id=1451386
- https://github.com/torvalds/linux/commit/c70422f760c120480fee4de6c38804c72aa26bc1
- https://www.spinics.net/lists/linux-nfs/msg63334.html