Headline
CVE-2017-5546: mm/slab.c: fix SLAB freelist randomization duplicate entries · torvalds/linux@c4e490c
The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number.
Permalink
Browse files
mm/slab.c: fix SLAB freelist randomization duplicate entries
This patch fixes a bug in the freelist randomization code. When a high random number is used, the freelist will contain duplicate entries. It will result in different allocations sharing the same chunk.
It will result in odd behaviours and crashes. It should be uncommon but it depends on the machines. We saw it happening more often on some machines (every few hours of running tests).
Fixes: c7ce4f6 (“mm: SLAB freelist randomization”) Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: John Sperbeck [email protected] Signed-off-by: Thomas Garnier [email protected] Cc: Christoph Lameter [email protected] Cc: Pekka Enberg [email protected] Cc: David Rientjes [email protected] Cc: Joonsoo Kim [email protected] Cc: [email protected] Signed-off-by: Andrew Morton [email protected] Signed-off-by: Linus Torvalds [email protected]
- Loading branch information