Linux kernel 2.6.18: do_coredump() vs ptrace_start() deadlock

Credit: Eugene Teo
Risk: High
Local: No
Remote: Yes
CWE: CWE-362

CVSS Base Score: 4.9/10
Impact Subscore: 6.9/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Complete

The OpenVZ Linux kernel team has found deadlock between ptrace and coredump code. It affects 2.6.18 but does not affect the upstream kernel. "ptrace_start() spins waiting for child->state == TASK_TRACED/TASK_STOPPED. If we race with the coredumping, we have to wait until it completes. If the tracer participates in coredumping too, we deadlock. do_coredump() waits for tracer to exit and report complete(mm->core_startup_done), the tracer spins in an endless loop. Change ptrace_start() to abort if child->mm->core_waiters != 0." Patch: Reference:


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022,


Back to Top