Date: Mon, 29 Aug 2022 16:21:29 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 266101] ucred reference count may overflow Message-ID: <bug-266101-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D266101 Bug ID: 266101 Summary: ucred reference count may overflow Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: emaste@freebsd.org The refcount(9) API mitigates reference count overflow (by changing it into= a leak) as of 0b21d8949934 ("Handle refcount(9) wraparound.") As of 1724c563e62f ("cred: distribute reference count per thread") ucred handling (crhold etc.) does not use refcount(9), and so is vulnerable to reference count overflow. See for example https://accessvector.net/2022/freebsd-aio-lpe Need to either use refcount(9) or add explicit overflow handling. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-266101-227>