CVE-2024-50271

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> signal: restore the override_rlimit logic<br /> <br /> Prior to commit d64696905554 ("Reimplement RLIMIT_SIGPENDING on top of<br /> ucounts") UCOUNT_RLIMIT_SIGPENDING rlimit was not enforced for a class of<br /> signals. However now it&amp;#39;s enforced unconditionally, even if<br /> override_rlimit is set. This behavior change caused production issues. <br /> <br /> For example, if the limit is reached and a process receives a SIGSEGV<br /> signal, sigqueue_alloc fails to allocate the necessary resources for the<br /> signal delivery, preventing the signal from being delivered with siginfo. <br /> This prevents the process from correctly identifying the fault address and<br /> handling the error. From the user-space perspective, applications are<br /> unaware that the limit has been reached and that the siginfo is<br /> effectively &amp;#39;corrupted&amp;#39;. This can lead to unpredictable behavior and<br /> crashes, as we observed with java applications.<br /> <br /> Fix this by passing override_rlimit into inc_rlimit_get_ucounts() and skip<br /> the comparison to max there if override_rlimit is set. This effectively<br /> restores the old behavior.