APPLIED: [PATCH 0/1][Disco] CVE-2019-9857 - inotify DoS

Seth Forshee seth.forshee at
Thu Mar 28 11:56:25 UTC 2019

On Wed, Mar 27, 2019 at 06:57:20PM +0000, Tyler Hicks wrote:
>  In the Linux kernel through 5.0.2, the function
>  inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c
>  neglects to call fsnotify_put_mark() with IN_MASK_CREATE after
>  fsnotify_find_mark(), which will cause a memory leak (aka refcount leak).
>  Finally, this will cause a denial of service.
> The fix is pretty easy to review but I ensured that the build logs were clean
> and performed a quick boot test.

Applied to disco/master-next, thanks!

More information about the kernel-team mailing list