ACK: [SRU X/B/D/E/F 0/2] CVE-2020-12114
Stefan Bader
stefan.bader at canonical.com
Thu May 14 08:03:29 UTC 2020
On 14.05.20 02:35, Thadeu Lima de Souza Cascardo wrote:
> From CVE description:
> A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x
> before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before
> 4.19.119, and 5.x before 5.3 allows local users to cause a denial of
> service (panic) by corrupting a mountpoint reference counter.
>
> Commit "fs/namespace.c: fix mountpoint reference counter race" was applied to
> the stable series referenced above not coming from an upstream commit. That's
> why it doesn't have an upstream commit.
>
> I decided against prefixing the title with "UBUNTU: SAUCE:" because as this
> might be applied to Xenial as coming from 4.4.x, it will not be prefixed as
> such, and then we would have more than one title to match as a fix.
>
> I tested pivot_root under mount namespaces and user namespaces, and smoke
> tested lxd, snapd and docker as well.
>
> Al Viro (1):
> propagate_one(): mnt_set_mountpoint() needs mount_lock
>
> Piotr Krysiuk (1):
> fs/namespace.c: fix mountpoint reference counter race
>
> fs/namespace.c | 2 +-
> fs/pnode.c | 9 ++++-----
> 2 files changed, 5 insertions(+), 6 deletions(-)
>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20200514/413d399f/attachment.sig>
More information about the kernel-team
mailing list