NACK: [SRU B/D/F 0/2] CVE-2020-12114

[Stefan Bader]

On 14.05.20 02:35, Thadeu Lima de Souza Cascardo wrote:
> From CVE description:
>  A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x
>  before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before
>  4.19.119, and 5.x before 5.3 allows local users to cause a denial of
>  service (panic) by corrupting a mountpoint reference counter.
> 
> Commit "fs/namespace.c: fix mountpoint reference counter race" was applied to
> the stable series referenced above not coming from an upstream commit. That's
> why it doesn't have an upstream commit.
> 
> I decided against prefixing the title with "UBUNTU: SAUCE:" because as this
> might be applied to Xenial as coming from 4.4.x, it will not be prefixed as
> such, and then we would have more than one title to match as a fix.
> 
> I tested pivot_root under mount namespaces and user namespaces, and smoke
> tested lxd, snapd and docker as well.
> 
> Al Viro (1):
>   propagate_one(): mnt_set_mountpoint() needs mount_lock
> 
> Piotr Krysiuk (1):
>   fs/namespace.c: fix mountpoint reference counter race
> 
>  fs/namespace.c | 2 +-
>  fs/pnode.c     | 9 ++++-----
>  2 files changed, 5 insertions(+), 6 deletions(-)
> 
If I did not miss it, this is now applied to all but Eoan via some stable.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20200514/df00411e/attachment.sig>