[PATCH 0/1][Bionic/Groovy] CVE-2021-29265: usbip DoS on racing status update
Tim Gardner
tim.gardner at canonical.com
Fri Apr 2 17:03:12 UTC 2021
[SRU Justification]
An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in
drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF)
because the stub-up sequence has race conditions during an update of the local
and shared status, aka CID-9380afd6df70.
All of our other kernels have picked up this patch via stable updates.
[Test Plan]
Tested with syzbot reproducer:
- https://syzkaller.appspot.com/text?tag=ReproC&x=14801034d00000
[Where problems could occur]
Released in stable kernels:
linux-4.14.y
linux-4.19.y
linux-4.4.y
linux-4.9.y
linux-5.10.y
linux-5.11.y
linux-5.4.y
[Other Info]
None
More information about the kernel-team
mailing list