ACK: [PATCH 0/1][Bionic/Groovy] CVE-2021-29265: usbip DoS on racing status update
Krzysztof Kozlowski
krzysztof.kozlowski at canonical.com
Tue Apr 6 07:16:31 UTC 2021
On 06/04/2021 09:06, Krzysztof Kozlowski wrote:
> On 02/04/2021 19:03, Tim Gardner wrote:
>> [SRU Justification]
>>
>> An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in
>> drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF)
>> because the stub-up sequence has race conditions during an update of the local
>> and shared status, aka CID-9380afd6df70.
>>
>> All of our other kernels have picked up this patch via stable updates.
>>
>> [Test Plan]
>> Tested with syzbot reproducer:
>> - https://syzkaller.appspot.com/text?tag=ReproC&x=14801034d00000
>>
>> [Where problems could occur]
>> Released in stable kernels:
>> linux-4.14.y
>> linux-4.19.y
>> linux-4.4.y
>> linux-4.9.y
>> linux-5.10.y
>> linux-5.11.y
>> linux-5.4.y
>
>
> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski at canonical.com>
>
One more time - with proper title and tag:
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski at canonical.com>
Best regards,
Krzysztof
More information about the kernel-team
mailing list