ACK: [PATCH 0/1][Bionic/Groovy] CVE-2021-29265: usbip DoS on racing status update
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Tue Apr 6 19:48:10 UTC 2021
On Fri, Apr 02, 2021 at 11:03:12AM -0600, Tim Gardner wrote:
> [SRU Justification]
>
> An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in
> drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF)
> because the stub-up sequence has race conditions during an update of the local
> and shared status, aka CID-9380afd6df70.
>
> All of our other kernels have picked up this patch via stable updates.
>
> [Test Plan]
> Tested with syzbot reproducer:
> - https://syzkaller.appspot.com/text?tag=ReproC&x=14801034d00000
>
Hi, Tim.
This CVE also affects oem-5.6, the fix should be applied there too, and I
suppose it applies cleanly.
The test with a reproducer is great! Did you manage to reproduce with an
unpatched kernel?
As for the regression potential, you usually only mention that other kernels
have had the fix applied. Though this can reassure us that regressions could
have been caught on kernels that have shipped this for long, this is not what
this is saying, as this fix is faily recent and this is still pending on focal.
What we should be considering here is what might break so when we get a bug
reported, we know what changes to look for. We don't have a process for that,
but at least it might give some of us who are reviewing something to remember.
Some of these potential risks might be obvious, but it's good to state them
anyway, like "might fail to boot" or "network might be broken". If specifics
can be given, even better.
Thanks.
Cascardo.
Acked-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
> [Where problems could occur]
> Released in stable kernels:
> linux-4.14.y
> linux-4.19.y
> linux-4.4.y
> linux-4.9.y
> linux-5.10.y
> linux-5.11.y
> linux-5.4.y
>
> [Other Info]
> None
More information about the kernel-team
mailing list