ACK+Cmnt: [PATCH 0/1][Groovy] CVE-2021-29266: vDPA UAF when reopening chardev
Tim Gardner
tim.gardner at canonical.com
Wed Apr 7 12:02:36 UTC 2021
On 4/6/21 2:11 PM, Thadeu Lima de Souza Cascardo wrote:
> On Fri, Apr 02, 2021 at 11:24:48AM -0600, Tim Gardner wrote:
>> [SRU Justification]
>>
>> An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c
>> has a use-after-free because v->config_ctx has an invalid value upon re-opening
>> a character device, aka CID-f6bbf0010ba0.
>>
>> Introduced by commit 776f395004d829bbbf18c159ed9beb517a208c71 (v5.8)
>>
>> [Test Plan]
>> none
>>
>> [Where problems could occur]
>> Released in stable kernels:
>> linux-5.10.y
>> linux-5.11.y
>>
>> [Other Info]
>> None
>
> Hi, Tim.
>
> Hirsute and oem-5.10 still need this patch as well.
>
> This patch is simple enough and a clean cherry pick. I would rather try to get
> it tested somehow, which is why sometimes I take some more time before getting
> a fix on the list, but maybe for cases like this one, where there potential
> regressions seem small enough, and backports are not needed, we can speed up
> getting them submitted, as you did.
>
> Thanks.
> Cascardo.
>
> Acked-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
>
Won't Hirsute and OEM-5.10 get these patches via stable in this cycle ?
Lots of CVEs are fixed in stable updates without us explicitly marking
them as CVE patches. Won't the security team CVE triager note that the
appropriate patch has been applied and update the 'CVE Reports' page
accordingly ?
rtg
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list