[PATCH 0/1][F:linux-oem-5.6, G:linux] CVE-2021-28375: fastrpc_internal_invoke permission checks
Tim Gardner
tim.gardner at canonical.com
Thu Apr 8 20:32:29 UTC 2021
Introduced by c68cfb718c8f97b7f7a50ed66be5feb42d0c8988 (v5.1)
Fixed by 20c40794eb85ea29852d7bc37c55713802a543d6 (v5.12)
[SRU Justification]
An issue was discovered in the Linux kernel through 5.11.6.
fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user
applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a
related issue to CVE-2019-2308.
[Test Plan]
None.
[Where problems could occur]
Applications relying on this behavior will now be prevented from sending
kernel RPC messages.
[Other Info]
Released in stable kernels:
linux-5.10.y
linux-5.11.y
linux-5.4.y
More information about the kernel-team
mailing list