APPLIED: [PATCH 0/1][Bionic/Groovy] CVE-2021-29265: usbip DoS on racing status update
Kleber Souza
kleber.souza at canonical.com
Fri Apr 9 10:52:30 UTC 2021
On 02.04.21 19:03, Tim Gardner wrote:
> [SRU Justification]
>
> An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in
> drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF)
> because the stub-up sequence has race conditions during an update of the local
> and shared status, aka CID-9380afd6df70.
>
> All of our other kernels have picked up this patch via stable updates.
>
> [Test Plan]
> Tested with syzbot reproducer:
> - https://syzkaller.appspot.com/text?tag=ReproC&x=14801034d00000
>
> [Where problems could occur]
> Released in stable kernels:
> linux-4.14.y
> linux-4.19.y
> linux-4.4.y
> linux-4.9.y
> linux-5.10.y
> linux-5.11.y
> linux-5.4.y
>
> [Other Info]
> None
>
>
Applied to bionic/linux and groovy/linux.
Thanks,
Kleber
More information about the kernel-team
mailing list