ACK: [PATCH 0/1][Bionic/Groovy] CVE-2021-29265: usbip DoS on racing status update
Tim Gardner
tim.gardner at canonical.com
Fri Apr 9 12:07:28 UTC 2021
On 4/6/21 1:48 PM, Thadeu Lima de Souza Cascardo wrote:
> On Fri, Apr 02, 2021 at 11:03:12AM -0600, Tim Gardner wrote:
>> [SRU Justification]
>>
>> An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in
>> drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF)
>> because the stub-up sequence has race conditions during an update of the local
>> and shared status, aka CID-9380afd6df70.
>>
>> All of our other kernels have picked up this patch via stable updates.
>>
>> [Test Plan]
>> Tested with syzbot reproducer:
>> - https://syzkaller.appspot.com/text?tag=ReproC&x=14801034d00000
>>
>
> Hi, Tim.
>
> This CVE also affects oem-5.6, the fix should be applied there too, and I
> suppose it applies cleanly.
>
> The test with a reproducer is great! Did you manage to reproduce with an
> unpatched kernel?
>
>
I was not able to get the Syzbot reproducer to break an un-patched
kernel (after 2 hrs in a Qemu/KVM instance), though I wonder how
upstream is sure the patched kernel is fixed. I can't imagine they let
this reproducer run to completion. 1^6 seconds is quite awhile.
rtg
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list