APPLIED[G]: [PATCH 0/1][F:linux-oem-5.6, G:linux] CVE-2021-28375: fastrpc_internal_invoke permission checks
Kleber Souza
kleber.souza at canonical.com
Fri Apr 9 16:14:48 UTC 2021
On 08.04.21 22:32, Tim Gardner wrote:
> Introduced by c68cfb718c8f97b7f7a50ed66be5feb42d0c8988 (v5.1)
> Fixed by 20c40794eb85ea29852d7bc37c55713802a543d6 (v5.12)
>
> [SRU Justification]
>
> An issue was discovered in the Linux kernel through 5.11.6.
> fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user
> applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a
> related issue to CVE-2019-2308.
>
> [Test Plan]
> None.
>
> [Where problems could occur]
> Applications relying on this behavior will now be prevented from sending
> kernel RPC messages.
>
> [Other Info]
> Released in stable kernels:
> linux-5.10.y
> linux-5.11.y
> linux-5.4.y
>
>
Applied to groovy:linux.
Thanks,
Kleber
More information about the kernel-team
mailing list