ACK/Cmnt: [SRU focal/linux-oem-5.10 0/1] CVE-2021-26708
Guilherme Piccoli
gpiccoli at canonical.com
Mon Mar 1 16:04:10 UTC 2021
On Mon, Mar 1, 2021 at 11:37 AM Thadeu Lima de Souza Cascardo
<cascardo at canonical.com> wrote:
>
> [Impact]
> vsock multi transport race leads to UAF, which may allow in privilege
> escalation.
>
> [Fix]
> Clean cherry-pick of upstream c518adafa39f.
>
> [Test case]
> Ran a reproducer, gets a WARNING when unpatched, no WARNING when patched.
>
> [Potential regression]
> AF_VSOCK use might break.
>
> Alexander Popov (1):
> vsock: fix the race conditions in multi-transport support
>
> net/vmw_vsock/af_vsock.c | 17 ++++++++++++-----
> 1 file changed, 12 insertions(+), 5 deletions(-)
>
> --
> 2.27.0
Thanks Cascardo, simple fix, clean cherry-pick, so:
Acked-by: Guilherme G. Piccoli <gpiccoli at canonical.com>
I'd like to ask more as a curiosity: don't we have Buglinks on CVEs?
Also, the test case is not public (even after the patched CVE is
released)?
Cheers!
More information about the kernel-team
mailing list