ACK: [SRU groovy 0/9] CVE-2021-3347
Krzysztof Kozlowski
krzysztof.kozlowski at canonical.com
Wed Mar 10 13:24:20 UTC 2021
On 09/03/2021 18:03, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> This fixes CVE-2021-3347, where userspace could provoke EFAULT during a futex
> operation leading to inconsistent internal kernel state, which could then be
> exploited. Privilege escalation cannot be ruled out.
>
> [Test plan]
> I tested stress-ng --futex, kselftest futex, glibc nptl tests, ltp futex tests,
> perf bench futex, and some odd reproducers for past issues. No apparent
> regressions.
>
> [Potential regressions]
> futex is used in pthreads. So, parallel programs that use futexes for mutual
> exclusion can fail or deteriorate, with lockups, race conditions, or bad
> performance.
>
> [Fixes]
> I ended up picking up some pre-req commits, rather than fixing up everything
> with backports. Only one treewide commit was skipped and required a simple
> backport. The pre-reqs were cleanups, rather than fixes for open bugs.
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski at canonical.com>
Best regards,
Krzysztof
More information about the kernel-team
mailing list