NACK[H]: [SRU Hirsute, Focal/linux-oem-5.10, Groovy, Focal/linux-oem-5.6, Focal, Bionic 0/4] CVE-2021-27363, CVE-2021-27364, CVE-2021-27365
Seth Forshee
seth.forshee at canonical.com
Wed Mar 17 16:13:15 UTC 2021
- Previous message (by thread): APPLIED[G/F/B]: [SRU Hirsute, Focal/linux-oem-5.10, Groovy, Focal/linux-oem-5.6, Focal, Bionic 0/4] CVE-2021-27363, CVE-2021-27364, CVE-2021-27365
- Next message (by thread): NACK [OEM-5.10] Re: [SRU Hirsute, Focal/linux-oem-5.10, Groovy, Focal/linux-oem-5.6, Focal, Bionic 0/4] CVE-2021-27363, CVE-2021-27364, CVE-2021-27365
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
On Wed, Mar 10, 2021 at 11:36:12PM -0300, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> Unprivileged users can use the iscsi_transport handle to leak kernel address,
> create/close iscsi sessions, and write out of bonds when reading sysfs iscsi
> attributes.
>
> [Fix/Backport]
> 3 commits fix the problem, minimal backporting was needed because of missing
> commit 82b8cf40bfe1, but the commit that introduces sysfs_emit was needed from
> 4.15 to 5.8, and needed some context adjustment on 4.15 because of missing
> *change_owner functions.
>
> [Test case]
> Leaking the address by reading /sys/class/iscsi_transport/tcp/handle was not
> possible anymore. Also, creating a session also failed, and even as root,
> setting a name larger than PAGE_SIZE failed.
>
> [Potential regression]
> iscsi users could fail to operate as unprivileged users.
All of these patches have already hit 5.11 via stable updates, so nack
for hirsute.
- Previous message (by thread): APPLIED[G/F/B]: [SRU Hirsute, Focal/linux-oem-5.10, Groovy, Focal/linux-oem-5.6, Focal, Bionic 0/4] CVE-2021-27363, CVE-2021-27364, CVE-2021-27365
- Next message (by thread): NACK [OEM-5.10] Re: [SRU Hirsute, Focal/linux-oem-5.10, Groovy, Focal/linux-oem-5.6, Focal, Bionic 0/4] CVE-2021-27363, CVE-2021-27364, CVE-2021-27365
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the kernel-team
mailing list