|
Message-ID: <b79b57ed-1d59-419a-911e-8b3b482cecf4.splendidsky.cwc@alibaba-inc.com> Date: Fri, 17 Apr 2020 17:20:21 +0800 From: "陈伟宸(田各)" <splendidsky.cwc@...baba-inc.com> To: "oss-security" <oss-security@...ts.openwall.com> Subject: 回复:CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic Hey, it's public now. Please visit: https://bugzilla.redhat.com/show_bug.cgi?id=1822593 I'm not sure whether it exists on the mainline kernel. Maybe I'll do some research sometime. Thanks. ------------------------------------------------------------------ 发件人:Greg KH <greg@...ah.com> 发送时间:2020年4月17日(星期五) 16:55 收件人:oss-security <oss-security@...ts.openwall.com> 主 题:Re: [oss-security] CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic On Fri, Apr 17, 2020 at 12:40:10PM +0800, 陈伟宸(田各) wrote: > > "A race condition was found in the Linux kernel audit subsystem. When the system is configured to panic on events being dropped, an attacker who is able to trigger an audit event that starts while auditd is in the process of starting may be able to cause the system to panic by exploiting a race condition in audit event handling. This creates a denial of service by causing a panic." > > https://bugzilla.redhat.com/show_bug.cgi?id=1822593 That bug link seems to be restricted at the moment :( > Env: > Red Hat Enterprise Linux Server release 7.7 (Maipo) > 3.10.0-1062.12.1.el7.x86_64 Any hint on if this is still an issue on the "mainline" kernel.org releases or not given that 3.10 is a bit old? thanks, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.