[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto su
From:       Greg KH <greg () kroah ! com>
Date:       2018-08-28 13:18:00
Message-ID: 20180828131800.GA14585 () kroah ! com
[Download RAW message or body]

On Tue, Aug 28, 2018 at 03:08:18PM +0200, Florian Weimer wrote:
> On 08/28/2018 02:51 PM, Greg KH wrote:
> > On Tue, Aug 28, 2018 at 04:49:14PM +1000, Wade Mealing wrote:
> > > Gday,
> > > 
> > > Syzkaller/syzbot found a use-after-free bug in the cryptographic
> > > subsystem of the Linux kernel [1], that can be used to panic the
> > > system and possibly escalate privileges.
> > 
> > Are we seriously now going to be assigning cves to everything that
> > syzbot finds?  If so, great, this is going to be fun!
> > 
> > If not, why this specific patch?  What makes it specia from the hundreds
> > of other syzbot finds that have been fixed (and not fixed yet)?
> 
> > If RHEL is not exposed, why does Red Hat care about this?
> 
> We have shipped supported kernels with this vulnerability.
> 
> But the real reason why I want this fixed is that the Python 3 test suite
> triggers this bug and panics some of our RPM builders. 8-/

Heh, ok, fair enough, thanks for being honest :)

greg k-h
[prev in list] [next in list] [prev in thread] [next in thread]