[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto su
From: Greg KH <greg () kroah ! com>
Date: 2018-08-28 13:18:00
Message-ID: 20180828131800.GA14585 () kroah ! com
[Download RAW message or body]
On Tue, Aug 28, 2018 at 03:08:18PM +0200, Florian Weimer wrote:
> On 08/28/2018 02:51 PM, Greg KH wrote:
> > On Tue, Aug 28, 2018 at 04:49:14PM +1000, Wade Mealing wrote:
> > > Gday,
> > >
> > > Syzkaller/syzbot found a use-after-free bug in the cryptographic
> > > subsystem of the Linux kernel [1], that can be used to panic the
> > > system and possibly escalate privileges.
> >
> > Are we seriously now going to be assigning cves to everything that
> > syzbot finds? If so, great, this is going to be fun!
> >
> > If not, why this specific patch? What makes it specia from the hundreds
> > of other syzbot finds that have been fixed (and not fixed yet)?
>
> > If RHEL is not exposed, why does Red Hat care about this?
>
> We have shipped supported kernels with this vulnerability.
>
> But the real reason why I want this fixed is that the Python 3 test suite
> triggers this bug and panics some of our RPM builders. 8-/
Heh, ok, fair enough, thanks for being honest :)
greg k-h
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic