[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] =?UTF-8?B?5Zue5aSN77yaW29zcy1zZWN1cml0eV0gQ1ZFLTIwMjAtMTA3MDgga2VybmVsOiByYWNlIGNv?= 
From:       "=?UTF-8?B?6ZmI5Lyf5a64KOeUsOWQhCk=?=" <splendidsky.cwc () alibaba-inc ! com>
Date:       2020-04-17 9:20:21
Message-ID: b79b57ed-1d59-419a-911e-8b3b482cecf4.splendidsky.cwc () alibaba-inc ! com
[Download RAW message or body]

[Attachment #2 (text/plain)]


Hey, it's public now. Please visit: https://bugzilla.redhat.com/show_bug.cgi?id=1822593

I'm not sure whether it exists on the mainline kernel. Maybe I'll do some research sometime.

Thanks.
------------------------------------------------------------------
发件人：Greg KH <greg@kroah.com>
发送时间：2020年4月17日(星期五) 16:55
收件人：oss-security <oss-security@lists.openwall.com>
主　题：Re: [oss-security] CVE-2020-10708 kernel: race condition in kernel/audit.c may \
allow low privilege users trigger kernel panic

On Fri, Apr 17, 2020 at 12:40:10PM +0800, 陈伟宸(田各) wrote:
> 
> "A race condition was found in the Linux kernel audit subsystem. When the system is \
> configured to panic on events being dropped, an attacker who is able to trigger an audit \
> event that starts while auditd is in the process of starting may be able to cause the system \
> to panic by exploiting a race condition in audit event handling. This creates a denial of \
> service by causing a panic." 
> https://bugzilla.redhat.com/show_bug.cgi?id=1822593

That bug link seems to be restricted at the moment :(

> Env:
> Red Hat Enterprise Linux Server release 7.7 (Maipo)
> 3.10.0-1062.12.1.el7.x86_64

Any hint on if this is still an issue on the "mainline" kernel.org
releases or not given that 3.10 is a bit old?

thanks,

greg k-h



[prev in list] [next in list] [prev in thread] [next in thread]