[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] =?UTF-8?B?5Zue5aSN77yaW29zcy1zZWN1cml0eV0gQ1ZFLTIwMjAtMTA3MDgga2VybmVsOiByYWNlIGNv?=
From: "=?UTF-8?B?6ZmI5Lyf5a64KOeUsOWQhCk=?=" <splendidsky.cwc () alibaba-inc ! com>
Date: 2020-04-17 9:20:21
Message-ID: b79b57ed-1d59-419a-911e-8b3b482cecf4.splendidsky.cwc () alibaba-inc ! com
[Download RAW message or body]
[Attachment #2 (text/plain)]
Hey, it's public now. Please visit: https://bugzilla.redhat.com/show_bug.cgi?id=1822593
I'm not sure whether it exists on the mainline kernel. Maybe I'll do some research sometime.
Thanks.
------------------------------------------------------------------
发件人:Greg KH <greg@kroah.com>
发送时间:2020年4月17日(星期五) 16:55
收件人:oss-security <oss-security@lists.openwall.com>
主 题:Re: [oss-security] CVE-2020-10708 kernel: race condition in kernel/audit.c may \
allow low privilege users trigger kernel panic
On Fri, Apr 17, 2020 at 12:40:10PM +0800, 陈伟宸(田各) wrote:
>
> "A race condition was found in the Linux kernel audit subsystem. When the system is \
> configured to panic on events being dropped, an attacker who is able to trigger an audit \
> event that starts while auditd is in the process of starting may be able to cause the system \
> to panic by exploiting a race condition in audit event handling. This creates a denial of \
> service by causing a panic."
> https://bugzilla.redhat.com/show_bug.cgi?id=1822593
That bug link seems to be restricted at the moment :(
> Env:
> Red Hat Enterprise Linux Server release 7.7 (Maipo)
> 3.10.0-1062.12.1.el7.x86_64
Any hint on if this is still an issue on the "mainline" kernel.org
releases or not given that 3.10 is a bit old?
thanks,
greg k-h
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic