[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-2020-25641 kernel: soft lockup when submitting zero length bvecs.
From:       Greg KH <greg () kroah ! com>
Date:       2020-09-30 6:32:54
Message-ID: 20200930063254.GB1474755 () kroah ! com
[Download RAW message or body]

On Wed, Sep 30, 2020 at 10:35:56AM +1000, Wade Mealing wrote:
> Gday,
> 
> A flaw was found in the Linux kernels implementation of biovec usage.  A
> zero-length biovec request issued to the block subsystem could cause the
> kernel to enter an infinite loop causing a denial of service. An attacker
> with a local account can issue requests to a block device can cause a
> denial of service.
> 
> This has been assigned CVE-2020-25641,
> 
> According to the fix commits "Introduced in":
> # git tag --contains 1bdc76aea115 | head -n 1
> v4.10

That's odd, and not the best way to do this, the commit really showed up
in 4.8-rc1:
	$ git describe --contains 1bdc76aea115
	v4.8-rc1~162^2~21

You forgot to sort by "version", which is what you need to do if you
want to try to look at tags, but then it's still a bit off:
	$ git tag --contains 1bdc76aea115 | sort -V | head -n 10
	v4.8
	v4.8-rc1
	v4.8-rc2
	v4.8-rc3
	v4.8-rc4
	v4.8-rc5
	v4.8-rc6
	v4.8-rc7
	v4.8-rc8
	v4.9

hope this helps,

greg k-h
[prev in list] [next in list] [prev in thread] [next in thread]