[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2021-20177 kernel: iptables string match rule could result in kernel panic
From: Greg KH <greg () kroah ! com>
Date: 2021-01-12 8:04:49
Message-ID: X/1YIT59FZ7clijT () kroah ! com
[Download RAW message or body]
On Tue, Jan 12, 2021 at 04:58:07PM +1000, Wade Mealing wrote:
> Gday,
>
> A flaw was found in the Linux kernels implementation of string matching
> within a packet. A privileged user
> (with root or CAP_NET_ADMIN ) when inserting iptables rules could insert a
> rule which can panic the system.
>
> Likely a user with these permissions could do worse, however it crashes the
> system (DOS) and the user is going to have a bad day
> especially if the rule is inserted and restored on every boot.
>
> At this time it doesn't affect RHEL releases, and there are fixes already
> in multiple upstream trees.
>
> Thanks,
>
> Wade Mealing
>
> Upstream patch:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca58fbe06c54
>
> Upstream bugzilla:
> https://bugzilla.kernel.org/show_bug.cgi?id=209823
>
> Red Hat Bugzilla:
> https://bugzilla.redhat.com/show_bug.cgi?id=1914719
I still do not understand why you report issues that are fixed over a
year ago (October 2019) and assign them a CVE like this. Who does this
help out? And what about the thousands of other issues that are fixed
in the kernel and not assigned a CVE like this, are they somehow not as
important to your group?
What determines what you want to give a CVE to and what you do not?
thanks,
greg k-h
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic