[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation
From: Greg Kroah-Hartman <gregkh () linuxfoundation ! org>
Date: 2021-05-29 13:50:37
Message-ID: YLJGrad5G0KL5Ls3 () kroah ! com
[Download RAW message or body]
On Fri, May 28, 2021 at 05:41:03PM +0200, Oliver Hartkopp wrote:
> Hello Greg,
>
> this patch ("can: isotp: prevent race between isotp_bind() and
> isotp_setsockopt()") has hit Linus' tree ~36h ago:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/can?id=2b17c400aeb44daf041627722581ade527bb3c1d
>
> It has a CVE number and is potentially exploitable - but it was not in the
> latest batch of stable kernels about ~4h ago.
Give us a chance :)
>
> It was obviously not tagged properly for stable kernels but has a fixes-tag:
>
> Fixes: 921ca574cd38 ("can: isotp: add SF_BROADCAST support for functional
> addressing")
>
> which was introduced in 5.11
Now queued up, thanks.
greg k-h
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic