lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024112826-pond-battered-c61b@gregkh> Date: Thu, 28 Nov 2024 17:51:43 +0100 From: Greg KH <gregkh@...uxfoundation.org> To: Michal Koutný <mkoutny@...e.com> Cc: cve@...nel.org, linux-kernel@...r.kernel.org, linux-cve-announce@...r.kernel.org Subject: Re: CVE-2024-53054: cgroup/bpf: use a dedicated workqueue for cgroup bpf destruction On Wed, Nov 27, 2024 at 06:37:57PM +0100, Michal Koutný wrote: > Hello. > > On Sun, Sep 16, 2001 at 10:00:00PM GMT, Greg Kroah-Hartman <gregkh@...uxfoundation.org> wrote: > > This issue can be reproduced by the following pressuse test: > > 1. A large number of cpuset cgroups are deleted. > > 2. Set cpu on and off repeatly. > > 3. Set watchdog_thresh repeatly. > > The lockup is triggered in this very specific stress testing scenario. > CPU offlining (write holding of cpu_hotplug_lock) is necessary to cause > _this_ lockup. Both 2 and 3 are privileged operations (in a tight loop > to hit the window). > > I don't think this qualifies as vulnerability. Thanks for the review, now revoked! greg k-h
Powered by blists - more mailing lists