lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200324144338.GA2507446@kroah.com>
Date:   Tue, 24 Mar 2020 15:43:38 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Mark Salyzyn <salyzyn@...roid.com>
Cc:     stable <stable@...r.kernel.org>,
        Android Kernel Team <kernel-team@...roid.com>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: locks use-after-free stable request

On Tue, Mar 24, 2020 at 07:24:49AM -0700, Mark Salyzyn wrote:
> Referencing upstream fixes commit dcf23ac3e846ca0cf626c155a0e3fcbbcf4fae8a
> ("locks: reinstate locks_delete_block optimization") and commit
> 6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da ("locks: fix a potential
> use-after-free problem when wakeup a waiter") and possibly address
> CVE-2019-19769.
> 
> Please apply to all relevant stable trees including 5.4, 4.19 and below.
> Confirmed they apply cleanly to 5.4 and 4.19.
> 
> 
> Signed-off-by: Mark Salyzyn <salyzyn@...roid.com>
> 
> Cc: stable@...r.kernel.org
> 
> Cc: linux-kernel@...r.kernel.org
> 
> Cc: kernel-team@...roid.com
> 

These are all queued up for the next round of 5.4 and 5.5 stable
releases,but they do not seem to apply to 4.19.

And why do you think they apply to 4.19, that's not what 6d390e4b5d48
("locks: fix a potential use-after-free problem when wakeup a waiter")
says.

confused,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ