| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Mar 2020 07:53:52 -0700
From: Mark Salyzyn <salyzyn@...roid.com>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: stable <stable@...r.kernel.org>,
Android Kernel Team <kernel-team@...roid.com>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: locks use-after-free stable request
On 3/24/20 7:43 AM, Greg KH wrote:
> On Tue, Mar 24, 2020 at 07:24:49AM -0700, Mark Salyzyn wrote:
>> Referencing upstream fixes commit dcf23ac3e846ca0cf626c155a0e3fcbbcf4fae8a
>> ("locks: reinstate locks_delete_block optimization") and commit
>> 6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da ("locks: fix a potential
>> use-after-free problem when wakeup a waiter") and possibly address
>> CVE-2019-19769.
>>
>> Please apply to all relevant stable trees including 5.4, 4.19 and below.
>> Confirmed they apply cleanly to 5.4 and 4.19.
>>
>>
>> Signed-off-by: Mark Salyzyn <salyzyn@...roid.com>
>>
>> Cc: stable@...r.kernel.org
>>
>> Cc: linux-kernel@...r.kernel.org
>>
>> Cc: kernel-team@...roid.com
>>
> These are all queued up for the next round of 5.4 and 5.5 stable
> releases,but they do not seem to apply to 4.19.
>
> And why do you think they apply to 4.19, that's not what 6d390e4b5d48
> ("locks: fix a potential use-after-free problem when wakeup a waiter")
> says.
When I used my tool to apply the pair by sha, I failed to notice that
they were _both_ skipped because they are _both_ already present and
read that as clean without looking at _what_ got applied or not.
(I will be fixing my tool)
> confused,
<sorry>
>
> greg k-h
Powered by blists - more mailing lists