| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAA8EJpo-U74KAyoHY=9wutk=iCOBMv6T1Ez-MEogYdPE6X1yCQ@mail.gmail.com>
Date: Mon, 1 Mar 2021 18:34:10 +0300
From: Dmitry Baryshkov <dmitry.baryshkov@...aro.org>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Arnd Bergmann <arnd@...db.de>,
open list <linux-kernel@...r.kernel.org>,
Srinivas Kandagatla <srinivas.kandagatla@...aro.org>,
Jonathan Marek <jonathan@...ek.ca>, stable@...r.kernel.org
Subject: Re: [PATCH v2] misc: fastrpc: restrict user apps from sending kernel
RPC messages
On Sat, 13 Feb 2021 at 11:25, Greg Kroah-Hartman
<gregkh@...uxfoundation.org> wrote:
>
> On Fri, Feb 12, 2021 at 10:26:58PM +0300, Dmitry Baryshkov wrote:
> > Verify that user applications are not using the kernel RPC message
> > handle to restrict them from directly attaching to guest OS on the
> > remote subsystem. This is a port of CVE-2019-2308 fix.
>
> A port of the fix of what to what?
I'm sorry for the confusion. It is a port of the original
Qualcomm/CodeAurora fix to the upstream driver.
See https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=cc2e11eeb988964af72309f71b0fb21c11ed6ca9,
> Is this to go only into a stable tree (if so what ones and what is the
> id in Linus's tree), or is it to go into Linus's tree like normal (if so
> how can this be a port)?
It's a port from QCI kernel, not a backport.
So I'd prefer for it to go into Linus's tree (and then be backported
to relevant -stable trees).
--
With best wishes
Dmitry
Powered by blists - more mailing lists