lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sun, 9 Jan 2022 14:00:37 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     aayush.a.agarwal@...cle.com
Cc:     stable@...r.kernel.org, Hangyu Hua <hbh25y@...il.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Remi Denis-Courmont <courmisch@...il.com>,
        "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [External] : Re: [PATCH 4.14] phonet: refcount leak in
 pep_sock_accep

On Fri, Jan 07, 2022 at 10:24:53PM +0530, aayush.a.agarwal@...cle.com wrote:
> 
> On 07/01/22 4:54 pm, Greg KH wrote:
> > On Fri, Jan 07, 2022 at 02:53:32AM -0800, Aayush Agarwal wrote:
> > > From: Hangyu Hua <hbh25y@...il.com>
> > > 
> > > commit bcd0f9335332 ("phonet: refcount leak in pep_sock_accep")
> > > upstream.
> > > 
> > > sock_hold(sk) is invoked in pep_sock_accept(), but __sock_put(sk) is not
> > > invoked in subsequent failure branches(pep_accept_conn() != 0).
> > > 
> > > Signed-off-by: Hangyu Hua <hbh25y@...il.com>
> > > Link: https://urldefense.com/v3/__https://lore.kernel.org/r/20211209082839.33985-1-hbh25y@gmail.com__;!!ACWV5N9M2RV99hQ!Znc0Oy9gtZZ18UDMwcZiYrfjj4GUibhEq5WJZ44m6azDWCC1hrZpkFh9AmGOqqS94cqz-A$
> > > Signed-off-by: Jakub Kicinski <kuba@...nel.org>
> > > Signed-off-by: Aayush Agarwal <aayush.a.agarwal@...cle.com>
> > > ---
> > >   net/phonet/pep.c | 1 +
> > >   1 file changed, 1 insertion(+)
> > What about releases 5.15.y, 5.10.y, 5.4.y, and 4.19.y?  Is this also
> > relevant for those trees?
> > 
> > thanks,
> > 
> > greg k-h
> 
> It's relevant for all currently supported stable releases: 4.4.y, 4.9.y,
> 4.14.y, 4.19.y, 5.4.y, 5.10.y, 5.15.y . I missed adding the tag "Cc:
> stable@...er.kernel.org #4.4+". Should I send the patch again?

No need, I've queued it up everywhere now, thanks!

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ