lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 26 Aug 2022 20:19:41 -0700
From:   Andrew Morton <akpm@...ux-foundation.org>
To:     Charan Teja Kalla <quic_charante@...cinc.com>
Cc:     <mhocko@...e.com>, <david@...hat.com>, <vbabka@...e.cz>,
        <pasha.tatashin@...een.com>, <shakeelb@...gle.com>,
        <sieberf@...zon.com>, <sjpark@...zon.de>,
        <william.kucharski@...cle.com>, <willy@...radead.org>,
        <quic_pkondeti@...cinc.com>, <minchan@...gle.com>,
        <linux-kernel@...r.kernel.org>, <linux-mm@...ck.org>
Subject: Re: [PATCH V5] mm: fix use-after free of page_ext after race with
 memory-offline

On Fri, 26 Aug 2022 12:26:33 +0530 Charan Teja Kalla <quic_charante@...cinc.com> wrote:

> The below is one path where race between page_ext and  offline of the
> respective memory blocks will cause use-after-free on the access of
> page_ext structure.

What are people's thoughts on a -stable backport?  It looks like the
bug has been there for years and the means of hitting it are obscure
and the patch isn't minor, so I'm thinking no?

Powered by blists - more mailing lists