| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 May 2024 07:19:47 +0200 From: "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org> To: Kuzey Arda Bulut <kuzeyb.business@...il.com> Cc: security@...nel.org, jirislaby@...nel.org, linux-kernel@...r.kernel.org, linux-serial@...r.kernel.org Subject: Re: Subject: [SECURITY] Vulnerability in Linux Kernel On Thu, May 30, 2024 at 07:19:02AM +0200, gregkh@...uxfoundation.org wrote: > On Wed, May 29, 2024 at 08:25:18PM +0300, Kuzey Arda Bulut wrote: > > Dear Linux Kernel Security Team, > > > > I have discovered a null-ptr-deref security vulnerability in tty driver in > > the Linux kernel. You can find the detailed descriptions of the > > vulnerability in report.md. > > > > If you have any questions or need further information, please do not > > hesitate to contact me. > > As the n_gsm is full of known issues by the developers, and the ldisc is > not allowed to be loaded by a non-root user, this isn't all that serious > of an issue. See this thread for a list of problems that I think you > might have already found here: > https://lore.kernel.org/r/DB9PR10MB5881D2170678C169FB42A423E0082@DB9PR10MB5881.EURPRD10.PROD.OUTLOOK.COM > > Note, 2 fixes have landed in 6.10-rc2 for this driver, can you verify if > these fix the issue you are reporting here? > > And do you have a proposed fix for this issue? Also, no need to let security@...nel.org know about this as you have also sent it to public mailing lists, and given the above thread disussion in public. thanks, greg k-h
Powered by blists - more mailing lists