[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <2024053013-overdrawn-hydrant-d8d3@gregkh>
Date: Thu, 30 May 2024 07:19:47 +0200
From: "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>
To: Kuzey Arda Bulut <kuzeyb.business@...il.com>
Cc: security@...nel.org, jirislaby@...nel.org, linux-kernel@...r.kernel.org,
linux-serial@...r.kernel.org
Subject: Re: Subject: [SECURITY] Vulnerability in Linux Kernel
On Thu, May 30, 2024 at 07:19:02AM +0200, gregkh@...uxfoundation.org wrote:
> On Wed, May 29, 2024 at 08:25:18PM +0300, Kuzey Arda Bulut wrote:
> > Dear Linux Kernel Security Team,
> >
> > I have discovered a null-ptr-deref security vulnerability in tty driver in
> > the Linux kernel. You can find the detailed descriptions of the
> > vulnerability in report.md.
> >
> > If you have any questions or need further information, please do not
> > hesitate to contact me.
>
> As the n_gsm is full of known issues by the developers, and the ldisc is
> not allowed to be loaded by a non-root user, this isn't all that serious
> of an issue. See this thread for a list of problems that I think you
> might have already found here:
> https://lore.kernel.org/r/DB9PR10MB5881D2170678C169FB42A423E0082@DB9PR10MB5881.EURPRD10.PROD.OUTLOOK.COM
>
> Note, 2 fixes have landed in 6.10-rc2 for this driver, can you verify if
> these fix the issue you are reporting here?
>
> And do you have a proposed fix for this issue?
Also, no need to let security@...nel.org know about this as you have
also sent it to public mailing lists, and given the above thread
disussion in public.
thanks,
greg k-h
Powered by blists - more mailing lists