| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024110612-lapping-rebate-ed25@gregkh> Date: Wed, 6 Nov 2024 07:10:39 +0100 From: "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org> To: Siddh Raman Pant <siddh.raman.pant@...cle.com> Cc: "sashal@...nel.org" <sashal@...nel.org>, "stable@...r.kernel.org" <stable@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "cgroups@...r.kernel.org" <cgroups@...r.kernel.org>, "shivani.agarwal@...adcom.com" <shivani.agarwal@...adcom.com> Subject: Re: 5.10.225 stable kernel cgroup_mutex not held assertion failure On Wed, Oct 30, 2024 at 07:29:38AM +0000, Siddh Raman Pant wrote: > Hello maintainers, > > On Fri, 20 Sep 2024 02:28:03 -0700, Shivani Agarwal wrote: > > Thanks Fedor. > > > > Upstream commit 1be59c97c83c is merged in 5.4 with commit 10aeaa47e4aa and > > in 4.19 with commit 27d6dbdc6485. The issue is reproducible in 5.4 and 4.19 > > also. > > > > I am sending the backport patch of d23b5c577715 and a7fb0423c201 for 5.4 and > > 4.19 in the next email. > > Please backport these changes to stable. > > "cgroup/cpuset: Prevent UAF in proc_cpuset_show()" has already been > backported and bears CVE-2024-43853. As reported, we may already have > introduced another problem due to the missing backport. What exact commits are needed here? Please submit backported and tested commits and we will be glad to queue them up. thanks, greg k-h
Powered by blists - more mailing lists