lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 7 Jan 2022 22:24:53 +0530
From:   aayush.a.agarwal@...cle.com
To:     Greg KH <gregkh@...uxfoundation.org>
Cc:     stable@...r.kernel.org, Hangyu Hua <hbh25y@...il.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Remi Denis-Courmont <courmisch@...il.com>,
        "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [External] : Re: [PATCH 4.14] phonet: refcount leak in
 pep_sock_accep


On 07/01/22 4:54 pm, Greg KH wrote:
> On Fri, Jan 07, 2022 at 02:53:32AM -0800, Aayush Agarwal wrote:
>> From: Hangyu Hua <hbh25y@...il.com>
>>
>> commit bcd0f9335332 ("phonet: refcount leak in pep_sock_accep")
>> upstream.
>>
>> sock_hold(sk) is invoked in pep_sock_accept(), but __sock_put(sk) is not
>> invoked in subsequent failure branches(pep_accept_conn() != 0).
>>
>> Signed-off-by: Hangyu Hua <hbh25y@...il.com>
>> Link: https://urldefense.com/v3/__https://lore.kernel.org/r/20211209082839.33985-1-hbh25y@gmail.com__;!!ACWV5N9M2RV99hQ!Znc0Oy9gtZZ18UDMwcZiYrfjj4GUibhEq5WJZ44m6azDWCC1hrZpkFh9AmGOqqS94cqz-A$
>> Signed-off-by: Jakub Kicinski <kuba@...nel.org>
>> Signed-off-by: Aayush Agarwal <aayush.a.agarwal@...cle.com>
>> ---
>>   net/phonet/pep.c | 1 +
>>   1 file changed, 1 insertion(+)
> What about releases 5.15.y, 5.10.y, 5.4.y, and 4.19.y?  Is this also
> relevant for those trees?
>
> thanks,
>
> greg k-h

It's relevant for all currently supported stable releases: 4.4.y, 4.9.y, 
4.14.y, 4.19.y, 5.4.y, 5.10.y, 5.15.y . I missed adding the tag "Cc: 
stable@...er.kernel.org #4.4+". Should I send the patch again?


Powered by blists - more mailing lists