[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [oss-security] CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS
On 17.03.2021 18:29, Salvatore Bonaccorso wrote:
On Wed, Mar 17, 2021 at 04:17:05PM +0100, Greg KH wrote:
On Wed, Mar 17, 2021 at 07:45:59PM +0530, Rohit Keshri wrote:
A denial of service vulnerability was found in n_tty_receive_char_special
in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker
with a normal user privilege could delay the loop (due to a changing
ldata->read_head, and a missing sanity check) and cause a threat to the
'CVE-2021-20219' was assigned by Red Hat.
Acknowledgements: Evgenii Shatokhin (Virtuozzo Research LLC)
Really? Not the tools or people that reported this issue and fixed it
in the community back in 2018?
Can you clarify, would 3d63b7e4ae0d ("n_tty: Fix stall at
n_tty_receive_char_special().") be the upstream fix you are referring
to for it?
Sorry for jumping in.
Yes, this is the original fix, but the issue I reported is specific to
RHEL 7: their backport of that fix was incomplete.