oss-sec mailing list archives
回复:[oss-security] CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic
From: "陈伟宸(田各)" <splendidsky.cwc () alibaba-inc com>
Date: Fri, 17 Apr 2020 17:20:21 +0800
Hey, it's public now. Please visit: https://bugzilla.redhat.com/show_bug.cgi?id=1822593 I'm not sure whether it exists on the mainline kernel. Maybe I'll do some research sometime. Thanks. ------------------------------------------------------------------ 发件人:Greg KH <greg () kroah com> 发送时间:2020年4月17日(星期五) 16:55 收件人:oss-security <oss-security () lists openwall com> 主 题:Re: [oss-security] CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic On Fri, Apr 17, 2020 at 12:40:10PM +0800, 陈伟宸(田各) wrote:
"A race condition was found in the Linux kernel audit subsystem. When the system is configured to panic on events being dropped, an attacker who is able to trigger an audit event that starts while auditd is in the process of starting may be able to cause the system to panic by exploiting a race condition in audit event handling. This creates a denial of service by causing a panic." https://bugzilla.redhat.com/show_bug.cgi?id=1822593
That bug link seems to be restricted at the moment :(
Env: Red Hat Enterprise Linux Server release 7.7 (Maipo) 3.10.0-1062.12.1.el7.x86_64
Any hint on if this is still an issue on the "mainline" kernel.org releases or not given that 3.10 is a bit old? thanks, greg k-h
Current thread:
- CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic 陈伟宸(田各) (Apr 17)
- Re: CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic Greg KH (Apr 17)
- 回复:[oss-security] CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic 陈伟宸(田各) (Apr 17)
- Re: CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic Steve Grubb (Apr 17)
- Re: CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic Greg KH (Apr 17)