回复：[oss-security] CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic

["陈伟宸(田各)" <splendidsky.cwc () alibaba-inc com>]

Hey, it's public now. Please visit: https://bugzilla.redhat.com/show_bug.cgi?id=1822593

I'm not sure whether it exists on the mainline kernel. Maybe I'll do some research sometime.

Thanks.
------------------------------------------------------------------
发件人：Greg KH <greg () kroah com>
发送时间：2020年4月17日(星期五) 16:55
收件人：oss-security <oss-security () lists openwall com>
主　题：Re: [oss-security] CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger 
kernel panic

On Fri, Apr 17, 2020 at 12:40:10PM +0800, 陈伟宸(田各) wrote:
> "A race condition was found in the Linux kernel audit subsystem. When the system is configured to panic on events 
> being dropped, an attacker who is able to trigger an audit event that starts while auditd is in the process of 
> starting may be able to cause the system to panic by exploiting a race condition in audit event handling. This 
> creates a denial of service by causing a panic."
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1822593

That bug link seems to be restricted at the moment :(

> Env:
>     Red Hat Enterprise Linux Server release 7.7 (Maipo)
>     3.10.0-1062.12.1.el7.x86_64

Any hint on if this is still an issue on the "mainline" kernel.org
releases or not given that 3.10 is a bit old?

thanks,

greg k-h