oss-sec mailing list archives
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS
From: Greg KH <greg () kroah com>
Date: Thu, 18 Mar 2021 13:08:21 +0100
On Thu, Mar 18, 2021 at 05:03:53PM +0530, Rohit Keshri wrote:
Hello Team,Given that the above CVE is not public in any database that I can find, one can only hope that the text will reflect what really is happening here. Rohit, why was this even published?Again, stuff like this is just causing extra work by everyone else for no good reason that I can see.I understand and apologize for the confusion. This issue was reported for rhel7 to us (which was not seen in rhel8 or later versions), but it also applies to kernel before this ('3d63b7e4ae0dc') patch or kernel without this patch. $ git tag --contains 3d63b7e4ae0dc v4.18 v4.18-rc3 v4.18-rc4 v4.18-rc5 v4.18-rc6 v4.18-rc7 v4.18-rc8 ..
`git describe` should be used instead for stuff like this: $ git describe --contains 3d63b7e4ae0dc v4.18-rc3~4^2~4 But none of that takes into account for the backporting of commits into the stable tree, you need a different tool for that, which many of us have our own. If you use that you will see that the above commit really is in lots of fixed kernel trees: $ id_found_in 3d63b7e4ae0dc5e02d28ddd2fa1f945defc68d81 3.16.61 3.18.115 4.4.140 4.9.112 4.14.54 4.17.5 4.18 So this means that your RHEL 7 kernel, which is based on 3.10, somehow missed picking this up when it was backported to the "newer" stable kernel trees almost 3 years ago. Is that a mistake in your kernel development process that should be resolved?
Since this issue was reported to us, identified as a security flaw, and was fixed in the upstream, we decided to assign a CVE.
But then you announce that CVE to the community with no context or information which only causes us to have to do lots of extra work. If it's Red Hat's goal to get some people in the Linux kernel community mad at them, it's working well. If it's Red Hat's goal to somehow help the community out with this type of announcement, it's not working at all. You failed to site the fix, when it was, who did the fix, who found the fix, and where it was actually fixed in, all things that people here actually would like to know. So, what really is your goal here? thanks, greg k-h
Current thread:
- CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Rohit Keshri (Mar 17)
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 17)
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Salvatore Bonaccorso (Mar 17)
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Evgenii Shatokhin (Mar 17)
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Evgenii Shatokhin (Mar 17)
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Salvatore Bonaccorso (Mar 17)
- <Possible follow-ups>
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Rohit Keshri (Mar 18)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 18)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Kurt H Maier (Mar 18)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 18)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Solar Designer (Mar 18)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 19)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Brad Spengler (Mar 19)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Brad Spengler (Mar 19)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Brad Spengler (Mar 19)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 18)
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 17)