oss-sec mailing list archives
CVE Request: kernel: hvc_console: Fix race between hvc_close and hvc_remove
From: dann frazier <dannf () dannf org>
Date: Tue, 6 Jul 2010 09:16:55 -0600
[cc'ing coley () linus mitre org] On Wed, Jun 30, 2010 at 11:06:41PM -0600, dann frazier wrote:
On Sat, Apr 17, 2010 at 11:26:46PM -0400, Michael Gilbert wrote:On Sat, 17 Apr 2010 18:15:42 -0400 Michael Gilbert wrote:On Thu, 04 Mar 2010 17:03:58 +0800 Eugene Teo wrote:Heads-up. You might want to backport this if your kernel is affected. We are not requesting a CVE name for this as it does not affect any of our Red Hat supported kernels.are you sure about this? i see the vulnerable code upstream in both 2.6.26 and 2.6.32. does redhat not ship hvc in their kernels? i think this should get a cve id because the more vanilla distros will have shipped with this included.i see that hvc_console is disabled by default in the debian kernels,Actually, upon review, I see that it is enabled (see the powerpc64 image). Therefore, I'd like to request a CVE ID for it.and i assume it is the same for the redhat kernels. are issues in features that are disabled by default generally treated as unimportant? there are bound to be a (perhaps small) subset of users turning these features on; exposing themselves to more risk if these issues go unfixed. i suppose cve assignment depends on whether or not there is an expectation to protect those users in addition to defaults-using users. mike
-- dann frazier
Current thread:
- CVE Request: kernel: hvc_console: Fix race between hvc_close and hvc_remove dann frazier (Jul 06)