oss-sec mailing list archives
Re: Re: Linux Kernel 4.20(21) deadlock vulnerability.
From: Michael Ellerman <mpe () ellerman id au>
Date: Wed, 09 Jan 2019 12:04:41 +1100
Eric Dumazet <edumazet () google com> writes:
Hello Entropy Moe syzbot reported dozens of similar issues involving printk https://syzkaller.appspot.com/ Not sure why this would be a security concern ?
It's a local DOS, so that's a security concern for some people.
But AFAICT the lockup warning only happens because the injected SLAB
failure tries to call printk(). If there'd been a real allocation
failure it would have just returned an error and there'd be no issue.
If you modify the reproducer to also do:
write_file("/sys/kernel/debug/failslab/verbose", "0");
Then it shouldn't do the printk() and hopefully there'll be no lockup
warning.
cheers
On Tue, Jan 8, 2019 at 7:08 AM Entropy Moe <3ntr0py1337 () gmail com> wrote:Hello, I wanted to let you know that there seem to be a deadlock vulnerability on the linux kernel 4.20. I am attaching the result report from syzkaller which also got the c code for replication. thank you,
Current thread:
- Linux Kernel 4.20(21) deadlock vulnerability. Entropy Moe (Jan 08)
- Re: Linux Kernel 4.20(21) deadlock vulnerability. Eric Dumazet (Jan 08)
- Re: Re: Linux Kernel 4.20(21) deadlock vulnerability. Michael Ellerman (Jan 09)
- Re: Linux Kernel 4.20(21) deadlock vulnerability. Greg KH (Jan 08)
- Re: Linux Kernel 4.20(21) deadlock vulnerability. Entropy Moe (Jan 08)
- Re: Linux Kernel 4.20(21) deadlock vulnerability. Greg KH (Jan 08)
- Re: Linux Kernel 4.20(21) deadlock vulnerability. Entropy Moe (Jan 08)
- Re: Linux Kernel 4.20(21) deadlock vulnerability. Entropy Moe (Jan 08)
- Re: Linux Kernel 4.20(21) deadlock vulnerability. Eric Dumazet (Jan 08)