oss-sec mailing list archives

Re: CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic

From: Greg KH <greg () kroah com>
Date: Fri, 17 Apr 2020 10:33:59 +0200

On Fri, Apr 17, 2020 at 12:40:10PM +0800, 陈伟宸(田各) wrote:


"A race condition was found in the Linux kernel audit subsystem. When the system is configured to panic on events 
being dropped, an attacker who is able to trigger an audit event that starts while auditd is in the process of 
starting may be able to cause the system to panic by exploiting a race condition in audit event handling. This 
creates a denial of service by causing a panic."

https://bugzilla.redhat.com/show_bug.cgi?id=1822593


That bug link seems to be restricted at the moment :(

Env:
    Red Hat Enterprise Linux Server release 7.7 (Maipo)
    3.10.0-1062.12.1.el7.x86_64


Any hint on if this is still an issue on the "mainline" kernel.org
releases or not given that 3.10 is a bit old?

thanks,

greg k-h

Current thread:

CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic 陈伟宸(田各) (Apr 17)
- Re: CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic Greg KH (Apr 17)
  - 回复：[oss-security] CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic 陈伟宸(田各) (Apr 17)
- Re: CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic Steve Grubb (Apr 17)