oss-sec mailing list archives
CVE-2019-20794 kernel: task processes not being properly ended could lead to resource exhaustion
From: Rohit Keshri <rkeshri () redhat com>
Date: Mon, 24 Aug 2020 15:05:28 +0530
Hello Team, Red Hat has identified a vulnerability with the following details. A flaw was found when a user with PID namespace mounting a FUSE filesystem, If the userspace component is terminated (pid 1), this results into a denial of service (DoS) problem. This internally makes the fuse requests go into Uninterruptible state until the system is rebooted. 'CVE-2019-20794' was assigned via MITRE. Reference: https://github.com/sargun/fuse-example Thank you .. Rohit Keshri / Red Hat Product Security Team PGP: OX01BC 858A 07B7 15C8 EF33 BFE2 2EEB 0CBC 84A4 4C2D secalert () redhat com for urgent response
Current thread:
- CVE-2019-20794 kernel: task processes not being properly ended could lead to resource exhaustion Rohit Keshri (Aug 24)