oss-sec mailing list archives
Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards()
From: Alexandros Toptsoglou <atoptsoglou () suse de>
Date: Wed, 10 Feb 2021 16:18:20 +0100
Hi, is the information listed here correct? Especially the CVE-2021-20200 assignment. In project-zero reference at the last comment CVE-2020-29369 is mentioned. Best regards, Alexandros On 2/10/21 4:04 PM, Rohit Keshri wrote:
Hello Team, A use-after-free flaw may be seen due to a race problem while in detach_vmas_to_be_unmapped() in mm/mmap.c in VMA access while munmap(). This flaw could allow a local attacker with a user privilege to crash the system, because VMA with VM_GROWSDOWN or VM_GROWSUP flag set may change their size under mmap_read_lock(). This vulnerability could even lead to a kernel information leak problem. 'CVE-2021-20200' was assigned by Red Hat. References: https://bugs.chromium.org/p/project-zero/issues/detail?id=2056 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c Thanks and Regards .. Rohit Keshri / Red Hat Product Security Team PGP: OX01BC 858A 07B7 15C8 EF33 BFE2 2EEB 0CBC 84A4 4C2D secalert () redhat com for urgent response
-- Alexandros Toptsoglou <atoptsoglou () suse de> Security Engineer OpenPGP fingerprint: C270 3848 AA4A 783A 9848 BB06 56A3 3D9C B652 1869 SUSE Software Solutions Germany GmbH Maxfeldstr. 5 90409 Nuremberg Germany (HRB 36809, AG Nürnberg) Managing Director: Felix Imendörffer
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
Current thread:
- CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards() Rohit Keshri (Feb 10)
- Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards() Alexandros Toptsoglou (Feb 10)