Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards()

[Rohit Keshri <rkeshri () redhat com>]

Hello Alexandros, CVE-2021-20200 is a duplicate of CVE-2020-29369, and we
are revoking this.

Regards,
..
Rohit Keshri / Red Hat Product Security Team
PGP: OX01BC 858A 07B7 15C8 EF33 BFE2 2EEB 0CBC 84A4 4C2D

secalert () redhat com for urgent response


On Wed, Feb 10, 2021 at 9:03 PM Alexandros Toptsoglou <atoptsoglou () suse de>
wrote:

> Hi,
>
> is the information listed here correct? Especially the CVE-2021-20200
> assignment.
>
> In project-zero reference at the last comment CVE-2020-29369 is mentioned.
>
> Best regards,
>
> Alexandros
>
> On 2/10/21 4:04 PM, Rohit Keshri wrote:
> > Hello Team,
> >
> > A use-after-free flaw may be seen due to a race problem while in
> > detach_vmas_to_be_unmapped() in mm/mmap.c in VMA access while
> > munmap(). This flaw could allow a local attacker with a user privilege
> > to crash the system, because VMA with VM_GROWSDOWN or VM_GROWSUP flag
> > set may change their size under mmap_read_lock(). This vulnerability
> > could even lead to a kernel information leak problem.
> >
> >
> > 'CVE-2021-20200' was assigned by Red Hat.
> >
> > References:
> > https://bugs.chromium.org/p/project-zero/issues/detail?id=2056
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c
> > Thanks and Regards
> > ..
> > Rohit Keshri / Red Hat Product Security Team
> > PGP: OX01BC 858A 07B7 15C8 EF33 BFE2 2EEB 0CBC 84A4 4C2D
> >
> > secalert () redhat com for urgent response
>
> --
> Alexandros Toptsoglou <atoptsoglou () suse de>
> Security Engineer
> OpenPGP fingerprint: C270 3848 AA4A 783A 9848  BB06 56A3 3D9C B652 1869
>
> SUSE Software Solutions Germany GmbH
> Maxfeldstr. 5
> 90409 Nuremberg
> Germany
> (HRB 36809, AG Nürnberg)
> Managing Director: Felix Imendörffer