oss-sec mailing list archives
Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards()
From: Rohit Keshri <rkeshri () redhat com>
Date: Fri, 19 Feb 2021 23:55:50 +0530
Hello Alexandros, CVE-2021-20200 is a duplicate of CVE-2020-29369, and we are revoking this. Regards, .. Rohit Keshri / Red Hat Product Security Team PGP: OX01BC 858A 07B7 15C8 EF33 BFE2 2EEB 0CBC 84A4 4C2D secalert () redhat com for urgent response On Wed, Feb 10, 2021 at 9:03 PM Alexandros Toptsoglou <atoptsoglou () suse de> wrote:
Hi, is the information listed here correct? Especially the CVE-2021-20200 assignment. In project-zero reference at the last comment CVE-2020-29369 is mentioned. Best regards, Alexandros On 2/10/21 4:04 PM, Rohit Keshri wrote:Hello Team, A use-after-free flaw may be seen due to a race problem while in detach_vmas_to_be_unmapped() in mm/mmap.c in VMA access while munmap(). This flaw could allow a local attacker with a user privilege to crash the system, because VMA with VM_GROWSDOWN or VM_GROWSUP flag set may change their size under mmap_read_lock(). This vulnerability could even lead to a kernel information leak problem. 'CVE-2021-20200' was assigned by Red Hat. References: https://bugs.chromium.org/p/project-zero/issues/detail?id=2056https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=246c320a8cfe0b11d81a4af38fa9985ef0cc9a4cThanks and Regards .. Rohit Keshri / Red Hat Product Security Team PGP: OX01BC 858A 07B7 15C8 EF33 BFE2 2EEB 0CBC 84A4 4C2D secalert () redhat com for urgent response-- Alexandros Toptsoglou <atoptsoglou () suse de> Security Engineer OpenPGP fingerprint: C270 3848 AA4A 783A 9848 BB06 56A3 3D9C B652 1869 SUSE Software Solutions Germany GmbH Maxfeldstr. 5 90409 Nuremberg Germany (HRB 36809, AG Nürnberg) Managing Director: Felix Imendörffer
Current thread:
- CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards() Rohit Keshri (Feb 10)
- Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards() Alexandros Toptsoglou (Feb 10)
- Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards() Rohit Keshri (Feb 19)
- Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards() Alexandros Toptsoglou (Feb 10)