oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS

From: Greg KH <greg () kroah com>
Date: Wed, 17 Mar 2021 16:17:05 +0100
On Wed, Mar 17, 2021 at 07:45:59PM +0530, Rohit Keshri wrote:

Hello Team,

A denial of service vulnerability was found in n_tty_receive_char_special
in drivers/tty/n_tty.c of the Linux kernel.  In this flaw a local attacker
with a normal user privilege could delay the loop (due to a changing
ldata->read_head, and a missing sanity check) and cause a threat to the
system availability.

'CVE-2021-20219' was assigned by Red Hat.

Acknowledgements: Evgenii Shatokhin (Virtuozzo Research LLC)


Really?  Not the tools or people that reported this issue and fixed it
in the community back in 2018?

{sigh}

greg k-h
Previous By Date Next
Previous By Thread Next

Current thread: