oss-sec mailing list archives
Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS
From: Evgenii Shatokhin <eshatokhin () virtuozzo com>
Date: Wed, 17 Mar 2021 18:39:14 +0300
On 17.03.2021 18:29, Salvatore Bonaccorso wrote:
Hi Rohit, On Wed, Mar 17, 2021 at 04:17:05PM +0100, Greg KH wrote:On Wed, Mar 17, 2021 at 07:45:59PM +0530, Rohit Keshri wrote:Hello Team, A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata->read_head, and a missing sanity check) and cause a threat to the system availability. 'CVE-2021-20219' was assigned by Red Hat. Acknowledgements: Evgenii Shatokhin (Virtuozzo Research LLC)Really? Not the tools or people that reported this issue and fixed it in the community back in 2018?Can you clarify, would 3d63b7e4ae0d ("n_tty: Fix stall at n_tty_receive_char_special().") be the upstream fix you are referring to for it?
Sorry for jumping in.Yes, this is the original fix, but the issue I reported is specific to RHEL 7: their backport of that fix was incomplete.
Regards, Salvatore .
Regards, Evgenii
Current thread:
- CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Rohit Keshri (Mar 17)
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 17)
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Salvatore Bonaccorso (Mar 17)
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Evgenii Shatokhin (Mar 17)
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Evgenii Shatokhin (Mar 17)
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Salvatore Bonaccorso (Mar 17)
- <Possible follow-ups>
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Rohit Keshri (Mar 18)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 18)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Kurt H Maier (Mar 18)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 18)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Solar Designer (Mar 18)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 19)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Brad Spengler (Mar 19)
- Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 18)
- Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 17)