Re:Re: [PATCH 4.19.y 0/9] Fix the UAF issue caused by the loop driver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 2024-03-04 21:31:20, "Greg KH" <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>On Fri, Mar 01, 2024 at 09:30:19AM +0800, Genjian wrote:
>> From: Genjian Zhang <zhanggenjian@xxxxxxxxxx>
>> 
>> Hello!
>> 
>> We found that 2035c770bfdb ("loop: Check for overflow while configuring loop") lost a unlock loop_ctl_mutex in loop_get_status(...).
>> which caused syzbot to report a UAF issue. However, the upstream patch does not have this issue.
>> So, we revert this patch and directly apply the unmodified upstream patch.
>> 
>> Risk use-after-free as reported by syzbot:
>
>This looks good, but you are backporting commits that are NOT in newer
>stable releases (i.e. from 5.8 but the commit is not in 5.4.y), is that
>intentional?
>
>Does 5.4.y also have this problem?  If so, can you send a series that
>fixes that up so I can take both of them at the same time?
>
>thanks,
>
>greg k-h

Thank you for your advice. This problem also exists in 5.4.y. 
I will send a series of patches for 5.4.y.

thanks,

Genjian




[Index of Archives]     [Linux RAID]     [Linux SCSI]     [Linux ATA RAID]     [IDE]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Device Mapper]

  Powered by Linux