> On 15 Aug 2022, at 11:56, 许嘉诚 <stitch@xxxxxxxxxx> wrote: > > Hi developers, > > We may found a flaw in the fs module which can lead to UAF write or DoS. > We would appreciate a CVE ID if this is a security issue. > Confirming that your message made it through to linux-distros, but you haven't mentioned a date when this would be made public. However, > Someone found the similar problem: https://groups.google.com/g/syzkaller-bugs/c/z2WroC3_BSw. > > Fix this bug by moving the assignment of inode->i_private before security_inode_alloc. There's already a public discussion about that and if, indeed, that's the same bug then you should take this to oss-security as simply a rediscovery of an existing bug. I'll leave it to Red Hat to decide whether to allocate a CVE number for this issue. It needs significant privileges to exploit it; the only real question is whether you could use those privileges to crash the machine anyway. jch
Attachment:
signature.asc
Description: Message signed with OpenPGP
