Re: Fix CVE-2020-29372 in 4.19 and 5.4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Our internal system reported that the issue affected "do_madvise in
mm/madvise.c in the Linux kernel before 5.6.8" so we assumed that it
affects 5.4 and 4.19.

Thank you for clarifying that 5.4 and 4.19 are not affected and it's
safe to revert the commit.

--Saied


On Thu, Jan 14, 2021 at 6:45 PM Jens Axboe <axboe@xxxxxxxxx> wrote:
>
> On 1/14/21 7:43 PM, Sasha Levin wrote:
> > On Thu, Jan 14, 2021 at 05:55:13PM -0800, Saied Kazemi wrote:
> >> Hi Greg,
> >>
> >> To fix CVE-2020-29372 in COS kernel versions 4.19 and 5.4, we
> >> cherry-picked the commit "mm: check that mm is still valid in
> >> madvise()" (bc0c4d1e176e) that Jens introduced in kernel version 5.7.0
> >> into our kernel sources.  The commit is small and the cherry-pick was
> >> successful for both COS kernels versions.
> >>
> >> Because COS 4.19 and 5.4 kernels track 4.19.y and 5.4.y respectively,
> >> can you please cherry-pick the commit to those stable branches?
> >
> > 5.4 didn't support IORING_OP_MADVISE and 4.19 didn't have io_uring to
> > begin with, how is this an issue on those branches?
>
> Good point on 5.4, I didn't even think of that. So yeah, doesn't seem
> like it's applicable to any of those kernels?
>
> --
> Jens Axboe
>



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux