Date: Wed, 09 Jan 2019 12:04:41 +1100 From: Michael Ellerman <mpe@...erman.id.au> To: Eric Dumazet <edumazet@...gle.com>, 3ntr0py1337@...il.com Cc: security@...nel.org, oss-security@...ts.openwall.com Subject: Re: Re: Linux Kernel 4.20(21) deadlock vulnerability. Eric Dumazet <edumazet@...gle.com> writes: > Hello Entropy Moe > > syzbot reported dozens of similar issues involving printk > > https://syzkaller.appspot.com/ > > Not sure why this would be a security concern ? It's a local DOS, so that's a security concern for some people. But AFAICT the lockup warning only happens because the injected SLAB failure tries to call printk(). If there'd been a real allocation failure it would have just returned an error and there'd be no issue. If you modify the reproducer to also do: write_file("/sys/kernel/debug/failslab/verbose", "0"); Then it shouldn't do the printk() and hopefully there'll be no lockup warning. cheers > On Tue, Jan 8, 2019 at 7:08 AM Entropy Moe <3ntr0py1337@...il.com> wrote: >> >> Hello, >> I wanted to let you know that there seem to be a deadlock vulnerability on the linux kernel 4.20. >> I am attaching the result report from syzkaller which also got the c code for replication. >> >> thank you, >>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.