Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 09 Jan 2019 12:04:41 +1100
From: Michael Ellerman <mpe@...erman.id.au>
To: Eric Dumazet <edumazet@...gle.com>, 3ntr0py1337@...il.com
Cc: security@...nel.org, oss-security@...ts.openwall.com
Subject: Re: Re: Linux Kernel 4.20(21) deadlock vulnerability.

Eric Dumazet <edumazet@...gle.com> writes:
> Hello Entropy Moe
>
> syzbot reported dozens of similar issues involving printk
>
> https://syzkaller.appspot.com/
>
> Not sure why this would be a security concern ?

It's a local DOS, so that's a security concern for some people.

But AFAICT the lockup warning only happens because the injected SLAB
failure tries to call printk(). If there'd been a real allocation
failure it would have just returned an error and there'd be no issue.

If you modify the reproducer to also do:

	write_file("/sys/kernel/debug/failslab/verbose", "0");

Then it shouldn't do the printk() and hopefully there'll be no lockup
warning.

cheers

> On Tue, Jan 8, 2019 at 7:08 AM Entropy Moe <3ntr0py1337@...il.com> wrote:
>>
>> Hello,
>> I wanted to let you know that there seem to be a deadlock vulnerability on the linux kernel 4.20.
>> I am attaching the result report from syzkaller which also got the c code for replication.
>>
>> thank you,
>>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.