Date: Wed, 09 Jan 2019 12:04:41 +1100 From: Michael Ellerman <mpe@...erman.id.au> To: Eric Dumazet <edumazet@...gle.com>, 3ntr0py1337@...il.com Cc: security@...nel.org, oss-security@...ts.openwall.com Subject: Re: Re: Linux Kernel 4.20(21) deadlock vulnerability. Eric Dumazet <edumazet@...gle.com> writes: > Hello Entropy Moe > > syzbot reported dozens of similar issues involving printk > > https://syzkaller.appspot.com/ > > Not sure why this would be a security concern ? It's a local DOS, so that's a security concern for some people. But AFAICT the lockup warning only happens because the injected SLAB failure tries to call printk(). If there'd been a real allocation failure it would have just returned an error and there'd be no issue. If you modify the reproducer to also do: write_file("/sys/kernel/debug/failslab/verbose", "0"); Then it shouldn't do the printk() and hopefully there'll be no lockup warning. cheers > On Tue, Jan 8, 2019 at 7:08 AM Entropy Moe <3ntr0py1337@...il.com> wrote: >> >> Hello, >> I wanted to let you know that there seem to be a deadlock vulnerability on the linux kernel 4.20. >> I am attaching the result report from syzkaller which also got the c code for replication. >> >> thank you, >>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.