Date: Fri, 17 Apr 2020 10:33:59 +0200 From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic On Fri, Apr 17, 2020 at 12:40:10PM +0800, 陈伟宸(田各) wrote: > > "A race condition was found in the Linux kernel audit subsystem. When the system is configured to panic on events being dropped, an attacker who is able to trigger an audit event that starts while auditd is in the process of starting may be able to cause the system to panic by exploiting a race condition in audit event handling. This creates a denial of service by causing a panic." > > https://bugzilla.redhat.com/show_bug.cgi?id=1822593 That bug link seems to be restricted at the moment :( > Env: > Red Hat Enterprise Linux Server release 7.7 (Maipo) > 3.10.0-1062.12.1.el7.x86_64 Any hint on if this is still an issue on the "mainline" kernel.org releases or not given that 3.10 is a bit old? thanks, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.