oss-security - Re: CVE-2020-10708 kernel: race condition in kernel/audit.c may allow low privilege users trigger kernel panic

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Fri, 17 Apr 2020 10:33:59 +0200
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2020-10708 kernel: race condition in
 kernel/audit.c may allow low privilege users trigger kernel panic

On Fri, Apr 17, 2020 at 12:40:10PM +0800, 陈伟宸(田各) wrote:
> 
> "A race condition was found in the Linux kernel audit subsystem. When the system is configured to panic on events being dropped, an attacker who is able to trigger an audit event that starts while auditd is in the process of starting may be able to cause the system to panic by exploiting a race condition in audit event handling. This creates a denial of service by causing a panic."
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1822593

That bug link seems to be restricted at the moment :(

> Env:
>     Red Hat Enterprise Linux Server release 7.7 (Maipo)
>     3.10.0-1062.12.1.el7.x86_64

Any hint on if this is still an issue on the "mainline" kernel.org
releases or not given that 3.10 is a bit old?

thanks,

greg k-h

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.