Vulmon
<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Sasha Levin <sashal () kernel org>
Date: Fri, 19 Mar 2021 16:37:43 -0400
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Hey Brad,
I'll let Greg respond on your concerns with him, I've removed those
references to him from my reply.
On Fri, Mar 19, 2021 at 03:58:25PM -0400, Brad Spengler wrote:
Hi Sasha,
I'm really not sure how to respond to this. I don't own upstream, my
name isn't Linus, Greg, nor do I maintain a major subsystem. I don't
have any control over how upstream commits look like.
Both you and Greg certainly have control over stable kernel commit
messages (it's the same ability you use to add the upstream commit ID).
So we do, but traditionally I haven't changed the commit message. I also
don't have an additional source of information when I queue up the
commits, so I'm not sure how my ability to edit stable commit messages
helps here.
Great, let's work together on making it better, but it's been following
the same pattern for quite a while now.
I think both you and Greg are exaggerating the level of "extra work" this
temporary blip creates for you -- with the exception of the RH backport
issue, it was not difficult at all for me to determine what issue was
being discussed, without even having to plug the CVEs into bugzilla.redhat.com
which produces:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-35519
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-3428
So this CVE link above is exactly what I referred to: how do you go from
CVE-2021-3428 to the commit in question?
--
Thanks,
Sasha
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS, (continued)
Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Rohit Keshri (Mar 18)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 18)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Kurt H Maier (Mar 18)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 18)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Solar Designer (Mar 18)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 19)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Brad Spengler (Mar 19)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Brad Spengler (Mar 19)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Brad Spengler (Mar 19)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Eddie Chapman (Mar 19)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Petr Matousek (Mar 23)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->