Recent Vulnerabilities Research Posts Trends Blog About Contact
Related Vulnerabilities: CVE-2021-20219 CVE-2020-27171 CVE-2020-27170
Source
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Greg KH &lt;greg () kroah com&gt;

Date: Fri, 19 Mar 2021 08:30:34 +0100

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
On Thu, Mar 18, 2021 at 08:21:36PM +0100, Solar Designer wrote:
Greg, I'd appreciate you not repeating the same things over and over -
such as (roughly) "who is this for" and "why did you assign this CVE
_now_".  Questioning CVE assignment is reasonable and desirable, but
only when that is specific (e.g., point out specific reasons why you
think an issue might not be CVE worthy) and not generic (questioning
every CVE without giving reasons, or asking why bother with CVE for an
old issue).  As a moderator, I tell you that the kind of messages Red
Hat is posting _are_ desirable in here.  They could be more detailed,
and it's OK to ask for more detail, but it's not OK to discourage their
posting.  Thank you.

If you look at the 3 RH emails this week for issues, they all contained
misinformation and confused people.  I did not do my usual "why are you
asking for a CVE for an old issue" questions, I asked in one for more
information about the issue involved, and for the other, proper
acknowledgment for the people that reported and fixed the issue as what
was written was entirely incorrect and ignored them.

I asked for that _because_ once these types of "announcements" go out to
the world, my inbox instantly starts filling up with "why isn't this
fixed in a stable kernel." "please tell me what commit fixes this
issue." and the like from users of Linux.  Because the CVE notices are
all still marked "private", doing misleading announcements like this
cause a mini DoS on a number of kernel community members each time.

So until Red Hat starts sending out announcements that are actually
correct and are helpful to the community, I will keep complaining,
because they directly affect me and others that work upstream on the
stable kernel releases.

For an example of how to do a "good" CVE notice, I will point out
Piotr's excellent emails today for CVE-2020-27171 and CVE-2020-27170.
Red Hat could use those as a template of how to write their
announcements in a way that would be useful for us all, and would _not_
cause the upstream kernel developers additional work.

thanks,

greg k-h

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS, (continued)

Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 17)

Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Salvatore Bonaccorso (Mar 17)

Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Evgenii Shatokhin (Mar 17)

Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Evgenii Shatokhin (Mar 17)

Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 17)

Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Rohit Keshri (Mar 18)

Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 18)

Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Kurt H Maier (Mar 18)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 18)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Solar Designer (Mar 18)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Greg KH (Mar 19)

Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Brad Spengler (Mar 19)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Brad Spengler (Mar 19)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Brad Spengler (Mar 19)
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Sasha Levin (Mar 19)

Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Eddie Chapman (Mar 19)

Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS Petr Matousek (Mar 23)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.
Home Recent Vulnerabilities Research Posts Trends Blog About Contact
Vulmon Search Vulmon Research Vulmon Alerts Vulmap
Twitter Reddit Linkedin Facebook
Re: Re: CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS

Vulmon Search

About

Products

Connect
