All of lore.kernel.org
 help / color / mirror / Atom feed
From: Dan Carpenter <dan.carpenter@oracle.com>
To: 一只狗 <chennbnbnb@gmail.com>,
	"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
	"Jiri Slaby" <jirislaby@kernel.org>
Cc: linux-kernel@vger.kernel.org
Subject: CVE-2022-1462: race condition vulnerability in drivers/tty/tty_buffers.c
Date: Wed, 1 Jun 2022 21:34:26 +0300	[thread overview]
Message-ID: <20220601183426.GD2168@kadam> (raw)

Hi Greg, Jiri,

I searched lore.kernel.org and it seemed like CVE-2022-1462 might not
have ever been reported to you?  Here is the original email with the
syzkaller reproducer.

https://seclists.org/oss-sec/2022/q2/155

The reporter proposed a fix, but it won't work.  Smatch says that some
of the callers are already holding the port->lock.  For example,
sci_dma_rx_complete() will deadlock.

regards,
dan carpenter

             reply	other threads:[~2022-06-01 18:35 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-01 18:34 Dan Carpenter [this message]
2022-06-02  2:48 ` CVE-2022-1462: race condition vulnerability in drivers/tty/tty_buffers.c Hillf Danton
2022-06-02  4:48   ` Jiri Slaby
2022-06-15 10:47     ` Jiri Slaby
2022-06-22 14:27       ` Salvatore Bonaccorso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220601183426.GD2168@kadam \
    --to=dan.carpenter@oracle.com \
    --cc=chennbnbnb@gmail.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=jirislaby@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.