* [PATCH] exec: Fix mem leak in kernel_read_file
@ 2019-03-04 22:17 Thibaut Sautereau
2019-03-05 6:20 ` Greg KH
0 siblings, 1 reply; 4+ messages in thread
From: Thibaut Sautereau @ 2019-03-04 22:17 UTC (permalink / raw)
To: stable; +Cc: Thibaut Sautereau
Commit f612acfae86af7ecad754ae6a46019be9da05b8e upstream
("exec: Fix mem leak in kernel_read_file"), addressing CVE-2019-8980,
should be applied to 4.20, 4.19, 4.14 and 4.9 stable kernels.
Thanks,
--
Thibaut Sautereau
CLIP OS developer
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] exec: Fix mem leak in kernel_read_file
2019-03-04 22:17 [PATCH] exec: Fix mem leak in kernel_read_file Thibaut Sautereau
@ 2019-03-05 6:20 ` Greg KH
2019-03-05 9:00 ` Thibaut Sautereau
0 siblings, 1 reply; 4+ messages in thread
From: Greg KH @ 2019-03-05 6:20 UTC (permalink / raw)
To: Thibaut Sautereau; +Cc: stable, Thibaut Sautereau
On Mon, Mar 04, 2019 at 11:17:38PM +0100, Thibaut Sautereau wrote:
> Commit f612acfae86af7ecad754ae6a46019be9da05b8e upstream
> ("exec: Fix mem leak in kernel_read_file"), addressing CVE-2019-8980,
> should be applied to 4.20, 4.19, 4.14 and 4.9 stable kernels.
Any reason you didn't cc: the authors of that patch?
And as it _just_ went into Linus's tree today, give us a few weeks to
get it backported...
Also, it's just a "normal" syzbot fix, for a very rare case, why is this
a CVE?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] exec: Fix mem leak in kernel_read_file
2019-03-05 6:20 ` Greg KH
@ 2019-03-05 9:00 ` Thibaut Sautereau
2019-03-08 12:40 ` Greg KH
0 siblings, 1 reply; 4+ messages in thread
From: Thibaut Sautereau @ 2019-03-05 9:00 UTC (permalink / raw)
To: Greg KH; +Cc: stable, Thibaut Sautereau, YueHaibing, Al Viro
On Tue, Mar 05, 2019 at 07:20:20AM +0100, Greg KH wrote:
> On Mon, Mar 04, 2019 at 11:17:38PM +0100, Thibaut Sautereau wrote:
> > Commit f612acfae86af7ecad754ae6a46019be9da05b8e upstream
> > ("exec: Fix mem leak in kernel_read_file"), addressing CVE-2019-8980,
> > should be applied to 4.20, 4.19, 4.14 and 4.9 stable kernels.
>
> Any reason you didn't cc: the authors of that patch?
No, I just forgot, sorry for that.
> And as it _just_ went into Linus's tree today, give us a few weeks to
> get it backported...
>
> Also, it's just a "normal" syzbot fix, for a very rare case, why is this
> a CVE?
I don't know (I'm not the one who requested a CVE), but I saw that this
patch had been backported in Arch Linux's kernels to address
CVE-2019-8980 [1] and that stable@kernel.org hadn't been put in Cc:.
As the fix was already waiting in a pull-request [2] from Al Viro, I
thought it was too late to notice the author about Ccing stable,
therefore I followed option 2 of
Documentation/process/stable-kernel-rules.rst to ensure it would not
fall through the cracks.
If that was the wrong way to do it, please tell me what I should have
done in this case.
Thanks,
[1] https://nvd.nist.gov/vuln/detail/CVE-2019-8980
[2] https://lkml.org/lkml/2019/3/2/230
--
Thibaut Sautereau
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] exec: Fix mem leak in kernel_read_file
2019-03-05 9:00 ` Thibaut Sautereau
@ 2019-03-08 12:40 ` Greg KH
0 siblings, 0 replies; 4+ messages in thread
From: Greg KH @ 2019-03-08 12:40 UTC (permalink / raw)
To: Thibaut Sautereau; +Cc: stable, Thibaut Sautereau, YueHaibing, Al Viro
On Tue, Mar 05, 2019 at 10:00:39AM +0100, Thibaut Sautereau wrote:
> On Tue, Mar 05, 2019 at 07:20:20AM +0100, Greg KH wrote:
> > On Mon, Mar 04, 2019 at 11:17:38PM +0100, Thibaut Sautereau wrote:
> > > Commit f612acfae86af7ecad754ae6a46019be9da05b8e upstream
> > > ("exec: Fix mem leak in kernel_read_file"), addressing CVE-2019-8980,
> > > should be applied to 4.20, 4.19, 4.14 and 4.9 stable kernels.
> >
> > Any reason you didn't cc: the authors of that patch?
>
> No, I just forgot, sorry for that.
>
> > And as it _just_ went into Linus's tree today, give us a few weeks to
> > get it backported...
> >
> > Also, it's just a "normal" syzbot fix, for a very rare case, why is this
> > a CVE?
>
> I don't know (I'm not the one who requested a CVE), but I saw that this
> patch had been backported in Arch Linux's kernels to address
> CVE-2019-8980 [1] and that stable@kernel.org hadn't been put in Cc:.
>
> As the fix was already waiting in a pull-request [2] from Al Viro, I
> thought it was too late to notice the author about Ccing stable,
> therefore I followed option 2 of
> Documentation/process/stable-kernel-rules.rst to ensure it would not
> fall through the cracks.
>
> If that was the wrong way to do it, please tell me what I should have
> done in this case.
No, this is fine, just next time you should cc: the developers as well.
Also, this needs to go to 5.0.y, now queued up.
greg k-h
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-03-08 12:40 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-04 22:17 [PATCH] exec: Fix mem leak in kernel_read_file Thibaut Sautereau
2019-03-05 6:20 ` Greg KH
2019-03-05 9:00 ` Thibaut Sautereau
2019-03-08 12:40 ` Greg KH
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).