oss-sec mailing list archives
Re: kernel: hvc_console: Fix race between hvc_close and hvc_remove
From: Michael Gilbert <michael.s.gilbert () gmail com>
Date: Sat, 17 Apr 2010 23:26:46 -0400
On Sat, 17 Apr 2010 18:15:42 -0400 Michael Gilbert wrote:
On Thu, 04 Mar 2010 17:03:58 +0800 Eugene Teo wrote:Heads-up. You might want to backport this if your kernel is affected. We are not requesting a CVE name for this as it does not affect any of our Red Hat supported kernels.are you sure about this? i see the vulnerable code upstream in both 2.6.26 and 2.6.32. does redhat not ship hvc in their kernels? i think this should get a cve id because the more vanilla distros will have shipped with this included.
i see that hvc_console is disabled by default in the debian kernels, and i assume it is the same for the redhat kernels. are issues in features that are disabled by default generally treated as unimportant? there are bound to be a (perhaps small) subset of users turning these features on; exposing themselves to more risk if these issues go unfixed. i suppose cve assignment depends on whether or not there is an expectation to protect those users in addition to defaults-using users. mike
Current thread:
- Re: kernel: hvc_console: Fix race between hvc_close and hvc_remove Michael Gilbert (Apr 17)
- Re: kernel: hvc_console: Fix race between hvc_close and hvc_remove Michael Gilbert (Apr 17)
- Re: kernel: hvc_console: Fix race between hvc_close and hvc_remove Eugene Teo (Apr 18)
- Re: kernel: hvc_console: Fix race between hvc_close and hvc_remove dann frazier (Jun 30)
- Re: kernel: hvc_console: Fix race between hvc_close and hvc_remove Eugene Teo (Apr 18)
- Re: kernel: hvc_console: Fix race between hvc_close and hvc_remove Michael Gilbert (Apr 17)