oss-sec mailing list archives
Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation
From: Greg Kroah-Hartman <gregkh () linuxfoundation org>
Date: Sat, 29 May 2021 15:50:37 +0200
On Fri, May 28, 2021 at 05:41:03PM +0200, Oliver Hartkopp wrote:
Hello Greg, this patch ("can: isotp: prevent race between isotp_bind() and isotp_setsockopt()") has hit Linus' tree ~36h ago: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/can?id=2b17c400aeb44daf041627722581ade527bb3c1d It has a CVE number and is potentially exploitable - but it was not in the latest batch of stable kernels about ~4h ago.
Give us a chance :)
It was obviously not tagged properly for stable kernels but has a fixes-tag: Fixes: 921ca574cd38 ("can: isotp: add SF_BROADCAST support for functional addressing") which was introduced in 5.11
Now queued up, thanks. greg k-h
Current thread:
- Linux kernel: net/can/isotp: race condition leads to local privilege escalation Norbert Slusarek (May 11)
- Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Salvatore Bonaccorso (May 11)
- Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Norbert Slusarek (May 13)
- Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Solar Designer (May 14)
- Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Oliver Hartkopp (May 28)
- Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Marc Kleine-Budde (May 28)
- Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation Greg Kroah-Hartman (May 29)