* [cip-dev] CVE-2020-10742 -- nfs client weirdness with max_rqst_size
@ 2020-06-03 15:28 Pavel Machek
2020-06-04 9:10 ` Chen-Yu Tsai
0 siblings, 1 reply; 2+ messages in thread
From: Pavel Machek @ 2020-06-03 15:28 UTC (permalink / raw)
To: cip-dev
[-- Attachment #1.1: Type: text/plain, Size: 711 bytes --]
Hi!
I did a bit of research on CVE-2020-10742.
Unfortunately, RedHat is a bad player here, and bug reports are partly
hidden from public.
https://bugzilla.redhat.com/show_bug.cgi?id=1824270
https://bugzilla.redhat.com/show_bug.cgi?id=1835127
The bug does not seem especially bad (it looks like it needs specific
configuration to trigger), and Salvatore Bonaccorso was not able to
trigger it in 4.19.118.
Original report is for 3.10 kernels, so that makes some sense.
I don't believe we need to do anything here.
Best regards,
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
[-- Attachment #2: Type: text/plain, Size: 419 bytes --]
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#4669): https://lists.cip-project.org/g/cip-dev/message/4669
Mute This Topic: https://lists.cip-project.org/mt/74651769/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [cip-dev] CVE-2020-10742 -- nfs client weirdness with max_rqst_size
2020-06-03 15:28 [cip-dev] CVE-2020-10742 -- nfs client weirdness with max_rqst_size Pavel Machek
@ 2020-06-04 9:10 ` Chen-Yu Tsai
0 siblings, 0 replies; 2+ messages in thread
From: Chen-Yu Tsai @ 2020-06-04 9:10 UTC (permalink / raw)
To: cip-dev
[-- Attachment #1: Type: text/plain, Size: 990 bytes --]
Hi,
On Wed, Jun 3, 2020 at 11:28 PM Pavel Machek <pavel@ucw.cz> wrote:
>
> Hi!
>
> I did a bit of research on CVE-2020-10742.
>
> Unfortunately, RedHat is a bad player here, and bug reports are partly
> hidden from public.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1824270
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1835127
>
> The bug does not seem especially bad (it looks like it needs specific
> configuration to trigger), and Salvatore Bonaccorso was not able to
> trigger it in 4.19.118.
>
> Original report is for 3.10 kernels, so that makes some sense.
SUSE reports it was introduced in v3.5 and fixed in v3.16.
See https://bugzilla.suse.com/show_bug.cgi?id=1171984 .
ChenYu
> I don't believe we need to do anything here.
>
> Best regards,
>
> Pavel
> --
> (english) http://www.livejournal.com/~pavelmachek
> (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
>
[-- Attachment #2: Type: text/plain, Size: 419 bytes --]
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#4709): https://lists.cip-project.org/g/cip-dev/message/4709
Mute This Topic: https://lists.cip-project.org/mt/74651769/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-06-04 11:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-06-03 15:28 [cip-dev] CVE-2020-10742 -- nfs client weirdness with max_rqst_size Pavel Machek
2020-06-04 9:10 ` Chen-Yu Tsai
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox