* Re: Subject: [SECURITY] Vulnerability in Linux Kernel [not found] <CAKmisHAUUqQ-7F+7BOymY7_3XBT1FE=gskraKDC1OmySZgS0yA@mail.gmail.com> @ 2024-05-30 5:19 ` gregkh 2024-05-30 5:19 ` gregkh 0 siblings, 1 reply; 2+ messages in thread From: gregkh @ 2024-05-30 5:19 UTC (permalink / raw) To: Kuzey Arda Bulut; +Cc: security, jirislaby, linux-kernel, linux-serial On Wed, May 29, 2024 at 08:25:18PM +0300, Kuzey Arda Bulut wrote: > Dear Linux Kernel Security Team, > > I have discovered a null-ptr-deref security vulnerability in tty driver in > the Linux kernel. You can find the detailed descriptions of the > vulnerability in report.md. > > If you have any questions or need further information, please do not > hesitate to contact me. As the n_gsm is full of known issues by the developers, and the ldisc is not allowed to be loaded by a non-root user, this isn't all that serious of an issue. See this thread for a list of problems that I think you might have already found here: https://lore.kernel.org/r/DB9PR10MB5881D2170678C169FB42A423E0082@DB9PR10MB5881.EURPRD10.PROD.OUTLOOK.COM Note, 2 fixes have landed in 6.10-rc2 for this driver, can you verify if these fix the issue you are reporting here? And do you have a proposed fix for this issue? thanks, greg k-h ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Subject: [SECURITY] Vulnerability in Linux Kernel 2024-05-30 5:19 ` Subject: [SECURITY] Vulnerability in Linux Kernel gregkh @ 2024-05-30 5:19 ` gregkh 0 siblings, 0 replies; 2+ messages in thread From: gregkh @ 2024-05-30 5:19 UTC (permalink / raw) To: Kuzey Arda Bulut; +Cc: security, jirislaby, linux-kernel, linux-serial On Thu, May 30, 2024 at 07:19:02AM +0200, gregkh@linuxfoundation.org wrote: > On Wed, May 29, 2024 at 08:25:18PM +0300, Kuzey Arda Bulut wrote: > > Dear Linux Kernel Security Team, > > > > I have discovered a null-ptr-deref security vulnerability in tty driver in > > the Linux kernel. You can find the detailed descriptions of the > > vulnerability in report.md. > > > > If you have any questions or need further information, please do not > > hesitate to contact me. > > As the n_gsm is full of known issues by the developers, and the ldisc is > not allowed to be loaded by a non-root user, this isn't all that serious > of an issue. See this thread for a list of problems that I think you > might have already found here: > https://lore.kernel.org/r/DB9PR10MB5881D2170678C169FB42A423E0082@DB9PR10MB5881.EURPRD10.PROD.OUTLOOK.COM > > Note, 2 fixes have landed in 6.10-rc2 for this driver, can you verify if > these fix the issue you are reporting here? > > And do you have a proposed fix for this issue? Also, no need to let security@kernel.org know about this as you have also sent it to public mailing lists, and given the above thread disussion in public. thanks, greg k-h ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-05-30 5:19 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <CAKmisHAUUqQ-7F+7BOymY7_3XBT1FE=gskraKDC1OmySZgS0yA@mail.gmail.com>
2024-05-30 5:19 ` Subject: [SECURITY] Vulnerability in Linux Kernel gregkh
2024-05-30 5:19 ` gregkh
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox