* [PATCH] exec: Fix mem leak in kernel_read_file
@ 2019-03-04 22:17 Thibaut Sautereau
2019-03-05 6:20 ` Greg KH
0 siblings, 1 reply; 4+ messages in thread
From: Thibaut Sautereau @ 2019-03-04 22:17 UTC (permalink / raw)
To: stable; +Cc: Thibaut Sautereau
Commit f612acfae86af7ecad754ae6a46019be9da05b8e upstream
("exec: Fix mem leak in kernel_read_file"), addressing CVE-2019-8980,
should be applied to 4.20, 4.19, 4.14 and 4.9 stable kernels.
Thanks,
--
Thibaut Sautereau
CLIP OS developer
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH] exec: Fix mem leak in kernel_read_file 2019-03-04 22:17 [PATCH] exec: Fix mem leak in kernel_read_file Thibaut Sautereau @ 2019-03-05 6:20 ` Greg KH 2019-03-05 9:00 ` Thibaut Sautereau 0 siblings, 1 reply; 4+ messages in thread From: Greg KH @ 2019-03-05 6:20 UTC (permalink / raw) To: Thibaut Sautereau; +Cc: stable, Thibaut Sautereau On Mon, Mar 04, 2019 at 11:17:38PM +0100, Thibaut Sautereau wrote: > Commit f612acfae86af7ecad754ae6a46019be9da05b8e upstream > ("exec: Fix mem leak in kernel_read_file"), addressing CVE-2019-8980, > should be applied to 4.20, 4.19, 4.14 and 4.9 stable kernels. Any reason you didn't cc: the authors of that patch? And as it _just_ went into Linus's tree today, give us a few weeks to get it backported... Also, it's just a "normal" syzbot fix, for a very rare case, why is this a CVE? thanks, greg k-h ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] exec: Fix mem leak in kernel_read_file 2019-03-05 6:20 ` Greg KH @ 2019-03-05 9:00 ` Thibaut Sautereau 2019-03-08 12:40 ` Greg KH 0 siblings, 1 reply; 4+ messages in thread From: Thibaut Sautereau @ 2019-03-05 9:00 UTC (permalink / raw) To: Greg KH; +Cc: stable, Thibaut Sautereau, YueHaibing, Al Viro On Tue, Mar 05, 2019 at 07:20:20AM +0100, Greg KH wrote: > On Mon, Mar 04, 2019 at 11:17:38PM +0100, Thibaut Sautereau wrote: > > Commit f612acfae86af7ecad754ae6a46019be9da05b8e upstream > > ("exec: Fix mem leak in kernel_read_file"), addressing CVE-2019-8980, > > should be applied to 4.20, 4.19, 4.14 and 4.9 stable kernels. > > Any reason you didn't cc: the authors of that patch? No, I just forgot, sorry for that. > And as it _just_ went into Linus's tree today, give us a few weeks to > get it backported... > > Also, it's just a "normal" syzbot fix, for a very rare case, why is this > a CVE? I don't know (I'm not the one who requested a CVE), but I saw that this patch had been backported in Arch Linux's kernels to address CVE-2019-8980 [1] and that stable@kernel.org hadn't been put in Cc:. As the fix was already waiting in a pull-request [2] from Al Viro, I thought it was too late to notice the author about Ccing stable, therefore I followed option 2 of Documentation/process/stable-kernel-rules.rst to ensure it would not fall through the cracks. If that was the wrong way to do it, please tell me what I should have done in this case. Thanks, [1] https://nvd.nist.gov/vuln/detail/CVE-2019-8980 [2] https://lkml.org/lkml/2019/3/2/230 -- Thibaut Sautereau ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] exec: Fix mem leak in kernel_read_file 2019-03-05 9:00 ` Thibaut Sautereau @ 2019-03-08 12:40 ` Greg KH 0 siblings, 0 replies; 4+ messages in thread From: Greg KH @ 2019-03-08 12:40 UTC (permalink / raw) To: Thibaut Sautereau; +Cc: stable, Thibaut Sautereau, YueHaibing, Al Viro On Tue, Mar 05, 2019 at 10:00:39AM +0100, Thibaut Sautereau wrote: > On Tue, Mar 05, 2019 at 07:20:20AM +0100, Greg KH wrote: > > On Mon, Mar 04, 2019 at 11:17:38PM +0100, Thibaut Sautereau wrote: > > > Commit f612acfae86af7ecad754ae6a46019be9da05b8e upstream > > > ("exec: Fix mem leak in kernel_read_file"), addressing CVE-2019-8980, > > > should be applied to 4.20, 4.19, 4.14 and 4.9 stable kernels. > > > > Any reason you didn't cc: the authors of that patch? > > No, I just forgot, sorry for that. > > > And as it _just_ went into Linus's tree today, give us a few weeks to > > get it backported... > > > > Also, it's just a "normal" syzbot fix, for a very rare case, why is this > > a CVE? > > I don't know (I'm not the one who requested a CVE), but I saw that this > patch had been backported in Arch Linux's kernels to address > CVE-2019-8980 [1] and that stable@kernel.org hadn't been put in Cc:. > > As the fix was already waiting in a pull-request [2] from Al Viro, I > thought it was too late to notice the author about Ccing stable, > therefore I followed option 2 of > Documentation/process/stable-kernel-rules.rst to ensure it would not > fall through the cracks. > > If that was the wrong way to do it, please tell me what I should have > done in this case. No, this is fine, just next time you should cc: the developers as well. Also, this needs to go to 5.0.y, now queued up. greg k-h ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-03-08 12:40 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-03-04 22:17 [PATCH] exec: Fix mem leak in kernel_read_file Thibaut Sautereau 2019-03-05 6:20 ` Greg KH 2019-03-05 9:00 ` Thibaut Sautereau 2019-03-08 12:40 ` Greg KH
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).