mbox series

[trusty,0/1] Fix for CVE-2018-5344

Message ID 20180131164759.20006-1-benjamin.romer@canonical.com
Headers show
Series Fix for CVE-2018-5344 | expand

Message

Benjamin M Romer Jan. 31, 2018, 4:47 p.m. UTC 
CVE-2018-5344:

In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles 
lo_release serialization, which allows attackers to cause a denial of 
service (__lock_acquire use-after-free) or possibly have unspecified 
other impact.

Linus Torvalds (1):
  loop: fix concurrent lo_open/lo_release

 drivers/block/loop.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

Comments

Kleber Sacilotto de Souza Feb. 28, 2018, 10:01 a.m. UTC | #1 
On 01/31/18 17:47, Benjamin M Romer wrote:
> CVE-2018-5344:
> 
> In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles 
> lo_release serialization, which allows attackers to cause a denial of 
> service (__lock_acquire use-after-free) or possibly have unspecified 
> other impact.
> 
> Linus Torvalds (1):
>   loop: fix concurrent lo_open/lo_release
> 
>  drivers/block/loop.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
> 

This fix has already been applied to Trusty and was released on
3.13.0-142.191.

Thanks,
Kleber