Re: CVE-2020-10742 -- nfs client weirdness with max_rqst_size


Chen-Yu Tsai <wens@...>
 

Hi,

On Wed, Jun 3, 2020 at 11:28 PM Pavel Machek <pavel@...> wrote:

Hi!

I did a bit of research on CVE-2020-10742.

Unfortunately, RedHat is a bad player here, and bug reports are partly
hidden from public.

https://bugzilla.redhat.com/show_bug.cgi?id=1824270

https://bugzilla.redhat.com/show_bug.cgi?id=1835127

The bug does not seem especially bad (it looks like it needs specific
configuration to trigger), and Salvatore Bonaccorso was not able to
trigger it in 4.19.118.

Original report is for 3.10 kernels, so that makes some sense.
SUSE reports it was introduced in v3.5 and fixed in v3.16.

See https://bugzilla.suse.com/show_bug.cgi?id=1171984 .

ChenYu

I don't believe we need to do anything here.

Best regards,

Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Join cip-dev@lists.cip-project.org to automatically receive all group messages.