[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2021-47377: kernel: xen/balloon: use a kernel thread instead a workqueue

To: Juergen Gross <jgross@xxxxxxxx>
From: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 28 May 2024 21:03:01 +0200
Cc: cve@xxxxxxxxxx, linux-cve-announce@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Xen.org security team" <security@xxxxxxx>
Delivery-date: Tue, 28 May 2024 19:03:06 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, May 27, 2024 at 12:58:16PM +0200, Juergen Gross wrote:
> Hi,
> 
> I'd like to dispute CVE-2021-47377: the issue fixed by upstream commit
> 8480ed9c2bbd56fc86524998e5f2e3e22f5038f6 can in no way be triggered by
> an unprivileged user or by a remote attack of the system, as it requires
> initiation of memory ballooning of the running system. This can be done
> only by either a host admin or by an admin of the guest which might
> suffer the detection of the hanging workqueue.
> 
> Please revoke this CVE.

Ah, good catch, this came in as part of the GSD import, and I missed
that this required that type of permissions.  Now revoked, thanks for
the review!

greg k-h

References:
- Re: CVE-2021-47377: kernel: xen/balloon: use a kernel thread instead a workqueue
  - From: Juergen Gross

Prev by Date: [xen-unstable test] 186168: tolerable FAIL - PUSHED
Next by Date: [xen-unstable-smoke test] 186172: tolerable all pass - PUSHED
Previous by thread: Re: CVE-2021-47377: kernel: xen/balloon: use a kernel thread instead a workqueue
Next by thread: [ovmf test] 186160: all pass - PUSHED
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.