Bug 716990

Summary:	sys-kernel/gentoo-sources: Unspecified vulnerability (CVE-2020-8647)
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Kernel	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	blueknight, kernel
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2020-04-10 20:55:49 UTC

CVE-2020-8647 (https://nvd.nist.gov/vuln/detail/CVE-2020-8647):
  There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in
  the vc_do_resize function in drivers/tty/vt/vt.c.

Comment 1 John Helmert III archtester

2021-06-12 16:25:00 UTC

Maybe I'm missing it but I can't find a patch upstream here.

Comment 2 Mike Pagano gentoo-dev

2021-06-12 16:54:22 UTC

(In reply to John Helmert III from comment #1)
> Maybe I'm missing it but I can't find a patch upstream here.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513dc792d6060d5ef572e43852683097a8420f56

Comment 3 John Helmert III archtester

2021-06-12 17:16:53 UTC

(In reply to Mike Pagano from comment #2)
> (In reply to John Helmert III from comment #1)
> > Maybe I'm missing it but I can't find a patch upstream here.
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
> ?id=513dc792d6060d5ef572e43852683097a8420f56

That seems to touch a different file than is mentioned in the CVE (drivers/tty/vt/vt.c)?

Comment 4 John Helmert III archtester

2021-11-09 22:16:57 UTC

(In reply to Mike Pagano from comment #2)
> (In reply to John Helmert III from comment #1)
> > Maybe I'm missing it but I can't find a patch upstream here.
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
> ?id=513dc792d6060d5ef572e43852683097a8420f56

This is indeed fixed by that patch!