Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 716990 - sys-kernel/gentoo-sources: Unspecified vulnerability (CVE-2020-8647)
Summary: sys-kernel/gentoo-sources: Unspecified vulnerability (CVE-2020-8647)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-10 20:55 UTC by GLSAMaker/CVETool Bot
Modified: 2021-11-09 22:16 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-04-10 20:55:49 UTC 
CVE-2020-8647 (https://nvd.nist.gov/vuln/detail/CVE-2020-8647):
  There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in
  the vc_do_resize function in drivers/tty/vt/vt.c.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-06-12 16:25:00 UTC 
Maybe I'm missing it but I can't find a patch upstream here.
Comment 2 Mike Pagano gentoo-dev 2021-06-12 16:54:22 UTC 
(In reply to John Helmert III from comment #1)
> Maybe I'm missing it but I can't find a patch upstream here.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513dc792d6060d5ef572e43852683097a8420f56
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-06-12 17:16:53 UTC 
(In reply to Mike Pagano from comment #2)
> (In reply to John Helmert III from comment #1)
> > Maybe I'm missing it but I can't find a patch upstream here.
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
> ?id=513dc792d6060d5ef572e43852683097a8420f56

That seems to touch a different file than is mentioned in the CVE (drivers/tty/vt/vt.c)?
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-11-09 22:16:57 UTC 
(In reply to Mike Pagano from comment #2)
> (In reply to John Helmert III from comment #1)
> > Maybe I'm missing it but I can't find a patch upstream here.
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/
> ?id=513dc792d6060d5ef572e43852683097a8420f56

This is indeed fixed by that patch!