Re: Linux 2.6.16.16

From: Chris Wright
Date: Thu May 11 2006 - 13:29:29 EST

Next message: Andi Kleen: "Re: [RFC PATCH 34/35] Add the Xen virtual network device driver."
Previous message: Ashok Raj: "Re: [PATCH 0/10] bulk cpu removal support"
In reply to: Daniel Barkalow: "Re: Linux 2.6.16.16"
Next in thread: Winn Johnston: "BUG: soft lockup detected on CPU#0!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Maciej Soltysiak (solt2@xxxxxxxxxxxxxxxxx) wrote:
> But this one looks important, something that every kernel build
> has in its code path, however I am unable to say if I need it badly
> or maybe not.

The patch fixes a possible user-triggerable system lockup or memory leak.
In both cases it's a local DoS.

BTW, the CVE folks have decided to track this as two separate issues:

CVE-2006-1860 - the system lockup
CVE-2006-1859 - the memory leak

> Could we have a word or two under each patchlet that would qualify them
> somehow?
> Like:
> "Important, not required for all, apply if using SCTP"
> "Important, required for all, may *do bad things*, apply ASAP"
> "Critical, required for all, surely will *do bad things*, apply ASAP"

Assigning any official severity is a bit of a slippery slope, but
making sure it's clear what type of issue (i.e. local DoS in this case)
is very reasonable.

thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "Re: [RFC PATCH 34/35] Add the Xen virtual network device driver."
Previous message: Ashok Raj: "Re: [PATCH 0/10] bulk cpu removal support"
In reply to: Daniel Barkalow: "Re: Linux 2.6.16.16"
Next in thread: Winn Johnston: "BUG: soft lockup detected on CPU#0!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]