Re: CVE-2021-47377: kernel: xen/balloon: use a kernel thread instead a workqueue

From: Juergen Gross
Date: Mon May 27 2024 - 06:58:30 EST

Next message: Leo Yan: "Re: [PATCH v1] perf evlist: Force adding default events only to core PMUs"
Previous message: Xuewen Yan: "Re: [RFC PATCH] sched: Clear user_cpus_ptr only when no intersection with the new mask"
Next in thread: Greg KH: "Re: CVE-2021-47377: kernel: xen/balloon: use a kernel thread instead a workqueue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I'd like to dispute CVE-2021-47377: the issue fixed by upstream commit
8480ed9c2bbd56fc86524998e5f2e3e22f5038f6 can in no way be triggered by
an unprivileged user or by a remote attack of the system, as it requires
initiation of memory ballooning of the running system. This can be done
only by either a host admin or by an admin of the guest which might
suffer the detection of the hanging workqueue.

Please revoke this CVE.

Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Next message: Leo Yan: "Re: [PATCH v1] perf evlist: Force adding default events only to core PMUs"
Previous message: Xuewen Yan: "Re: [RFC PATCH] sched: Clear user_cpus_ptr only when no intersection with the new mask"
Next in thread: Greg KH: "Re: CVE-2021-47377: kernel: xen/balloon: use a kernel thread instead a workqueue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]