Description: tty: Race condition leads to heap buffer over-read
References:
 https://bugzilla.redhat.com/show_bug.cgi?id=2078466
 https://www.openwall.com/lists/oss-security/2022/05/27/2
 https://lore.kernel.org/all/20220601183426.GD2168@kadam/
 https://bugzilla.suse.com/show_bug.cgi?id=1198829
Notes:
 carnil> As of 2022-05-26 not much details provided in RH bugzilla:
 carnil> descriptions reads as An out-of-bounds read flaw was found in
 carnil> the Linux kernel’s TeleTYpe subsystem. The issue occurs in
 carnil> how a user triggers a race condition using ioctls TIOCSPTLCK
 carnil> and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory
 carnil> in the flush_to_ldisc function. This flaw allows a local user
 carnil> to crash the system or read unauthorized random data from
 carnil> memory.
 carnil> Issue introduced by 71a174b39f10 ("pty: do tty_flip_buffer_push
 carnil> without port->lock in pty_write") in 5.10-rc1.
 bwh> All branches affected because this was introduced by a fix that
 bwh> was also backported to stable.
Bugs:
upstream: released (5.19-rc7) [a501ab75e7624d133a5a3c7ec010687c8b961d23]
5.10-upstream-stable: released (5.10.134) [08afa87f58d83dfe040572ed591b47e8cb9e225c]
4.19-upstream-stable: released (4.19.254) [eb059bf8c237fe41fbaed4a6cccacce687b83222]
4.9-upstream-stable: released (4.9.325) [41ce14090db93fc2f0c8a27ce8a324b0192da7b5]
sid: released (5.18.14-1)
5.10-bullseye-security: released (5.10.136-1)
4.19-buster-security: released (4.19.260-1)
4.9-stretch-security: ignored "EOL"