active/CVE-2021-28950


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

Description: fuse: fix live lock in fuse_iget()
References:
Notes:
 carnil> Commit fixes 5d069dbe8aaf ("fuse: fix bad inode") which is only
 carnil> present in 5.4.88, 5.10.6 and 5.11-rc1 so might not affect
 carnil> older versions.
 bwh> Commit 5d069dbe8aaf "fuse: fix bad inode" fixed another DoS issue,
 bwh> so we'll need to backport both of them.
 carnil> The 5d069dbe8aaf "fuse: fix bad inode" is CVE-2020-36322.
Bugs:
upstream: released (5.12-rc4) [775c5033a0d164622d9d10dd0f0a5531639ed3ed]
5.10-upstream-stable: released (5.10.25) [d955f13ea2120269319d6133d0dd82b66d1eeca3]
4.19-upstream-stable: needed
4.9-upstream-stable: needed
sid: released (5.10.24-1) [bugfix/all/fuse-fix-live-lock-in-fuse_iget.patch]
4.19-buster-security: needed
4.9-stretch-security: needed