Re: CVE-2021-47377: kernel: xen/balloon: use a kernel thread instead a workqueue

2024-05-28 Thread Greg KH
On Mon, May 27, 2024 at 12:58:16PM +0200, Juergen Gross wrote: > Hi, > > I'd like to dispute CVE-2021-47377: the issue fixed by upstream commit > 8480ed9c2bbd56fc86524998e5f2e3e22f5038f6 can in no way be triggered by > an unprivileged user or by a remote attack of the system, as it requires > init

Re: CVE-2021-47377: kernel: xen/balloon: use a kernel thread instead a workqueue

2024-05-27 Thread Juergen Gross
Hi, I'd like to dispute CVE-2021-47377: the issue fixed by upstream commit 8480ed9c2bbd56fc86524998e5f2e3e22f5038f6 can in no way be triggered by an unprivileged user or by a remote attack of the system, as it requires initiation of memory ballooning of the running system. This can be done only b