Fix CVE-2020-29372 in 4.19 and 5.4

15 Jan 2021


      Hi Greg,
To fix CVE-2020-29372 in COS kernel versions 4.19 and 5.4, we
cherry-picked the commit "mm: check that mm is still valid in
madvise()" (bc0c4d1e176e) that Jens introduced in kernel version 5.7.0
into our kernel sources.  The commit is small and the cherry-pick was
successful for both COS kernels versions.
Because COS 4.19 and 5.4 kernels track 4.19.y and 5.4.y respectively,
can you please cherry-pick the commit to those stable branches?
Thanks,
--Saied
COS kernel source: https://cos.googlesource.com/third_party/kernel

2025

2024

2023

2022

2021

2020

2019

2018

2017

Fix CVE-2020-29372 in 4.19 and 5.4