[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024052431-decline-limes-da66@gregkh>
Date: Fri, 24 May 2024 17:27:39 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Jiri Bohac <jbohac@...e.cz>
Cc: cve@...nel.org, linux-kernel@...r.kernel.org,
linux-cve-announce@...r.kernel.org,
Eric Biederman <ebiederm@...ssion.com>, kexec@...ts.infradead.org
Subject: Re: CVE-2023-52823: kernel: kexec: copy user-array safely
On Fri, May 24, 2024 at 04:13:53PM +0200, Jiri Bohac wrote:
> On Fri, May 24, 2024 at 02:38:04PM +0200, Jiri Bohac wrote:
> > On Fri, May 24, 2024 at 12:15:47PM +0200, Greg Kroah-Hartman wrote:
> > > Nice, but then why was this commit worded this way? Now we check twice?
> > > Double safe? Should it be reverted?
> >
> > double safe's good; turning it into a CVE not so much :(
> > CVE-2023-52822, CVE-2023-52824 and CVE-2023-52820, originally from the same patch
> > series, seem to be the exact same case.
>
> Same thing: CVE-2023-52758
Agreed, now rejected, thanks for the review!
greg k-h
Powered by blists - more mailing lists