[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024061747-modulator-boat-b37c@gregkh>
Date: Mon, 17 Jun 2024 18:15:48 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Michal Hocko <mhocko@...e.com>
Cc: cve@...nel.org, linux-kernel@...r.kernel.org,
Yanfei Xu <yanfei.xu@...driver.com>,
Pavel Skripkin <paskripkin@...il.com>,
linux-cve-announce@...r.kernel.org
Subject: Re: CVE-2021-47472: net: mdiobus: Fix memory leak in
__mdiobus_register
On Wed, Jun 05, 2024 at 02:16:37PM +0200, Michal Hocko wrote:
> Fix for this CVE ab609f25d198 ("net: mdiobus: Fix memory leak in
> __mdiobus_register") has been later reverted by 10eff1f5788b ("Revert
> "net: mdiobus: Fix memory leak in __mdiobus_register"") which itself is
> not recognized as a CVE fix.
>
> Reading through the revert I am quite confused TBH. It claims there
> is some problem but also that this is not the right fix. That would
> suggest that there is a CVE but it should be addressed by a different
> fix. Can anybody clarify please?
The correct fix was done in commit ca6e11c337da ("phy: mdio: fix memory
leak") which already has CVE-2021-47416 assigned to it.
I'll go revert this CVE now, as it's not correct because it was reverted
upstream.
thanks for the review!
greg k-h
Powered by blists - more mailing lists