lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <s5hzia0o06l.wl-tiwai@suse.de>
Date:   Tue, 12 Sep 2017 09:17:38 +0200
From:   Takashi Iwai <tiwai@...e.de>
To:     "Grygorii Tertychnyi (gtertych)" <gtertych@...co.com>
Cc:     "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
        "alsa-devel@...a-project.org" <alsa-devel@...a-project.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "xe-linux-external(mailer list)" <xe-linux-external@...co.com>
Subject: Re: [alsa-devel] [PATCH] ALSA: msnd: Optimize / harden DSP and MIDI    loops

On Fri, 08 Sep 2017 19:47:32 +0200,
Grygorii Tertychnyi (gtertych) wrote:
> 
> 
> >> Hi Greg,
> >>
> >> Could you please apply it for 4.4-stable.
> >> This fixes https://nvd.nist.gov/vuln/detail/CVE-2017-9985
> >
> > This vulnerability is just non-issue.  You can't get it working
> > practically; it requires a modified hardware of the decade old ISA
> > sound card, and yet the system has to load / set up the module
> > beforehand.  We should withdraw it from CVE, IMO.
> 
> I think it is worth having it in 4.4, 4.9 and 4.12 also.

... even though the code has never been tested on the real hardware?
That doesn't sound good for stable kernels at all.  That's why I
didn't put Cc to stable in the patch.


Takashi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ