| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170912123418.GB19179@kroah.com>
Date: Tue, 12 Sep 2017 05:34:18 -0700
From: "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>
To: Takashi Iwai <tiwai@...e.de>
Cc: "Grygorii Tertychnyi (gtertych)" <gtertych@...co.com>,
"alsa-devel@...a-project.org" <alsa-devel@...a-project.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"xe-linux-external(mailer list)" <xe-linux-external@...co.com>
Subject: Re: [alsa-devel] [PATCH] ALSA: msnd: Optimize / harden DSP and MIDI
loops
On Tue, Sep 12, 2017 at 09:17:38AM +0200, Takashi Iwai wrote:
> On Fri, 08 Sep 2017 19:47:32 +0200,
> Grygorii Tertychnyi (gtertych) wrote:
> >
> >
> > >> Hi Greg,
> > >>
> > >> Could you please apply it for 4.4-stable.
> > >> This fixes https://nvd.nist.gov/vuln/detail/CVE-2017-9985
> > >
> > > This vulnerability is just non-issue. You can't get it working
> > > practically; it requires a modified hardware of the decade old ISA
> > > sound card, and yet the system has to load / set up the module
> > > beforehand. We should withdraw it from CVE, IMO.
> >
> > I think it is worth having it in 4.4, 4.9 and 4.12 also.
>
> ... even though the code has never been tested on the real hardware?
> That doesn't sound good for stable kernels at all. That's why I
> didn't put Cc to stable in the patch.
Oh, I didn't know that, want me to drop the patch from the stable queues
now?
thanks,
greg k-h
Powered by blists - more mailing lists