| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <acc08af9-fdb3-5451-5c53-44784982fe2a@huawei.com>
Date: Mon, 6 Mar 2023 09:26:31 +0800
From: Zheng Yejian <zhengyejian1@...wei.com>
To: Greg KH <gregkh@...uxfoundation.org>
CC: <stable@...r.kernel.org>, <agross@...nel.org>,
<bjorn.andersson@...aro.org>, <balbi@...nel.org>,
<lee.jones@...aro.org>, <linux-arm-msm@...r.kernel.org>,
<linux-usb@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 5.15] usb: dwc3: dwc3-qcom: Add missing
platform_device_put() in dwc3_qcom_acpi_register_core
On 2023/3/3 23:49, Greg KH wrote:
> On Fri, Mar 03, 2023 at 10:34:39AM +0800, Zheng Yejian wrote:
>> From: Miaoqian Lin <linmq006@...il.com>
>>
>> commit fa0ef93868a6062babe1144df2807a8b1d4924d2 upstream.
>>
>> Add the missing platform_device_put() before return from
>> dwc3_qcom_acpi_register_core in the error handling case.
>>
>> Signed-off-by: Miaoqian Lin <linmq006@...il.com>
>> Link: https://lore.kernel.org/r/20211231113641.31474-1-linmq006@gmail.com
>> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
>> CVE: CVE-2023-22995
>
> That is a bogus CVE, please go revoke it.
Agree. I see this CVE and its fixes information from NVD,
so try to backport this patch to fix it:
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-22995
Then should I just remove the "CVE: " field and send a v2 patch?
Or you mean "revoke" the CVE from NVD? I actually don't know how
to do that :(
>
> thanks,
>
> greg k-h
Powered by blists - more mailing lists