lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 10 Sep 2023 06:25:22 +0000
From:   "Deepak Rathore -X (deeratho - E-INFO CHIPS INC at Cisco)" 
        <deeratho@...co.com>
To:     Greg KH <gregkh@...uxfoundation.org>,
        "salvatore.bonaccorso@...il.com" <salvatore.bonaccorso@...il.com>
CC:     "stable@...r.kernel.org" <stable@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [v6.1.52][PATCH] Bluetooth: btsdio: fix use after free bug in
 btsdio_remove due to race condition

-----Original Message-----
From: Greg KH <gregkh@...uxfoundation.org> 
Sent: Saturday, September 9, 2023 5:17 PM
To: Deepak Rathore -X (deeratho - E-INFO CHIPS INC at Cisco) <deeratho@...co.com>
Cc: stable@...r.kernel.org; linux-kernel@...r.kernel.org
Subject: Re: [v6.1.52][PATCH] Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition

On Sat, Sep 09, 2023 at 08:49:52AM +0000, Deepak Rathore -X (deeratho - E-INFO CHIPS INC at Cisco) wrote:
> -----Original Message-----
> From: Greg KH <gregkh@...uxfoundation.org>
> Sent: Friday, September 8, 2023 12:39 PM
> To: Deepak Rathore -X (deeratho - E-INFO CHIPS INC at Cisco) 
> <deeratho@...co.com>
> Cc: stable@...r.kernel.org; linux-kernel@...r.kernel.org
> Subject: Re: [v6.1.52][PATCH] Bluetooth: btsdio: fix use after free 
> bug in btsdio_remove due to race condition
> 
> > A: http://en.wikipedia.org/wiki/Top_post
> > Q: Were do I find info about this thing called top-posting?
> > A: Because it messes up the order in which people normally read text.
> > Q: Why is top-posting such a bad thing?
> > A: Top-posting.
> > Q: What is the most annoying thing in e-mail?
> 
> > A: No.
> > Q: Should I include quotations after my reply?
> 
> 
> > http://daringfireball.net/2007/07/on_top
> 
> On Fri, Sep 08, 2023 at 06:54:06AM +0000, Deepak Rathore -X (deeratho - E-INFO CHIPS INC at Cisco) wrote:
> > Hi Greg,
> > 
> > This change is required to fix kernel CVE: CVE-2023-1989 which is 
> > reported in v6.1 kernel version.
> 
> > Which change?
> 
> [Deepak]: I am referring below change. This below change is required to fix kernel CVE: CVE-2023-1989 which is reported in v6.1 kernel.
> 
> Subject: [v6.1.52][PATCH] Bluetooth: btsdio: fix use after free bug in 
> btsdio_remove due to race condition
> 
> From: Zheng Wang <zyytlz.wz@....com>
> 
> [ Upstream commit 73f7b171b7c09139eb3c6a5677c200dc1be5f318 ]

> This commit is already in the 6.1.52 kernel release, why do you want it included again?

> confused,

> greg k-h

Hi Greg, Salvatore,

When I have submitted this patch for review, at that time, 6.1.52 was not released.

It will be good if you can share me guideline or details like how I can share CVE fix patch to upstream for review like what details I need to include in patch for review so from next time, we can save time in query discussion.

Regards,
Deepak

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ