lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 29 Feb 2024 19:32:21 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Jiri Kosina <jikos@...nel.org>
Cc: Sasha Levin <sashal@...nel.org>, Michal Hocko <mhocko@...e.com>,
	Kees Cook <keescook@...omium.org>, cve@...nel.org,
	linux-kernel@...r.kernel.org
Subject: Re: CVE-2023-52451: powerpc/pseries/memhp: Fix access beyond end of
 drmem array

On Thu, Feb 29, 2024 at 06:36:08PM +0100, Jiri Kosina wrote:
> On Thu, 29 Feb 2024, Jiri Kosina wrote:
> 
> > - you pointed to a fix for UAF in BPF, which definitely is a good fix to 
> >   have, I don't even dispute that CVE is justified in this particular 
> >   case. What I haven't yet seen though how this connects to in my view 
> >   rather serious 'trivial to get root' statement
> 
> To elaborate on this a little bit more -- I completely agree that this fix 
> is completely in-line with what Kees is, in my view, quite nicely 
> describing at [1]. You pointed to a weakness (for which a fix *is* in our 
> queue), sure.
> 
> But I see a HUGE leap from "fixes a weakness" to bold, aggressive and in 
> my view exaggerating statements a-la "I am able to trivially pwn any 
> kernel which is not -stable".

{sigh}

I do not mean _any_ enterprise kernel, I said "most", some I did not
find any problems with at all that I could tell.  This was true the last
time I did this exercise about 9 or so months ago for a presentation,
and hey, it might have changed since then, I sure hope so for everyone's
sake.

Sorry, I will NOT say what distros I did, or did not, find vunerable.
That's not my place to say here in public for obvious reasons, but I'm
more than willing to discuss it over drinks in-person anytime.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ