| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 May 2024 12:45:31 -0400 From: Gabriel Krisman Bertazi <krisman@...e.de> To: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Cc: linux-cve-announce@...r.kernel.org, <cve@...nel.org>, <linux-kernel@...r.kernel.org>, Jens Axboe <axboe@...nel.dk> Subject: Re: CVE-2023-52656: io_uring: drop any code related to SCM_RIGHTS Greg Kroah-Hartman <gregkh@...uxfoundation.org> writes: > Description > =========== > > In the Linux kernel, the following vulnerability has been resolved: > > io_uring: drop any code related to SCM_RIGHTS > > This is dead code after we dropped support for passing io_uring fds > over SCM_RIGHTS, get rid of it. > > The Linux kernel CVE team has assigned CVE-2023-52656 to this issue. Hello Greg, [+Jens in Cc] This is stable material, but doesn't deserve CVE status. There is nothing exploitable that is fixed here. Instead, this commit is dropping unreachable code after the removal of a feature, following another CVE report. Doing the clean up in the original patch would have made the real security fix harder to review. The real issue was reported as CVE-2023-52654 and handled by a different commit. -- Gabriel Krisman Bertazi
Powered by blists - more mailing lists