| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024061747-modulator-boat-b37c@gregkh>
Date: Mon, 17 Jun 2024 18:15:48 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Michal Hocko <mhocko@...e.com>
Cc: cve@...nel.org, linux-kernel@...r.kernel.org,
Yanfei Xu <yanfei.xu@...driver.com>,
Pavel Skripkin <paskripkin@...il.com>,
linux-cve-announce@...r.kernel.org
Subject: Re: CVE-2021-47472: net: mdiobus: Fix memory leak in
__mdiobus_register
On Wed, Jun 05, 2024 at 02:16:37PM +0200, Michal Hocko wrote:
> Fix for this CVE ab609f25d198 ("net: mdiobus: Fix memory leak in
> __mdiobus_register") has been later reverted by 10eff1f5788b ("Revert
> "net: mdiobus: Fix memory leak in __mdiobus_register"") which itself is
> not recognized as a CVE fix.
>
> Reading through the revert I am quite confused TBH. It claims there
> is some problem but also that this is not the right fix. That would
> suggest that there is a CVE but it should be addressed by a different
> fix. Can anybody clarify please?
The correct fix was done in commit ca6e11c337da ("phy: mdio: fix memory
leak") which already has CVE-2021-47416 assigned to it.
I'll go revert this CVE now, as it's not correct because it was reverted
upstream.
thanks for the review!
greg k-h
Powered by blists - more mailing lists