lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 17 Jun 2024 18:15:48 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Michal Hocko <mhocko@...e.com>
Cc: cve@...nel.org, linux-kernel@...r.kernel.org,
	Yanfei Xu <yanfei.xu@...driver.com>,
	Pavel Skripkin <paskripkin@...il.com>,
	linux-cve-announce@...r.kernel.org
Subject: Re: CVE-2021-47472: net: mdiobus: Fix memory leak in
 __mdiobus_register

On Wed, Jun 05, 2024 at 02:16:37PM +0200, Michal Hocko wrote:
> Fix for this CVE ab609f25d198 ("net: mdiobus: Fix memory leak in
> __mdiobus_register") has been later reverted by 10eff1f5788b ("Revert
> "net: mdiobus: Fix memory leak in __mdiobus_register"") which itself is
> not recognized as a CVE fix.
> 
> Reading through the revert I am quite confused TBH. It claims there
> is some problem but also that this is not the right fix. That would
> suggest that there is a CVE but it should be addressed by a different
> fix. Can anybody clarify please?

The correct fix was done in commit ca6e11c337da ("phy: mdio: fix memory
leak") which already has CVE-2021-47416 assigned to it.

I'll go revert this CVE now, as it's not correct because it was reverted
upstream.

thanks for the review!

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ