lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d36feb2f-c1f2-90c2-bb33-e6d0ff41096d@huawei.com>
Date: Tue, 6 Aug 2024 21:53:27 +0800
From: Jinjiang Tu <tujinjiang@...wei.com>
To: "Neronin, Niklas" <niklas.neronin@...ux.intel.com>
CC: <cve@...nel.org>, <gregkh@...uxfoundation.org>,
	<linux-cve-announce@...r.kernel.org>, <linux-kernel@...r.kernel.org>, Mathias
 Nyman <mathias.nyman@...ux.intel.com>
Subject: Re: CVE-2024-42226: usb: xhci: prevent potential failure in
 handle_tx_event() for Transfer events without TRB


在 2024/8/6 19:15, Neronin, Niklas 写道:
> On 06/08/2024 12.25, Jinjiang Tu wrote:
>> Hi, Niklas
>>
>> The commit 66cb618bf0bb ("usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB")
>> has been assigned with CVE-2024-42226, but the commit has been reverted in 6.1.99 and 6.6.39 due to
>> performance regression. Do you have a plan to address this issue, or if this CVE should be rejected?
>>
>> Thanks!
>>
> Hi,
>
> Currently, I have no plan to address this issue.
>
> The commit in question, was not intended for any previous Linux versions.
> It was created as part of my handle_tx_event() rework series. Future changes
> in said series could potentially trigger the issue, so preemptively preventing
> it was both simpler and more secure.
I don't know if I'm understanding this right, do you mean the issue 
mentioned in
the commit will not be actually triggered in previous Linux versions? 
Now the commit
is reverted in v6.1 and v6.6, but the issue can not be triggered in 
these versions,
so no more fixes patch is needed for these LTS versions?

Thanks!

>
> Thanks,
> Niklas
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ