| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <608fefca-79e1-4982-9d77-56a56890dd90@suse.com> Date: Thu, 22 Aug 2024 07:46:10 +0200 From: Juergen Gross <jgross@...e.com> To: cve@...nel.org, linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: Re: CVE-2022-48900: xen/netfront: react properly to failing gnttab_end_foreign_access_ref() Please revoke this CVE, as CVE-2022-23042 has been allocated for this issue 2 years ago already. This is even clearly visible ... On 22.08.24 05:31, Greg Kroah-Hartman wrote: > Description > =========== > > In the Linux kernel, the following vulnerability has been resolved: > > xen/netfront: react properly to failing gnttab_end_foreign_access_ref() > > When calling gnttab_end_foreign_access_ref() the returned value must > be tested and the reaction to that value should be appropriate. > > In case of failure in xennet_get_responses() the reaction should not be > to crash the system, but to disable the network device. > > The calls in setup_netfront() can be replaced by calls of > gnttab_end_foreign_access(). While at it avoid double free of ring > pages and grant references via xennet_disconnect_backend() in this case. > > This is CVE-2022-23042 / part of XSA-396. ... here. Juergen Download attachment "OpenPGP_0xB0DE9DD628BF132F.asc" of type "application/pgp-keys" (3684 bytes) Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (496 bytes)
Powered by blists - more mailing lists