lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <608fefca-79e1-4982-9d77-56a56890dd90@suse.com>
Date: Thu, 22 Aug 2024 07:46:10 +0200
From: Juergen Gross <jgross@...e.com>
To: cve@...nel.org, linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: CVE-2022-48900: xen/netfront: react properly to failing
 gnttab_end_foreign_access_ref()

Please revoke this CVE, as CVE-2022-23042 has been allocated for this issue
2 years ago already.

This is even clearly visible ...

On 22.08.24 05:31, Greg Kroah-Hartman wrote:
> Description
> ===========
> 
> In the Linux kernel, the following vulnerability has been resolved:
> 
> xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
> 
> When calling gnttab_end_foreign_access_ref() the returned value must
> be tested and the reaction to that value should be appropriate.
> 
> In case of failure in xennet_get_responses() the reaction should not be
> to crash the system, but to disable the network device.
> 
> The calls in setup_netfront() can be replaced by calls of
> gnttab_end_foreign_access(). While at it avoid double free of ring
> pages and grant references via xennet_disconnect_backend() in this case.
> 
> This is CVE-2022-23042 / part of XSA-396.

... here.


Juergen

Download attachment "OpenPGP_0xB0DE9DD628BF132F.asc" of type "application/pgp-keys" (3684 bytes)

Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (496 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ