[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <608fefca-79e1-4982-9d77-56a56890dd90@suse.com>
Date: Thu, 22 Aug 2024 07:46:10 +0200
From: Juergen Gross <jgross@...e.com>
To: cve@...nel.org, linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: CVE-2022-48900: xen/netfront: react properly to failing
gnttab_end_foreign_access_ref()
Please revoke this CVE, as CVE-2022-23042 has been allocated for this issue
2 years ago already.
This is even clearly visible ...
On 22.08.24 05:31, Greg Kroah-Hartman wrote:
> Description
> ===========
>
> In the Linux kernel, the following vulnerability has been resolved:
>
> xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
>
> When calling gnttab_end_foreign_access_ref() the returned value must
> be tested and the reaction to that value should be appropriate.
>
> In case of failure in xennet_get_responses() the reaction should not be
> to crash the system, but to disable the network device.
>
> The calls in setup_netfront() can be replaced by calls of
> gnttab_end_foreign_access(). While at it avoid double free of ring
> pages and grant references via xennet_disconnect_backend() in this case.
>
> This is CVE-2022-23042 / part of XSA-396.
... here.
Juergen
Download attachment "OpenPGP_0xB0DE9DD628BF132F.asc" of type "application/pgp-keys" (3684 bytes)
Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (496 bytes)
Powered by blists - more mailing lists