lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <961720ed43b3df26042efc260d433fb6ddf5c44e.camel@gmail.com>
Date: Thu, 07 Nov 2024 21:17:00 -0800
From: Eduard Zingerman <eddyz87@...il.com>
To: Shung-Hsi Yu <shung-hsi.yu@...e.com>, Andrii Nakryiko
 <andrii@...nel.org>,  cve@...nel.org
Cc: Tao Lyu <tao.lyu@...l.ch>, Greg Kroah-Hartman
 <gregkh@...uxfoundation.org>,  linux-kernel@...r.kernel.org
Subject: Re: CVE-2023-52920: bpf: support non-r10 register spill/fill
 to/from stack in precision tracking

On Fri, 2024-11-08 at 12:42 +0800, Shung-Hsi Yu wrote:
> Hi Andrii and Eduard,

Hi Shung-Hsi,

> I'm trying to determine the security implication of CVE-2023-52920, or
> more specifically, what does commit 41f6f64e6999 ("bpf: support non-r10
> register spill/fill to/from stack in precision tracking") fix.
> Superficially this looks more like an improvement to the verifier.

It is my understanding as well, that this commit is an optimization to
avoid some precision marks. I do not see any security implications.

Thanks,
Eduard

[...]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ