| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025012147-balance-stinging-38c4@gregkh>
Date: Tue, 21 Jan 2025 11:56:06 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
Cc: cve@...nel.org, linux-kernel@...r.kernel.org, vegard.nossum@...cle.com,
pkshih@...ltek.com, ville.syrjala@...ux.intel.com,
ranjan.kumar@...adcom.com, himanshu.madhani@...cle.com
Subject: Re: [PATCH] Add vulnerable commits for few CVEs
On Mon, Jan 20, 2025 at 09:10:40AM -0800, Harshit Mogalapalli wrote:
> CVE-2024-57804: A more appropriate broken commit is Fixes: 32d457d5a2af
> ("scsi: mpi3mr: Add framework to issue config requests") which added all
> the allocations of the config pages and the CVE fix deals with fixing
> corruption in config pages.
>
> CVE-2024-56369: fixed by adding overflow happening with multiplication.
> Multiplication was first introduced here, so Fixes: 2f0e9d804935 ("drm:
> Make drm_mode_vrefresh() a bit more accurate") is the vulnerable commit
>
> CVE-2024-48873: deals with checking return value in
> ieee80211_probereq_get() function, so Fixes: c6aa9a9c4725 ("wifi: rtw89:
> add RNR support for 6 GHz scan") is the vulnerable commit as it adds the
> function.
>
> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
> ---
> cve/published/2024/CVE-2024-48873.vulnerable | 2 +-
> cve/published/2024/CVE-2024-56369.vulnerable | 1 +
> cve/published/2024/CVE-2024-57804.vulnerable | 2 +-
> 3 files changed, 3 insertions(+), 2 deletions(-)
> create mode 100644 cve/published/2024/CVE-2024-56369.vulnerable
Many thanks for these, all now applied and the updated CVE entries
pushed out.
greg k-h
Powered by blists - more mailing lists