| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025021704-region-calzone-7d24@gregkh> Date: Mon, 17 Feb 2025 14:25:16 +0100 From: "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org> To: Stefan Nürnberger <stefan.nuernberger@...erus-technology.de> Cc: "torvalds@...ux-foundation.org" <torvalds@...ux-foundation.org>, "lwn@....net" <lwn@....net>, "stable@...r.kernel.org" <stable@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "akpm@...ux-foundation.org" <akpm@...ux-foundation.org>, "jslaby@...e.cz" <jslaby@...e.cz> Subject: Re: Linux 6.13.3 On Mon, Feb 17, 2025 at 12:41:58PM +0000, Stefan Nürnberger wrote: > Please revert the commit titled > "vfio/platform: check the bounds of read/write syscalls" from all the > latest stable releases (6.13.3, 6.12.14, 6.6.78). Ah, the joys of patch :( > The backport was already included in the releases two weeks ago and the > new one doubles up the existing check. The full list of fixed versions > (back to 5.4) is correctly mentioned in the associated CVE: > https://www.cve.org/CVERecord/?id=CVE-2025-21687 And that CVE record now shows the duplicates as well, remember, we keep them up to date when new stable kernels are released. I'll go revert this for the next round of kernels, but it's not really a problem with checking the same thing twice, so nothing is broken. thanks, greg k-h
Powered by blists - more mailing lists