lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7e5c7a5e-8853-4a9d-983d-b51cb416e078@linux.alibaba.com>
Date: Fri, 28 Mar 2025 14:43:04 +0800
From: Gao Xiang <hsiangkao@...ux.alibaba.com>
To: cve@...nel.org, linux-kernel@...r.kernel.org,
 linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: CVE-2023-53027: erofs: fix kvcalloc() misuse with __GFP_NOFAIL

Hi,

On 2025/3/28 00:44, Greg Kroah-Hartman wrote:
> Description
> ===========
> 
> In the Linux kernel, the following vulnerability has been resolved:
> 
> erofs: fix kvcalloc() misuse with __GFP_NOFAIL
> 
> As reported by syzbot [1], kvcalloc() cannot work with  __GFP_NOFAIL.
> Let's use kcalloc() instead.
> 
> [1] https://lore.kernel.org/r/0000000000007796bd05f1852ec2@google.com
> 
> The Linux kernel CVE team has assigned CVE-2023-53027 to this issue.

I think this CVE is invalid since it was then reverted by
upstream commit 647dd2c3f0e1 ("erofs: Revert "erofs: fix kvcalloc()
misuse with __GFP_NOFAIL"")

since it's not the correct way to fix this.

The original issue was fixed by
commit e9c3cda4d86e ("mm, vmalloc: fix high order __GFP_NOFAIL
allocations") instead.

Thanks,
Gao Xiang

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ