| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091522-banjo-waggle-ccfe@gregkh> Date: Mon, 15 Sep 2025 16:52:35 +0200 From: Greg KH <gregkh@...uxfoundation.org> To: Juergen Gross <jgross@...e.com> Cc: cve@...nel.org, linux-kernel@...r.kernel.org Subject: Re: CVE-2023-53212: xenbus: check xen_domain in xenbus_probe_initcall On Mon, Sep 15, 2025 at 04:38:05PM +0200, Juergen Gross wrote: > On 15.09.25 16:21, Greg Kroah-Hartman wrote: > > From: Greg Kroah-Hartman <gregkh@...nel.org> > > > > Description > > =========== > > > > In the Linux kernel, the following vulnerability has been resolved: > > > > xenbus: check xen_domain in xenbus_probe_initcall > > > > The same way we already do in xenbus_init. > > Fixes the following warning: > > > > [ 352.175563] Trying to free already-free IRQ 0 > > [ 352.177355] WARNING: CPU: 1 PID: 88 at kernel/irq/manage.c:1893 free_irq+0xbf/0x350 > > [...] > > [ 352.213951] Call Trace: > > [ 352.214390] <TASK> > > [ 352.214717] ? __warn+0x81/0x170 > > [ 352.215436] ? free_irq+0xbf/0x350 > > [ 352.215906] ? report_bug+0x10b/0x200 > > [ 352.216408] ? prb_read_valid+0x17/0x20 > > [ 352.216926] ? handle_bug+0x44/0x80 > > [ 352.217409] ? exc_invalid_op+0x13/0x60 > > [ 352.217932] ? asm_exc_invalid_op+0x16/0x20 > > [ 352.218497] ? free_irq+0xbf/0x350 > > [ 352.218979] ? __pfx_xenbus_probe_thread+0x10/0x10 > > [ 352.219600] xenbus_probe+0x7a/0x80 > > [ 352.221030] xenbus_probe_thread+0x76/0xc0 > > > > The Linux kernel CVE team has assigned CVE-2023-53212 to this issue. > > I don't see how an unprivileged user could trigger this problem. > > Please revoke this CVE. Now rejected, thanks for the review! greg k-h
Powered by blists - more mailing lists