| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e16c5ddd-6c01-4ff3-acb4-03e47a9a67b7@oracle.com>
Date: Sat, 17 Jan 2026 21:18:31 +0530
From: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: cve@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH vulns] CVE-2025-68212: Add vulnerable commit information
On 17/01/26 21:17, Greg KH wrote:
> On Sat, Jan 17, 2026 at 03:34:26PM +0000, Harshit Mogalapalli wrote:
>> For the CVE fix, the actual broken commit which is more appropriate
>> is 37c4a9590e1e introduces the STATMOUNT_MNT_{U,G}IDMAP cases but only
>> writes sm->mnt_* = start while leaving offp unset.
>>
>> Hence, the broken commit for this CVE is commit: 37c4a9590e1e
>> ("statmount: allow to retrieve idmappings")
>>
>> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
>> ---
>> cve/published/2025/CVE-2025-68212.vulnerable | 1 +
>> 1 file changed, 1 insertion(+)
>> create mode 100644 cve/published/2025/CVE-2025-68212.vulnerable
>>
>> diff --git a/cve/published/2025/CVE-2025-68212.vulnerable b/cve/published/2025/CVE-2025-68212.vulnerable
>> new file mode 100644
>> index 000000000000..602d5fbb79b3
>> --- /dev/null
>> +++ b/cve/published/2025/CVE-2025-68212.vulnerable
>> @@ -0,0 +1 @@
>> +37c4a9590e1efcae7749682239fc22a330d2d325
>> --
>> 2.50.1
>>
>>
>
> Now applied and the records updated, thanks!
>
Thanks a lot!
Regards,
Harshit
> greg k-h
Powered by blists - more mailing lists