lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <5f33df40-9d18-4d0d-ba7d-60acef9e1d60@oracle.com>
Date: Tue, 20 Jan 2026 23:11:05 +0530
From: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
To: Jens Axboe <axboe@...nel.dk>, Qingyue Zhang <chunzhennn@...com>
Cc: io-uring@...r.kernel.org, linux-kernel@...r.kernel.org,
        Suoxing Zhang <aftern00n@...com>, cve@...nel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH 1/2] io_uring/kbuf: fix signedness in this_len calculation

Hi Jens,


>> I see the Fixes tag documented is "Fixes: ae98dbf43d75
>> ("io_uring/kbuf: add support for incremental buffer consumption")"
>>
>> I think a more accurate Fixes tag is "Fixes: cf9536e550dd
>> ("io_uring/kbuf: enable bundles for incrementally consumed buffers")"
>> , Reason: Commit cf9536e550dd243a1681fdbf804221527da20a80 is the first
>> to move incremental-buffer accounting into the new helper
>> io_kbuf_inc_commit(), introducing this_len = min_t(int, len,
>> buf->len);. The signed int here is exactly what
>> c64eff368ac676e8540344d27a3de47e0ad90d21 corrects.
> 
> I took a look, and indeed, it is mis-tagged. The correct fixes tag
> should've been for cf9536e550dd.
> 

Thanks a lot for taking a look, will send a patch to vulns.git to get 
the CVE information corrected.

Regards,
Harshit

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ