| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Mar 2024 14:00:43 +0000 From: Lee Jones <lee@...nel.org> To: Eric Dumazet <edumazet@...gle.com> Cc: Ben Hutchings <ben@...adent.org.uk>, netdev <netdev@...r.kernel.org>, cve@...nel.org, Salvatore Bonaccorso <carnil@...ian.org> Subject: Re: Is CVE-2024-26624 a valid issue? On Mon, 11 Mar 2024, Eric Dumazet wrote: > Hi Ben > > Yes, my understanding of the issue is that it is a false positive. > > Some kernels might crash whenever LOCKDEP triggers, as for any WARNing. Exactly. So is it possible to trip this, false positive or otherwise? Being able to crash the kernel, even under false pretences, is definitely something we usually provide CVE allocations for. > > I noted that CVE-2024-26624 was assigned by the kernel CVE authority to > > the issue fixed by commit 4d322dce82a1 "af_unix: fix lockdep positive > > in sk_diag_dump_icons()". By my understanding, this does not fix any > > locking bug, but only a false positive report from lockdep. Do you > > consider this a security issue? > > > > Ben. > > > > -- > > Ben Hutchings > > Time is nature's way of making sure that > > everything doesn't happen at once. > > > -- Lee Jones [李琼斯]
Powered by blists - more mailing lists