Re: CVE-2023-52451: powerpc/pseries/memhp: Fix access beyond end of drmem array
From: Pavel Machek
Date: Thu Feb 29 2024 - 05:07:46 EST
Hi!
> > Does that mean that any potentially incorrect input provided by an admin is
> > considered CVE now?
>
> Yes. Have you seen what USER_NS does? There isn't a way to know how
> deployments are using Linux, and this is clearly a "weakness" as defined
> by CVE. It is better to be over zealous than miss things.
Is it?
What is happening now is DoS on anyone who tries to use CVE
database... and on l-k users.
How do I get CVE number for that?
Pavel
--
People of Russia, stop Putin before his war on Ukraine escalates.
Attachment:
signature.asc
Description: PGP signature