Re: CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID

Next message: Jonathan McDowell: "Re: [PATCH v3 04/10] tpm2-sessions: Remove 'attributes' from tpm_buf_append_auth"
Previous message: Jonathan McDowell: "Re: [PATCH v3 01/10] tpm: Cap the number of PCR banks"
In reply to: gregkh@xxxxxxxxxxxxxxxxxxx: "Re: CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID"
Next in thread: gregkh@xxxxxxxxxxxxxxxxxxx: "Re: CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Siddh Raman Pant

Date: Tue Sep 30 2025 - 07:10:00 EST

On Tue, Sep 30 2025 at 16:29:03 +0530, gregkh@xxxxxxxxxxxxxxxxxxx
wrote:
> Then the second change is the one that gets the CVE. Any "previous"
> commits in a series that were preparing for the real fix are not called
> out. As each CVE entry says, do NOT cherry-pick, but rather always take
> all of the commits in the stable release.

IMO it won't be nice to change an identifier now and a new ID should be
assigned instead.

Thanks,
Siddh

Attachment: signature.asc
Description: This is a digitally signed message part