Re: [PATCH v2] dlm: fix buffer overflow from negative len in dlm_search_rsb_tree

Next message: Luca Weiss: "[PATCH RFC 2/2] arm64: dts: qcom: kodiak: Fix up LPASS TX macro v9.4 control names"
Previous message: Rafael J. Wysocki: "Re: [PATCH v2 6/6] PCI: Put PCIe bridges with downstream devices into D3 at hibernate"
In reply to: Alexander Aring: "Re: [PATCH v2] dlm: fix buffer overflow from negative len in dlm_search_rsb_tree"
Next in thread: Alexander Aring: "Re: [PATCH v2] dlm: fix buffer overflow from negative len in dlm_search_rsb_tree"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Greg KH

Date: Tue May 26 2026 - 12:17:39 EST

On Tue, May 26, 2026 at 09:58:32AM -0400, Alexander Aring wrote:
> Hi,
>
> On Mon, May 25, 2026 at 1:39 PM Alexander Aring <aahringo@xxxxxxxxxx> wrote:
> >
> > Hi,
> >
> > On Mon, May 25, 2026 at 10:27 AM Alexander Aring <aahringo@xxxxxxxxxx> wrote:
> > >
> > > Hi,
> > >
> > > On Sat, May 16, 2026 at 10:03 PM Joseph Qi <joseph.qi@xxxxxxxxxxxxxxxxx> wrote:
> > > >
> > > > commit 080e5563f878 only checks for len > DLM_RESNAME_MAXLEN, which does
> > >
> > > check with checkpath, it reports an error regarding how this commit
> > > reference is done.
> > >
> >
> > This also addresses CVE-2026-43125 [0].
> >
> > - Alex
> >
> > [0] https://lore.kernel.org/linux-cve-announce/2026050619-CVE-2026-43125-c9f9@gregkh/
>
> cc the right folks cve@xxxxxxxxxx as described in the kernel documentation.

For what?

> There is another patch required for CVE-2026-43125 [0].
>
> Joseph I think for v3 you should cc also cve@xxxxxxxxxx and mention
> this in your commit msg.

Why doesn't this deserve a different CVE id when it lands in the public
trees?

thanks,

greg k-h