Re: CVE-2021-46966: ACPI: custom_method: fix potential use-after-free issue

From: Greg Kroah-Hartman
Date: Thu Feb 29 2024 - 00:22:45 EST

Next message: Kees Cook: "Re: [PATCH] leaking_addresses: Provide mechanism to scan binary files"
Previous message: kernel test robot: "Re: [PATCH 5/5] mm/treewide: Drop pXd_large()"
In reply to: Michal Hocko: "Re: CVE-2021-46966: ACPI: custom_method: fix potential use-after-free issue"
Next in thread: Michal Hocko: "Re: CVE-2021-46966: ACPI: custom_method: fix potential use-after-free issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Feb 28, 2024 at 05:14:22PM +0100, Michal Hocko wrote:
> Hi,
> this seems like another example of a reasonable fix with a very dubious
> CVE IMHO. Allowing access to /sys/kernel/debug/acpi/custom_method to
> anybody but trusted actor is a huge security problem on its own. I
> really fail to see any value marking this clear bug fix as security
> related.

It was picked because it was a use-after-free fix, AND it is part of the
"import the GSD database into the CVE database" that the CVE project
asked us to do.

thanks,

greg k-h

Next message: Kees Cook: "Re: [PATCH] leaking_addresses: Provide mechanism to scan binary files"
Previous message: kernel test robot: "Re: [PATCH 5/5] mm/treewide: Drop pXd_large()"
In reply to: Michal Hocko: "Re: CVE-2021-46966: ACPI: custom_method: fix potential use-after-free issue"
Next in thread: Michal Hocko: "Re: CVE-2021-46966: ACPI: custom_method: fix potential use-after-free issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]