Re: CVE-2023-52451: powerpc/pseries/memhp: Fix access beyond end of drmem array

From: Jiri Kosina
Date: Thu Feb 29 2024 - 12:11:49 EST

Next message: Doug Anderson: "Re: [PATCH 1/2] drm_edid: Add a function to get EDID base block"
Previous message: Mickaël Salaün: "[PATCH v1 4/8] kunit: Fix timeout message"
In reply to: Sasha Levin: "Re: CVE-2023-52451: powerpc/pseries/memhp: Fix access beyond end of drmem array"
Next in thread: Jiri Kosina: "Re: CVE-2023-52451: powerpc/pseries/memhp: Fix access beyond end of drmem array"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 29 Feb 2024, Sasha Levin wrote:

> >> It's pretty trivial to get root on most of the "enterprise" kernels
> >
> >Wow, that's a very strong statement you are making here, and I'd now
> >really like to ask you to back that up with some real data.
>
> Is something like https://www.suse.com/security/cve/CVE-2023-52447.html
> a good example?

- this fix is on our list/queue to be integrated into one of our kernel
branches, and was even beore it just got CVE assigned, as it references
a commit in Fixes: that we have present in one of our branches, but
hasn't been processed yet, mainly because we don't allow unprivileged
BPF

- you pointed to a fix for UAF in BPF, which definitely is a good fix to
have, I don't even dispute that CVE is justified in this particular
case. What I haven't yet seen though how this connects to in my view
rather serious 'trivial to get root' statement

Thanks,

--
Jiri Kosina
SUSE Labs

Next message: Doug Anderson: "Re: [PATCH 1/2] drm_edid: Add a function to get EDID base block"
Previous message: Mickaël Salaün: "[PATCH v1 4/8] kunit: Fix timeout message"
In reply to: Sasha Levin: "Re: CVE-2023-52451: powerpc/pseries/memhp: Fix access beyond end of drmem array"
Next in thread: Jiri Kosina: "Re: CVE-2023-52451: powerpc/pseries/memhp: Fix access beyond end of drmem array"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]