Re: CVE-2023-52451: powerpc/pseries/memhp: Fix access beyond end of drmem array

[Greg Kroah-Hartman]

On Thu, Feb 29, 2024 at 06:36:08PM +0100, Jiri Kosina wrote:
> On Thu, 29 Feb 2024, Jiri Kosina wrote:
> 
> > - you pointed to a fix for UAF in BPF, which definitely is a good fix to 
> >   have, I don't even dispute that CVE is justified in this particular 
> >   case. What I haven't yet seen though how this connects to in my view 
> >   rather serious 'trivial to get root' statement
> 
> To elaborate on this a little bit more -- I completely agree that this fix 
> is completely in-line with what Kees is, in my view, quite nicely 
> describing at [1]. You pointed to a weakness (for which a fix *is* in our 
> queue), sure.
> 
> But I see a HUGE leap from "fixes a weakness" to bold, aggressive and in 
> my view exaggerating statements a-la "I am able to trivially pwn any 
> kernel which is not -stable".

{sigh}

I do not mean _any_ enterprise kernel, I said "most", some I did not
find any problems with at all that I could tell.  This was true the last
time I did this exercise about 9 or so months ago for a presentation,
and hey, it might have changed since then, I sure hope so for everyone's
sake.

Sorry, I will NOT say what distros I did, or did not, find vunerable.
That's not my place to say here in public for obvious reasons, but I'm
more than willing to discuss it over drinks in-person anytime.

thanks,

greg k-h