Re: CVE-2023-52823: kernel: kexec: copy user-array safely

From: Jiri Bohac
Date: Fri May 24 2024 - 10:14:02 EST

Next message: Alan Stern: "Re: LKMM: Making RMW barriers explicit"
Previous message: Paul Durrant: "Re: [RFC PATCH v3 16/21] KVM: x86: Factor out kvm_use_master_clock()"
In reply to: Jiri Bohac: "Re: CVE-2023-52823: kernel: kexec: copy user-array safely"
Next in thread: Greg Kroah-Hartman: "Re: CVE-2023-52823: kernel: kexec: copy user-array safely"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, May 24, 2024 at 02:38:04PM +0200, Jiri Bohac wrote:
> On Fri, May 24, 2024 at 12:15:47PM +0200, Greg Kroah-Hartman wrote:
> > Nice, but then why was this commit worded this way? Now we check twice?
> > Double safe? Should it be reverted?
>
> double safe's good; turning it into a CVE not so much :(
> CVE-2023-52822, CVE-2023-52824 and CVE-2023-52820, originally from the same patch
> series, seem to be the exact same case.

Same thing: CVE-2023-52758

--
Jiri Bohac <jbohac@xxxxxxx>
SUSE Labs, Prague, Czechia

Next message: Alan Stern: "Re: LKMM: Making RMW barriers explicit"
Previous message: Paul Durrant: "Re: [RFC PATCH v3 16/21] KVM: x86: Factor out kvm_use_master_clock()"
In reply to: Jiri Bohac: "Re: CVE-2023-52823: kernel: kexec: copy user-array safely"
Next in thread: Greg Kroah-Hartman: "Re: CVE-2023-52823: kernel: kexec: copy user-array safely"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]