Re: CVE-2021-47472: net: mdiobus: Fix memory leak in __mdiobus_register

From: Greg Kroah-Hartman
Date: Mon Jun 17 2024 - 12:15:57 EST

Next message: Dragos Tatulea: "[PATCH vhost 08/23] vdpa/mlx5: Clear and reinitialize software VQ data on reset"
Previous message: Kory Maincent: "Re: [PATCH net-next v3 5/7] net: ethtool: Add new power limit get and set features"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jun 05, 2024 at 02:16:37PM +0200, Michal Hocko wrote:
> Fix for this CVE ab609f25d198 ("net: mdiobus: Fix memory leak in
> __mdiobus_register") has been later reverted by 10eff1f5788b ("Revert
> "net: mdiobus: Fix memory leak in __mdiobus_register"") which itself is
> not recognized as a CVE fix.
>
> Reading through the revert I am quite confused TBH. It claims there
> is some problem but also that this is not the right fix. That would
> suggest that there is a CVE but it should be addressed by a different
> fix. Can anybody clarify please?

The correct fix was done in commit ca6e11c337da ("phy: mdio: fix memory
leak") which already has CVE-2021-47416 assigned to it.

I'll go revert this CVE now, as it's not correct because it was reverted
upstream.

thanks for the review!

greg k-h

Next message: Dragos Tatulea: "[PATCH vhost 08/23] vdpa/mlx5: Clear and reinitialize software VQ data on reset"
Previous message: Kory Maincent: "Re: [PATCH net-next v3 5/7] net: ethtool: Add new power limit get and set features"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]