Re: [External] : Re: CVE-2023-52628: netfilter: nftables: exthdr: fix 4-byte stack OOB write

From: Siddh Raman Pant
Date: Tue Jul 09 2024 - 07:45:24 EST

Next message: Yangyu Chen: "Re: [PATCH -fixes] dma-mapping: add default implementation to arch_dma_{set|clear}_uncached"
Previous message: Will Deacon: "Re: [PATCH v4 06/15] arm64: Make the PHYS_MASK_SHIFT dynamic"
In reply to: gregkh@xxxxxxxxxxxxxxxxxxx: "Re: [External] : Re: CVE-2023-52628: netfilter: nftables: exthdr: fix 4-byte stack OOB write"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jul 09 2024 at 15:39:43 +0530, gregkh@xxxxxxxxxxxxxxxxxxx wrote:
> Looks like Red Hat created it and then rejected it, you will have to
> talk about this with them. But then later ZDI asked me to assign a CVE
> for it, and I did assuming that they knew what they were talking about.
> I shouldn't have assumed that :(
>
> I don't know what to do here, sorry. If you don't think this is an
> issue, great, I'll be glad to reject it but we should say at least why
> we don't think so here in this thread, right?

Thank you for the clarification!

I thought the "Linux kernel security team" is referring to an upstream
group, so I asked about it because it seemed off.

Anyways, best to have this up instead of not.

Thanks,
Siddh

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: Yangyu Chen: "Re: [PATCH -fixes] dma-mapping: add default implementation to arch_dma_{set|clear}_uncached"
Previous message: Will Deacon: "Re: [PATCH v4 06/15] arm64: Make the PHYS_MASK_SHIFT dynamic"
In reply to: gregkh@xxxxxxxxxxxxxxxxxxx: "Re: [External] : Re: CVE-2023-52628: netfilter: nftables: exthdr: fix 4-byte stack OOB write"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]