Re: CVE-2021-47188: scsi: ufs: core: Improve SCSI abort handling
From: Cengiz Can
Date: Mon Aug 05 2024 - 12:48:31 EST
Hello,
I'm trying to figure out the security impact here:
> That warning is triggered by the following statement:
>
> WARN_ON(lrbp->cmd);
This is just a fix to silence a warning. How is this worthy of a CVE? What was
the criteria here?
If there are security implications of not nullifying `lrbp->cmd`, shouldn't they
be noted in the CVE description?
If this just a fix to the warning, this CVE should be rejected.
Cengiz Can