Re: CVE-2024-46701: libfs: fix infinite directory reads for offset dir

From: Yu Kuai
Date: Tue Sep 24 2024 - 05:45:10 EST


Hi,

在 2024/09/24 17:03, Greg KH 写道:
On Tue, Sep 24, 2024 at 03:35:33PM +0800, Yu Kuai wrote:
Hi, all!

This is a request to close this CVE.

First of all, I think this really is not a kernel BUG, the deadloop
only exist in user side and user must rename between each readdir
syscall:

while (readdr() > 0)
rename()

Sounds like a real thing that users can do, so why does this not fit the
definition of "vulnerability" as documented by cve.org?

If user want to trigger the deadloop that readdir never return 0, then
user must keep rename inside this dir asynchronously and *never stop*,
this looks like shooting oneself in the foot for me.

On the other hand, v6.6 is affected by this CVE, and this fix can't
be backported to v6.6 because the patchset [1] must be backported first
to expand offset from 32-bit to 64-bit.(This kind of refactor will
break kabi, hence it's not acceptable in our downstream kernels)

That's your business decision, and does not affect if we do, or do not,
assign a CVE at all. Go work with your management if you wish to change
this as it does not pertain to the community in any way.

Yes, I understand, This is just the reason why I tried to close this
CVE, please ignore this.

BTW, if you still think this CVE is valid, can we bakport the refactor
patchset to v6.6 as well? I can sent the patches to 6.6 lts, just let me
know.

Thanks,
Kuai


thanks,

greg k-h
.