Re: CVE-2024-49967: ext4: no need to continue when the number of entries is 1

From: Siddh Raman Pant
Date: Tue Dec 10 2024 - 01:09:04 EST

Next message: Jiri Slaby: "Re: TPM/EFI issue [Was: Linux 6.12]"
Previous message: Kim Seer Paller: "[PATCH v5 2/2] power/supply: Add support for ltc4162-f/s and ltc4015"
In reply to: Theodore Ts'o: "Re: CVE-2024-49967: ext4: no need to continue when the number of entries is 1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Dec 09 2024 at 21:56:23 +0530, Theodore Ts'o wrote:
> On Mon, Dec 09, 2024 at 02:08:02PM +0100, gregkh@xxxxxxxxxxxxxxxxxxx wrote:
> > Ok, so should it be revoked?

Yes, as this was an incorrect attempt at fixing CVE-2024-42305.

> We're not aware of a way of triggering the OOB error, so in that sense
> the CVE is not valid. There might be a way that someone might be able
> to trigger it in the future; in that hypothetical future, there might
> be some other fix that would address the root cause, but this would be
> a belt and suspenders thing that might prevent that (hypothetical)
> future. So in that sense, it is highly commended that enterprise
> distros and people who are not following the LTS kernels take this
> patch. But is it actually fixing a known vulnerability today? Not
> that we know of.
>
> Cheers,
>
> - Ted
>
> P.S. If some security researcher wants to find such a way, to educate
> people on why using LTS kernels is superior, they should feel free to
> consider this a challenge. :-P

I agree.

Thanks,
Siddh

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: Jiri Slaby: "Re: TPM/EFI issue [Was: Linux 6.12]"
Previous message: Kim Seer Paller: "[PATCH v5 2/2] power/supply: Add support for ltc4162-f/s and ltc4015"
In reply to: Theodore Ts'o: "Re: CVE-2024-49967: ext4: no need to continue when the number of entries is 1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]