Re: [PATCH] Add vulnerable commits for few CVEs

From: Greg KH
Date: Tue Jan 21 2025 - 05:59:33 EST

Next message: Jason Xing: "Re: [PATCH v2 net-next] sysctl net: Remove macro checks for CONFIG_SYSCTL"
Previous message: Louis Chauvet: "[PATCH v3 14/16] drm/vkms: Introduce config for connector status"
In reply to: Harshit Mogalapalli: "[PATCH] Add vulnerable commits for few CVEs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 20, 2025 at 09:10:40AM -0800, Harshit Mogalapalli wrote:
> CVE-2024-57804: A more appropriate broken commit is Fixes: 32d457d5a2af
> ("scsi: mpi3mr: Add framework to issue config requests") which added all
> the allocations of the config pages and the CVE fix deals with fixing
> corruption in config pages.
>
> CVE-2024-56369: fixed by adding overflow happening with multiplication.
> Multiplication was first introduced here, so Fixes: 2f0e9d804935 ("drm:
> Make drm_mode_vrefresh() a bit more accurate") is the vulnerable commit
>
> CVE-2024-48873: deals with checking return value in
> ieee80211_probereq_get() function, so Fixes: c6aa9a9c4725 ("wifi: rtw89:
> add RNR support for 6 GHz scan") is the vulnerable commit as it adds the
> function.
>
> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@xxxxxxxxxx>
> ---
> cve/published/2024/CVE-2024-48873.vulnerable | 2 +-
> cve/published/2024/CVE-2024-56369.vulnerable | 1 +
> cve/published/2024/CVE-2024-57804.vulnerable | 2 +-
> 3 files changed, 3 insertions(+), 2 deletions(-)
> create mode 100644 cve/published/2024/CVE-2024-56369.vulnerable

Many thanks for these, all now applied and the updated CVE entries
pushed out.

greg k-h

Next message: Jason Xing: "Re: [PATCH v2 net-next] sysctl net: Remove macro checks for CONFIG_SYSCTL"
Previous message: Louis Chauvet: "[PATCH v3 14/16] drm/vkms: Introduce config for connector status"
In reply to: Harshit Mogalapalli: "[PATCH] Add vulnerable commits for few CVEs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]