Re: [PATCH] Add vulnerable commits for few CVEs

From: Harshit Mogalapalli
Date: Mon Mar 10 2025 - 04:48:41 EST

Next message: Oliver Mangold: "[PATCH v6 0/5] New trait OwnableRefCounted for ARef<->Owned conversion."
Previous message: Shay Drory: "[PATCH v2 resend] PCI: Fix NULL dereference in SR-IOV VF creation error path"
In reply to: Greg KH: "Re: [PATCH] Add vulnerable commits for few CVEs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Greg,

On 10/03/25 13:07, Greg KH wrote:
...

CVE-2024-46861 kernel: usbnet: ipheth: do not stop RX on failing RX callback
— Fixes: a2d274c62e44 ("usbnet: ipheth: add CDC NCM support")
Reason: dev->rcvbulk_callback() was added in the broken commit, and the
CVE fix is to remove the return statement on failure.
Note: The CVE fix is preventing driver to stop on non-critical failures
-- I think this shouldn't be a CVE

It's it a denial of service if the driver does not work for normal
issues that can be triggered?

Ah yes, I agree, thanks for explaining.

...

Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@xxxxxxxxxx>

Thanks for all of these, I'll go apply this now and update the database
entries.

Thanks a lot!

Regards,
Harshit

greg k-h

Next message: Oliver Mangold: "[PATCH v6 0/5] New trait OwnableRefCounted for ARef<->Owned conversion."
Previous message: Shay Drory: "[PATCH v2 resend] PCI: Fix NULL dereference in SR-IOV VF creation error path"
In reply to: Greg KH: "Re: [PATCH] Add vulnerable commits for few CVEs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]