Re: CVE-2023-53027: erofs: fix kvcalloc() misuse with __GFP_NOFAIL

From: Greg Kroah-Hartman
Date: Fri Mar 28 2025 - 02:53:58 EST

Next message: Gao Xiang: "Re: CVE-2023-53027: erofs: fix kvcalloc() misuse with __GFP_NOFAIL"
Previous message: Krishna Chaitanya Chundru: "Re: [PATCH v8 2/4] PCI: of: Add of_pci_get_equalization_presets() API"
In reply to: Gao Xiang: "Re: CVE-2023-53027: erofs: fix kvcalloc() misuse with __GFP_NOFAIL"
Next in thread: Gao Xiang: "Re: CVE-2023-53027: erofs: fix kvcalloc() misuse with __GFP_NOFAIL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Mar 28, 2025 at 02:43:04PM +0800, Gao Xiang wrote:
> Hi,
>
> On 2025/3/28 00:44, Greg Kroah-Hartman wrote:
> > Description
> > ===========
> >
> > In the Linux kernel, the following vulnerability has been resolved:
> >
> > erofs: fix kvcalloc() misuse with __GFP_NOFAIL
> >
> > As reported by syzbot [1], kvcalloc() cannot work with __GFP_NOFAIL.
> > Let's use kcalloc() instead.
> >
> > [1] https://lore.kernel.org/r/0000000000007796bd05f1852ec2@xxxxxxxxxx
> >
> > The Linux kernel CVE team has assigned CVE-2023-53027 to this issue.
>
> I think this CVE is invalid since it was then reverted by
> upstream commit 647dd2c3f0e1 ("erofs: Revert "erofs: fix kvcalloc()
> misuse with __GFP_NOFAIL"")
>
> since it's not the correct way to fix this.

Ah, that commit was not in the "normal" revert style, which is why we
didn't notice that.

I've now rejected this CVE id, thanks for letting us know!

greg k-h

Next message: Gao Xiang: "Re: CVE-2023-53027: erofs: fix kvcalloc() misuse with __GFP_NOFAIL"
Previous message: Krishna Chaitanya Chundru: "Re: [PATCH v8 2/4] PCI: of: Add of_pci_get_equalization_presets() API"
In reply to: Gao Xiang: "Re: CVE-2023-53027: erofs: fix kvcalloc() misuse with __GFP_NOFAIL"
Next in thread: Gao Xiang: "Re: CVE-2023-53027: erofs: fix kvcalloc() misuse with __GFP_NOFAIL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]