From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Dominique Martinet <asmadeus@codewreck.org>
Cc: cve@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: CVE-2022-48655: firmware: arm_scmi: Harden accesses to the reset domains
Date: Sat, 11 May 2024 13:24:06 +0100 [thread overview]
Message-ID: <2024051146-unengaged-halves-3681@gregkh> (raw)
In-Reply-To: <2024051148-fervor-aloft-43a3@gregkh>
On Sat, May 11, 2024 at 12:59:23PM +0100, Greg Kroah-Hartman wrote:
> On Fri, May 10, 2024 at 11:23:30PM +0900, Dominique Martinet wrote:
> > Greg Kroah-Hartman wrote on Fri, May 10, 2024 at 09:55:15AM +0100:
> > > > I can submit an edit as a patch to vulns.git json, but this doesn't seem
> > > > overly important so for now a mail will probably do.
> > >
> > > the json and mbox files are generated by tools, so patches to them is
> > > not a good idea as they will be overwritten the next time the scripts
> > > are run.
> >
> > Just let me know what's the most convenient; if mail it is I won't
> > bother :)
> >
> > > > >From a quick look it would seem it fixes arm_scmi from the addition of
> > > > scmi_domain_reset() in 95a15d80aa0d ("firmware: arm_scmi: Add RESET
> > > > protocol in SCMI v2.0"), which first appeared in v5.4-rc1, and does not
> > > > appear to have been backported to older kernels, so v5.4+ can be added
> > > > as a requirement.
> > >
> > > We can add a "this is where the problem showed up" if you know it, so
> > > that would be 95a15d80aa0d ("firmware: arm_scmi: Add RESET protocol in
> > > SCMI v2.0"), correct?
> >
> > Yes; this commit adds the out of bound access.
>
> Great, I'll mark the cve as having that as the "vulnerable" commit id,
> and then re-run the scripts and update the .json file and push it to
> cve.org when I get back to a better network connection.
Now updated on the cve.org web site, thanks!
greg k-h
prev parent reply other threads:[~2024-05-11 12:35 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-28 13:05 CVE-2022-48655: firmware: arm_scmi: Harden accesses to the reset domains Greg Kroah-Hartman
2024-05-10 3:12 ` Dominique Martinet
2024-05-10 8:55 ` Greg Kroah-Hartman
2024-05-10 14:23 ` Dominique Martinet
2024-05-11 11:59 ` Greg Kroah-Hartman
2024-05-11 12:24 ` Greg Kroah-Hartman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024051146-unengaged-halves-3681@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=asmadeus@codewreck.org \
--cc=cve@kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.