From: Greg KH <gregkh@linuxfoundation.org>
To: "Neronin, Niklas" <niklas.neronin@linux.intel.com>
Cc: Jinjiang Tu <tujinjiang@huawei.com>,
cve@kernel.org, linux-cve-announce@vger.kernel.org,
linux-kernel@vger.kernel.org,
Mathias Nyman <mathias.nyman@linux.intel.com>
Subject: Re: CVE-2024-42226: usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB
Date: Sun, 11 Aug 2024 17:33:37 +0200 [thread overview]
Message-ID: <2024081131-tamer-dreadful-17e4@gregkh> (raw)
In-Reply-To: <6327d2ed-f1de-406d-a713-97934dbb6c39@linux.intel.com>
On Wed, Aug 07, 2024 at 12:31:56PM +0300, Neronin, Niklas wrote:
>
>
> On 06/08/2024 16.53, Jinjiang Tu wrote:
> >
> > 在 2024/8/6 19:15, Neronin, Niklas 写道:
> >> On 06/08/2024 12.25, Jinjiang Tu wrote:
> >>> Hi, Niklas
> >>>
> >>> The commit 66cb618bf0bb ("usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB")
> >>> has been assigned with CVE-2024-42226, but the commit has been reverted in 6.1.99 and 6.6.39 due to
> >>> performance regression. Do you have a plan to address this issue, or if this CVE should be rejected?
> >>>
> >>> Thanks!
> >>>
> >> Hi,
> >>
> >> Currently, I have no plan to address this issue.
> >>
> >> The commit in question, was not intended for any previous Linux versions.
> >> It was created as part of my handle_tx_event() rework series. Future changes
> >> in said series could potentially trigger the issue, so preemptively preventing
> >> it was both simpler and more secure.
> > I don't know if I'm understanding this right, do you mean the issue mentioned in
> > the commit will not be actually triggered in previous Linux versions? Now the commit
> > is reverted in v6.1 and v6.6, but the issue can not be triggered in these versions,
> > so no more fixes patch is needed for these LTS versions?
>
> I'm not aware of any cases where this issue has been triggered. As it has been in the
> Linux kernel for a long time, I assume it does not trigger.
Ok, now rejected, thanks.
greg k-h
prev parent reply other threads:[~2024-08-11 15:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-30 7:48 CVE-2024-42226: usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB Greg Kroah-Hartman
2024-08-05 7:01 ` Jinjiang Tu
2024-08-06 9:25 ` Jinjiang Tu
2024-08-06 11:15 ` Neronin, Niklas
2024-08-06 13:53 ` Jinjiang Tu
2024-08-07 9:31 ` Neronin, Niklas
2024-08-11 15:33 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024081131-tamer-dreadful-17e4@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=cve@kernel.org \
--cc=linux-cve-announce@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mathias.nyman@linux.intel.com \
--cc=niklas.neronin@linux.intel.com \
--cc=tujinjiang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.