From: Michal Hocko <mhocko@suse.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: cve@kernel.org, linux-kernel@vger.kernel.org,
linux-cve-announce@vger.kernel.org
Subject: Re: CVE-2024-35906: drm/amd/display: Send DTBCLK disable message on first commit
Date: Fri, 24 May 2024 17:59:34 +0200 [thread overview]
Message-ID: <ZlC5ZooIRyVb9ITu@tiehlicka> (raw)
In-Reply-To: <2024052453-afar-tartly-3721@gregkh>
On Fri 24-05-24 17:22:24, Greg KH wrote:
[...]
> > > And people want to word-smith the text all the time already, so we just
> > > default to using the changelog text as that's the most "neutral" and
> > > public information out there (i.e. we don't have to worry about any sort
> > > of data-retention or classification laws as the information is already
> > > public in kernel changelog text.)
> >
> > This part I do not understand. What is wrong about a reasoning why
> > something has been considered a CVE? E.g. something like
> > CVE assigned because a potential WARN_ON is fixed and that could panic
> > with panic_on_warn. Fixed by <URL_TO_LINUS_TREE>
> >
> > or
> > CVE assigned because UAF is fixed and those can be generally used to
> > construct more complex attacks. Fixed by <URL_TO_LINUS_TREE>
> >
> > etc.
>
> Doing the work to classify all of these in this manner isn't going to
> happen by us, sorry, as it is not required by the CVE process, and
> frankly, we are doing a load of work already here.
I would really like the understand this position. You are doing the
classification already, right? What does prevent you from making that a
part of the process? Why wouldn't you like to help CVE consumers to
understand that process better?
--
Michal Hocko
SUSE Labs
prev parent reply other threads:[~2024-05-24 15:59 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-19 8:35 CVE-2024-35906: drm/amd/display: Send DTBCLK disable message on first commit Greg Kroah-Hartman
2024-05-21 8:28 ` Michal Hocko
2024-05-21 14:39 ` Greg Kroah-Hartman
2024-05-21 16:51 ` Michal Hocko
2024-05-21 17:03 ` Greg Kroah-Hartman
2024-05-21 17:56 ` Michal Hocko
2024-05-22 3:57 ` Greg Kroah-Hartman
2024-05-23 8:26 ` Michal Hocko
2024-05-23 13:49 ` Greg Kroah-Hartman
2024-05-24 10:10 ` Michal Hocko
2024-05-24 11:47 ` Greg Kroah-Hartman
2024-05-24 14:02 ` Michal Hocko
2024-05-24 15:22 ` Greg Kroah-Hartman
2024-05-24 15:59 ` Michal Hocko [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZlC5ZooIRyVb9ITu@tiehlicka \
--to=mhocko@suse.com \
--cc=cve@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-cve-announce@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.