From: Jens Axboe <axboe@kernel.dk>
To: Gabriel Krisman Bertazi <krisman@suse.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: linux-cve-announce@vger.kernel.org, cve@kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: CVE-2023-52656: io_uring: drop any code related to SCM_RIGHTS
Date: Fri, 24 May 2024 10:57:07 -0600 [thread overview]
Message-ID: <d1cb0cd3-0826-48fc-8713-8648d6eb9fd7@kernel.dk> (raw)
In-Reply-To: <871q5rqhuc.fsf@mailhost.krisman.be>
On 5/24/24 10:45 AM, Gabriel Krisman Bertazi wrote:
> Greg Kroah-Hartman <gregkh@linuxfoundation.org> writes:
>
>> Description
>> ===========
>>
>> In the Linux kernel, the following vulnerability has been resolved:
>>
>> io_uring: drop any code related to SCM_RIGHTS
>>
>> This is dead code after we dropped support for passing io_uring fds
>> over SCM_RIGHTS, get rid of it.
>>
>> The Linux kernel CVE team has assigned CVE-2023-52656 to this issue.
>
> Hello Greg,
>
> [+Jens in Cc]
>
> This is stable material, but doesn't deserve CVE status. There is
> nothing exploitable that is fixed here. Instead, this commit is dropping
> unreachable code after the removal of a feature, following another CVE
> report. Doing the clean up in the original patch would have made the
> real security fix harder to review.
>
> The real issue was reported as CVE-2023-52654 and handled by a different
> commit.
FWIW, the same is true for a number of other commits recently. They are
nowhere near CVE material, it's just generic bug fixes.
--
Jens Axboe
next prev parent reply other threads:[~2024-05-24 16:57 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-13 13:12 CVE-2023-52656: io_uring: drop any code related to SCM_RIGHTS Greg Kroah-Hartman
2024-05-24 16:45 ` Gabriel Krisman Bertazi
2024-05-24 16:57 ` Jens Axboe [this message]
2024-05-25 7:15 ` Greg Kroah-Hartman
[not found] ` <CAFswPa9jR6mKAsCrdmspCARe-evk16s1t0SG9LrRLCze_f6Ydw@mail.gmail.com>
2024-05-25 15:19 ` Greg Kroah-Hartman
2024-05-25 15:28 ` Jens Axboe
2024-05-25 15:37 ` Greg Kroah-Hartman
2024-05-25 18:15 ` Gabriel Krisman Bertazi
-- strict thread matches above, loose matches on Subject: below --
2024-05-25 15:36 Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d1cb0cd3-0826-48fc-8713-8648d6eb9fd7@kernel.dk \
--to=axboe@kernel.dk \
--cc=cve@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=krisman@suse.de \
--cc=linux-cve-announce@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.