* [Question] mdadm CVE-2023-28736 and CVE-2023-28938 problem
@ 2023-08-31 9:26 miaoguanqin
2023-08-31 10:04 ` Martin Wilck
0 siblings, 1 reply; 3+ messages in thread
From: miaoguanqin @ 2023-08-31 9:26 UTC (permalink / raw)
To: Jes Sorensen, Martin Wilck, Paul Menzel, colyli, linux-raid
Cc: linfeilong, louhongxiang, lixiaokeng
Dear mdadm committers:
Hi! I noticed that the community did not provide the concrete patch
that could fix CVE-2023-28736 and CVE-2023-28938. Intel, in specific,
suggests upgrading mdadm to version 4.2-rc2 or later [1], to get rid of
the issue, however, without finding the root cause or providing further
explanation.I would like to know if there is such a specific patch,
or a set of patches that actually solve these two CVE problems.
[1]
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html
Many thanks in advance!
Best wishes,
Guanqin Miao
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Question] mdadm CVE-2023-28736 and CVE-2023-28938 problem
2023-08-31 9:26 [Question] mdadm CVE-2023-28736 and CVE-2023-28938 problem miaoguanqin
@ 2023-08-31 10:04 ` Martin Wilck
2023-09-01 8:04 ` Martin Wilck
0 siblings, 1 reply; 3+ messages in thread
From: Martin Wilck @ 2023-08-31 10:04 UTC (permalink / raw)
To: miaoguanqin, Jes Sorensen, Paul Menzel, colyli, linux-raid
Cc: linfeilong, louhongxiang, lixiaokeng
On Thu, 2023-08-31 at 17:26 +0800, miaoguanqin wrote:
> Dear mdadm committers:
>
> Hi! I noticed that the community did not provide the concrete patch
> that could fix CVE-2023-28736 and CVE-2023-28938. Intel, in specific,
> suggests upgrading mdadm to version 4.2-rc2 or later [1], to get rid
> of
> the issue, however, without finding the root cause or providing
> further
> explanation.I would like to know if there is such a specific patch,
> or a set of patches that actually solve these two CVE problems.
>
> [1]
> https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html
>
I think it's ced5fa8 ("mdadm: block creation with long names").
Martin
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Question] mdadm CVE-2023-28736 and CVE-2023-28938 problem
2023-08-31 10:04 ` Martin Wilck
@ 2023-09-01 8:04 ` Martin Wilck
0 siblings, 0 replies; 3+ messages in thread
From: Martin Wilck @ 2023-09-01 8:04 UTC (permalink / raw)
To: miaoguanqin, Jes Sorensen, Paul Menzel, colyli, linux-raid
Cc: linfeilong, louhongxiang, lixiaokeng
On Thu, 2023-08-31 at 12:04 +0200, Martin Wilck wrote:
> On Thu, 2023-08-31 at 17:26 +0800, miaoguanqin wrote:
> > Dear mdadm committers:
> >
> > Hi! I noticed that the community did not provide the concrete patch
> > that could fix CVE-2023-28736 and CVE-2023-28938. Intel, in
> > specific,
> > suggests upgrading mdadm to version 4.2-rc2 or later [1], to get
> > rid
> > of
> > the issue, however, without finding the root cause or providing
> > further
> > explanation.I would like to know if there is such a specific patch,
> > or a set of patches that actually solve these two CVE problems.
> >
> > [1]
> > https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html
> >
>
> I think it's ced5fa8 ("mdadm: block creation with long names").
... and the other was 7d374a1 ("Fix memory leak after "mdadm --
detail"")
Martin
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-09-01 8:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-31 9:26 [Question] mdadm CVE-2023-28736 and CVE-2023-28938 problem miaoguanqin
2023-08-31 10:04 ` Martin Wilck
2023-09-01 8:04 ` Martin Wilck
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).