From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: cve@kernel.org, linux-kernel@vger.kernel.org,
linux-cve-announce@vger.kernel.org,
"Günther Noack" <gnoack@google.com>,
linux-security-module@vger.kernel.org
Subject: Re: CVE-2024-40938: landlock: Fix d_parent walk
Date: Mon, 15 Jul 2024 13:16:38 +0200 [thread overview]
Message-ID: <2024071553-yippee-broadways-8035@gregkh> (raw)
In-Reply-To: <20240715.aeLiunipi8ia@digikod.net>
On Mon, Jul 15, 2024 at 12:37:53PM +0200, Mickaël Salaün wrote:
> Hello,
>
> AFAIK, commit 88da52ccd66e ("landlock: Fix d_parent walk") doesn't fix a
> security issue but an unexpected case. The triggered WARN_ON_ONCE() is
> just a canary, and this case was correctly handled with defensive
> programming and didn't allow to bypass the security policy nor to harm
> the kernel. However, this fix should indeed be backported.
If a WARN_ON() is hit, a machine with panic_on_warn enabled will reboot,
hence if there is any way that userspace can hit this, it needs to be
issued a CVE, sorry.
> Could you please Cc me for future CVE related to my changes or to
> Landlock? For kernel CVEs, I think it would be good to Cc at least
> maintainers, reviewers, authors, and committers for the related commits.
I suggest setting up lei to watch the linux-cve-announce mailing list if
you wish to do this (just filter for landlock stuff). Automatically
mailing cve stuff to maintainers has been deemed too "noisy" which is
why we do not do this by default.
thanks,
greg k-h
next prev parent reply other threads:[~2024-07-15 11:16 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <2024071218-CVE-2024-40938-1619@gregkh>
2024-07-15 10:37 ` CVE-2024-40938: landlock: Fix d_parent walk Mickaël Salaün
2024-07-15 11:16 ` Greg Kroah-Hartman [this message]
2024-07-15 12:20 ` Mickaël Salaün
2024-07-15 12:39 ` Greg Kroah-Hartman
2024-07-15 16:11 ` Kees Cook
2024-07-15 18:04 ` Mickaël Salaün
2024-07-15 20:17 ` Kees Cook
2024-07-16 7:17 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024071553-yippee-broadways-8035@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=cve@kernel.org \
--cc=gnoack@google.com \
--cc=linux-cve-announce@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).