From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Dominique Martinet <asmadeus@codewreck.org>
Cc: cve@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: CVE-2022-48655: firmware: arm_scmi: Harden accesses to the reset domains
Date: Sat, 11 May 2024 13:24:06 +0100 [thread overview]
Message-ID: <2024051146-unengaged-halves-3681@gregkh> (raw)
In-Reply-To: <2024051148-fervor-aloft-43a3@gregkh>
On Sat, May 11, 2024 at 12:59:23PM +0100, Greg Kroah-Hartman wrote:
> On Fri, May 10, 2024 at 11:23:30PM +0900, Dominique Martinet wrote:
> > Greg Kroah-Hartman wrote on Fri, May 10, 2024 at 09:55:15AM +0100:
> > > > I can submit an edit as a patch to vulns.git json, but this doesn't seem
> > > > overly important so for now a mail will probably do.
> > >
> > > the json and mbox files are generated by tools, so patches to them is
> > > not a good idea as they will be overwritten the next time the scripts
> > > are run.
> >
> > Just let me know what's the most convenient; if mail it is I won't
> > bother :)
> >
> > > > >From a quick look it would seem it fixes arm_scmi from the addition of
> > > > scmi_domain_reset() in 95a15d80aa0d ("firmware: arm_scmi: Add RESET
> > > > protocol in SCMI v2.0"), which first appeared in v5.4-rc1, and does not
> > > > appear to have been backported to older kernels, so v5.4+ can be added
> > > > as a requirement.
> > >
> > > We can add a "this is where the problem showed up" if you know it, so
> > > that would be 95a15d80aa0d ("firmware: arm_scmi: Add RESET protocol in
> > > SCMI v2.0"), correct?
> >
> > Yes; this commit adds the out of bound access.
>
> Great, I'll mark the cve as having that as the "vulnerable" commit id,
> and then re-run the scripts and update the .json file and push it to
> cve.org when I get back to a better network connection.
Now updated on the cve.org web site, thanks!
greg k-h
prev parent reply other threads:[~2024-05-11 12:35 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <2024042859-CVE-2022-48655-5feb@gregkh>
2024-05-10 3:12 ` CVE-2022-48655: firmware: arm_scmi: Harden accesses to the reset domains Dominique Martinet
2024-05-10 8:55 ` Greg Kroah-Hartman
2024-05-10 14:23 ` Dominique Martinet
2024-05-11 11:59 ` Greg Kroah-Hartman
2024-05-11 12:24 ` Greg Kroah-Hartman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024051146-unengaged-halves-3681@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=asmadeus@codewreck.org \
--cc=cve@kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox