From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6B6421F12FB for ; Tue, 21 Jan 2025 10:56:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737456970; cv=none; b=oqXaOdLNFYkMhaEEo6VN/c7fJKvbiS7h8wAXFPamWxk7R1CYRvLhYmqQZ+FKOAtWoB5Mk5ifUAQT1j5x+DiHdbJZnLOlvKdeQDeWvIrse94SwnyjTcbHzIyt77jNajih9Tgi54xIg0snh15+XP/JT2FZsNvhg3DKD/hQTAFv27E= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737456970; c=relaxed/simple; bh=ddLlg2GymIgEhf9ESC9nA6hjlM20aHq0CBenw9snG90=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=ttbjrPWeRHPWOZupJrxHkDkJayX3DOt5NFMd9f96gcLLvn+ZWbdkJNfVfv7lIkaF2q5Juj9uisYqJEx84n2sSgE1a7Zm/9Sf69Kc+UhdR2U0/Q/G/rm9cc9YWY68GfIjDZUatP91mkuIl4tnBGUlwmBO55rGZ1QRls5vJvWLKIk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=1d0X2+Ka; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="1d0X2+Ka" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 63D14C4AF0E; Tue, 21 Jan 2025 10:56:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1737456969; bh=ddLlg2GymIgEhf9ESC9nA6hjlM20aHq0CBenw9snG90=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=1d0X2+Kasc003YDI5gW+LM1TtlLV7Ply27LPx1/yZcjuVMpNgwHvFNN72xqH7nEPN Y3Nnjbuguhb/5zIcrWoFHEFMG7cEQDhhHzTuYLDRZB9xtbEho0epORjCTuJfnp/sLG EMxEbgL4gqZmdMZeByhDoAbcZAVBDgHocNgjZZ0k= Date: Tue, 21 Jan 2025 11:56:06 +0100 From: Greg KH To: Harshit Mogalapalli Cc: cve@kernel.org, linux-kernel@vger.kernel.org, vegard.nossum@oracle.com, pkshih@realtek.com, ville.syrjala@linux.intel.com, ranjan.kumar@broadcom.com, himanshu.madhani@oracle.com Subject: Re: [PATCH] Add vulnerable commits for few CVEs Message-ID: <2025012147-balance-stinging-38c4@gregkh> References: <20250120171040.3927637-1-harshit.m.mogalapalli@oracle.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20250120171040.3927637-1-harshit.m.mogalapalli@oracle.com> On Mon, Jan 20, 2025 at 09:10:40AM -0800, Harshit Mogalapalli wrote: > CVE-2024-57804: A more appropriate broken commit is Fixes: 32d457d5a2af > ("scsi: mpi3mr: Add framework to issue config requests") which added all > the allocations of the config pages and the CVE fix deals with fixing > corruption in config pages. > > CVE-2024-56369: fixed by adding overflow happening with multiplication. > Multiplication was first introduced here, so Fixes: 2f0e9d804935 ("drm: > Make drm_mode_vrefresh() a bit more accurate") is the vulnerable commit > > CVE-2024-48873: deals with checking return value in > ieee80211_probereq_get() function, so Fixes: c6aa9a9c4725 ("wifi: rtw89: > add RNR support for 6 GHz scan") is the vulnerable commit as it adds the > function. > > Signed-off-by: Harshit Mogalapalli > --- > cve/published/2024/CVE-2024-48873.vulnerable | 2 +- > cve/published/2024/CVE-2024-56369.vulnerable | 1 + > cve/published/2024/CVE-2024-57804.vulnerable | 2 +- > 3 files changed, 3 insertions(+), 2 deletions(-) > create mode 100644 cve/published/2024/CVE-2024-56369.vulnerable Many thanks for these, all now applied and the updated CVE entries pushed out. greg k-h