From: Sasha Levin <sashal@kernel.org>
To: Jiri Kosina <jikos@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Michal Hocko <mhocko@suse.com>, Kees Cook <keescook@chromium.org>,
cve@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: CVE-2023-52451: powerpc/pseries/memhp: Fix access beyond end of drmem array
Date: Thu, 29 Feb 2024 12:38:09 -0500 [thread overview]
Message-ID: <ZeDBAW16ZbjNJWkn@sashalap> (raw)
In-Reply-To: <nycvar.YFH.7.76.2402291754020.13421@cbobk.fhfr.pm>
On Thu, Feb 29, 2024 at 06:11:40PM +0100, Jiri Kosina wrote:
>On Thu, 29 Feb 2024, Sasha Levin wrote:
>
>> >> It's pretty trivial to get root on most of the "enterprise" kernels
>> >
>> >Wow, that's a very strong statement you are making here, and I'd now
>> >really like to ask you to back that up with some real data.
>>
>> Is something like https://www.suse.com/security/cve/CVE-2023-52447.html
>> a good example?
>
>- this fix is on our list/queue to be integrated into one of our kernel
> branches, and was even beore it just got CVE assigned, as it references
> a commit in Fixes: that we have present in one of our branches, but
> hasn't been processed yet, mainly because we don't allow unprivileged
> BPF
This comment touches on two points raised in this thread:
Greg's point that instead of taking all the fixes, they end up in queues
waiting to be processed, which means that the trees en up being
vulnerable during that time.
Kees's point that exploitation is rarely a single issue coming in to
play, but is usually a long chain of different exploits coming together
to achieve a goal.
>- you pointed to a fix for UAF in BPF, which definitely is a good fix to
> have, I don't even dispute that CVE is justified in this particular
> case. What I haven't yet seen though how this connects to in my view
> rather serious 'trivial to get root' statement
Yes, the patch reads like a fix for a UAF.
--
Thanks,
Sasha
next prev parent reply other threads:[~2024-02-29 17:38 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <2024022257-CVE-2023-52451-7bdb@gregkh>
2024-02-26 14:52 ` CVE-2023-52451: powerpc/pseries/memhp: Fix access beyond end of drmem array Michal Hocko
2024-02-26 15:06 ` Greg Kroah-Hartman
2024-02-26 15:25 ` Michal Hocko
2024-02-26 16:12 ` Greg Kroah-Hartman
2024-02-26 16:36 ` Michal Hocko
2024-02-27 5:14 ` Greg Kroah-Hartman
2024-02-27 8:51 ` Michal Hocko
2024-03-03 12:02 ` Michael Ellerman
2024-02-27 9:53 ` Jiri Kosina
2024-02-27 18:35 ` Kees Cook
2024-02-28 12:04 ` Michal Hocko
2024-02-28 17:12 ` Kees Cook
2024-02-29 8:22 ` Michal Hocko
2024-02-29 8:35 ` Greg Kroah-Hartman
2024-02-29 9:41 ` Michal Hocko
2024-02-29 14:18 ` Greg Kroah-Hartman
2024-02-29 15:08 ` Kees Cook
2024-02-29 17:36 ` Michal Hocko
2024-02-29 15:09 ` Jiri Kosina
2024-02-29 16:09 ` Sasha Levin
2024-02-29 17:11 ` Jiri Kosina
2024-02-29 17:36 ` Jiri Kosina
2024-02-29 18:32 ` Greg Kroah-Hartman
2024-02-29 17:38 ` Sasha Levin [this message]
2024-02-29 10:03 ` Pavel Machek
2024-02-29 10:00 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZeDBAW16ZbjNJWkn@sashalap \
--to=sashal@kernel.org \
--cc=cve@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=jikos@kernel.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhocko@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox