From: Michal Hocko <mhocko@suse.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: cve@kernel.org, linux-kernel@vger.kernel.org,
linux-cve-announce@vger.kernel.org
Subject: Re: CVE-2024-35906: drm/amd/display: Send DTBCLK disable message on first commit
Date: Tue, 21 May 2024 18:51:28 +0200 [thread overview]
Message-ID: <ZkzREEA5_N_xfqED@tiehlicka> (raw)
In-Reply-To: <2024052136-cubbyhole-ecologist-5b68@gregkh>
On Tue 21-05-24 16:39:51, Greg KH wrote:
> On Tue, May 21, 2024 at 10:28:41AM +0200, Michal Hocko wrote:
> > CVE-2024-35881 to revert f341055b10bd ("drm/amd/display: Send DTBCLK
> > disable message on first commit") by 3a6a32b31a11 ("Revert
> > "drm/amd/display: Send DTBCLK disable message on first commit"") has
> > been filed as well.
> >
> > Is this really intentional? Should both be rejected?
>
> I don't think so as we had releases with the original commit in it,
I do not think so. Looking at stable kernel branches:
$ git describe-ver 0dab75b433ed2480d57ae4f8f725186a46223e42
v6.8.5~88
$ git describe-ver d6d5622f64f3e07620683d61c880f57965fe1b48
v6.8.5~239
Both of them were released in 6.9-rc1 in Linus tree. I do not see them
in any other stable trees. Neither of them is even marked for stable and
they seemed to be merged only because of (stable tree) 7ea8a0e12088eb0c
which has Stable-dep-of: f341055b10bd ("drm/amd/display: Send DTBCLK
disable message on first commit"). Btw note that 7ea8a0e12088eb0c is not
marked for stable, nor I see anybody requesting that on lore.
Stable rulez!
Let's put aside whether f341055b10bd should get a CVE, we have clearly a
different view on that but looking at the vulns.git tree both CVEs have
been assigned together
$ git log ./2024/CVE-2024-35906.sha1 ./2024/CVE-2024-35881.sha1
commit a6191f0053349c3234f690316d6511e97927f28f
Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun May 19 10:35:32 2024 +0200
some 6.8.5 cves assigned
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
which to me indicates that both CVEs were assigned by a script
without a proper review which is really unfortunate.
Please keep in mind that there are actual consumers of these CVEs and
you are burning their time evaluating these noops. A waste of time, if
you ask me, and not something that could be just neglected considering
how many CVEs you are producing.
--
Michal Hocko
SUSE Labs
next prev parent reply other threads:[~2024-05-21 16:51 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <2024051954-CVE-2024-35906-1c6f@gregkh>
2024-05-21 8:28 ` CVE-2024-35906: drm/amd/display: Send DTBCLK disable message on first commit Michal Hocko
2024-05-21 14:39 ` Greg Kroah-Hartman
2024-05-21 16:51 ` Michal Hocko [this message]
2024-05-21 17:03 ` Greg Kroah-Hartman
2024-05-21 17:56 ` Michal Hocko
2024-05-22 3:57 ` Greg Kroah-Hartman
2024-05-23 8:26 ` Michal Hocko
2024-05-23 13:49 ` Greg Kroah-Hartman
2024-05-24 10:10 ` Michal Hocko
2024-05-24 11:47 ` Greg Kroah-Hartman
2024-05-24 14:02 ` Michal Hocko
2024-05-24 15:22 ` Greg Kroah-Hartman
2024-05-24 15:59 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZkzREEA5_N_xfqED@tiehlicka \
--to=mhocko@suse.com \
--cc=cve@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-cve-announce@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox