From: Lee Jones <lee@kernel.org>
To: Eric Dumazet <edumazet@google.com>
Cc: Ben Hutchings <ben@decadent.org.uk>,
netdev <netdev@vger.kernel.org>,
cve@kernel.org, Salvatore Bonaccorso <carnil@debian.org>
Subject: Re: Is CVE-2024-26624 a valid issue?
Date: Mon, 11 Mar 2024 14:00:43 +0000 [thread overview]
Message-ID: <20240311140043.GR86322@google.com> (raw)
In-Reply-To: <CANn89iKnQZWNw3NS0uGCWSejKxaUh8iL=UwZ+9+Lhmfth-LTxQ@mail.gmail.com>
On Mon, 11 Mar 2024, Eric Dumazet wrote:
> Hi Ben
>
> Yes, my understanding of the issue is that it is a false positive.
>
> Some kernels might crash whenever LOCKDEP triggers, as for any WARNing.
Exactly. So is it possible to trip this, false positive or otherwise?
Being able to crash the kernel, even under false pretences, is
definitely something we usually provide CVE allocations for.
> > I noted that CVE-2024-26624 was assigned by the kernel CVE authority to
> > the issue fixed by commit 4d322dce82a1 "af_unix: fix lockdep positive
> > in sk_diag_dump_icons()". By my understanding, this does not fix any
> > locking bug, but only a false positive report from lockdep. Do you
> > consider this a security issue?
> >
> > Ben.
> >
> > --
> > Ben Hutchings
> > Time is nature's way of making sure that
> > everything doesn't happen at once.
> >
>
--
Lee Jones [李琼斯]
next prev parent reply other threads:[~2024-03-11 14:00 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-11 0:02 Is CVE-2024-26624 a valid issue? Ben Hutchings
2024-03-11 9:47 ` Eric Dumazet
2024-03-11 14:00 ` Lee Jones [this message]
2024-03-27 13:56 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240311140043.GR86322@google.com \
--to=lee@kernel.org \
--cc=ben@decadent.org.uk \
--cc=carnil@debian.org \
--cc=cve@kernel.org \
--cc=edumazet@google.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).