* [PATCH vulns 0/1] change the sha1 for CVE-2024-26661 @ 2025-08-01 4:06 Qingfeng Hao 2025-08-01 4:06 ` [PATCH vulns 1/1] CVE-2024-26661: change the sha1 of the cve id Qingfeng Hao 2025-08-01 7:41 ` [PATCH vulns 0/1] change the sha1 for CVE-2024-26661 Greg KH 0 siblings, 2 replies; 7+ messages in thread From: Qingfeng Hao @ 2025-08-01 4:06 UTC (permalink / raw) To: cve, gregkh; +Cc: stable, qingfeng.hao, zhe.he There is a fix 17ba9cde11c2bfebbd70867b0a2ac4a22e573379 introduced in v6.8 to fix the problem introduced by the original fix 66951d98d9bf45ba25acf37fe0747253fafdf298, and they together fix the CVE-2024-26661. Since this is the first time I submit the changes on vulns project, not sure if the changes in my patch are exact, @Greg, please point out the problems if there are and I will fix them. Thanks! Qingfeng Hao (1): CVE-2024-26661: change the sha1 of the cve id cve/published/2024/CVE-2024-26661.dyad | 6 ++-- cve/published/2024/CVE-2024-26661.json | 46 ++------------------------ cve/published/2024/CVE-2024-26661.sha1 | 2 +- 3 files changed, 5 insertions(+), 49 deletions(-) -- 2.34.1 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH vulns 1/1] CVE-2024-26661: change the sha1 of the cve id 2025-08-01 4:06 [PATCH vulns 0/1] change the sha1 for CVE-2024-26661 Qingfeng Hao @ 2025-08-01 4:06 ` Qingfeng Hao 2025-08-01 7:41 ` [PATCH vulns 0/1] change the sha1 for CVE-2024-26661 Greg KH 1 sibling, 0 replies; 7+ messages in thread From: Qingfeng Hao @ 2025-08-01 4:06 UTC (permalink / raw) To: cve, gregkh; +Cc: stable, qingfeng.hao, zhe.he There is a fix 17ba9cde11c2bfebbd70867b0a2ac4a22e573379 introduced in v6.8 to fix the problem introduced by the original fix 66951d98d9bf45ba25acf37fe0747253fafdf298, and they together fix the CVE-2024-26661. Hence, update the cve files accordingly. Signed-off-by: Qingfeng Hao <qingfeng.hao@windriver.com> Signed-off-by: He Zhe <zhe.he@windriver.com> --- cve/published/2024/CVE-2024-26661.dyad | 6 ++-- cve/published/2024/CVE-2024-26661.json | 46 ++------------------------ cve/published/2024/CVE-2024-26661.sha1 | 2 +- 3 files changed, 5 insertions(+), 49 deletions(-) diff --git a/cve/published/2024/CVE-2024-26661.dyad b/cve/published/2024/CVE-2024-26661.dyad index 120c36d66..fc4c2091d 100644 --- a/cve/published/2024/CVE-2024-26661.dyad +++ b/cve/published/2024/CVE-2024-26661.dyad @@ -1,5 +1,3 @@ # dyad version: 86b352798e93 -# getting vulnerable:fixed pairs for git id 66951d98d9bf45ba25acf37fe0747253fafdf298 -5.9:474ac4a875ca6fea3fc5183d3ad22ef7523dca53:6.6.17:3f3c237a706580326d3b7a1b97697e5031ca4667 -5.9:474ac4a875ca6fea3fc5183d3ad22ef7523dca53:6.7.5:39f24c08363af1cd945abad84e3c87fd3e3c845a -5.9:474ac4a875ca6fea3fc5183d3ad22ef7523dca53:6.8:66951d98d9bf45ba25acf37fe0747253fafdf298 +# getting vulnerable:fixed pairs for git id 17ba9cde11c2bfebbd70867b0a2ac4a22e573379 +5.9:474ac4a875ca6fea3fc5183d3ad22ef7523dca53:6.8:17ba9cde11c2bfebbd70867b0a2ac4a22e573379 diff --git a/cve/published/2024/CVE-2024-26661.json b/cve/published/2024/CVE-2024-26661.json index 91d11967b..7c7b2a818 100644 --- a/cve/published/2024/CVE-2024-26661.json +++ b/cve/published/2024/CVE-2024-26661.json @@ -22,19 +22,7 @@ "versions": [ { "version": "474ac4a875ca6fea3fc5183d3ad22ef7523dca53", - "lessThan": "3f3c237a706580326d3b7a1b97697e5031ca4667", - "status": "affected", - "versionType": "git" - }, - { - "version": "474ac4a875ca6fea3fc5183d3ad22ef7523dca53", - "lessThan": "39f24c08363af1cd945abad84e3c87fd3e3c845a", - "status": "affected", - "versionType": "git" - }, - { - "version": "474ac4a875ca6fea3fc5183d3ad22ef7523dca53", - "lessThan": "66951d98d9bf45ba25acf37fe0747253fafdf298", + "lessThan": "17ba9cde11c2bfebbd70867b0a2ac4a22e573379", "status": "affected", "versionType": "git" } @@ -59,18 +47,6 @@ "status": "unaffected", "versionType": "semver" }, - { - "version": "6.6.17", - "lessThanOrEqual": "6.6.*", - "status": "unaffected", - "versionType": "semver" - }, - { - "version": "6.7.5", - "lessThanOrEqual": "6.7.*", - "status": "unaffected", - "versionType": "semver" - }, { "version": "6.8", "lessThanOrEqual": "*", @@ -87,18 +63,6 @@ "operator": "OR", "negate": false, "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionStartIncluding": "5.9", - "versionEndExcluding": "6.6.17" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionStartIncluding": "5.9", - "versionEndExcluding": "6.7.5" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", @@ -112,13 +76,7 @@ ], "references": [ { - "url": "https://git.kernel.org/stable/c/3f3c237a706580326d3b7a1b97697e5031ca4667" - }, - { - "url": "https://git.kernel.org/stable/c/39f24c08363af1cd945abad84e3c87fd3e3c845a" - }, - { - "url": "https://git.kernel.org/stable/c/66951d98d9bf45ba25acf37fe0747253fafdf298" + "url": "https://git.kernel.org/stable/c/17ba9cde11c2bfebbd70867b0a2ac4a22e573379" } ], "title": "drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'", diff --git a/cve/published/2024/CVE-2024-26661.sha1 b/cve/published/2024/CVE-2024-26661.sha1 index 2e7b06c75..b6301aa3c 100644 --- a/cve/published/2024/CVE-2024-26661.sha1 +++ b/cve/published/2024/CVE-2024-26661.sha1 @@ -1 +1 @@ -66951d98d9bf45ba25acf37fe0747253fafdf298 +17ba9cde11c2bfebbd70867b0a2ac4a22e573379 -- 2.34.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH vulns 0/1] change the sha1 for CVE-2024-26661 2025-08-01 4:06 [PATCH vulns 0/1] change the sha1 for CVE-2024-26661 Qingfeng Hao 2025-08-01 4:06 ` [PATCH vulns 1/1] CVE-2024-26661: change the sha1 of the cve id Qingfeng Hao @ 2025-08-01 7:41 ` Greg KH 2025-08-01 12:04 ` Hao, Qingfeng 1 sibling, 1 reply; 7+ messages in thread From: Greg KH @ 2025-08-01 7:41 UTC (permalink / raw) To: Qingfeng Hao; +Cc: cve, stable, zhe.he On Fri, Aug 01, 2025 at 12:06:34PM +0800, Qingfeng Hao wrote: > There is a fix 17ba9cde11c2bfebbd70867b0a2ac4a22e573379 > introduced in v6.8 to fix the problem introduced by > the original fix 66951d98d9bf45ba25acf37fe0747253fafdf298, > and they together fix the CVE-2024-26661. Those are two different things, shouldn't they get different CVE ids? > Since this is the first time I submit the changes on vulns project, > not sure if the changes in my patch are exact, @Greg, please point > out the problems if there are and I will fix them. There's never a need to modify the .dyad or .json files (hint, you also did not touch the .mbox file.) they are all auto-generated from the .sha1 file. But again, I don't think this is correct, either this specific CVE is not a CVE (i.e. it doesn't actually fix an issue), or we need to assign another one, right? thanks, greg k-h ^ permalink raw reply [flat|nested] 7+ messages in thread
* RE: [PATCH vulns 0/1] change the sha1 for CVE-2024-26661 2025-08-01 7:41 ` [PATCH vulns 0/1] change the sha1 for CVE-2024-26661 Greg KH @ 2025-08-01 12:04 ` Hao, Qingfeng 2025-08-02 8:19 ` Greg KH 0 siblings, 1 reply; 7+ messages in thread From: Hao, Qingfeng @ 2025-08-01 12:04 UTC (permalink / raw) To: Greg KH; +Cc: cve@kernel.org, stable@vger.kernel.org, He, Zhe Hi Greg, Thanks for your check and comments. Sorry that I mistakenly changed the files of .dyad and .json. I'll pay attention next time. The original fix 66951d98d9bf ("drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'") or fb5a3d037082 for CVE-2024-26661 didn't fix the CVE (or even made it worse) because the key change is to check if “tg” is NULL before referencing it, but the fix does NOT do that correctly: + if (!abm && !tg && !panel_cntl) + return; Here "&&" should have been "||". The follow-up commit 17ba9cde11c2 fixes this by: - if (!abm && !tg && !panel_cntl) + if (!abm || !tg || !panel_cntl) return; So we consider that 66951d98d9bf is not a complete fix. It actually made things worse. 66951d98d9bf and 17ba9cde11c2 together fix CVE-2024-26661. The same problem happened to CVE-2024-26662. If you agree with the above analysis, should I append 17ba9cde11c2bfebbd70867b0a2ac4a22e573379 to CVE-2024-26661.sha1 ? Thanks! Qingfeng -----Original Message----- From: Greg KH <gregkh@linuxfoundation.org> Sent: 2025年8月1日 15:41 To: Hao, Qingfeng <Qingfeng.Hao@windriver.com> Cc: cve@kernel.org; stable@vger.kernel.org; He, Zhe <Zhe.He@windriver.com> Subject: Re: [PATCH vulns 0/1] change the sha1 for CVE-2024-26661 CAUTION: This email comes from a non Wind River email account! Do not click links or open attachments unless you recognize the sender and know the content is safe. On Fri, Aug 01, 2025 at 12:06:34PM +0800, Qingfeng Hao wrote: > There is a fix 17ba9cde11c2bfebbd70867b0a2ac4a22e573379 > introduced in v6.8 to fix the problem introduced by the original fix > 66951d98d9bf45ba25acf37fe0747253fafdf298, > and they together fix the CVE-2024-26661. Those are two different things, shouldn't they get different CVE ids? > Since this is the first time I submit the changes on vulns project, > not sure if the changes in my patch are exact, @Greg, please point out > the problems if there are and I will fix them. There's never a need to modify the .dyad or .json files (hint, you also did not touch the .mbox file.) they are all auto-generated from the .sha1 file. But again, I don't think this is correct, either this specific CVE is not a CVE (i.e. it doesn't actually fix an issue), or we need to assign another one, right? thanks, greg k-h ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH vulns 0/1] change the sha1 for CVE-2024-26661 2025-08-01 12:04 ` Hao, Qingfeng @ 2025-08-02 8:19 ` Greg KH 2025-08-04 7:47 ` Qingfeng Hao 0 siblings, 1 reply; 7+ messages in thread From: Greg KH @ 2025-08-02 8:19 UTC (permalink / raw) To: Hao, Qingfeng; +Cc: cve@kernel.org, stable@vger.kernel.org, He, Zhe On Fri, Aug 01, 2025 at 12:04:54PM +0000, Hao, Qingfeng wrote: > Hi Greg, > Thanks for your check and comments. Sorry that I mistakenly changed > the files of .dyad and .json. I'll pay attention next time. > The original fix 66951d98d9bf ("drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'") > or fb5a3d037082 for CVE-2024-26661 didn't fix the CVE (or even made it worse) because the key change > is to check if “tg” is NULL before referencing it, but the fix does NOT do that correctly: > + if (!abm && !tg && !panel_cntl) > + return; > Here "&&" should have been "||". > The follow-up commit 17ba9cde11c2 fixes this by: > - if (!abm && !tg && !panel_cntl) > + if (!abm || !tg || !panel_cntl) > return; > So we consider that 66951d98d9bf is not a complete fix. It actually made things worse. > 66951d98d9bf and 17ba9cde11c2 together fix CVE-2024-26661. > The same problem happened to CVE-2024-26662. > If you agree with the above analysis, should I append 17ba9cde11c2bfebbd70867b0a2ac4a22e573379 to CVE-2024-26661.sha1 ? I think that the original CVE should just be rejected and a new one added for the other sha1 you have pointed out that actually fixes the issue because the first one does not do anything. Is that ok? thanks, greg k-h ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH vulns 0/1] change the sha1 for CVE-2024-26661 2025-08-02 8:19 ` Greg KH @ 2025-08-04 7:47 ` Qingfeng Hao 2025-08-11 15:31 ` Greg KH 0 siblings, 1 reply; 7+ messages in thread From: Qingfeng Hao @ 2025-08-04 7:47 UTC (permalink / raw) To: Greg KH; +Cc: cve@kernel.org, stable@vger.kernel.org, He, Zhe On 8/2/25 16:19, Greg KH wrote: > CAUTION: This email comes from a non Wind River email account! > Do not click links or open attachments unless you recognize the sender and know the content is safe. > > On Fri, Aug 01, 2025 at 12:04:54PM +0000, Hao, Qingfeng wrote: >> Hi Greg, >> Thanks for your check and comments. Sorry that I mistakenly changed >> the files of .dyad and .json. I'll pay attention next time. >> The original fix 66951d98d9bf ("drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'") >> or fb5a3d037082 for CVE-2024-26661 didn't fix the CVE (or even made it worse) because the key change >> is to check if “tg” is NULL before referencing it, but the fix does NOT do that correctly: >> + if (!abm && !tg && !panel_cntl) >> + return; >> Here "&&" should have been "||". >> The follow-up commit 17ba9cde11c2 fixes this by: >> - if (!abm && !tg && !panel_cntl) >> + if (!abm || !tg || !panel_cntl) >> return; >> So we consider that 66951d98d9bf is not a complete fix. It actually made things worse. >> 66951d98d9bf and 17ba9cde11c2 together fix CVE-2024-26661. >> The same problem happened to CVE-2024-26662. >> If you agree with the above analysis, should I append 17ba9cde11c2bfebbd70867b0a2ac4a22e573379 to CVE-2024-26661.sha1 ? > I think that the original CVE should just be rejected and a new one > added for the other sha1 you have pointed out that actually fixes the > issue because the first one does not do anything. Is that ok? Thanks Greg. Just to be clear, 66951d98d9bf was supposed to fix CVE-2024-26661 but it failed to do that. Then 17ba9cde11c2 was added, together with 66951d98d9bf, finally fixing CVE-2024-26661. 1) I'm OK with rejecting CVE-2024-26661 and creating a new CVE. BTW, since I'm new to kernel CVE management, why do we reject a valid CVE just because the initial fix doesn't work ? 2) If we do need to reject CVE-2024-26661 and create a new CVE, is there anything I should do ? 3) I just did some search and found that some sha1 files contain multiple commit ids. The sha1 file should contain all of the commits that fix the CVE ? Or just the last commit of the commits that fix the CVE ? Thanks! Qingfeng > > thanks, > > greg k-h ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH vulns 0/1] change the sha1 for CVE-2024-26661 2025-08-04 7:47 ` Qingfeng Hao @ 2025-08-11 15:31 ` Greg KH 0 siblings, 0 replies; 7+ messages in thread From: Greg KH @ 2025-08-11 15:31 UTC (permalink / raw) To: Qingfeng Hao; +Cc: cve@kernel.org, stable@vger.kernel.org, He, Zhe On Mon, Aug 04, 2025 at 03:47:16PM +0800, Qingfeng Hao wrote: > > On 8/2/25 16:19, Greg KH wrote: > > CAUTION: This email comes from a non Wind River email account! > > Do not click links or open attachments unless you recognize the sender and know the content is safe. > > > > On Fri, Aug 01, 2025 at 12:04:54PM +0000, Hao, Qingfeng wrote: > > > Hi Greg, > > > Thanks for your check and comments. Sorry that I mistakenly changed > > > the files of .dyad and .json. I'll pay attention next time. > > > The original fix 66951d98d9bf ("drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'") > > > or fb5a3d037082 for CVE-2024-26661 didn't fix the CVE (or even made it worse) because the key change > > > is to check if “tg” is NULL before referencing it, but the fix does NOT do that correctly: > > > + if (!abm && !tg && !panel_cntl) > > > + return; > > > Here "&&" should have been "||". > > > The follow-up commit 17ba9cde11c2 fixes this by: > > > - if (!abm && !tg && !panel_cntl) > > > + if (!abm || !tg || !panel_cntl) > > > return; > > > So we consider that 66951d98d9bf is not a complete fix. It actually made things worse. > > > 66951d98d9bf and 17ba9cde11c2 together fix CVE-2024-26661. > > > The same problem happened to CVE-2024-26662. > > > If you agree with the above analysis, should I append 17ba9cde11c2bfebbd70867b0a2ac4a22e573379 to CVE-2024-26661.sha1 ? > > I think that the original CVE should just be rejected and a new one > > added for the other sha1 you have pointed out that actually fixes the > > issue because the first one does not do anything. Is that ok? > Thanks Greg. > Just to be clear, 66951d98d9bf was supposed to fix CVE-2024-26661 but it > failed > to do that. Then 17ba9cde11c2 was added, together with 66951d98d9bf, finally > fixing CVE-2024-26661. > > 1) I'm OK with rejecting CVE-2024-26661 and creating a new CVE. > BTW, since I'm new to kernel CVE management, why do we reject a valid CVE > just > because the initial fix doesn't work ? Because almost all CVEs are tied to the commits that resolve them. But, we do have a way to have multiple commit ids for a single CVE, as you point out, so we should probably just do that here as well. > 2) If we do need to reject CVE-2024-26661 and create a new CVE, is there > anything I should do ? Nope! > 3) I just did some search and found that some sha1 files contain multiple > commit ids. The sha1 file should contain all of the commits that fix the CVE > ? > Or just the last commit of the commits that fix the CVE ? Let me just go and add this id to the CVE itself, as it makes more sense as you point out, both commits need to be present here to resolve the issue. I've now done that, but note, it didn't change anything here, the fixes and vulnerable entries still all remain the same, so no one really will notice this :) thanks, greg k-h ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2025-08-11 15:31 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-08-01 4:06 [PATCH vulns 0/1] change the sha1 for CVE-2024-26661 Qingfeng Hao 2025-08-01 4:06 ` [PATCH vulns 1/1] CVE-2024-26661: change the sha1 of the cve id Qingfeng Hao 2025-08-01 7:41 ` [PATCH vulns 0/1] change the sha1 for CVE-2024-26661 Greg KH 2025-08-01 12:04 ` Hao, Qingfeng 2025-08-02 8:19 ` Greg KH 2025-08-04 7:47 ` Qingfeng Hao 2025-08-11 15:31 ` Greg KH
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox