From: Qingfeng Hao <Qingfeng.Hao@windriver.com>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: "cve@kernel.org" <cve@kernel.org>,
"stable@vger.kernel.org" <stable@vger.kernel.org>,
"He, Zhe" <Zhe.He@windriver.com>
Subject: Re: [PATCH vulns 0/1] change the sha1 for CVE-2024-26661
Date: Mon, 4 Aug 2025 15:47:16 +0800 [thread overview]
Message-ID: <4be58827-6794-401b-9a9e-e1ffd66a6a89@windriver.com> (raw)
In-Reply-To: <2025080251-outright-lubricant-1e05@gregkh>
On 8/2/25 16:19, Greg KH wrote:
> CAUTION: This email comes from a non Wind River email account!
> Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
> On Fri, Aug 01, 2025 at 12:04:54PM +0000, Hao, Qingfeng wrote:
>> Hi Greg,
>> Thanks for your check and comments. Sorry that I mistakenly changed
>> the files of .dyad and .json. I'll pay attention next time.
>> The original fix 66951d98d9bf ("drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'")
>> or fb5a3d037082 for CVE-2024-26661 didn't fix the CVE (or even made it worse) because the key change
>> is to check if “tg” is NULL before referencing it, but the fix does NOT do that correctly:
>> + if (!abm && !tg && !panel_cntl)
>> + return;
>> Here "&&" should have been "||".
>> The follow-up commit 17ba9cde11c2 fixes this by:
>> - if (!abm && !tg && !panel_cntl)
>> + if (!abm || !tg || !panel_cntl)
>> return;
>> So we consider that 66951d98d9bf is not a complete fix. It actually made things worse.
>> 66951d98d9bf and 17ba9cde11c2 together fix CVE-2024-26661.
>> The same problem happened to CVE-2024-26662.
>> If you agree with the above analysis, should I append 17ba9cde11c2bfebbd70867b0a2ac4a22e573379 to CVE-2024-26661.sha1 ?
> I think that the original CVE should just be rejected and a new one
> added for the other sha1 you have pointed out that actually fixes the
> issue because the first one does not do anything. Is that ok?
Thanks Greg.
Just to be clear, 66951d98d9bf was supposed to fix CVE-2024-26661 but it
failed
to do that. Then 17ba9cde11c2 was added, together with 66951d98d9bf, finally
fixing CVE-2024-26661.
1) I'm OK with rejecting CVE-2024-26661 and creating a new CVE.
BTW, since I'm new to kernel CVE management, why do we reject a valid
CVE just
because the initial fix doesn't work ?
2) If we do need to reject CVE-2024-26661 and create a new CVE, is there
anything I should do ?
3) I just did some search and found that some sha1 files contain multiple
commit ids. The sha1 file should contain all of the commits that fix the
CVE ?
Or just the last commit of the commits that fix the CVE ?
Thanks!
Qingfeng
>
> thanks,
>
> greg k-h
next prev parent reply other threads:[~2025-08-04 7:47 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-01 4:06 [PATCH vulns 0/1] change the sha1 for CVE-2024-26661 Qingfeng Hao
2025-08-01 4:06 ` [PATCH vulns 1/1] CVE-2024-26661: change the sha1 of the cve id Qingfeng Hao
2025-08-01 7:41 ` [PATCH vulns 0/1] change the sha1 for CVE-2024-26661 Greg KH
2025-08-01 12:04 ` Hao, Qingfeng
2025-08-02 8:19 ` Greg KH
2025-08-04 7:47 ` Qingfeng Hao [this message]
2025-08-11 15:31 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4be58827-6794-401b-9a9e-e1ffd66a6a89@windriver.com \
--to=qingfeng.hao@windriver.com \
--cc=Zhe.He@windriver.com \
--cc=cve@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox