oss-sec mailing list archives

Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl()

From: Greg KH <greg () kroah com>
Date: Wed, 5 Mar 2014 09:04:34 -0800

On Wed, Mar 05, 2014 at 05:30:22PM +0100, Moritz Muehlenhoff wrote:

On Wed, Mar 05, 2014 at 08:23:53AM +0100, Salva Peiró wrote:

Hi,

I've found a vulnerability in the staging kernel tree,
Can anyone assign a CVE ID for this?

- staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl()
https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?h=staging-linus&id=084b6e7765b9554699afa23a50e702a3d0ae4b24


I don't think CVE IDs should be assigned for vulnerabilities
in the staging tree.


I'm happy to agree with that (as the maintainer of the drivers/staging/
tree).  Please note, that if a user does use a staging tree driver, it
will "taint" the kernel with the "TAINT_CRAP" flag, and tell the user
that they are on their own.

But I'm not in charge of CVEs, if people are looking to create a ton of
them, feel free to assign them to staging tree driver issues... :)

thanks,

greg k-h

Current thread:

CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() Salva Peiró (Mar 05)
- Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() Moritz Muehlenhoff (Mar 05)
  - Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() Greg KH (Mar 05)
- Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() cve-assign (Mar 06)
  - Re: Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() Greg KH (Mar 06)