oss-sec mailing list archives
Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl()
From: Greg KH <greg () kroah com>
Date: Wed, 5 Mar 2014 09:04:34 -0800
On Wed, Mar 05, 2014 at 05:30:22PM +0100, Moritz Muehlenhoff wrote:
On Wed, Mar 05, 2014 at 08:23:53AM +0100, Salva Peiró wrote:Hi, I've found a vulnerability in the staging kernel tree, Can anyone assign a CVE ID for this? - staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?h=staging-linus&id=084b6e7765b9554699afa23a50e702a3d0ae4b24I don't think CVE IDs should be assigned for vulnerabilities in the staging tree.
I'm happy to agree with that (as the maintainer of the drivers/staging/ tree). Please note, that if a user does use a staging tree driver, it will "taint" the kernel with the "TAINT_CRAP" flag, and tell the user that they are on their own. But I'm not in charge of CVEs, if people are looking to create a ton of them, feel free to assign them to staging tree driver issues... :) thanks, greg k-h
Current thread:
- CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() Salva Peiró (Mar 05)
- Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() Moritz Muehlenhoff (Mar 05)
- Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() Greg KH (Mar 05)
- Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() cve-assign (Mar 06)
- Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() Moritz Muehlenhoff (Mar 05)