oss-sec mailing list archives
Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname
From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 17 Aug 2021 14:26:42 +0200
Hi, On Tue, Aug 17, 2021 at 04:17:38PM +0800, butt3rflyh4ck wrote:
Hi, MITRE has assigned CVE-2021-38208 to this issue, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38208 The CVE-2021-3587 assigned by Redhat was 'RESERVED' now. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587 There was some confusion here, Maybe CVE-2021-3587 should be 'REJECT'.
I wonder if it would actually be better the other way around, but leaving the decision to MITRE CNA and Red Hat: Several downstream Linux distrubutions seem to have already used CVE-2021-3587 in their advisories, so rejecting CVE-2021-38208 would seem to cause less turnarounds). But I have a biased view here, at least Debian, Ubuntu, Slackware, Fedora and Mageia used already accordingly CVE-2021-3587. Regards, Salvatore
Current thread:
- Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname butt3rflyh4ck (Aug 17)
- Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname Salvatore Bonaccorso (Aug 17)
- Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname Mohammad Tausif Siddiqui (Aug 24)
- Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname Salvatore Bonaccorso (Aug 17)