oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname

From: Mohammad Tausif Siddiqui <msiddiqu () redhat com>
Date: Tue, 24 Aug 2021 14:19:59 +0530
[Update] Root CNA MITRE marked rejected CVE-2021-3587 for CVE-2021-38208.

CVE-2021-38208 to be used for this issue.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38208


On Tue, Aug 17, 2021 at 5:57 PM Salvatore Bonaccorso <carnil () debian org>
wrote:


Hi,

On Tue, Aug 17, 2021 at 04:17:38PM +0800, butt3rflyh4ck wrote:

Hi, MITRE has assigned CVE-2021-38208 to this issue,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38208

The CVE-2021-3587 assigned by Redhat was 'RESERVED' now.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587

There was some confusion here, Maybe CVE-2021-3587 should be 'REJECT'.


I wonder if it would actually be better the other way around, but
leaving the decision to MITRE CNA and Red Hat: Several downstream
Linux distrubutions seem to have already used CVE-2021-3587 in their
advisories, so rejecting CVE-2021-38208 would seem to cause less
turnarounds). But I have a biased view here, at least Debian, Ubuntu,
Slackware, Fedora and Mageia used already accordingly CVE-2021-3587.

Regards,
Salvatore




-- 

*Tausif Siddiqui* | RED HAT PRODUCT SECURITY

0EE1 F6BF 8991 9A65 0A79 A0A7 5849 60EC 88B8 2C71

secalert () redhat com <https://access.redhat.com/security/team/contact> for
urgent response.
Previous By Date Next
Previous By Thread Next

Current thread: