oss-sec mailing list archives
Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname
From: Mohammad Tausif Siddiqui <msiddiqu () redhat com>
Date: Tue, 24 Aug 2021 14:19:59 +0530
[Update] Root CNA MITRE marked rejected CVE-2021-3587 for CVE-2021-38208. CVE-2021-38208 to be used for this issue. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38208 On Tue, Aug 17, 2021 at 5:57 PM Salvatore Bonaccorso <carnil () debian org> wrote:
Hi, On Tue, Aug 17, 2021 at 04:17:38PM +0800, butt3rflyh4ck wrote:Hi, MITRE has assigned CVE-2021-38208 to this issue, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38208 The CVE-2021-3587 assigned by Redhat was 'RESERVED' now. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587 There was some confusion here, Maybe CVE-2021-3587 should be 'REJECT'.I wonder if it would actually be better the other way around, but leaving the decision to MITRE CNA and Red Hat: Several downstream Linux distrubutions seem to have already used CVE-2021-3587 in their advisories, so rejecting CVE-2021-38208 would seem to cause less turnarounds). But I have a biased view here, at least Debian, Ubuntu, Slackware, Fedora and Mageia used already accordingly CVE-2021-3587. Regards, Salvatore
-- *Tausif Siddiqui* | RED HAT PRODUCT SECURITY 0EE1 F6BF 8991 9A65 0A79 A0A7 5849 60EC 88B8 2C71 secalert () redhat com <https://access.redhat.com/security/team/contact> for urgent response.
Current thread:
- Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname butt3rflyh4ck (Aug 17)
- Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname Salvatore Bonaccorso (Aug 17)
- Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname Mohammad Tausif Siddiqui (Aug 24)
- Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname Salvatore Bonaccorso (Aug 17)