Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: sd <sd-S+4BxnboK3MuagvECLh61g <at> public.gmane.org>
Subject: Re: CVE Request: linux kernel perf out-of-bounds access
Newsgroups: gmane.comp.security.oss.general
Date: Wednesday 15th May 2013 06:08:47 UTC (over 4 years ago)
Frankly, that there was not a CVE for this came as a surprise to me later
as I simply hit the release button each time I spot my bug killed when I'm
auditing the git commit backlog - usually there is fully armed exploit and
advisory already.


2013/5/15 Greg KH 

> On Wed, May 15, 2013 at 09:26:30AM +0800, Eugene Teo wrote:
> > On Tue, May 14, 2013 at 8:25 PM, Marc Deslauriers <
> > [email protected]> wrote:
> >
> > > Hello,
> > >
> > > Is there a CVE for this? If not, could one be assigned, please?
> > >
> > > https://patchwork.kernel.org/patch/2441281/
> > >
> > > 8176cced706b5e5d15887584150764894e94e02f
> > >
> > > (BTW, there is currently an exploit for this going around...)
> > >
> >
> > Nowhere did it say it is a security fix. Fix available since April 13.
> > [email protected] not aware too. Awesome.
> >
> > Seriously, surely by now we should all know that silent fixes are not
the
> > wisest thing to do.
>
> I do not think anyone realized it was a "security" fix.  It was never
> mentioned to the [email protected] alias,
and I only picked it up
> for the stable releases because someone said, "hey, here's another
> trinity bugfix that userspace can trigger".  We fix those all the time,
> every single stable kernel release.
>
> The only thing different this time is someone took the time to develop a
> simple exploit for others to use.
>
> So I don't think this was any more or less "silent" than the normal
> kernel bug fixes that happen every single week.
>
> thanks,
>
> greg k-h
>
 
CD: 3ms