* Is CVE-2024-26624 a valid issue?
@ 2024-03-11 0:02 Ben Hutchings
2024-03-11 9:47 ` Eric Dumazet
0 siblings, 1 reply; 4+ messages in thread
From: Ben Hutchings @ 2024-03-11 0:02 UTC (permalink / raw)
To: Eric Dumazet; +Cc: netdev, cve, Salvatore Bonaccorso
[-- Attachment #1: Type: text/plain, Size: 439 bytes --]
Hi Eric,
I noted that CVE-2024-26624 was assigned by the kernel CVE authority to
the issue fixed by commit 4d322dce82a1 "af_unix: fix lockdep positive
in sk_diag_dump_icons()". By my understanding, this does not fix any
locking bug, but only a false positive report from lockdep. Do you
consider this a security issue?
Ben.
--
Ben Hutchings
Time is nature's way of making sure that
everything doesn't happen at once.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Is CVE-2024-26624 a valid issue?
2024-03-11 0:02 Is CVE-2024-26624 a valid issue? Ben Hutchings
@ 2024-03-11 9:47 ` Eric Dumazet
2024-03-11 14:00 ` Lee Jones
0 siblings, 1 reply; 4+ messages in thread
From: Eric Dumazet @ 2024-03-11 9:47 UTC (permalink / raw)
To: Ben Hutchings; +Cc: netdev, cve, Salvatore Bonaccorso
Hi Ben
Yes, my understanding of the issue is that it is a false positive.
Some kernels might crash whenever LOCKDEP triggers, as for any WARNing.
Thanks.
On Mon, Mar 11, 2024 at 1:02 AM Ben Hutchings <ben@decadent.org.uk> wrote:
>
> Hi Eric,
>
> I noted that CVE-2024-26624 was assigned by the kernel CVE authority to
> the issue fixed by commit 4d322dce82a1 "af_unix: fix lockdep positive
> in sk_diag_dump_icons()". By my understanding, this does not fix any
> locking bug, but only a false positive report from lockdep. Do you
> consider this a security issue?
>
> Ben.
>
> --
> Ben Hutchings
> Time is nature's way of making sure that
> everything doesn't happen at once.
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Is CVE-2024-26624 a valid issue?
2024-03-11 9:47 ` Eric Dumazet
@ 2024-03-11 14:00 ` Lee Jones
2024-03-27 13:56 ` Greg KH
0 siblings, 1 reply; 4+ messages in thread
From: Lee Jones @ 2024-03-11 14:00 UTC (permalink / raw)
To: Eric Dumazet; +Cc: Ben Hutchings, netdev, cve, Salvatore Bonaccorso
On Mon, 11 Mar 2024, Eric Dumazet wrote:
> Hi Ben
>
> Yes, my understanding of the issue is that it is a false positive.
>
> Some kernels might crash whenever LOCKDEP triggers, as for any WARNing.
Exactly. So is it possible to trip this, false positive or otherwise?
Being able to crash the kernel, even under false pretences, is
definitely something we usually provide CVE allocations for.
> > I noted that CVE-2024-26624 was assigned by the kernel CVE authority to
> > the issue fixed by commit 4d322dce82a1 "af_unix: fix lockdep positive
> > in sk_diag_dump_icons()". By my understanding, this does not fix any
> > locking bug, but only a false positive report from lockdep. Do you
> > consider this a security issue?
> >
> > Ben.
> >
> > --
> > Ben Hutchings
> > Time is nature's way of making sure that
> > everything doesn't happen at once.
> >
>
--
Lee Jones [李琼斯]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Is CVE-2024-26624 a valid issue?
2024-03-11 14:00 ` Lee Jones
@ 2024-03-27 13:56 ` Greg KH
0 siblings, 0 replies; 4+ messages in thread
From: Greg KH @ 2024-03-27 13:56 UTC (permalink / raw)
To: Lee Jones; +Cc: Eric Dumazet, Ben Hutchings, netdev, cve, Salvatore Bonaccorso
On Mon, Mar 11, 2024 at 02:00:43PM +0000, Lee Jones wrote:
> On Mon, 11 Mar 2024, Eric Dumazet wrote:
>
> > Hi Ben
> >
> > Yes, my understanding of the issue is that it is a false positive.
> >
> > Some kernels might crash whenever LOCKDEP triggers, as for any WARNing.
>
> Exactly. So is it possible to trip this, false positive or otherwise?
> Being able to crash the kernel, even under false pretences, is
> definitely something we usually provide CVE allocations for.
lockdep warnings do not trigger a reboot for panic-on-warn, so I'll go
reject this cve, thanks.
greg k-h
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-03-27 13:56 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-11 0:02 Is CVE-2024-26624 a valid issue? Ben Hutchings
2024-03-11 9:47 ` Eric Dumazet
2024-03-11 14:00 ` Lee Jones
2024-03-27 13:56 ` Greg KH
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.