2024-05-24 16:47:38

by Gabriel Krisman Bertazi

[permalink] [raw]
Subject: Re: CVE-2023-52656: io_uring: drop any code related to SCM_RIGHTS

Greg Kroah-Hartman <[email protected]> writes:

> Description
> ===========
>
> In the Linux kernel, the following vulnerability has been resolved:
>
> io_uring: drop any code related to SCM_RIGHTS
>
> This is dead code after we dropped support for passing io_uring fds
> over SCM_RIGHTS, get rid of it.
>
> The Linux kernel CVE team has assigned CVE-2023-52656 to this issue.

Hello Greg,

[+Jens in Cc]

This is stable material, but doesn't deserve CVE status. There is
nothing exploitable that is fixed here. Instead, this commit is dropping
unreachable code after the removal of a feature, following another CVE
report. Doing the clean up in the original patch would have made the
real security fix harder to review.

The real issue was reported as CVE-2023-52654 and handled by a different
commit.

--
Gabriel Krisman Bertazi


2024-05-24 16:57:19

by Jens Axboe

[permalink] [raw]
Subject: Re: CVE-2023-52656: io_uring: drop any code related to SCM_RIGHTS

On 5/24/24 10:45 AM, Gabriel Krisman Bertazi wrote:
> Greg Kroah-Hartman <[email protected]> writes:
>
>> Description
>> ===========
>>
>> In the Linux kernel, the following vulnerability has been resolved:
>>
>> io_uring: drop any code related to SCM_RIGHTS
>>
>> This is dead code after we dropped support for passing io_uring fds
>> over SCM_RIGHTS, get rid of it.
>>
>> The Linux kernel CVE team has assigned CVE-2023-52656 to this issue.
>
> Hello Greg,
>
> [+Jens in Cc]
>
> This is stable material, but doesn't deserve CVE status. There is
> nothing exploitable that is fixed here. Instead, this commit is dropping
> unreachable code after the removal of a feature, following another CVE
> report. Doing the clean up in the original patch would have made the
> real security fix harder to review.
>
> The real issue was reported as CVE-2023-52654 and handled by a different
> commit.

FWIW, the same is true for a number of other commits recently. They are
nowhere near CVE material, it's just generic bug fixes.

--
Jens Axboe


2024-05-25 07:15:45

by Greg Kroah-Hartman

[permalink] [raw]
Subject: Re: CVE-2023-52656: io_uring: drop any code related to SCM_RIGHTS

On Fri, May 24, 2024 at 10:57:07AM -0600, Jens Axboe wrote:
> On 5/24/24 10:45 AM, Gabriel Krisman Bertazi wrote:
> > Greg Kroah-Hartman <[email protected]> writes:
> >
> >> Description
> >> ===========
> >>
> >> In the Linux kernel, the following vulnerability has been resolved:
> >>
> >> io_uring: drop any code related to SCM_RIGHTS
> >>
> >> This is dead code after we dropped support for passing io_uring fds
> >> over SCM_RIGHTS, get rid of it.
> >>
> >> The Linux kernel CVE team has assigned CVE-2023-52656 to this issue.
> >
> > Hello Greg,
> >
> > [+Jens in Cc]
> >
> > This is stable material, but doesn't deserve CVE status. There is
> > nothing exploitable that is fixed here. Instead, this commit is dropping
> > unreachable code after the removal of a feature, following another CVE
> > report. Doing the clean up in the original patch would have made the
> > real security fix harder to review.
> >
> > The real issue was reported as CVE-2023-52654 and handled by a different
> > commit.
>
> FWIW, the same is true for a number of other commits recently. They are
> nowhere near CVE material, it's just generic bug fixes.

Ok, glad to revoke them if you do not think they are user triggerable
issues. I'll go reject this one right now, thanks.

greg k-h