Received: by 2002:a05:7412:cfc7:b0:fc:a2b0:25d7 with SMTP id by7csp2531519rdb; Wed, 21 Feb 2024 10:22:05 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUSQKplaFqHZssA2xpOc4vAyQUeukk60F9N1qQiSHfE7GWbBUSa43bH3pGNUj5+IV/S8E5MROboJajeUs2VTBDTakrkuamWvIosRceftA== X-Google-Smtp-Source: AGHT+IFZ5RIuMtdsxzpI7MRXpa8uPPS3zOGa7OzgAJRwfljazR3k7YQBcB+d2Hp3jsWKJS6E78zv X-Received: by 2002:a17:906:495:b0:a3e:c1c8:1e3a with SMTP id f21-20020a170906049500b00a3ec1c81e3amr6394411eja.72.1708539725478; Wed, 21 Feb 2024 10:22:05 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708539725; cv=pass; d=google.com; s=arc-20160816; b=bFmWSbyOxavmPeFKW32T8NUBTyE8unSNSuXf0e+yls6a2mczsUdxbJ7sud4qbtzPA5 lJ+RS4eoQSsXK0XAcF/vO8e/Mmv0lMQFc43wGQ2dW0C6YeXiKHX2R8QhW+l9W0xrXaFe fwE7yHM09R5fGvxnZ2it+YA1ToBwj1dhmeffkN0+9GcO78RuLjmKkG+T7KY6gnCwOJ9l 9nhnBSQba1IIjoBRsnI1pVc5dO1SCDSn4gZjImlgfv0XR54WV7H4+vf1Kri3p0SZHoKZ oo4ZhgqX8+9vkzpfQgWxWIrRD4FjaOubOWVI1B1PB1KrmCqM1by04qT9yFJP4GVqW/PS aX7g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=KQhzOy4auJDRgAjrs3XGd6ZOpCBWR6s+A5oWTM7DYMs=; fh=wrp7Dhnr2TmHw1/9jFzNasPfwkf8YCky7usAvt1pKL8=; b=ycjTGCRZx5IJm+a6AHq98j2JdHhG+G9VbBKpeWRJF6c/a9QPA5fqj77JejllHU+yep CS0acVVs47kwEeoNxSxQUPM1R90lTvu8SBy5K4sHDYCyF65sfksh3AMMmZA5Oxgs5Im+ 6Imiz4GcCoLIBpugkuu2vtxgjhV++802Nm5UvkfRrCQlfRPcV60S5YSBCUYHfuTfIWEK gNInlJ2T1gUnwNqrIzZNaSIwPsGSNUiyISZU5/wcWmaYRfX9Br0md8J9yIoNwWEVqztc Vcwyka1R/OXLImsCSYKwxZCC61wW6i14/5gdHUtAIwlcXRQM+1iMszSCvAIVgE67CVly w5tA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Ck4nE2Ck; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-75266-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75266-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id o22-20020a1709061d5600b00a3ea739097asi2832747ejh.793.2024.02.21.10.22.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 10:22:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75266-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Ck4nE2Ck; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-75266-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75266-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 37C3C1F24537 for ; Wed, 21 Feb 2024 18:22:05 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3B1F685285; Wed, 21 Feb 2024 18:21:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="Ck4nE2Ck" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 403D284FD8 for ; Wed, 21 Feb 2024 18:21:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708539712; cv=none; b=GZy7FTz3TTDrF1PBR7raBMgdv4cqAY1vMMUxFJlcG7hwNfHzKcTk37ppFlnJP2bApiVoOVvBV2X/1FvH4yQj4Gc1wUCEQFYcXZccCh7nIMHfAHr8EAtSf5tGMRBvqVuPcc95AUArluGIGW1NOb9ELO+ABg2BoGvb30LbHW3Vrkg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708539712; c=relaxed/simple; bh=DAOAHEsByKvgSlimCh6bEh2Fq6eNmoS8XzE0H/p6NiQ=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=p+HilVgOTp9V/ys5hp+ToDpXLWpIt03HF2BjCdF4Zn1cIDAOUYgqYjz/nS0fZsrWOCqsDPzcIP5eXEu3YFMPSfGMFUsql4CjyHEUkfGJjdzbgmzV6lxYZUWYVzGH8hflaP30uuMrLOwD8X5Pr4ZfWKXHF8fcAyp52+1P8XLGfzA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=Ck4nE2Ck; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id AACE6C433C7; Wed, 21 Feb 2024 18:21:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1708539712; bh=DAOAHEsByKvgSlimCh6bEh2Fq6eNmoS8XzE0H/p6NiQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Ck4nE2Cky9tnDSQPE1MZuCROttFs+O9Arh0DLAvGa+Sk3tAr8DgEtfZ86WEGcZIMc iXkn+RcpvUG0zw95/VJLHGQ46TvoK/PbbH80sxpsz94hxXd8RqSkiH7KlCUYcxjzWt YsO4YnmnTDh5Y/uJlY80eoja/wwZuVkiPt4PNlkM= Date: Wed, 21 Feb 2024 19:21:49 +0100 From: Greg Kroah-Hartman To: Paolo Bonzini Cc: Sasha Levin , linux-kernel@vger.kernel.org, cve@kernel.org, Jiri Kosina Subject: Re: CVE-2023-52437: Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" Message-ID: <2024022129-expiring-resurface-146c@gregkh> References: <7ae646b3-28e4-4344-a7a4-730a0d6e3f38@redhat.com> <0e8675e0-165d-4cf7-9755-666278868ab8@redhat.com> <3ebbc121-8cb8-4b8d-ad5d-fb5c576e5171@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3ebbc121-8cb8-4b8d-ad5d-fb5c576e5171@redhat.com> On Wed, Feb 21, 2024 at 04:56:31PM +0100, Paolo Bonzini wrote: > To recap: > > - the CVE description comes from was upstream commit bed9e27baf52 > > - neither the CVE mitigation section nor the mentioned kernel releases > fix the bug mentioned in the upstream commit, because the mitigation > section also includes commits that _revert_ commit bed9e27baf52 > > - this second revert is not mentioned anywhere, so the CVE description > is at best misleading; or perhaps more accurately described as > "completely f***ed up". > > I'm sure it's just a bug in the scripts, but it's worrisome that you > don't acknowledge this. Yes, this is a bug in the scripts, but it wasn't obvious what you were objecting to here honestly. Reverts were not anything I tested the scripts with before now, and I'm sure there are going to be more cases that fail in odd ways too. We'll fix them when they show up, that's the best we can do. I'll look at it tomorrow and try to figure it out, if nothing else, I'll just manually update the json record and push the update to cve.org as that's the "canonical" record here. The json files will be updated over time as new releases happen and patches flow backwards, so they will be updated, but for now, sending out new email messages all the time would be a mess. However in this case, I'll fix it up and send out a new announcement as obviously it's wrong in places. If you want to replace the wording in the description here with anything else better, PLEASE let us know and we will be glad to do so. That's the benifit of being a CNA, we can ACTUALLY MODIFY the CVE records, previously it was almost impossible to ever do so. thanks, greg k-h