Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp1118689rbb;
        Sun, 25 Feb 2024 21:39:26 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCUB9g050gea80pSgIywn7N3ojpdkaxu9bYC6+bEUPDyOerQE/WqrkW7pA/3KOnhyPLZMTwujcN8c9O8I9H01MocPOBTEvn7ybbMFc4x+w==
X-Google-Smtp-Source: AGHT+IE+9heBlJStkYLoBPYqRtNK+dkFgJMUrp+mtoHAP+L8Rhfjh4EH2i6LWt8o2d66mFGsR8+z
X-Received: by 2002:a9d:7a43:0:b0:6e4:7762:bff with SMTP id z3-20020a9d7a43000000b006e477620bffmr8198423otm.34.1708925966280;
        Sun, 25 Feb 2024 21:39:26 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1708925966; cv=pass;
        d=google.com; s=arc-20160816;
        b=Cjjh8ZzwzL8JIBxJauFA6eB+xCcE5eLdeP20IzJQRTBYP7LRejQKDl0qAA5qMfOMtZ
         SnHmTyhg6FsYBTMghdzrdTrQkyWjyVSplg4pAnv5H9cGmMSmKOxpF1q32EZGVlMgbp3p
         tvWVT0r9ArQ73XbIIh8NkbscnM0Ax/phHVIE54XPWI2lKxFqmQZSHpR+SE0bXuIRaLc6
         S0zY3MWCXpiMRB7TQYm/16lGTYIr3l+U+JLDGdSzhZj9d2O2WSKqGbUwWItM8E9Xg6dU
         UC/PMl1ffSf3/F9otsPAu9mWPBZGTTnW6+FwZG6YKw7SUQbYBioj2YLsAIF/nsYd4wtD
         zxug==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=KI6DzYyX5wATr6Ii6KoJ8C5E1i0TUKfjUBLHiG1sLEc=;
        fh=y0M78nOGWc+U/e3r1oW04RKmklt6lUPM/twEzMOZyZ4=;
        b=bDwhPFQ0GGMy6QzVWPG0mRAYMq00hAAej+6B9EZUeHiuec5mDzI4Y3j74RDZxXripM
         DWrRbpBbBPXY8Tu2H6TYz82ruZv6z5GSRkCwbU+KFK8Lt3lrY2RyAcBHjTpy/+cENnC0
         fJske409UJ8GXePQfKNN9OgOLdic7+fmf2+VxkMSrAsphtt9nyE2WOEvvkR5Cp552f0i
         dD4au2L2sM+HHR4lvNxFe2ATXg5HK4nzPgOL7bwWw0aDpn95AMNCzKUSAGA+HQWcW8N6
         c/Hji0MM1bQPKI5iNo4Rs0q6ZLclD1d/UzI6nxZl6XYDHKnDEDRuWlFRXodVnyfshmtR
         eYGA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=KdG1311Q;
       arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-80566-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-80566-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel+bounces-80566-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id q82-20020a632a55000000b005dc5070656csi3145084pgq.785.2024.02.25.21.39.26
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 25 Feb 2024 21:39:26 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-80566-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=KdG1311Q;
       arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-80566-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-80566-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id ED7EF281AFF
	for <linux.lists.archive@gmail.com>; Mon, 26 Feb 2024 05:39:25 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 29CAD1B948;
	Mon, 26 Feb 2024 05:39:20 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="KdG1311Q"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2B8681B295
	for <linux-kernel@vger.kernel.org>; Mon, 26 Feb 2024 05:39:19 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1708925959; cv=none; b=N64o9jZz+N5rGSwjNqKMD+/VsKF6b8cVjdMvdkz8cwlmkGiZo2w7In52j5dS0QVY1hpFezxAZRb3X1iK1VhKbrHoDDF0B/E6xmAPjriizp3iWj+SPjqv58CwBxYGKxfWQyOHehLo9GEEc/crjCi7GxhZRN5EDGv2Bn5xycAdA1A=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1708925959; c=relaxed/simple;
	bh=eDp83MYzsgFt84CqxaITxG0g4Dkw+7gxS7TyT0QGtdg=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=O6OgfBZWtK8r2dtgx+BLhUTJi8kZufjMMFzqFI9g5B6xsSjmYI7d3ZVMnAFYdd+6copDWdT4R9b9XS0L9D8wNfkHFNzfVMRRK1938PDq8heIeSX4YdzIydqyoJ2WsW3hU/eA9KVGWpvepjXjmHphtcjyCvLi2F650rubGxT2Onw=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=KdG1311Q; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 84AC9C433C7;
	Mon, 26 Feb 2024 05:39:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
	s=korg; t=1708925958;
	bh=eDp83MYzsgFt84CqxaITxG0g4Dkw+7gxS7TyT0QGtdg=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=KdG1311Q2oF/3tOSJMyL7lOc3wB4vznT7EJNJZw352rbep0AKDuNni+/ooT24cgHB
	 fXfT1Vqt4KqSK4ORnk1jSt1qIDR+AgPzdkjMRzlaJdvy/dD1d90QiTSiYTTRQ0Yt2l
	 Ix3Fhn4tX5ZGzqS+cdWdi5Nn1hVe+WZsFzfDBBoU=
Date: Mon, 26 Feb 2024 06:39:16 +0100
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Cc: cve@kernel.org, linux-kernel@vger.kernel.org,
	Darren Kenny <darren.kenny@oracle.com>
Subject: Re: CVE-2023-52471: ice: Fix some null pointer dereference issues in
 ice_ptp.c
Message-ID: <2024022654-designer-rack-c644@gregkh>
References: <2024022546-CVE-2023-52471-ab29@gregkh>
 <ad071ad2-693f-4689-a324-37e80495635a@oracle.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ad071ad2-693f-4689-a324-37e80495635a@oracle.com>

On Mon, Feb 26, 2024 at 12:21:40AM +0530, Harshit Mogalapalli wrote:
> Hi Greg,
> 
> On 25/02/24 13:46, Greg Kroah-Hartman wrote:
> > Description
> > ===========
> > 
> > In the Linux kernel, the following vulnerability has been resolved:
> > 
> > ice: Fix some null pointer dereference issues in ice_ptp.c
> > 
> > devm_kasprintf() returns a pointer to dynamically allocated memory
> > which can be NULL upon failure.
> > 
> 
> I have a question about this and couple of other CVEs:
> 
> CVE-2023-52465: -- devm_kzalloc() and devm_kasprintf() failures
> CVE-2023-52467: -- kasprintf() failure
> CVE-2023-52471: -- devm_kasprintf() failure
> CVE-2023-52472: -- allocation failure
> 
> As it's widely believed that small kmallocs cannot fail, is it worth having
> CVEs for the above bug fixes ?

If you believe that, then sure, don't worry about these individual
commits.  But if you don't believe it (after all, why would we add
checks if the code could never fail?), then perhaps you should take
them.

In other words, why would you NOT take a known fix for a weakess in the
codebase?

thanks,

greg k-h