Received: by 2002:a05:7208:13ce:b0:7f:395a:35b6 with SMTP id r14csp341683rbe; Thu, 29 Feb 2024 00:46:07 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVP4cDLBO2ChSuB1Ks5ResrG8yCOkrs4WXHgtWS8XKea58CbFg35vB7+cZ5GGCTxjmlm5bo9/tz37V2lu+t0/HKwSJXwpMtR5ChyJbDRQ== X-Google-Smtp-Source: AGHT+IGAEYGxwqyy2N2DJ0dwhKbO5u4ms8L0/6Zz2Q5L2UmurEer9XFShuQSz14YWjhh4CFZRWCG X-Received: by 2002:a05:6830:6509:b0:6e4:64e6:c1a6 with SMTP id cm9-20020a056830650900b006e464e6c1a6mr1335200otb.22.1709196367102; Thu, 29 Feb 2024 00:46:07 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709196367; cv=pass; d=google.com; s=arc-20160816; b=Y9aGmDvA1drV1Udl5x20dG4BX9j6+XAcZHeaDpcJpbCPGLlGE4d8qLBwO2g/AsHO9m 7DLgp8qFyDC/MfWzsnR69zJu9IkP5EhNkB7IhyNN4wHPH24iWmITMeun2yFi7e9AEmB3 utnvAlxnwEUklk61Mw24DgyNGxAZq1FZRKwTIwIfYqDCUwz6XyJyIbkVYJe4U4TQ4iK1 x29I9ZyG8kLSZnplZ5DOLXtt87UNyPokB64SKdeGs19XRZCL5KttpsyE8fnN9c03Fmgm uB6ISlxI4Nx4X3VCKsBvLEGknp+Q8SS4B3WWUrCDyGShx1qfa/Bzecchu73v5BIIisT0 WSQQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=0nbmZe8QEaav1ovuqZbjAgUYQ4XkI496+ATn2uR+84M=; fh=3ynnNE0lEkjBsJ5xbg51H0hQnqZ5DhcMGpaBecNZL6M=; b=VFiDFyFqA1ih9/LGw5TEW8eNb3AD3tCiJrLnWzBmr53UcaNo2zh8jh3J1sdB17hqgF BryD1rgLvPPXuC/GExhA5QvuaCThB94yFHGkbTQkcI+DWQmKNaXgqYkF7znyJurx/JAM hgsXNR6bnDXKO1sJd0HQ6PRr5t4QqdE1KlBWRtkdewaTJUO59/Qa6sMECDZmyurKIGOB a2KWqlOJXXjtsobfrM4dRdyz3Oxn7YeSG0VgA56Edvu3f48DWBQsJP4xeErWqBzyGN8k iPmQb8qXlWZ1obgY1L6yUZFsjUqGVE5BeL8JZWEFkOjYiSk/QdXZa0hwuJ1tIsFcTlds 98eg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Zjqu12Tg; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-86317-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-86317-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id k34-20020a634b62000000b005dc1004e0b7si945332pgl.100.2024.02.29.00.46.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Feb 2024 00:46:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-86317-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Zjqu12Tg; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-86317-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-86317-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 8C484B253CF for ; Thu, 29 Feb 2024 08:41:00 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7B37E4EB3A; Thu, 29 Feb 2024 08:40:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="Zjqu12Tg" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9D12B3FBB2 for ; Thu, 29 Feb 2024 08:40:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709196011; cv=none; b=kGX8NK62P9GfKirDbEMxGfSrMfI9JeDT2Tg9XhnQCRXw37inRyvY/EfAfHWltiRFtnUmIuJsNlT+DjjGh6LUv4/sq8ejPxnM398tET74GjIQcXb3ibayhpsTvrntDUWooy7HDTQpqUCdmjhe5i++CZvyjVjC65FpMivPSnpzL9g= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709196011; c=relaxed/simple; bh=+HuT2LRY6QwU0cFT8GjgE0l/dgH7Rq+kEDW4d7JHmzQ=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=Zb3RjtiznHeUA9dEcDJVHWbD6idkbUWnXBUm3UAFpEFXbyvOCIF5Lk6t7244SAs+Se7L8dJelDJNqd/JZcKcBggjXABChQYW8+qQN38hXHmt8lQOR6wRrDCkfXy7sluXXwh8Si3w5pdhQC6VJhuAkQTKFpj84JSQEQ/p+s7Kx6k= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=Zjqu12Tg; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 031D0C43390; Thu, 29 Feb 2024 08:40:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1709196011; bh=+HuT2LRY6QwU0cFT8GjgE0l/dgH7Rq+kEDW4d7JHmzQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Zjqu12Tgv7MhcUKMrnHEhL9FoCus8S5+XdK1p6W4JUyGxmEKXebtfVj70CvGdKmml 3KpHt0GZRah5Tb1ZNO+r4/tceSO9I6EwfhMNRdY5owerPwZfEJvxlwAFIcy1Z6GU1W 7sDlKlREHzh32BRMKsZDgb+JjSdYEQDqlKiV1h5U= Date: Thu, 29 Feb 2024 09:40:08 +0100 From: Greg Kroah-Hartman To: Michal Hocko Cc: cve@kernel.org, linux-kernel@vger.kernel.org Subject: Re: CVE-2021-46966: ACPI: custom_method: fix potential use-after-free issue Message-ID: <2024022951-worst-relatable-f4bb@gregkh> References: <2024022720-CVE-2021-46966-1469@gregkh> <2024022902-prancing-judgingly-c9ee@gregkh> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Thu, Feb 29, 2024 at 09:30:12AM +0100, Michal Hocko wrote: > On Thu 29-02-24 06:22:34, Greg KH wrote: > > On Wed, Feb 28, 2024 at 05:14:22PM +0100, Michal Hocko wrote: > > > Hi, > > > this seems like another example of a reasonable fix with a very dubious > > > CVE IMHO. Allowing access to /sys/kernel/debug/acpi/custom_method to > > > anybody but trusted actor is a huge security problem on its own. I > > > really fail to see any value marking this clear bug fix as security > > > related. > > > > It was picked because it was a use-after-free fix, AND it is part of the > > "import the GSD database into the CVE database" that the CVE project > > asked us to do. > > OK I see. So now, does it make any sense to consider a bug fix in a > security sensitive interface (that is even locked down) a security fix? Yes, I would think so! If you see any that we have not marked for a CVE, please let us know and we will be glad to assign them. Again, we do not always know if things are "locked down" or not, as everyone uses our codebase in different ways (we don't have the benefit of a *BSD which does dictate the use cases in ways we can not). If your systems "lock this down" and prevent access to anyone you do not trust, then wonderful, you aren't vulnerable to this specific issue at all and you can just ignore it! But for other systems that DO allow access to debugfs, this might be a good idea to address. thanks, greg k-h