Received: by 2002:a89:2c3:0:b0:1ed:23cc:44d1 with SMTP id d3csp320695lqs;
        Tue, 5 Mar 2024 03:08:18 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCWjzJyy2gL2nw7JqspE/2E73G9sIoHjTU9t6c6Fd5kXFsZ4RIHmSn/nJZc4E12G7P/wl2j/5p54tGQ1djTAm2WHPUbc4x52nBr/ZhzeiA==
X-Google-Smtp-Source: AGHT+IEiWzZ6KbyFMHeqI7brnw+bvVipxzQYro6DJv6uPsIgaGmyDOoe+ufn2qW1KZUM6vqKWt9a
X-Received: by 2002:a05:6870:8091:b0:220:bba1:5c92 with SMTP id q17-20020a056870809100b00220bba15c92mr1369605oab.38.1709636898643;
        Tue, 05 Mar 2024 03:08:18 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1709636898; cv=pass;
        d=google.com; s=arc-20160816;
        b=Y+WPxbOfHLounyKdoDG/gHUzMbLw5aFKJerbxHaxjuEn187ss2z4Lttv8beUY+wUBD
         yj4NZYfzskpEX39FW4MfzL5Qluab5A4mvdOqrJ6/FzcB83KT8eouct7AxYHSTEyiphIN
         ss4q/CCup5Tz/bylXkWunakU8aKWm8cT7141zhbGMoPJfMZiVOpc3JhpfYLwdQx8axrf
         dCr2jw73K4k+4gib3miA+Oi++qwWGlXDHh2f0V8Zx9SWgu5hkKn1gAvrtzBhmqkBt1Bw
         0GU2JaKOguPte7DOqaXVq2G0yQgL+1KfpMcgJO3ngQ1d8RhAMfI5Bg4oMtCUK4woHBPo
         eF0w==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=0bTx0qIWch2XJ6Qq/QTtN6OfR8Y0/Qe2tWvgpTiYc68=;
        fh=PZ3LX9lkWq7h4z1JzXQh+S/IRrGU6CGbDCj/IDqOY/I=;
        b=JoBoxAte4jczigGYBx2bSGfBJfgs2bozn9w5lSkbHBUyj54VeUkFSWw2Ack7UUu8yj
         v78ePIQYx4Df7xMUGkio1NjnUJDl+AW3d3NNgIPDmN97DDXaMaXKC4BaC71t/EDRpaE0
         EtkdHbPJ9C/xMSeQn4WapiEScucitPJLZtTM4J1gCNW8Qnk9zb4rANuAM4QjeHoiegRj
         WJp6u4aLLDS2BLYCgHniqmRQ4EBGy9O0xEq+IV88hgiPTZCrVQcZssnfRkXoESrJyBsg
         WFDSDmzctzHrAfyLv2CpcjGCOub7QThpkm8TConvc7F3QRAunK6X3rKqfsy+0WIPBJGc
         NYXA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=n5wRjrgG;
       arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-92217-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-92217-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel+bounces-92217-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1])
        by mx.google.com with ESMTPS id b9-20020a05620a0f8900b00787ef82563fsi11251195qkn.94.2024.03.05.03.08.18
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 05 Mar 2024 03:08:18 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-92217-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=n5wRjrgG;
       arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-92217-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-92217-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 5B86B1C231B3
	for <linux.lists.archive@gmail.com>; Tue,  5 Mar 2024 11:08:18 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 5DA72548E2;
	Tue,  5 Mar 2024 11:08:13 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="n5wRjrgG"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 55D3F1DDF4
	for <linux-kernel@vger.kernel.org>; Tue,  5 Mar 2024 11:08:12 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1709636892; cv=none; b=C/eyF/i9KHnm8hRlgDbU1szDTvW7YyXIfkfIGRIGj1yK/zM9ADBslccUUSRFob3yMOEiIB2g+qrbtboF30AzAnWwcH2QO/n90m+gbB+UUBW17YvQh0OQpTv1xke7ol/wRuyuuAxph+lHue296kq2niuz7qAZU3Sk2LahOh9LFFk=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1709636892; c=relaxed/simple;
	bh=phnS/eb3ryeT8pmktBTMQyFmxw0iU9seASjgAojYFjM=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=aFpFhQc+3XBplMUhwonp3fSkDp0EavW3IXG6/aJ45EqN7rytGQXBoG2vZQu5o1xqK1K1x2U6qRKzDVuAYlIzzobYXS3lb53wKuVApgyCWMf4QkdmJo1wWQ1IKU1LUMNeHMMpXHobqS3pEVDmPBDTFNpFQm9OKYP5rvpYOU6UJaU=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=n5wRjrgG; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5C0A3C433C7;
	Tue,  5 Mar 2024 11:08:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
	s=korg; t=1709636891;
	bh=phnS/eb3ryeT8pmktBTMQyFmxw0iU9seASjgAojYFjM=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=n5wRjrgG5mJbK6zn1hkmXL/ckxxlUJvr5BC1grn17B9Rv8h4WwMAmpOXF/DCgYx5j
	 33RV1eS3YNcPtkSWEnth8E1/r+Xdpd+yQZsGUBhaBVrt8D03SVfLDZezRLyA8tqVBb
	 fQ4B5TmnCjSb3NVNu91I39N9io4oXZw0djdGPTo8=
Date: Tue, 5 Mar 2024 11:08:09 +0000
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Robert Frohl <rfrohl@suse.com>
Cc: cve@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: CVE-2023-52572: cifs: Fix UAF in cifs_demultiplex_thread()
Message-ID: <2024030513-unburned-eggplant-a218@gregkh>
References: <2024030256-CVE-2023-52572-2b92@gregkh>
 <ae3d431d-d93f-4fe4-99c9-7157bebaff79@suse.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ae3d431d-d93f-4fe4-99c9-7157bebaff79@suse.com>

On Tue, Mar 05, 2024 at 11:38:49AM +0100, Robert Frohl wrote:
> Hi all,
> 
> this seems to be a duplicate of CVE-2023-1192 [0], even though NVD lists
> another, wrong patch. The RH bug has more details [1].
> 
> Cheers,
> Robert
> 
> 
> [0] https://nvd.nist.gov/vuln/detail/CVE-2023-1192
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=2154178#c28

That's a mess.  Please have RH update the json entry with CVE with the
correct git commit id and then I'll be glad to revoke this.  The
information in NVD is not "real" from the point of view of the CVE
database, so I can't take information there as being correct, or not.
As you know, NVD is just an add-on for CVE entries, one of many created
by many different groups/governments.

Until it's fixed in the CVE database, this CVE should stand as it refers
to the correct fix that people need to know about, not the incorrect one
in the RH-assigned CVE.

thanks,

greg k-h