Received: by 2002:a89:2c3:0:b0:1ed:23cc:44d1 with SMTP id d3csp939144lqs; Wed, 6 Mar 2024 01:04:17 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXUdNmNra/p2QIBULCaOFFMureslbee4iRETmkCvJOq5y3Qgx5B2G0ggI147mq9HhM8MvLRoRd4+Fspf7awaT+WrZeI6t7QZdL61HMDhA== X-Google-Smtp-Source: AGHT+IHw4xp9ZtgXojiEUPnanbf+RBCvqEWaj+uuU4Y0nESDMfW7LYscw3RC44JnhKS4O7P2fSbI X-Received: by 2002:a17:902:8545:b0:1dd:eba:e744 with SMTP id d5-20020a170902854500b001dd0ebae744mr3819633plo.53.1709715857551; Wed, 06 Mar 2024 01:04:17 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709715857; cv=pass; d=google.com; s=arc-20160816; b=N11slu2ZafTUZiDl5Jlga5XGAubrtIaogChzyV+N/zCo5rhLBsBumk4i8s9VP+SUty zCH+P+LvtyiEytGbaIQcBWeSQIATppz20s8tXKP0TunyWyQ34DEI2x2Q0Pqbf91RwoXk mmaSBOBsEsykPja+oDQ3DvlHFjE/ImhInroIQIvDZmGKkHOfHPAid9CwMbX1fjNNxYG8 YJ1bJZgW+mzNZP+csfw1psuKm6JwtTuMz8cwipsm97mtBFZ6ys0uaBWpdlrjD7xdT68Q PlxtlmAK+KyfA7d5ypCNxKZ4tUukXqlXpiCkPQClRFU4Hhl8NAxOZaKCxP2164IDUXyd bwRw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=vLVZw+8uInj9jo39dER+spUcYCnTyzjafbpG8avcccw=; fh=3ynnNE0lEkjBsJ5xbg51H0hQnqZ5DhcMGpaBecNZL6M=; b=erSVG7/wrYnmuqQA+059f3P5N3mDKcggnxecquIdN841MHZY1zWbXR9zxuBU4psTnJ 0aPjznZqLjHvkjm9oO/Ot+V+vxmMSpBv6UpklW+G5GW940459q3y+TPvQEKt9xsciOVo lXKAYxS7nGl9FgpP29duX4+fmTpsG6UPYt5KhakV9hKXP8jzQJSjT12zTtt+J+Eh2nHm N/IOQYQjX9y6JDQ/iBlWiagH1P9CQmpUzA1O+g6G5S80S2gm7opdCSOKy1MEOY5A8RHj WviGQElWMjopM4QVg6jfg/t87+7oDH6cPq2TNc+JFs6pjs4UsNJP+BddSBP8lWTmx0aU fh5w==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Ev4aG0JW; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-93523-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-93523-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id q8-20020a170902a3c800b001dbfaa6d4absi11399077plb.596.2024.03.06.01.04.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Mar 2024 01:04:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-93523-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Ev4aG0JW; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-93523-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-93523-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id A7B97B2382C for ; Wed, 6 Mar 2024 08:42:17 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BA62D5D8EA; Wed, 6 Mar 2024 08:42:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="Ev4aG0JW" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AEF9E5C604 for ; Wed, 6 Mar 2024 08:42:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709714530; cv=none; b=EoQ2lgQ2NY61h7lSs8JxaJaMKLrq4wolmlYgZoOvahnNvnV2gFNlJ6jmus2JZuAr9bP4ZNZ2iQ4pWiQdI23lUkK+maYpVjybcXm+2Je6sauA2uImvwRdIV79NZqAKFcl2Ib7bYFzM5pieNh+g/1ibLsbVWJkNBM8nPLvZ5cPTp0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709714530; c=relaxed/simple; bh=huPuWCGUcJRri8JOs7T4zB4hRAtclLeB5d+5GT0G9rg=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=KabNaXz6g4C9EcP1SvUKepCchtxaSMkacLtbJA6AuuYt2sIhfUWkDLIGKI/907krcVxXq+QgvChmOseyU6A0Tefmj0BGGe+7ll568CNY9qrYn5nsfo5smz6bBAnZM8M0izGh4MqDnCy613RWXO3PmLtYwDPzwXqzEUTdqK6tNrs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=Ev4aG0JW; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1ECFDC433F1; Wed, 6 Mar 2024 08:42:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1709714530; bh=huPuWCGUcJRri8JOs7T4zB4hRAtclLeB5d+5GT0G9rg=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Ev4aG0JWgPk6JJXixEw8WB8zmaHFScMG/2rtF78devL4/1DJzawwtxumRFzei8P9j r/N13EuE3z/xms8wFHFqLz+mY4l4Aimj1Ce9HzR4ylPyNKaaZwJ+MR6Rwk0YmWsyGc 6++mvELEWh2cDvGncE3iOXEMop+Wc9kJg8tSb6Fw= Date: Wed, 6 Mar 2024 08:42:07 +0000 From: Greg Kroah-Hartman To: Michal Hocko Cc: cve@kernel.org, linux-kernel@vger.kernel.org Subject: Re: CVE-2023-52560: mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() Message-ID: <2024030604-unstuffed-grant-758c@gregkh> References: <2024030252-CVE-2023-52560-c3de@gregkh> <2024030527-sinless-platter-510a@gregkh> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Wed, Mar 06, 2024 at 08:49:42AM +0100, Michal Hocko wrote: > On Tue 05-03-24 22:25:11, Greg KH wrote: > > On Tue, Mar 05, 2024 at 05:51:11PM +0100, Michal Hocko wrote: > > > On Sat 02-03-24 22:59:54, Greg KH wrote: > > > > Description > > > > =========== > > > > > > > > In the Linux kernel, the following vulnerability has been resolved: > > > > > > > > mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() > > > > > > > > When CONFIG_DAMON_VADDR_KUNIT_TEST=y and making CONFIG_DEBUG_KMEMLEAK=y > > > > and CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y, the below memory leak is detected. > > > > > > This is a kunit test case AFAICS. Is this really a CVE material? > > > > People run kunit tests on real systems (again, we do not dictate use > > cases.) So yes, fixing a memory leak that can be triggered is resolving > > a weakness and so should get a CVE I would think, right? > > This is stretching the meaning of CVE beyond my imagination. Up to you > to decide but I yet have to see a real production system that casually > runs unit test just for . I know of at least one place that uses kunit tests in "production", and I know of more that will be enabling them in newer releases, so this is a real thing. Again, we just mark "fixes for a weakness" as a CVE and let others decide what to do with it. thanks, greg k-h