Received: by 2002:a05:6500:1b45:b0:1f5:f2ab:c469 with SMTP id cz5csp1296166lqb; Thu, 18 Apr 2024 06:08:53 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVZH5yfC29ahnDbNBqFhhJkyntaFDPeXrxSDXQ2/Hs+aPxVWBq+57zZAxrTQE+INglkM/nBVMn+2E7iSSmcQIL6XE7Q0lxuvU9nved5OA== X-Google-Smtp-Source: AGHT+IE5tKcAHIBUayOz1x14iXOWrMc7FeulPZ+cVZ1w8rhsk597k8fLA3ttTbnqGykY808SUnhK X-Received: by 2002:a17:902:e80d:b0:1e5:9da5:a799 with SMTP id u13-20020a170902e80d00b001e59da5a799mr3945693plg.6.1713445732967; Thu, 18 Apr 2024 06:08:52 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713445732; cv=pass; d=google.com; s=arc-20160816; b=jxa4lzf5gYF6RqnrD5j7kZgSXkvbI3QZuAxFCA+Oe/+dwBeJGFUSvdzz21FhtWOyYV UdPQBWU7Zu28aL86680X+/mss0LTODFF3/F1diIuAvlGg1R3mirXJYpvCZCbR3pUbht1 Adzmk4pIuQnWDnXOhF2+DuW8y/aOuuUXLylS9ycay09Z8rVX7371YqdlSOsmrNqFd1K6 OYf7Cekng2bd/TOM3r8q8WTCyW8U6o1Q9ytdPdQXOtF4PSnzX1Q0xfRRN0PQz5c7RsWi aJoocJ/JkCnGtMtS80z61m3h/apX0fgvIIyD/oWkNPaZjvOMMu6VSShWNfJMNVDPe6Pl vAUA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=n6OgpF4BkLSVGmYKqfj2QdRxasduwF60H/xBPnTLhlk=; fh=QWsQPiUbrcPl381XGTl7vKduS51B2mA02kWiLPc2aE8=; b=xAlrsUyPmVpvMcAmff0O0mnXTIqxxjWrsl5t1S36bDT27iGHBMRKg6AYPTJ4KuSiBT /OziEULaYJBqhS0xdDc08mBoUrbwEXombtV6duMp2btQ8iIvF+CSwwQrWdoxfmfSJZVK DUgF8sqSe/0jwdus/AdNqNqgFlCj/p7j3OIy7PUb4p0Rv/vIC/0KNp56w+qXWqCkxCLe H5QObB+mVXyZG5pS9zniHbHE/5s6FqadQxKTVtiDqCtgofKQeSebXqC4CX7yHBtrprgE aeltFCsPcQQnUOEI0o0s9sr+gMnGF8b7OfgHQ6Uk/AJxSTctB9WObW7LjEgm7DkYB9ZS QGdQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=i6lhbbli; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-150130-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-150130-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id z5-20020a1709028f8500b001e47d98b4e8si1366943plo.183.2024.04.18.06.08.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Apr 2024 06:08:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-150130-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=i6lhbbli; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-150130-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-150130-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 2F2D2B2332D for ; Thu, 18 Apr 2024 13:05:41 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5731115D5BE; Thu, 18 Apr 2024 13:05:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="i6lhbbli" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6D149823A2; Thu, 18 Apr 2024 13:05:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713445511; cv=none; b=iOWrh4BTsCm6AlvX8amZfg3vM2oop6Mr5d0+GBIohCEnCTwhTWq2DodX7Lepa8ZwbPvElJEJyEpGre/JDwuKwv2gkDUvyQM1OHXbmzgjr9OJVppv13/hblBfbOOoBu5L7T9MJTijuklrOqJy6ePWuwGq11yuDVzatpVotkUdCC8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713445511; c=relaxed/simple; bh=/YTnzTdSJvLIjLVY9xkySWIzZVL5MmYbQ5Xj04YwmGE=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=i5QZtw4aYbSqDqevgaQNm+55+KmYZsb3oblHS7dOHzENYb293GsKtSnPuoeTi4oK4Eejv0Zfd2Uc0xMSL+0VZ/jcjAhh+ESZO/zAbO/VwIcQV47ypKVqXpVqZQw2Twhpvw3HV4MFIZfvwt6nUVOTVbNFJLxFtFUnT2zWTo/64dU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=i6lhbbli; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 83E42C113CC; Thu, 18 Apr 2024 13:05:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1713445511; bh=/YTnzTdSJvLIjLVY9xkySWIzZVL5MmYbQ5Xj04YwmGE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=i6lhbblifKvBcWoavr4IwlPzecequr6p7sFQL5ULI2LzPNGPCjTCRY2nferSb/6en 0BFYwSMsDSRCdubRi8RCHKIhsAjVhVFAz39f45xTP8oJC673DiVo0P8vbTHpKWt0i0 QxQ/g8zKw0MaOUaZtcgKOD8EDnnciwC3Yyh4vI1I= Date: Thu, 18 Apr 2024 15:05:08 +0200 From: Greg Kroah-Hartman To: Jean Delvare Cc: cve@kernel.org, linux-kernel@vger.kernel.org, linux-cve-announce@vger.kernel.org Subject: Re: CVE-2024-26827: i2c: qcom-geni: Correct I2C TRE sequence Message-ID: <2024041842-handrail-distaste-259b@gregkh> References: <2024041703-CVE-2024-26827-67c1@gregkh> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Thu, Apr 18, 2024 at 02:56:33PM +0200, Jean Delvare wrote: > Hi Greg, > > On Wed, 2024-04-17 at 11:44 +0200, Greg Kroah-Hartman wrote: > > Description > > =========== > > > > In the Linux kernel, the following vulnerability has been resolved: > > > > i2c: qcom-geni: Correct I2C TRE sequence > > > > For i2c read operation in GSI mode, we are getting timeout > > due to malformed TRE basically incorrect TRE sequence > > in gpi(drivers/dma/qcom/gpi.c) driver. > > (...) > > I was assigned the task to backport this security fix to the SUSE > kernels. However, from the description, I fail to see how this fix > qualifies as a security fix. I can't find the reason why a CVE was > assigned to the issue. > > What is the considered attack vector? Or if there is no attack vector, > what consequence does this bug have, which would put the system > security at stake? We reviewed this commit as fitting the fact that timeouts due to malformed messages would fit into the definition of "vulnerability" in the CVE world as it would cause a system to incure "negative impact to confidentiality, integrity, or availability". If as the i2c maintainer, you don't think this would be the case, we will be glad to revoke this CVE and just mark it down as a "normal bugfix". > From my perspective, all we have here is a functional bug in newly > introduced code. It's not even a regression. Regressions are not an issue for CVE assignments :( thanks, greg k-h