Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp358224lqo;
        Fri, 10 May 2024 01:55:58 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCU8Vh2eQHtvspVmoUCuT5o6+fwZvlIF/PLpLBHt5oRDIWQU6zBO8QsDNLqOfH3qI3StluqySqlZa8q0V8RnftnAED6XUESnNGy548iuMA==
X-Google-Smtp-Source: AGHT+IGs0KnPkTpY6DoT7Ygv4wdPtWYYn4vRBYQBqMDYxbit12g2uN+YmNyqbQ5V5V4C3pKeGUs0
X-Received: by 2002:a9d:6648:0:b0:6ef:9dcd:56ad with SMTP id 46e09a7af769-6f0e9304159mr2066275a34.38.1715331358256;
        Fri, 10 May 2024 01:55:58 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1715331358; cv=pass;
        d=google.com; s=arc-20160816;
        b=qUs8h+9ZE3K5JISmqPAziBNlN2OQeHO+kGQHsg5oMmNbqWALocrEMfG+EFYUR+8iYD
         v6wNWjZcxYwYdl1JefJAGXCaM78lRp5ZPbS8y65aLhId0ZuqawnzKrUY+bPgLZqgyKBz
         c362/Axj1URyl0Z9bCn3TGvyuxO11K7LVc3ae+gatgodZF3V41pGtP5p05gZlnJO4obi
         uIq6jMLzCC5fv2ddkyc3UO65x/Ny/dbUPkH1YlDazDnhWCwm/uJ0/NqMbk4cKo3Z6om2
         skU5rOudxDXCAWPYcfJZZup6fp04fvVPi8/k1jOHjWqqpcwvc/C3RPZZsV2n2oWiY3f5
         PpFg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=euus2leU11iheXQE5NvKEjJ610oq6xjrZrSTxGyP4c0=;
        fh=Uojkq1yCyUmXOn7v5MlYalb5KDehpPx6E7ZBjQyU7Ig=;
        b=ebL7XYOQH+8j850BuH5oXPtz8KmoMRXYczl6JCwcASEOdWTyIWb4v7vNLr+2kbp8Sv
         Z/hglDZYa55CSmAaYIQ9RuV7heFmSSxXa3Q8l9jPRupyaCZhiZJk31ecUIhNV947aKrk
         qC7cZxv5PEv7Y0SrR4AbqSnGcFSgYPWmW9wNLFeU1LdHrCzImzmjhn2Z4RVJWbnRobVV
         Linb5RRJih2J/3NrN6Ab6vUrauVTM5gmpUqQv+QjUZnzekTgkp9OWUuKYPQl+5fKbbJL
         UbNDkvwV3ctOjSISd5Hdq98xcpdryBf9LTJGuf7paxSnzwEDtvpSUOuEZsEAB5e7MbQl
         66nA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=za6brFok;
       arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-175468-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-175468-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel+bounces-175468-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id 41be03b00d2f7-63413d72bc4si3101329a12.871.2024.05.10.01.55.57
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 10 May 2024 01:55:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-175468-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=za6brFok;
       arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-175468-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-175468-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 59DF6283729
	for <linux.lists.archive@gmail.com>; Fri, 10 May 2024 08:55:24 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 15C1315FA87;
	Fri, 10 May 2024 08:55:19 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="za6brFok"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3B08515F3F4
	for <linux-kernel@vger.kernel.org>; Fri, 10 May 2024 08:55:18 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1715331318; cv=none; b=tKvYE6NrFR09Wt8P2KObhOTUsmHP4v8XRBwIO5FUjkVJ8vBCq7IT43W8Hsb1+ve7dUb7aMA6rJauwAWtGwxWDkPIsIVdZloPcNBd9d+3AXITiy9PxGIpgmGpffO+1dTuiEKaOlTXCA6ujNvM+Ub5Kr0lj3Lg5V4wtWl/xD+G4E4=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1715331318; c=relaxed/simple;
	bh=2uD1DSQkQSoLYjXK/GmIaqATLV+VdQHgOkpAJbcFPSE=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=Xz+ob7sc6f93XdKaB/sW6ytXJiJ7XZ5/GcOJ2XTTlwPnMJhNVHoM3l5h428L2UkSNYpWihzcVx4d5F7GaoT3N5hRpBtimrHUchPTr8bs7psMfjQvcfEHeHfbJjycLZwuzliaBaZwUsem/b6dmUJzcge0snWlxx/oQlMIPVyxL+o=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=za6brFok; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 658BEC32781;
	Fri, 10 May 2024 08:55:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
	s=korg; t=1715331317;
	bh=2uD1DSQkQSoLYjXK/GmIaqATLV+VdQHgOkpAJbcFPSE=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=za6brFok07bQy24QHg3di3QXNvpCFZBFf5T9tk36AdHCtPi0vJCKYBUANN/T6vhu4
	 zL31FKBLwsBhE3tIsQfqQtNcqVtSKrFes+dZr9FRiCSQ6O5dyzbE35buHnnxkOyRmg
	 C6zPTUTGjBrBoBKFAXEB2jEzUIwLXWvsuDUhk5ug=
Date: Fri, 10 May 2024 09:55:15 +0100
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Dominique Martinet <asmadeus@codewreck.org>
Cc: cve@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: CVE-2022-48655: firmware: arm_scmi: Harden accesses to the reset
 domains
Message-ID: <2024051041-resisting-chatroom-32c8@gregkh>
References: <2024042859-CVE-2022-48655-5feb@gregkh>
 <Zj2Qrt6_kJzqA0-S@codewreck.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Zj2Qrt6_kJzqA0-S@codewreck.org>

On Fri, May 10, 2024 at 12:12:46PM +0900, Dominique Martinet wrote:
> meta-question: I've had a look at Documentation/process/cve.rst and
> while it describes how to report newly fixed issues, it doesn't describe
> how to add informations to already submitted CVEs.

Just email us!

> For some reason one of our customers saw this CVE through some news
> outlet and asked us if they were vulnerable (NVD flags this as
> high[1]...); so I had a quick look at the minimum version that could be
> updated for everyone.
> [1] https://nvd.nist.gov/vuln/detail/CVE-2022-48655

nvd is funny in that they have no way of knowing how any of this really
works, so please treat it as maybe a hint, but no more than that.

> I can submit an edit as a patch to vulns.git json, but this doesn't seem
> overly important so for now a mail will probably do.

the json and mbox files are generated by tools, so patches to them is
not a good idea as they will be overwritten the next time the scripts
are run.

> Greg Kroah-Hartman wrote on Sun, Apr 28, 2024 at 03:05:16PM +0200:
> > Affected and fixed versions
> > ===========================
> > 
> > 	Fixed in 5.15.71 with commit 1f08a1b26cfc
> > 	Fixed in 5.19.12 with commit 8e65edf0d376
> > 	Fixed in 6.0 with commit e9076ffbcaed
> 
> These commits lacked a Fixes tag, so this CVE does not have a minimum
> version.
> 
> >From a quick look it would seem it fixes arm_scmi from the addition of
> scmi_domain_reset() in 95a15d80aa0d ("firmware: arm_scmi: Add RESET
> protocol in SCMI v2.0"), which first appeared in v5.4-rc1, and does not
> appear to have been backported to older kernels, so v5.4+ can be added
> as a requirement.

We can add a "this is where the problem showed up" if you know it, so
that would be 95a15d80aa0d ("firmware: arm_scmi: Add RESET protocol in
SCMI v2.0"), correct?

> This means the current 5.4/5.10 trees are affected; the commit doesn't
> backport cleanly because of a trivial context conflict so if that helps
> I can send a couple of stable patch if that helps even if our systems
> are not using arm_scmi (CVEs also don't have any way of expressing
> whether the affected driver is used (or even built) at all, so I guess
> people with affected versions will have to check that themselves...)

As everyone has different configurations, yes, everyone needs to check
themselves, there is no way for us to determine this at all.  But we do
list the files affected, so that should help you out in determining this
automatically on your end.

And yes, backported patches would be always appreciated for older
kernels if you have them.

thanks,

greg k-h