Received: by 2002:a89:d88:0:b0:1fa:5c73:8e2d with SMTP id eb8csp983759lqb; Sat, 25 May 2024 00:15:45 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXhPuZoOpMkZRc5cwTiRzhc3bE+x6KApOtZVgB7SkVR+veFcKjUq7ftycpZPu/R6Cd0eQ/fr1AVaNY3x+2g2Ywd37qg9yo7UX9r6Ln/MQ== X-Google-Smtp-Source: AGHT+IEZzwDc9rI07tsQQHYy6rESHwueB5M6SK/WC6/JC7NvVAF6s/Omk9LqDRoScIyEN41lek3w X-Received: by 2002:a17:906:27cc:b0:a5a:3579:b908 with SMTP id a640c23a62f3a-a62643eb6abmr264742066b.38.1716621345157; Sat, 25 May 2024 00:15:45 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716621345; cv=pass; d=google.com; s=arc-20160816; b=GvsjArqwxPdTWC/ImvJd4w9balZbB3Vea9Mb0pHlNAukiBtTtJCI5DbtGwPH29zEVw pFt5YBC+ot81LI0YV908NNICPSLjrKhe6jkVwdhuEe6cXBfNJzP8cyJWjRIVSfUnYR8D wJ9o4kfto3OOxyCmuuDNvNQpr55D0dQIPzv/l0AGnI/dNM3BsPmacHrZhfWN6P6JDuPi sLJGP4mxRI11ZLFgGUaKFM0p9G6cv3X2/kkbhnmX/VFZmQfNTSDyHvVaevPhhH71eioV d1T8FL27iAYcurYl28H6HRIKOi0Kem/O26EtnFhIigoy0CbTcr17fIo4rr9UrhT1U9M9 p//g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=0uW/Myz3+cZcLRcuEBxzMgIEe4d+StWfv+KAW27rEZo=; fh=sguonWlCONvrf4iGNMC3ZR8Aa1yAhBjCbWWK9e45ZfE=; b=hEGA5OtVIVMdAuX+5Z48y9dnftSyVEj9zPTwHx+NJncaSyBN1y3O2gtG++2DkGxx9S R+R9ok6ipo8Dk9h7D2jmFo0yYd7rijdG3QkrYFa3CiwnuIuD4ukas6QKZNpLX5eGDvkd 9ybjIClMF+sBguMqWG0e/0zWmDH8wPO9xPsjZbj+xVDbJBEibXMevhYE4VALd8WtevLJ a/Kfn7LGMI1C0A39o8cBsvB/A0tpFg/BOO2oivbvxqcG3dLxKINQRbk9vgCXdFRjUwwM H8iEy6kpS0Erv39pDVFHsNu9vvvR3ZQQtT5q94VNFMB9N7VW6UnLNG/t9yadQ+yEQp/f WSQg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=A8nGoJQm; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-189300-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-189300-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id a640c23a62f3a-a626c9134b8si157453666b.226.2024.05.25.00.15.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 25 May 2024 00:15:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-189300-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=A8nGoJQm; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-189300-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-189300-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id DF9771F21C9E for ; Sat, 25 May 2024 07:15:44 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 78C25FBF0; Sat, 25 May 2024 07:15:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="A8nGoJQm" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7D5251C14; Sat, 25 May 2024 07:15:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716621338; cv=none; b=JD9BZ6x80Hb1EPkfblFeNvZmKnrRDKS07aokDbRw2o11iA+9R+rrwaAV4pScDe+Xr/g9ssisBK/Hw49DiEkRTjCiTu4e5DZ6zQOonhrythK6EhWOU8oGksof3XguD7ayVk3Qao4RvjIfEyXywF/MkuAiMRsWdYPstfGSMrLDWh8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716621338; c=relaxed/simple; bh=C7BgGEUfWHbQ3EXaQ35fF08JLyI4lzFZ/v2XJNzTZ6s=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=FT3XGueSfcl+ipuYgxgP+NWWHrGVYAhIXWMM5EHdEf622UxdLykt6+brVw2eIYyjPrnmJ2JLIpuKWtQpTzWzCXvIR7IpEBwJyYgsAvpJyVYiKKx4YO/4q3aJxs6LrpP5XlXY9MnyYAxIZTi210/McmfqvxsvqWTN9Ws2emCzUJQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=A8nGoJQm; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 91F75C3277B; Sat, 25 May 2024 07:15:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1716621338; bh=C7BgGEUfWHbQ3EXaQ35fF08JLyI4lzFZ/v2XJNzTZ6s=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=A8nGoJQmkCxVF34se93KQ0DgjzCOwYJ2CcADg3Zmchg8/MF9FT8b7QSTrppaCfgP9 URDJwc2tuZfu4hXpAGrgnAYQXYn4tvmT8/GaihDE/1CJC22KfMENUVcx35ts51TK4M M9QCvVIM9qhSfTV8D2D2yEavX7vX7QbQauZiPYJ0= Date: Sat, 25 May 2024 09:15:33 +0200 From: Greg Kroah-Hartman To: Jens Axboe Cc: Gabriel Krisman Bertazi , linux-cve-announce@vger.kernel.org, cve@kernel.org, linux-kernel@vger.kernel.org Subject: Re: CVE-2023-52656: io_uring: drop any code related to SCM_RIGHTS Message-ID: <2024052542-diner-snare-a618@gregkh> References: <2024051338-CVE-2023-52656-6545@gregkh> <871q5rqhuc.fsf@mailhost.krisman.be> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Fri, May 24, 2024 at 10:57:07AM -0600, Jens Axboe wrote: > On 5/24/24 10:45 AM, Gabriel Krisman Bertazi wrote: > > Greg Kroah-Hartman writes: > > > >> Description > >> =========== > >> > >> In the Linux kernel, the following vulnerability has been resolved: > >> > >> io_uring: drop any code related to SCM_RIGHTS > >> > >> This is dead code after we dropped support for passing io_uring fds > >> over SCM_RIGHTS, get rid of it. > >> > >> The Linux kernel CVE team has assigned CVE-2023-52656 to this issue. > > > > Hello Greg, > > > > [+Jens in Cc] > > > > This is stable material, but doesn't deserve CVE status. There is > > nothing exploitable that is fixed here. Instead, this commit is dropping > > unreachable code after the removal of a feature, following another CVE > > report. Doing the clean up in the original patch would have made the > > real security fix harder to review. > > > > The real issue was reported as CVE-2023-52654 and handled by a different > > commit. > > FWIW, the same is true for a number of other commits recently. They are > nowhere near CVE material, it's just generic bug fixes. Ok, glad to revoke them if you do not think they are user triggerable issues. I'll go reject this one right now, thanks. greg k-h