Received: by 2002:a89:413:0:b0:1fd:dba5:e537 with SMTP id m19csp166891lqs; Thu, 13 Jun 2024 07:03:58 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWwcr8KrwokJgHL46Em0DgWVn66xFeEev14C8GiY4vhNbm4CTz2MTBZL5W4utSDnrGbnlY10UCM0N/aMQyLl5GUId9qlJP4c0DVgxs/7A== X-Google-Smtp-Source: AGHT+IEnrWmqaXWvak1qZo+aF1a7O7qQuFAhNeY92EcG8OMYYJow60hTst58fubpFFn3CU/fbV1/ X-Received: by 2002:a17:902:d48d:b0:1f6:7cc9:fb2c with SMTP id d9443c01a7336-1f83b7a16d0mr54455185ad.49.1718287438007; Thu, 13 Jun 2024 07:03:58 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1718287437; cv=pass; d=google.com; s=arc-20160816; b=pPyN+V1prRZioOhqXgxwQcQvXLJxtpmzWFVMXbyw7BmNoivfBLZTNzRwd7pXX43FPo 0gJm8sZfp4mwSndfNgN3gMdCXvri5Ni/pInHcjPdJ+3NX0KBgldm6ldiyAuULE0VzeBa IlUYxjr/mpS15xsF/YWYDFvOxPeVYJWiKXI8O9SpvY0NZiaj1fZHck0Z5bDeXiItTmkP xZ3MlexTgemt3raex1znh0Zr+J0+QbhOq2LXUBKv+WN8dwGA+CNPv6GkbZLk4gwIhMQU g3zwwUO6kvl7OR2RXBEreJiz0TrXkXGIO+1gTaBwkDTdqa+YGmgUp+hLZeOyMhGsQ+L0 WCZA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=GMzdYOnB5WnKhmFfwgaul0S0rg5ML2Nk+V9dgw6616c=; fh=37LpQXYGj7+8uwUe+wXIyu4FgZXjjI9uDpdnnMRl7Ks=; b=Y+GUG6wPnldEoJ2zJm7IIXNFZYn4R06Cc1a29MI2wYRRtKTFSqbKMTyqR/N5rEL/4Y mg+dZmIUvknA+oSZb/aJD6VD5t1WDFD16JbMixeipj3yGw0b/AO6aU+rRKpXrVkAkrK5 pMQcnsLXDaiTDZ9Momq5qXlHFFJBT5Vn06TTyF5UoCii3g/FJa+DkF79jWccv6QRGYc1 taSSJHnkrwibo06UlIgPCqM6yn6TW3CViWjC+P9tBqFyhHbjYftF3tU4ZL6oQjUHGqQZ LLle7cWtGhlUjtX2qYZbBHBdZXhsZvcFTWZTi+i2ZssjQRZm11hEa53Lc5izDf7vBJzH cbpg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=HUMiz+ZV; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-213386-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-213386-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id d9443c01a7336-1f855f0490dsi13591645ad.524.2024.06.13.07.03.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Jun 2024 07:03:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-213386-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=HUMiz+ZV; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-213386-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-213386-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id DE1EF2826E6 for ; Thu, 13 Jun 2024 13:59:10 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id AE88F144D22; Thu, 13 Jun 2024 13:59:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="HUMiz+ZV" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CFEFB139CFE; Thu, 13 Jun 2024 13:59:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718287143; cv=none; b=FV644LJh0meeZqtH2I2vMljVfihvzYEc+0vaKDerp3BEn/bw/3H+GvyXCdvTztVfqmjD85NmQFPziIwNbYYsv4qHjyPkXVYgdPTy9lbsUquWcHluqpWuD4ACuRKCW7m0i6bzAfL4B5bcX7uP4+MnRjynfegULJqjAxHoMv4hHbw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718287143; c=relaxed/simple; bh=cvzl7oxeW0ZrGo1HjKtsJxQN2aBSgKyqdnK9ah3NI1w=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=bmkibTcPLsDCk2WtwMbxXUpCdcQeOXgAE2BLxBfUDtIWK/WsnrWzP65u4Ak9IwvvZfAgx8ynz+lk70h0m0e90wCJ4DTZGm9BaIpcfB5anUCx5NrJBLx7O244CjXKwMrHvwnAnD9crsaXps2cIwXvu51ai2m6Y51m7Iwc5iy+wJE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=HUMiz+ZV; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 23B6EC2BBFC; Thu, 13 Jun 2024 13:59:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1718287143; bh=cvzl7oxeW0ZrGo1HjKtsJxQN2aBSgKyqdnK9ah3NI1w=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=HUMiz+ZVjwDgIXB6hCXRizbGhUrbxEEjSOc6SwM6+MDWq02Kb5OcuwvN3eR9lGACi OmaXsoZItLjgcU0MiYk1XOGIfLnc/Cw8oXqCwgy3TUx+m4Yc8HMAevlqLy9mrsD2J5 S5OkyP/VcwN55ABbeRRXKY+GvBd2DImAkX8KFJoA= Date: Thu, 13 Jun 2024 15:59:00 +0200 From: Greg Kroah-Hartman To: Vegard Nossum Cc: cve@kernel.org, linux-kernel@vger.kernel.org, linux-cve-announce@vger.kernel.org, Guenter Roeck , Chuck Lever , Hannes Reinecke , Jakub Kicinski , Harshit Mogalapalli Subject: Re: CVE-2024-26831: net/handshake: Fix handshake_req_destroy_test1 Message-ID: <2024061357-fencing-pyromania-70a2@gregkh> References: <2024041704-CVE-2024-26831-2e6e@gregkh> <97629d4e-1f3d-441c-b92a-2e8b74b9846a@oracle.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <97629d4e-1f3d-441c-b92a-2e8b74b9846a@oracle.com> On Tue, Jun 11, 2024 at 10:21:47AM +0200, Vegard Nossum wrote: > > On 17/04/2024 11:44, Greg Kroah-Hartman wrote: > > Description > > =========== > > > > In the Linux kernel, the following vulnerability has been resolved: > > > > net/handshake: Fix handshake_req_destroy_test1 > > > > Recently, handshake_req_destroy_test1 started failing: > > [...] > > > Affected files > > ============== > > > > The file(s) affected by this issue are: > > net/handshake/handshake-test.c > > Hi, > > This patch > (https://git.kernel.org/torvalds/c/4e1d71cabb19ec2586827adfc60d68689c68c194) > fixes a kunit test; we therefore believe this is not a vulnerability. Many systems build kunit tests into the kernels they ship to customers (hint, a few hundred million phones have them enabled...) So if your system does build this one, then it is an issue for you. If you don't build it, wonderful, not a problem! But we can't just not assign a CVE just because someone might not build this file, again, we do not know use cases, which is why we have to assign CVEs for all files that could be built as part of a kernel image (but not for the userspace test stuff.) thanks, greg k-h