Date: Wed, 5 Mar 2014 09:04:34 -0800 From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() On Wed, Mar 05, 2014 at 05:30:22PM +0100, Moritz Muehlenhoff wrote: > On Wed, Mar 05, 2014 at 08:23:53AM +0100, Salva Peiró wrote: > > Hi, > > > > I've found a vulnerability in the staging kernel tree, > > Can anyone assign a CVE ID for this? > > > > - staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() > > https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?h=staging-linus&id=084b6e7765b9554699afa23a50e702a3d0ae4b24 > > I don't think CVE IDs should be assigned for vulnerabilities > in the staging tree. I'm happy to agree with that (as the maintainer of the drivers/staging/ tree). Please note, that if a user does use a staging tree driver, it will "taint" the kernel with the "TAINT_CRAP" flag, and tell the user that they are on their own. But I'm not in charge of CVEs, if people are looking to create a ton of them, feel free to assign them to staging tree driver issues... :) thanks, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ