Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Mar 2014 09:04:34 -0800
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: staging/cxt1e1/linux.c: Correct
 arbitrary memory write in c4_ioctl()

On Wed, Mar 05, 2014 at 05:30:22PM +0100, Moritz Muehlenhoff wrote:
> On Wed, Mar 05, 2014 at 08:23:53AM +0100, Salva Peiró wrote:
> > Hi,
> > 
> > I've found a vulnerability in the staging kernel tree,
> > Can anyone assign a CVE ID for this?
> > 
> > - staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl()
> > https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?h=staging-linus&id=084b6e7765b9554699afa23a50e702a3d0ae4b24
> 
> I don't think CVE IDs should be assigned for vulnerabilities
> in the staging tree. 

I'm happy to agree with that (as the maintainer of the drivers/staging/
tree).  Please note, that if a user does use a staging tree driver, it
will "taint" the kernel with the "TAINT_CRAP" flag, and tell the user
that they are on their own.

But I'm not in charge of CVEs, if people are looking to create a ton of
them, feel free to assign them to staging tree driver issues... :)

thanks,

greg k-h

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ