Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 26 Sep 2023 11:50:37 +0200
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Subject: Re: [CVE-2023-42755] Linux kernel wild pointer access
 <= v6.2

On Mon, Sep 25, 2023 at 01:13:19PM -0700, Kyle Zeng wrote:
> [Patch]
> The patch is to follow the upstream and retire the rsvp classifier in
> all the stable trees.
> And it is queued in all the stable trees, but not merged yet.
> For example, the patch for v6.1 can be found here:
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/diff/queue-6.1/net-sched-retire-rsvp-classifier.patch?id=f75b6fc19b6ec061f59b4e18d72ebb32ceea8587

This change is in released kernels already, specifically all of the
following ones:
	4.14.326 4.19.295 5.4.257 5.10.197 5.15.133 6.1.55 6.3

Perhaps this advisory was written before those kernels were released?

> [Affected Version]
> I confirmed that this bug affects v6.2, v6.1, v5.15, v5.10, v5.4,
> v4.19, and v4.14.

v6.2 is long end-of-life, sorry, that's not going to be fixed.  But for
all of the other versions you quote above, it should now be resolved.

thanks,

greg k-h

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.