Date: Wed, 5 Mar 2014 09:04:34 -0800 From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() On Wed, Mar 05, 2014 at 05:30:22PM +0100, Moritz Muehlenhoff wrote: > On Wed, Mar 05, 2014 at 08:23:53AM +0100, Salva Peiró wrote: > > Hi, > > > > I've found a vulnerability in the staging kernel tree, > > Can anyone assign a CVE ID for this? > > > > - staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() > > https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?h=staging-linus&id=084b6e7765b9554699afa23a50e702a3d0ae4b24 > > I don't think CVE IDs should be assigned for vulnerabilities > in the staging tree. I'm happy to agree with that (as the maintainer of the drivers/staging/ tree). Please note, that if a user does use a staging tree driver, it will "taint" the kernel with the "TAINT_CRAP" flag, and tell the user that they are on their own. But I'm not in charge of CVEs, if people are looking to create a ton of them, feel free to assign them to staging tree driver issues... :) thanks, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.