Re: [PATCH] Add vulnerable commits for few CVEs

From: Harshit Mogalapalli
Date: Sat May 10 2025 - 12:57:18 EST

Next message: syzbot: "Re: [syzbot] [v9fs?] INFO: task hung in v9fs_evict_inode"
Previous message: Greg KH: "Re: [PATCH] Add vulnerable commits for few CVEs"
In reply to: Greg KH: "Re: [PATCH] Add vulnerable commits for few CVEs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Greg,

On 10/05/25 22:17, Greg KH wrote:

On Sat, May 10, 2025 at 09:10:43AM -0700, Harshit Mogalapalli wrote:

CVE-2025-21872: Re-mapping the entire mokvar_table is the problem and
the re-mapping is first done in this Fixes: 58c909022a5a ("efi: Support
for MOK variable config table"), so this is the broken commit

CVE-2025-21833: The fix moves dev_pasid dereference inside
WARN_ON_ONCE() as there is a possibility of dev_pasid being NULL, this
dereference is first introduced while adding debugfs support per file in
Fixes: d87731f60931 ("iommu/vt-d: debugfs: Create/remove debugfs file
per {device, pasid}")

CVE-2025-21832E: The problem is that iov_iter_revert() is done before a

I don't think CVE entries have "E" on the end of them :)

Oops, sorry for that, that was a typo, I remember how this happened, I copied starting from -2025.. and pasted it in incorrect mode, that ended up leaving a E from CVE moved to the end, missed fixing it.

I'll edit this when I apply it in a few minutes, thanks!

Thanks a lot.

Regards,
Harshit

greg k-h

Next message: syzbot: "Re: [syzbot] [v9fs?] INFO: task hung in v9fs_evict_inode"
Previous message: Greg KH: "Re: [PATCH] Add vulnerable commits for few CVEs"
In reply to: Greg KH: "Re: [PATCH] Add vulnerable commits for few CVEs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]