Re: [security@xxxxxxx] security report on a crash/panic in net/can

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Alex,

would you like to update the CVE Entry?
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3701

We have an updated patch [V3]:
https://marc.info/?l=linux-can&m=154661373231510&w=2

A valid Linux upstream commit:
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=0aaa81377c5a01f686bcdb8c7a6929a7bf330c68
And this wrong statement about unprivileged users should be fixed in the CVE: "An unprivileged user can trigger a system crash (general protection fault)." 
See here: https://marc.info/?l=linux-can&m=154654393511598&w=2
Maybe the commit message of the final patch could be a good starting point to rephrase the CVE description. 

Many thanks,
Oliver


On 1/4/19 3:28 AM, mutton eat wrote:

Thanks a lot!
alex <atoptsoglou@xxxxxxx <mailto:atoptsoglou@xxxxxxx>> 于2019年1月3日周 四 下午11:59写道: 

    Dear all,

    Just received it --> CVE-2019-3701

    Best regards,

    Alex

    On 1/3/19 2:56 PM, alex wrote:
     > Dear all,
     >
     > Just submitted a CVE request.
     >
     > Best regards,
     >
     > Alex
     >
[Index of Archives]     [Automotive Discussions]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]     [CAN Bus]

  Powered by Linux