On Wed, Aug 07, 2024 at 12:47:26AM +0800, color Ice wrote: > Hi, > > I'm glad that you can address this issue. I believe that this is indeed a > vulnerability because the issue is caused by the rt2x00 driver's failure to > properly shut down its async queues. While it requires sudo to execute, it > is still a problem as it can trigger a kernel system exception. We can > imagine that this vulnerability could be executed without root permissions > in certain scenarios. For instance, in many embedded systems, configuring > udev rules might be necessary to ensure automated operations, and in such > scenarios, it can be triggered without root permissions. > > Therefore, I believe that from a vulnerability perspective, it should > indeed be eligible for a CVE, as it can be fixed and it is indeed a flaw. > If this vulnerability is not addressed, future driver processing and > adaptation may encounter robustness and security issues. I believe security > issues should be handled with the corresponding seriousness. > > Thank you. You didn't answer my question. Are you able to test patches? Alan Stern
