Dear Alan, 、 Thank you for your response. Yes, I am able to test patches. Please provide the necessary patches, and I will conduct the tests to verify their effectiveness. Best regards, Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> 于2024年8月7日周三 02:36写道: > > On Wed, Aug 07, 2024 at 12:47:26AM +0800, color Ice wrote: > > Hi, > > > > I'm glad that you can address this issue. I believe that this is indeed a > > vulnerability because the issue is caused by the rt2x00 driver's failure to > > properly shut down its async queues. While it requires sudo to execute, it > > is still a problem as it can trigger a kernel system exception. We can > > imagine that this vulnerability could be executed without root permissions > > in certain scenarios. For instance, in many embedded systems, configuring > > udev rules might be necessary to ensure automated operations, and in such > > scenarios, it can be triggered without root permissions. > > > > Therefore, I believe that from a vulnerability perspective, it should > > indeed be eligible for a CVE, as it can be fixed and it is indeed a flaw. > > If this vulnerability is not addressed, future driver processing and > > adaptation may encounter robustness and security issues. I believe security > > issues should be handled with the corresponding seriousness. > > > > Thank you. > > You didn't answer my question. Are you able to test patches? > > Alan Stern
