Re: [Question] mdadm CVE-2023-28736 and CVE-2023-28938 problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2023-08-31 at 17:26 +0800, miaoguanqin wrote:
> Dear mdadm committers:
> 
> Hi! I noticed that the community did not provide the concrete patch
> that could fix CVE-2023-28736 and CVE-2023-28938. Intel, in specific,
> suggests upgrading mdadm to version 4.2-rc2 or later [1], to get rid
> of
> the issue, however, without finding the root cause or providing
> further
> explanation.I would like to know if there is such a specific patch,
> or a set of patches that actually solve these two CVE problems.
> 
> [1] 
> https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html
> 

I think it's ced5fa8 ("mdadm: block creation with long names").

Martin





[Index of Archives]     [Linux RAID Wiki]     [ATA RAID]     [Linux SCSI Target Infrastructure]     [Linux Block]     [Linux IDE]     [Linux SCSI]     [Linux Hams]     [Device Mapper]     [Device Mapper Cryptographics]     [Kernel]     [Linux Admin]     [Linux Net]     [GFS]     [RPM]     [git]     [Yosemite Forum]


  Powered by Linux