On Thu, 2023-08-31 at 17:26 +0800, miaoguanqin wrote: > Dear mdadm committers: > > Hi! I noticed that the community did not provide the concrete patch > that could fix CVE-2023-28736 and CVE-2023-28938. Intel, in specific, > suggests upgrading mdadm to version 4.2-rc2 or later [1], to get rid > of > the issue, however, without finding the root cause or providing > further > explanation.I would like to know if there is such a specific patch, > or a set of patches that actually solve these two CVE problems. > > [1] > https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html > I think it's ced5fa8 ("mdadm: block creation with long names"). Martin
