On Thu, 2023-08-31 at 12:04 +0200, Martin Wilck wrote: > On Thu, 2023-08-31 at 17:26 +0800, miaoguanqin wrote: > > Dear mdadm committers: > > > > Hi! I noticed that the community did not provide the concrete patch > > that could fix CVE-2023-28736 and CVE-2023-28938. Intel, in > > specific, > > suggests upgrading mdadm to version 4.2-rc2 or later [1], to get > > rid > > of > > the issue, however, without finding the root cause or providing > > further > > explanation.I would like to know if there is such a specific patch, > > or a set of patches that actually solve these two CVE problems. > > > > [1] > > https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html > > > > I think it's ced5fa8 ("mdadm: block creation with long names"). ... and the other was 7d374a1 ("Fix memory leak after "mdadm -- detail"") Martin
