From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: cve@kernel.org, linux-cve-announce@vger.kernel.org,
workflows@vger.kernel.org,
Security Officers <security@kernel.org>
Subject: Re: CVE-2023-52435: net: prevent mss overflow in skb_segment()
Date: Wed, 21 Feb 2024 12:24:01 +0100 [thread overview]
Message-ID: <2024022131-fang-rope-a629@gregkh> (raw)
In-Reply-To: <5581ce8a-e669-465b-ab13-00e1c8ca91f3@suse.cz>
On Wed, Feb 21, 2024 at 10:30:52AM +0100, Vlastimil Babka wrote:
> On 2/20/24 19:06, Greg Kroah-Hartman wrote:
> > The Linux kernel CVE team has assigned CVE-2023-52435 to this issue.
> >
> >
> > Affected and fixed versions
> > ===========================
> >
> > Issue introduced in 4.8 with commit 3953c46c3ac7 and fixed in 6.6.11 with commit 95b3904a261a
> > Issue introduced in 4.8 with commit 3953c46c3ac7 and fixed in 6.7 with commit 23d05d563b7e
>
> Hello,
>
> what is the advice for stable users of versions between 4.19 and 6.1? Are
> they not affected?
They are affected, as the wording here states (and as the json values in
the CVE entry itself show in great detail if you want a machine-parsable
format to use)
The fixes for the other branches are in the next round of -rc kernels to
go out in an hour or so.
thanks,
greg k-h
prev parent reply other threads:[~2024-02-21 11:24 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <2024022048-rind-huff-b1a2@gregkh>
2024-02-21 9:30 ` CVE-2023-52435: net: prevent mss overflow in skb_segment() Vlastimil Babka
2024-02-21 11:24 ` Greg Kroah-Hartman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024022131-fang-rope-a629@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=cve@kernel.org \
--cc=linux-cve-announce@vger.kernel.org \
--cc=security@kernel.org \
--cc=vbabka@suse.cz \
--cc=workflows@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).