First Last Prev Next    This bug is not in your last search results.
Bug 1203801 - (CVE-2022-3103) VUL-0: CVE-2022-3103: kernel-source: io_uring: off-by-one in sync cancelation file check
(CVE-2022-3103)
VUL-0: CVE-2022-3103: kernel-source: io_uring: off-by-one in sync cancelation...
Status: RESOLVED UPSTREAM
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/343596/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-09-27 14:22 UTC by Gabriele Sonnu
Modified: 2022-09-28 07:17 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Gabriele Sonnu 2022-09-27 14:27:13 UTC 
The vulnerability was introduced by [0] and fixed by [1]. Both commits are part of the 6.0 kernel and weren't merged in any of our branches, so I'd say we aren't affected. Please confirm.

[0] https://github.com/torvalds/linux/commit/78a861b9495920f8609dee5b670dacbff09d359f 
[1] https://github.com/torvalds/linux/commit/47abea041f897d64dbd5777f0cf7745148f85d75
Comment 2 Oscar Salvador 2022-09-28 04:23:17 UTC 
(In reply to Gabriele Sonnu from comment #1)
> The vulnerability was introduced by [0] and fixed by [1]. Both commits are
> part of the 6.0 kernel and weren't merged in any of our branches, so I'd say
> we aren't affected. Please confirm.

Yes, none of our branches are affected.
Comment 3 Oscar Salvador 2022-09-28 04:23:41 UTC 
Back to the sec team
Comment 4 Gabriele Sonnu 2022-09-28 07:17:10 UTC 
Doesn't affect us, closing.
First Last Prev Next    This bug is not in your last search results.