ACK: [SRU][J][PATCH 0/1] CVE-2024-42158
Guoqing Jiang
guoqing.jiang at canonical.com
Mon Oct 14 07:36:40 UTC 2024
Acked-by: Guoqing Jiang <guoqing.jiang at canonical.com>
On 10/11/24 22:54, Massimiliano Pellizzer wrote:
> [Impact]
>
> s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
>
> Replace memzero_explicit() and kfree() with kfree_sensitive() to fix
> warnings reported by Coccinelle.
>
> [Fix]
>
> Noble: Fixed
> Jammy: Backported from linux-6.9.y
> Focal: Not affected
> Bionic: Not affected
> Xenial: Not affected
>
> [Test Case]
>
> Compile tested only.
>
> [Where problems could occur]
>
> The fix affects the s390 cryptographic driver. An issue with the fix may
> lead to improper memory sanitization, potentially leaving cryptographic
> keys exposed in memory. This could result in a potential data leak.
>
> Jules Irenge (1):
> s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
>
> drivers/s390/crypto/pkey_api.c | 9 +++------
> 1 file changed, 3 insertions(+), 6 deletions(-)
>
More information about the kernel-team
mailing list