ACK: [SRU][J][PATCH 0/1] CVE-2024-42158
ivanhu
ivan.hu at canonical.com
Thu Oct 17 02:42:28 UTC 2024
Acked-by: Ivan Hu <ivan.hu at canonical.com>
On 2024/10/11 22:54, Massimiliano Pellizzer wrote:
> [Impact]
>
> s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
>
> Replace memzero_explicit() and kfree() with kfree_sensitive() to fix
> warnings reported by Coccinelle.
>
> [Fix]
>
> Noble: Fixed
> Jammy: Backported from linux-6.9.y
> Focal: Not affected
> Bionic: Not affected
> Xenial: Not affected
>
> [Test Case]
>
> Compile tested only.
>
> [Where problems could occur]
>
> The fix affects the s390 cryptographic driver. An issue with the fix may
> lead to improper memory sanitization, potentially leaving cryptographic
> keys exposed in memory. This could result in a potential data leak.
>
> Jules Irenge (1):
> s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
>
> drivers/s390/crypto/pkey_api.c | 9 +++------
> 1 file changed, 3 insertions(+), 6 deletions(-)
>
More information about the kernel-team
mailing list