Re: CVE request - kernel: untangle the do_mremap() mess

[Greg KH <greg () kroah com>]

On Wed, Jan 20, 2010 at 12:41:04AM -0500, Steven M. Christey wrote:
> On Wed, 20 Jan 2010, Eugene Teo wrote:
>
> > Anyway, Al summarised the mess here:
> > http://marc.info/?l=linux-arch&m=126004438008670&w=2
> >
> > And the pile of upstream commits were meant to address the problems 
> > described AFAIK. It will probably make more sense to associate all these 
> > related commits to just one CVE name.
>
> I defer to Josh on this, but in a series of patches that is referred to as 
> "mremap/mmap mess" in some linux-kernel subject lines, for which a 
> specialist like Eugene is not entirely certain about, in which some of the 
> patches are assembly-level changes for individual architectures, and where 
> few of the patch diffs make it clear what the underlying problem was - we 
> could collectively spend a week of labor trying to figure everything out 
> from a purist CVE perspective, or anchor on a single series of commits that 
> are hopefully attached to a single kernel RC or minor version release.  I 
> suspect the latter would be more helpful to the general CVE consumer 
> community, so my recommendation is for a single CVE, assuming that all of 
> these patches make it into a single kernel update.

They are all in the 2.6.32.4 release.

thanks,

greg k-h