oss-sec mailing list archives

Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros

From: Greg KH <greg () kroah com>
Date: Thu, 2 Oct 2025 16:34:26 +0200

On Thu, Oct 02, 2025 at 03:11:17PM +0200, Attila Szasz wrote:


For the sake of product security folks who rely on consistency: the Linux
CNA recently registered a batch of HFS/HFS+ CVEs that require manipulating
malformed filesystems as a first step. This seems inconsistent with how
similar cases were previously handled.


If you feel the Linux CNA has issued CVEs in an inconsistent way, please
contact them and the people there will be glad to research the issue and
get back to you.  They are issuing, on average, 13 CVEs a day, and so
stuff like this easily gets lost in the firehose.

The Linux CNA is also currently "backfilling" many old CVE entries that
previously came from the GSD database, and perhaps the issues you are
referring to came from there.  If so, again, please contact them and
they will be glad to discuss it.

thanks,

greg k-h

Current thread:

Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Attila Szasz (Oct 02)
- Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Greg KH (Oct 02)
  - Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Attila Szasz (Oct 02)
    - Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Greg KH (Oct 03)