On Thu, 2023-08-31 at 17:26 +0800, miaoguanqin wrote:
Dear mdadm committers:
Hi! I noticed that the community did not provide the concrete patch
that could fix CVE-2023-28736 and CVE-2023-28938. Intel, in specific,
suggests upgrading mdadm to version 4.2-rc2 or later [1], to get rid
of
the issue, however, without finding the root cause or providing
further
explanation.I would like to know if there is such a specific patch,
or a set of patches that actually solve these two CVE problems.
[1]
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html
I think it's ced5fa8 ("mdadm: block creation with long names").
Martin