From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Pavel Machek <pavel@denx.de>
Cc: Vegard Nossum <vegard.nossum@oracle.com>,
Jens Axboe <axboe@kernel.dk>,
stable@vger.kernel.org, cengiz.can@canonical.com,
mheyne@amazon.de, mngyadam@amazon.com, kuntal.nayak@broadcom.com,
ajay.kaher@broadcom.com, zsm@chromium.org,
dan.carpenter@linaro.org, shivani.agarwal@broadcom.com,
ahalaney@redhat.com, alsi@bang-olufsen.dk, ardb@kernel.org,
benjamin.gaignard@collabora.com, bli@bang-olufsen.dk,
chengzhihao1@huawei.com, christophe.jaillet@wanadoo.fr,
ebiggers@kernel.org, edumazet@google.com,
fancer.lancer@gmail.com, florian.fainelli@broadcom.com,
harshit.m.mogalapalli@oracle.com, hdegoede@redhat.com,
horms@kernel.org, hverkuil-cisco@xs4all.nl,
ilpo.jarvinen@linux.intel.com, jgg@nvidia.com,
kevin.tian@intel.com, kirill.shutemov@linux.intel.com,
kuba@kernel.org, luiz.von.dentz@intel.com,
md.iqbal.hossain@intel.com, mpearson-lenovo@squebb.ca,
nicolinc@nvidia.com, pablo@netfilter.org, rfoss@kernel.org,
richard@nod.at, tfiga@chromium.org, vladimir.oltean@nxp.com,
xiaolei.wang@windriver.com, yanjun.zhu@linux.dev,
yi.zhang@redhat.com, yu.c.chen@intel.com, yukuai3@huawei.com
Subject: Re: [PATCH RFC 6.6.y 00/15] Some missing CVE fixes
Date: Tue, 8 Oct 2024 13:51:33 +0200 [thread overview]
Message-ID: <2024100848-blubber-clinking-6f45@gregkh> (raw)
In-Reply-To: <ZwUaGvyHBePPNQF/@duo.ucw.cz>
On Tue, Oct 08, 2024 at 01:40:10PM +0200, Pavel Machek wrote:
> On Tue 2024-10-08 13:24:31, Greg Kroah-Hartman wrote:
> > On Tue, Oct 08, 2024 at 01:19:24PM +0200, Pavel Machek wrote:
> > > Hi!
> > >
> > > > Unfortunately for distributions, there may be various customers or
> > > > government agencies which expect or require all CVEs to be addressed
> > > > (regardless of severity), which is why we're backporting these to stable
> > > > and trying to close those gaps.
> > >
> > > Customers and government will need to understand that with CVEs
> > > assigned the way they are, addressing all of them will be impossible
> > > (or will lead to unstable kernel), unfortunately :-(.
> >
> > Citation needed please.
>
> https://opensourcesecurity.io/category/securityblog/
To be specific:
https://opensourcesecurity.io/2024/06/03/why-are-vulnerabilities-out-of-control-in-2024/
Yes, I refer to that in my talk I linked to, what they are saying here
is great, so work with cve.org to fix it. We can't ignore the cve.org
rules while being a CNA, sorry, that's not allowed.
But that link talks nothing about an "unstable kernel" which is what I
take objection to. As I always say, never cherry-pick, just take all
stable releases. That is proven with much research and publications in
the past years, why people don't believe in it is beyond me...
good luck!
greg k-h
next prev parent reply other threads:[~2024-10-08 11:51 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-02 15:05 [PATCH RFC 6.6.y 00/15] Some missing CVE fixes Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 01/15] ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path Vegard Nossum
2024-10-02 16:26 ` Dan Carpenter
2024-10-02 16:29 ` Dan Carpenter
2024-10-05 0:45 ` Sasha Levin
2024-10-02 15:05 ` [PATCH RFC 6.6.y 02/15] media: usbtv: Remove useless locks in usbtv_video_free() Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 03/15] Bluetooth: hci_sock: Fix not validating setsockopt user input Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 04/15] Bluetooth: ISO: " Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 05/15] Bluetooth: L2CAP: " Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 06/15] netfilter: nf_tables: fix memleak in map from abort path Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 07/15] netfilter: nf_tables: restore set elements when delete set fails Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 08/15] net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events Vegard Nossum
2024-10-02 15:06 ` [PATCH RFC 6.6.y 09/15] iommufd: Fix protection fault in iommufd_test_syz_conv_iova Vegard Nossum
2024-10-02 15:16 ` Jason Gunthorpe
2024-10-02 15:06 ` [PATCH RFC 6.6.y 10/15] drm/bridge: adv7511: fix crash on irq during probe Vegard Nossum
2024-10-02 15:12 ` [PATCH RFC 6.6.y 11/15] efi/unaccepted: touch soft lockup during memory accept Vegard Nossum
2024-10-02 15:12 ` [PATCH RFC 6.6.y 12/15] platform/x86: think-lmi: Fix password opcode ordering for workstations Vegard Nossum
2024-10-04 1:00 ` Mark Pearson
2024-10-02 15:12 ` [PATCH RFC 6.6.y 13/15] null_blk: Remove usage of the deprecated ida_simple_xx() API Vegard Nossum
2024-10-02 15:12 ` [PATCH RFC 6.6.y 14/15] null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Vegard Nossum
2024-10-02 15:12 ` [PATCH RFC 6.6.y 15/15] net: stmmac: move the EST lock to struct stmmac_priv Vegard Nossum
2024-10-02 15:26 ` [PATCH RFC 6.6.y 00/15] Some missing CVE fixes Jens Axboe
2024-10-02 15:46 ` Vegard Nossum
2024-10-02 15:49 ` Jens Axboe
2024-10-08 11:19 ` Pavel Machek
2024-10-08 11:24 ` Greg Kroah-Hartman
2024-10-08 11:40 ` Pavel Machek
2024-10-08 11:51 ` Greg Kroah-Hartman [this message]
2024-10-02 15:50 ` Dan Carpenter
2024-10-02 15:54 ` Jens Axboe
2024-10-08 11:16 ` Pavel Machek
2024-10-08 11:24 ` Greg Kroah-Hartman
2024-10-08 11:35 ` Pavel Machek
2024-10-08 11:44 ` Greg Kroah-Hartman
2024-10-08 11:56 ` Christian Heusel
2024-10-08 12:33 ` Pavel Machek
2024-10-08 13:02 ` Greg Kroah-Hartman
2024-10-02 19:43 ` Pablo Neira Ayuso
2024-10-08 10:32 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024100848-blubber-clinking-6f45@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=ahalaney@redhat.com \
--cc=ajay.kaher@broadcom.com \
--cc=alsi@bang-olufsen.dk \
--cc=ardb@kernel.org \
--cc=axboe@kernel.dk \
--cc=benjamin.gaignard@collabora.com \
--cc=bli@bang-olufsen.dk \
--cc=cengiz.can@canonical.com \
--cc=chengzhihao1@huawei.com \
--cc=christophe.jaillet@wanadoo.fr \
--cc=dan.carpenter@linaro.org \
--cc=ebiggers@kernel.org \
--cc=edumazet@google.com \
--cc=fancer.lancer@gmail.com \
--cc=florian.fainelli@broadcom.com \
--cc=harshit.m.mogalapalli@oracle.com \
--cc=hdegoede@redhat.com \
--cc=horms@kernel.org \
--cc=hverkuil-cisco@xs4all.nl \
--cc=ilpo.jarvinen@linux.intel.com \
--cc=jgg@nvidia.com \
--cc=kevin.tian@intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kuba@kernel.org \
--cc=kuntal.nayak@broadcom.com \
--cc=luiz.von.dentz@intel.com \
--cc=md.iqbal.hossain@intel.com \
--cc=mheyne@amazon.de \
--cc=mngyadam@amazon.com \
--cc=mpearson-lenovo@squebb.ca \
--cc=nicolinc@nvidia.com \
--cc=pablo@netfilter.org \
--cc=pavel@denx.de \
--cc=rfoss@kernel.org \
--cc=richard@nod.at \
--cc=shivani.agarwal@broadcom.com \
--cc=stable@vger.kernel.org \
--cc=tfiga@chromium.org \
--cc=vegard.nossum@oracle.com \
--cc=vladimir.oltean@nxp.com \
--cc=xiaolei.wang@windriver.com \
--cc=yanjun.zhu@linux.dev \
--cc=yi.zhang@redhat.com \
--cc=yu.c.chen@intel.com \
--cc=yukuai3@huawei.com \
--cc=zsm@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).