From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Paul Menzel <pmenzel@molgen.mpg.de>
Cc: Luna Jernberg <droidbittin@gmail.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-kernel@vger.kernel.org, akpm@linux-foundation.org,
stable@vger.kernel.org, lwn@lwn.net, jslaby@suse.cz
Subject: Re: copy.fail and backport to LTS 6.12 and earlier (was: Linux 7.0.3)
Date: Fri, 1 May 2026 12:09:50 +0200 [thread overview]
Message-ID: <2026050114-supernova-angler-2de1@gregkh> (raw)
In-Reply-To: <07194e8a-c3b2-4cff-8690-8c0ac36a96e8@molgen.mpg.de>
On Fri, May 01, 2026 at 11:56:39AM +0200, Paul Menzel wrote:
> Dear Greg,
>
>
> Am 30.04.26 um 15:15 schrieb Greg Kroah-Hartman:
> > On Thu, Apr 30, 2026 at 03:09:05PM +0200, Luna Jernberg wrote:
>
> > > Works fine
> > >
> > > patching: https://copy.fail/ next ? ;)
> >
> > That was fixed a while ago in older kernel releases that you should
> > already be running :)
>
> Thank you for maintaining the stable and LTS series. Release from 6.12.y and
> older do not seem to have had the fix included upon public disclosure.
>
> Commit a664bf3d603d (crypto: algif_aead - Revert to operating out-of-place)
> [1] fixing Copy Fail [2] went into v7.0-rc7, released on Sunday, April 5th,
> and the backport appeared in 6.18.22 and 6.19.12, both tagged and released
> on April 11th. For some reason, for older series, the backport appeared in
> 6.12.85, 6.6.137, and 6.1.170 and 5.15.204 yesterday on April 30th. Several
> Distributions like Debian stable did not have the fix included upon
> disclosure to my knowledge.
>
> Do you know what happened? (Not that I have any demands or expectations, as
> most Linux kernel users use it for free and do not contribute to it
> financially or by active participation. Also, my institute infrastructure
> was also not affected, as we build Linux ourselves and do not have the
> module enabled.)
We have no control, or insight, into what anyone does with regards to
"disclosure", nor do you want us to.
No one had taken the time to do the backporting of these patches to
older kernels for various reasons, not the least being that probably no
one noticed or cared at the time. If you look there are thousands of
unfixed CVEs in the older LTS kernels right now, and if distros or users
that rely on those older branches wish to see those resolved, they need
to provide working backports to us to apply, as our first attempt did
not work (which is why they are unfixed in those branches.)
thanks,
greg k-h
prev parent reply other threads:[~2026-05-01 10:10 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-30 9:45 Linux 7.0.3 Greg Kroah-Hartman
2026-04-30 9:45 ` Greg Kroah-Hartman
2026-04-30 13:09 ` Luna Jernberg
2026-04-30 13:15 ` Greg Kroah-Hartman
2026-04-30 13:16 ` Luna Jernberg
2026-05-01 9:56 ` copy.fail and backport to LTS 6.12 and earlier (was: Linux 7.0.3) Paul Menzel
2026-05-01 10:09 ` Greg Kroah-Hartman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2026050114-supernova-angler-2de1@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=droidbittin@gmail.com \
--cc=jslaby@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=lwn@lwn.net \
--cc=pmenzel@molgen.mpg.de \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox