From: Vegard Nossum <vegard.nossum@oracle.com>
To: Jens Axboe <axboe@kernel.dk>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: stable@vger.kernel.org, pavel@denx.de, cengiz.can@canonical.com,
mheyne@amazon.de, mngyadam@amazon.com, kuntal.nayak@broadcom.com,
ajay.kaher@broadcom.com, zsm@chromium.org,
dan.carpenter@linaro.org, shivani.agarwal@broadcom.com,
ahalaney@redhat.com, alsi@bang-olufsen.dk, ardb@kernel.org,
benjamin.gaignard@collabora.com, bli@bang-olufsen.dk,
chengzhihao1@huawei.com, christophe.jaillet@wanadoo.fr,
ebiggers@kernel.org, edumazet@google.com,
fancer.lancer@gmail.com, florian.fainelli@broadcom.com,
harshit.m.mogalapalli@oracle.com, hdegoede@redhat.com,
horms@kernel.org, hverkuil-cisco@xs4all.nl,
ilpo.jarvinen@linux.intel.com, jgg@nvidia.com,
kevin.tian@intel.com, kirill.shutemov@linux.intel.com,
kuba@kernel.org, luiz.von.dentz@intel.com,
md.iqbal.hossain@intel.com, mpearson-lenovo@squebb.ca,
nicolinc@nvidia.com, pablo@netfilter.org, rfoss@kernel.org,
richard@nod.at, tfiga@chromium.org, vladimir.oltean@nxp.com,
xiaolei.wang@windriver.com, yanjun.zhu@linux.dev,
yi.zhang@redhat.com, yu.c.chen@intel.com, yukuai3@huawei.com
Subject: Re: [PATCH RFC 6.6.y 00/15] Some missing CVE fixes
Date: Wed, 2 Oct 2024 17:46:44 +0200 [thread overview]
Message-ID: <69e265b4-fae2-4a60-9652-c8db07da89a1@oracle.com> (raw)
In-Reply-To: <612f0415-96c2-4d52-bd3d-46ffa8afbeef@kernel.dk>
On 02/10/2024 17:26, Jens Axboe wrote:
> On 10/2/24 9:05 AM, Vegard Nossum wrote:
>> Christophe JAILLET (1):
>> null_blk: Remove usage of the deprecated ida_simple_xx() API
>>
>> Yu Kuai (1):
>> null_blk: fix null-ptr-dereference while configuring 'power' and
>> 'submit_queues'
>
> I don't see how either of these are CVEs? Obviously not a problem to
> backport either of them to stable, but I wonder what the reasoning for
> that is. IOW, feels like those CVEs are bogus, which I guess is hardly
> surprising :-)
IIRC the ida API change is not a fix for a CVE, but it makes the other
patch apply more easily.
The other patch is a fix for CVE-2024-36478, here's the CVE assignment:
https://lore.kernel.org/linux-cve-announce/2024062136-CVE-2024-36478-d249@gregkh/
An issue being a CVE just means that it has been identified as a
"weakness" and assigned a unique identifier, it does not mean it's
necessarily a severe issue or that there is an exploit for it or
anything like that.
Unfortunately for distributions, there may be various customers or
government agencies which expect or require all CVEs to be addressed
(regardless of severity), which is why we're backporting these to stable
and trying to close those gaps.
Vegard
next prev parent reply other threads:[~2024-10-02 15:48 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-02 15:05 [PATCH RFC 6.6.y 00/15] Some missing CVE fixes Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 01/15] ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path Vegard Nossum
2024-10-02 16:26 ` Dan Carpenter
2024-10-02 16:29 ` Dan Carpenter
2024-10-05 0:45 ` Sasha Levin
2024-10-02 15:05 ` [PATCH RFC 6.6.y 02/15] media: usbtv: Remove useless locks in usbtv_video_free() Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 03/15] Bluetooth: hci_sock: Fix not validating setsockopt user input Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 04/15] Bluetooth: ISO: " Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 05/15] Bluetooth: L2CAP: " Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 06/15] netfilter: nf_tables: fix memleak in map from abort path Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 07/15] netfilter: nf_tables: restore set elements when delete set fails Vegard Nossum
2024-10-02 15:05 ` [PATCH RFC 6.6.y 08/15] net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events Vegard Nossum
2024-10-02 15:06 ` [PATCH RFC 6.6.y 09/15] iommufd: Fix protection fault in iommufd_test_syz_conv_iova Vegard Nossum
2024-10-02 15:16 ` Jason Gunthorpe
2024-10-02 15:06 ` [PATCH RFC 6.6.y 10/15] drm/bridge: adv7511: fix crash on irq during probe Vegard Nossum
2024-10-02 15:12 ` [PATCH RFC 6.6.y 11/15] efi/unaccepted: touch soft lockup during memory accept Vegard Nossum
2024-10-02 15:12 ` [PATCH RFC 6.6.y 12/15] platform/x86: think-lmi: Fix password opcode ordering for workstations Vegard Nossum
2024-10-04 1:00 ` Mark Pearson
2024-10-02 15:12 ` [PATCH RFC 6.6.y 13/15] null_blk: Remove usage of the deprecated ida_simple_xx() API Vegard Nossum
2024-10-02 15:12 ` [PATCH RFC 6.6.y 14/15] null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Vegard Nossum
2024-10-02 15:12 ` [PATCH RFC 6.6.y 15/15] net: stmmac: move the EST lock to struct stmmac_priv Vegard Nossum
2024-10-02 15:26 ` [PATCH RFC 6.6.y 00/15] Some missing CVE fixes Jens Axboe
2024-10-02 15:46 ` Vegard Nossum [this message]
2024-10-02 15:49 ` Jens Axboe
2024-10-08 11:19 ` Pavel Machek
2024-10-08 11:24 ` Greg Kroah-Hartman
2024-10-08 11:40 ` Pavel Machek
2024-10-08 11:51 ` Greg Kroah-Hartman
2024-10-02 15:50 ` Dan Carpenter
2024-10-02 15:54 ` Jens Axboe
2024-10-08 11:16 ` Pavel Machek
2024-10-08 11:24 ` Greg Kroah-Hartman
2024-10-08 11:35 ` Pavel Machek
2024-10-08 11:44 ` Greg Kroah-Hartman
2024-10-08 11:56 ` Christian Heusel
2024-10-08 12:33 ` Pavel Machek
2024-10-08 13:02 ` Greg Kroah-Hartman
2024-10-02 19:43 ` Pablo Neira Ayuso
2024-10-08 10:32 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=69e265b4-fae2-4a60-9652-c8db07da89a1@oracle.com \
--to=vegard.nossum@oracle.com \
--cc=ahalaney@redhat.com \
--cc=ajay.kaher@broadcom.com \
--cc=alsi@bang-olufsen.dk \
--cc=ardb@kernel.org \
--cc=axboe@kernel.dk \
--cc=benjamin.gaignard@collabora.com \
--cc=bli@bang-olufsen.dk \
--cc=cengiz.can@canonical.com \
--cc=chengzhihao1@huawei.com \
--cc=christophe.jaillet@wanadoo.fr \
--cc=dan.carpenter@linaro.org \
--cc=ebiggers@kernel.org \
--cc=edumazet@google.com \
--cc=fancer.lancer@gmail.com \
--cc=florian.fainelli@broadcom.com \
--cc=gregkh@linuxfoundation.org \
--cc=harshit.m.mogalapalli@oracle.com \
--cc=hdegoede@redhat.com \
--cc=horms@kernel.org \
--cc=hverkuil-cisco@xs4all.nl \
--cc=ilpo.jarvinen@linux.intel.com \
--cc=jgg@nvidia.com \
--cc=kevin.tian@intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kuba@kernel.org \
--cc=kuntal.nayak@broadcom.com \
--cc=luiz.von.dentz@intel.com \
--cc=md.iqbal.hossain@intel.com \
--cc=mheyne@amazon.de \
--cc=mngyadam@amazon.com \
--cc=mpearson-lenovo@squebb.ca \
--cc=nicolinc@nvidia.com \
--cc=pablo@netfilter.org \
--cc=pavel@denx.de \
--cc=rfoss@kernel.org \
--cc=richard@nod.at \
--cc=shivani.agarwal@broadcom.com \
--cc=stable@vger.kernel.org \
--cc=tfiga@chromium.org \
--cc=vladimir.oltean@nxp.com \
--cc=xiaolei.wang@windriver.com \
--cc=yanjun.zhu@linux.dev \
--cc=yi.zhang@redhat.com \
--cc=yu.c.chen@intel.com \
--cc=yukuai3@huawei.com \
--cc=zsm@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).