[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZAV+9ToKbIPFKJIs@kroah.com>
Date: Mon, 6 Mar 2023 06:49:41 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: Zheng Yejian <zhengyejian1@...wei.com>
Cc: stable@...r.kernel.org, agross@...nel.org,
bjorn.andersson@...aro.org, balbi@...nel.org, lee.jones@...aro.org,
linux-arm-msm@...r.kernel.org, linux-usb@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 5.15] usb: dwc3: dwc3-qcom: Add missing
platform_device_put() in dwc3_qcom_acpi_register_core
On Mon, Mar 06, 2023 at 09:26:31AM +0800, Zheng Yejian wrote:
> On 2023/3/3 23:49, Greg KH wrote:
> > On Fri, Mar 03, 2023 at 10:34:39AM +0800, Zheng Yejian wrote:
> > > From: Miaoqian Lin <linmq006@...il.com>
> > >
> > > commit fa0ef93868a6062babe1144df2807a8b1d4924d2 upstream.
> > >
> > > Add the missing platform_device_put() before return from
> > > dwc3_qcom_acpi_register_core in the error handling case.
> > >
> > > Signed-off-by: Miaoqian Lin <linmq006@...il.com>
> > > Link: https://lore.kernel.org/r/20211231113641.31474-1-linmq006@gmail.com
> > > Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > > CVE: CVE-2023-22995
> >
> > That is a bogus CVE, please go revoke it.
>
> Agree. I see this CVE and its fixes information from NVD,
> so try to backport this patch to fix it:
> Link: https://nvd.nist.gov/vuln/detail/CVE-2023-22995
Again, this is not a valid bug, the "problem" described can not ever be
hit in a real system from what I can tell.
> Then should I just remove the "CVE: " field and send a v2 patch?
> Or you mean "revoke" the CVE from NVD? I actually don't know how
> to do that :(
If you care about CVEs being "real", yes, please get it revoked from the
NVD. There is no need to backport it either from what I can determine.
thanks,
greg k-h
Powered by blists - more mailing lists