[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <7add9eef-0d17-6692-14f5-968a4d4778f0@oracle.com>
Date: Mon, 9 Oct 2023 14:02:16 +0200
From: Vegard Nossum <vegard.nossum@...cle.com>
To: Greg KH <gregkh@...uxfoundation.org>,
Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
Cc: stable@...r.kernel.org, joe@...ches.com, blamoreaux@...are.com,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 4.14.y] drivers core: Use sysfs_emit and sysfs_emit_at for
show(device *...) functions
On 07/10/2023 13:21, Greg KH wrote:
> On Fri, Sep 22, 2023 at 05:14:54AM -0700, Harshit Mogalapalli wrote:
>> Signed-off-by: Joe Perches <joe@...ches.com>
>> Link: https://lore.kernel.org/r/3d033c33056d88bbe34d4ddb62afd05ee166ab9a.1600285923.git.joe@perches.com
>> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
>> [Harshit: backport to 4.14.y -- regenerated the diff with the help of
>> coccinelle script in driver/base/ directory.]
>> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
>> ---
>> Only compile tested. This fixes CVE-2022-20166.
>> It is not clear whether the CVE was assigned for a demonstrated issue
>> or just a theoretical one. In any case it's a good defensive measure
>> against future patches that may introduce a real issue if they assume
>> this patch is already there.
>
> This is not needed in this kernel tree, so why are you attempting to add
> it?
>
> And if you have questions about a CVE, as the entity that gave the cve
> out, they are responsible for it, not us!
We weren't sure where exactly the issue was, but figured the more
cautious approach would be to apply the patch regardless -- it does look
correct to me at a glance (doesn't suffer from the issues that Ben
pointed out with another submission, AFAICT).
But point taken, this falls under the "no theoretical issues" stable
submission rule.
Thanks,
Vegard
Powered by blists - more mailing lists