Hi Dan,
On Mon, Jul 17, 2023 at 02:25:06PM +0300, Dan Carpenter wrote:
> On Mon, Jul 17, 2023 at 06:23:10PM +0800, joeyli wrote:
> > Hi Markus,
> >
> > On Mon, Jul 17, 2023 at 08:15:56AM +0200, Markus Elfring wrote:
> > > >> …
> > > >>> We can ignore null link key in the handler of "Link Key Notification
> > > >>> event" to relieve the attack. …
> > > …
> > > > Sorry for I didn't capture your point.
> > >
> > > Did you provide sufficient justification for a possible addition of the tag “Fixes”?
> > >
> >
> > This patch is against a CVE. The issue is not introduced by any old kernel
> > patch. So I think it doesn't need Fixes: tag.
>
> You should probably put a Fixes tag against when the feature was
> introduced. (Kernel's prior to that were not affected by the CVE).
>
OK! I see.
I have digged that the link key stored function be introduced by 55ed8ca10f35
since v2.6.39-rc1:
commit 55ed8ca10f3530de8edbbf138acb50992bf5005b
Author: Johan Hedberg <johan.hedberg@xxxxxxxxx>
Date: Mon Jan 17 14:41:05 2011 +0200
Bluetooth: Implement link key handling for the management interface
I will add Fixes: 55ed8ca10f35 ("Bluetooth: Implement link key handling for the management interface")
in next version.
Thanks for your and Markus's reminder.
Joey Lee
