On Mon, Mar 06, 2023 at 09:26:31AM +0800, Zheng Yejian wrote: > On 2023/3/3 23:49, Greg KH wrote: > > On Fri, Mar 03, 2023 at 10:34:39AM +0800, Zheng Yejian wrote: > > > From: Miaoqian Lin <linmq006@xxxxxxxxx> > > > > > > commit fa0ef93868a6062babe1144df2807a8b1d4924d2 upstream. > > > > > > Add the missing platform_device_put() before return from > > > dwc3_qcom_acpi_register_core in the error handling case. > > > > > > Signed-off-by: Miaoqian Lin <linmq006@xxxxxxxxx> > > > Link: https://lore.kernel.org/r/20211231113641.31474-1-linmq006@xxxxxxxxx > > > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > > > CVE: CVE-2023-22995 > > > > That is a bogus CVE, please go revoke it. > > Agree. I see this CVE and its fixes information from NVD, > so try to backport this patch to fix it: > Link: https://nvd.nist.gov/vuln/detail/CVE-2023-22995 Again, this is not a valid bug, the "problem" described can not ever be hit in a real system from what I can tell. > Then should I just remove the "CVE: " field and send a v2 patch? > Or you mean "revoke" the CVE from NVD? I actually don't know how > to do that :( If you care about CVEs being "real", yes, please get it revoked from the NVD. There is no need to backport it either from what I can determine. thanks, greg k-h