Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> writes: > On Mon, Aug 23, 2021 at 04:08:44PM +0200, Pali Rohár wrote: >> Hello Sasha and Greg! >> >> Last week I sent request for backporting ath9k wifi fixes for security >> issue CVE-2020-3702 into stable LTS kernels because Qualcomm/maintainers >> did not it for more months... details are in email: >> https://lore.kernel.org/stable/20210818084859.vcs4vs3yd6zetmyt@pali/t/#u >> >> And now I got reports that in stable LTS kernels (4.14, 4.19) are >> missing also other fixes for other Qualcomm wifi security issues, >> covered by FragAttacks codename: CVE-2020-26145 CVE-2020-26139 >> CVE-2020-26141 > > Then someone needs to provide us backports if they care about these > very old kernels and these issues. Just like any other driver subsystem > where patches are not able to be easily backported. > > Or just use a newer kernel, that's almost always a better idea. Sorry for the delay in my answer. But like Greg said, use of a newer kernel is the best option. I don't have the bandwith to maintain ath[1] drivers in stable releases, but I do try to make sure bugfixes have a Fixes tag when approriate and I do add cc stable whenever people ask me to. That's about it from stable releases point of view, my focus is on Linus' releases. Help with the stable releases is very welcome. [1] ath9k, ath10k, ath11k etc -- https://patchwork.kernel.org/project/linux-wireless/list/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
