On Wed, Apr 01, 2020 at 10:32:42AM +0000, Schmid, Carsten wrote: > >> > >> Fixes CVE-2018-20669 > >> Backported from v5.0-rc1 > >> Patch 1/1 > > > > Also, that cve was "supposed" to already be fixed in the 4.19.13 kernel > > release for some reason, and it's a drm issue, not a core access_ok() > > issue. > > > > So why is this needed for 4.14? > > > See https://access.redhat.com/security/cve/cve-2018-20669 > Looks like Linus' fix was attacking this at the root cause, not only for DRM. And are you _sure_ this really is an issue in 4.14? And in 4.19? There was some reason I didn't backport this to 4.19 at the time... > Also, i use https://www.linuxkernelcves.com/ as a research source, > and they claim that CVE not fixed in 4.19. That disagrees with the "main" CVE database. Not that I really trust any of them further than I can throw their servers... > (and i'll check for the other LTS kernels as well) Please do. > >> Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > > > > No s-o-by from you? > Ops. Will add this in a resend. > > >> Want to give this work back to the community, as 4.14 is a SLTS. > > > > What is "SLTS"? > Super Long Term Supported kernel - thanks to guys like you :-) > 4.14 really is that (Jan. 2024, as of https://www.kernel.org/category/releases.html) I don't use that term, don't make new things up where they aren't :) > > > > thanks, > > > > greg k-h > > Thanks, and i have some other patches backported to 4.14 as CVE fixes, > which i'll propose in the next hours. Make sure that they are really issues, and that they are fixed in all current trees. I can't take patches for an older stable tree without a newer one also having it otherwise people would upgrade and suffer a regression. thanks, greg k-h
