On 1/14/21 6:55 PM, Saied Kazemi wrote: > Hi Greg, > > To fix CVE-2020-29372 in COS kernel versions 4.19 and 5.4, we > cherry-picked the commit "mm: check that mm is still valid in > madvise()" (bc0c4d1e176e) that Jens introduced in kernel version 5.7.0 > into our kernel sources. The commit is small and the cherry-pick was > successful for both COS kernels versions. > > Because COS 4.19 and 5.4 kernels track 4.19.y and 5.4.y respectively, > can you please cherry-pick the commit to those stable branches? In terms of io_uring, 4.19 should not be a concern as it wasn't available in that kernel. -- Jens Axboe
