On Tue, 25 Apr 2023 at 16:47, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On Tue, Apr 25, 2023 at 04:08:30PM +0200, Kristof Havasi wrote:
> > Hi there,
> >
> > I was evaluating CVE-2022-3567 and CVE-2022-3566 which both
> > revolt around load tearing and reference an ancient Kernel commit:
> > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> >
> > I am not sure whether they are applicable to the v5.4.y branch as well.
>
> I do not know, what specific commits are you referring to? CVEs mean
> nothing, they are not valid identifiers, sorry.
>
> And have you tried applying them to the older kernels and testing to see
> if they solve any specific issue?
>
> Or better yet, why use the older kernels, why not stick to the most
> recent one? What is preventing you from switching?
Thank you for the quick response!
I meant the following commits:
f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57 and
364f997b5cfe1db0d63a390fe7c801fa2b3115f6
The v5.4 kernel is used in an embedded device where due to certification
processes a quick upgrade of the Kernel isn't realistic until at least
another year.
The patches are quite small, I could cherry-pick them on the latest v5.4 tag,
and the kernel builds... only for
f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57 USER_SOCKPTR
isn't available in 5.4, so I sticked to `char __user *`.
I will get a device tomorrow and try whether I can netcat between them
via IPv4 and v6.
Any other tests, which would be needed?
Best Regards,
Kristof
