On 07/10/2023 13:21, Greg KH wrote:
On Fri, Sep 22, 2023 at 05:14:54AM -0700, Harshit Mogalapalli wrote:
Signed-off-by: Joe Perches <joe@xxxxxxxxxxx>
Link: https://lore.kernel.org/r/3d033c33056d88bbe34d4ddb62afd05ee166ab9a.1600285923.git.joe@xxxxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
[Harshit: backport to 4.14.y -- regenerated the diff with the help of
coccinelle script in driver/base/ directory.]
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@xxxxxxxxxx>
---
Only compile tested. This fixes CVE-2022-20166.
It is not clear whether the CVE was assigned for a demonstrated issue
or just a theoretical one. In any case it's a good defensive measure
against future patches that may introduce a real issue if they assume
this patch is already there.
This is not needed in this kernel tree, so why are you attempting to add
it?
And if you have questions about a CVE, as the entity that gave the cve
out, they are responsible for it, not us!
We weren't sure where exactly the issue was, but figured the more
cautious approach would be to apply the patch regardless -- it does look
correct to me at a glance (doesn't suffer from the issues that Ben
pointed out with another submission, AFAICT).
But point taken, this falls under the "no theoretical issues" stable
submission rule.
Thanks,
Vegard