On Tue, Feb 27, 2024 at 04:15:06PM -0800, Brennan Lamoreaux wrote: > Hi stable maintainers, > > The following patch in mainline is listed as a fix for CVE-2023-2176: > 8d037973d48c026224ab285e6a06985ccac6f7bf (RDMA/core: Refactor rdma_bind_addr) > > And the following is a fix for a regression in the above patch: > 0e15863015d97c1ee2cc29d599abcc7fa2dc3e95 (RDMA/core: Update CMA destination address on rdma_resolve_addr) > > To my knowledge, at least back to v6.1 is vulnerable to this same bug. > Since these should apply directly to 6.1.y, can these be picked up for that branch? If you provide a working backport of that commit, we will be glad to apply it. As-is, it does not apply at all, which is why it was never added to the 6.1.y tree. thanks, greg k-h