Re: Backport fix for CVE-2023-2176 (8d037973 and 0e158630) to v6.1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Mar 4, 2024 at 12:14 PM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On Thu, Feb 29, 2024 at 02:05:39PM +0530, Ajay Kaher wrote:
> > On Thu, Feb 29, 2024 at 12:13 AM Brennan Lamoreaux
> > <brennan.lamoreaux@xxxxxxxxxxxx> wrote:
> > >
> > > > If you provide a working backport of that commit, we will be glad to
> > > > apply it.  As-is, it does not apply at all, which is why it was never
> > > > added to the 6.1.y tree.
> > >
> > > Oh, apologies for requesting if they don't apply. I'd be happy to submit
> > > working backports for these patches, but I am not seeing any issues applying/building
> > > the patches on my machine... Both patches in sequence applied directly and my
> > > local build was successful.
> > >
> > > This is the workflow I tested:
> > >
> > > git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
> > > git checkout FETCH_HEAD
> > > git cherry-pick -x 8d037973d48c026224ab285e6a06985ccac6f7bf
> > > git cherry-pick -x 0e15863015d97c1ee2cc29d599abcc7fa2dc3e95
> > > make allyesconfig
> > > make
> > >
> > > Please let me know if I've made a mistake with the above commands, or if these patches aren't applicable
> > > for some other reason.
> > >
> >
> > I guess the reason is:
> >
> > 8d037973d48c026224ab285e6a06985ccac6f7bf doesn't have "Fixes:" and is
> > not sent to stable@xxxxxxxxxxxxxxx.
> > And 0e15863015d97c1ee2cc29d599abcc7fa2dc3e95 is to Fix
> > 8d037973d48c026224ab285e6a06985ccac6f7bf,
> > so no need of 0e158 if 8d03 not backported to that particular branch.
>
> Ok, so there's nothing to do here, great!  If there is, please let us
> know.
>

In my previous mail, I was guessing why 8d037973d48c commit was not
backported to v6.1.

However Brennan's concern is:

As per CVE-2023-2176, because of improper cleanup local users can
crash the system.
And this crash was reported in v5.19, refer:
https://lore.kernel.org/all/ec81a9d50462d9b9303966176b17b85f7dfbb96a.1670749660.git.leonro@xxxxxxxxxx/#t

However, fix i.e. 8d037973d48c applied to master from v6.3-rc1 and not
backported to any stable or LTS.
So v6.1 is still vulnarbile, so 8d037973d48c and 0e15863015d9 should
be backported to v6.1.

- Ajay





[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux