On Tue, Oct 08, 2024 at 01:16:28PM +0200, Pavel Machek wrote: > On Wed 2024-10-02 09:26:46, Jens Axboe wrote: > > On 10/2/24 9:05 AM, Vegard Nossum wrote: > > > Christophe JAILLET (1): > > > null_blk: Remove usage of the deprecated ida_simple_xx() API > > > > > > Yu Kuai (1): > > > null_blk: fix null-ptr-dereference while configuring 'power' and > > > 'submit_queues' > > > > I don't see how either of these are CVEs? Obviously not a problem to > > backport either of them to stable, but I wonder what the reasoning for > > that is. IOW, feels like those CVEs are bogus, which I guess is hardly > > surprising :-) > > "CVE" has become meaningless for kernel. Greg simply assigns CVE to > anything that remotely resembles a bug. Stop spreading nonsense. We are following the cve.org rules with regards to assigning vulnerabilities to their definition. And yes, many bugs at this level (turns out about 25% of all stable commits) match that definition, which is fine. If you have a problem with this, please take it up with cve.org and their rules, but don't go making stuff up please. greg k-h
