On 12/3/2024 4:23 PM, Greg KH wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.
On Tue, Dec 03, 2024 at 02:52:13PM +0800, bin.lan.cn@xxxxxxxxxxxxxxxxx wrote:
From: Jia Jie Ho <jiajie.ho@xxxxxxxxxxxxxxxx>
[ Upstream commit d7f01649f4eaf1878472d3d3f480ae1e50d98f6c ]
RSA text data uses variable length buffer allocated in software stack.
Calling kfree on it causes undefined behaviour in subsequent operations.
Cc: <stable@xxxxxxxxxxxxxxx> #6.7+
The cc: says 6.7 and newer, and yet you are wanting this for 6.6.y?
Why? Why ignore what the author asked for?
thanks,
greg k-h
I want to backport it to fix CVE-2024-39478.
Bin Lan
