On Tue, Dec 03, 2024 at 04:34:25PM +0800, Bin Lan wrote: > > On 12/3/2024 4:23 PM, Greg KH wrote: > > CAUTION: This email comes from a non Wind River email account! > > Do not click links or open attachments unless you recognize the sender and know the content is safe. > > > > On Tue, Dec 03, 2024 at 02:52:13PM +0800, bin.lan.cn@xxxxxxxxxxxxxxxxx wrote: > > > From: Jia Jie Ho <jiajie.ho@xxxxxxxxxxxxxxxx> > > > > > > [ Upstream commit d7f01649f4eaf1878472d3d3f480ae1e50d98f6c ] > > > > > > RSA text data uses variable length buffer allocated in software stack. > > > Calling kfree on it causes undefined behaviour in subsequent operations. > > > > > > Cc: <stable@xxxxxxxxxxxxxxx> #6.7+ > > The cc: says 6.7 and newer, and yet you are wanting this for 6.6.y? > > Why? Why ignore what the author asked for? > > > > thanks, > > > > greg k-h > > I want to backport it to fix CVE-2024-39478. Again, how do you know that that CVE is relevant for kernels older than 6.7.y? Have you tested this? Have you proved that 6.6.y needs this? If not, there's no way we can take it, nor would you want us to take it, right? thanks, greg k-h
