Re: 95baa60a0da8 ("ipv6_sockglue: Fix a missing-check bug in ip6_ra_control()")

On Mon, Jun 03, 2019 at 10:31:15AM -0700, Zubin Mithra wrote:

Hello,

CVE-2019-12378 was fixed in the upstream linux kernel with the following commit.

• 95baa60a0da8 ("ipv6_sockglue: Fix a missing-check bug in ip6_ra_control()")

A CVE was created for that tiny thing?

Hah, no, I think I'll refuse to apply it just for the very point of it. That's something that can not be triggered by normal operations, right? It's a bugfix-for-the-theoritical from what I can see...

Could the patch be applied to v4.19.y, v4.14.y, v4.9.y and v4.4.y?

Why are you ignoring 5.1?

thanks,

greg k-h