On Wed, Apr 01, 2020 at 10:32:42AM +0000, Schmid, Carsten wrote:
Fixes CVE-2018-20669 Backported from v5.0-rc1 Patch 1/1
Also, that cve was "supposed" to already be fixed in the 4.19.13 kernel release for some reason, and it's a drm issue, not a core access_ok() issue.
So why is this needed for 4.14?
See https://access.redhat.com/security/cve/cve-2018-20669 Looks like Linus' fix was attacking this at the root cause, not only for DRM.
And are you _sure_ this really is an issue in 4.14? And in 4.19? There was some reason I didn't backport this to 4.19 at the time...
Also, i use https://www.linuxkernelcves.com/ as a research source, and they claim that CVE not fixed in 4.19.
That disagrees with the "main" CVE database. Not that I really trust any of them further than I can throw their servers...
(and i'll check for the other LTS kernels as well)
Please do.
Signed-off-by: Linus Torvalds torvalds@linux-foundation.org
No s-o-by from you?
Ops. Will add this in a resend.
Want to give this work back to the community, as 4.14 is a SLTS.
What is "SLTS"?
Super Long Term Supported kernel - thanks to guys like you :-) 4.14 really is that (Jan. 2024, as of https://www.kernel.org/category/releases.html)
I don't use that term, don't make new things up where they aren't :)
thanks,
greg k-h
Thanks, and i have some other patches backported to 4.14 as CVE fixes, which i'll propose in the next hours.
Make sure that they are really issues, and that they are fixed in all current trees. I can't take patches for an older stable tree without a newer one also having it otherwise people would upgrade and suffer a regression.
thanks,
greg k-h