On 2025/4/17 15:41, Greg KH wrote:
CAUTION: This email comes from a non Wind River email account! Do not click links or open attachments unless you recognize the sender and know the content is safe.
On Thu, Apr 17, 2025 at 03:32:07PM +0800, Cliff Liu wrote:
Hi Greg KH,
On 2025/4/17 15:13, Greg KH wrote:
CAUTION: This email comes from a non Wind River email account! Do not click links or open attachments unless you recognize the sender and know the content is safe.
On Thu, Apr 17, 2025 at 02:51:05PM +0800, Cliff Liu wrote:
Hi,
I think this patch is not applicable for 5.15 and 5.10.
Then why are you trying to apply it there? Do you have the bug that is being reported here on those kernel versions? If not, why is this an issue? If so, find the files that are affected in those releases and apply the change there.
It is reported by NVD that it is CVE-2024-42147 vulnerable and this patch fix it in v6.10.
So I want to back-port the patch to 5.15 and 5.10. I didn't make it clear. So sorry for that.
I just want to get more help or information to confirm if it is applicable to 5.15 and 5.10.
Do the research to see if this is even applicable to those older kernels first. Many times the ranges are wrong, or missing, because the commit that fixed the issue did not have that information.
CVE fix ranges are a "best effort" so they will be wrong at times. It's up to you to do the work to validate the range if you care about that specific commit. If it is wrong, submit a patch to the vulns.git repo to update the range information, like many people have been doing over the past year, to fix these ranges where they were wrong.
Also, don't use NVD, use the raw CVE records. NVD has a "value add" that everyone has realized does not really mean anything. We have no control over what they do, please use the real CVE record instead.
Got it. It is really very useful to me.
Thank you so much!
Cliff
thanks,
greg k-h