在 2023/2/21 16:40, Greg KH 写道:
On Tue, Feb 21, 2023 at 03:46:27PM +0800, Tong Tiangen wrote:
在 2023/2/21 15:30, Greg KH 写道:
On Tue, Feb 21, 2023 at 03:19:05PM +0800, Tong Tiangen wrote:
Hi peter:
Do you have any plans to backport this patch[1] to the stable branch of the lower version, such as 4.19.y ?
Why? That is a new feature for 6.2 why would it be needed to fix anything in really old kernels?
Hi Greg:
This patch fix CVE-2023-0597[1],
The kernel developers do not care about CVEs as they are almost always invalid and do not mean anything,
Ok, thanks.
sorry. It is well known that, companies like Red Hat use them to make up for broken internal engineering policies.
Yeah, For company's internal engineering policies, the CVE with certain impact must be repaired.
Are you sure this really is a valid problem that must be fixed in older kernels?
this CVE report a flaw possibility of memory leak. And this is important for some products using this stable version.
What exact memory leak are you referring to?
Sorry for Inaccurate description, the memory leak means: a potential security risk of kernel memory information disclosure caused by no randomization of the exception stacks.
thanks,
greg k-h .
Thanks, Tong .