Hello,

We are evaluating CVE-2024-50063 for v5.15 and v5.10. But the context of v5.15 and v5.10 is behind current version quite a lot. It seems the suggested fix in https://www.cve.org/CVERecord?id=CVE-2024-50063, https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=..., requires https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=... to work. But it seems risky to port so many changes.

Is it worth porting commit f45d5b6ce2e8 plus 28ead3eaabc1 to v5.15 and v5.10? Is there any mitigation for this CVE? Is there any reproducer and test case for this CVE so that we could validate the fix if we decide to port it?