On Sun, Sep 10, 2023 at 06:25:22AM +0000, Deepak Rathore -X (deeratho - E-INFO CHIPS INC at Cisco) wrote:
-----Original Message----- From: Greg KH gregkh@linuxfoundation.org Sent: Saturday, September 9, 2023 5:17 PM To: Deepak Rathore -X (deeratho - E-INFO CHIPS INC at Cisco) deeratho@cisco.com Cc: stable@vger.kernel.org; linux-kernel@vger.kernel.org Subject: Re: [v6.1.52][PATCH] Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition
On Sat, Sep 09, 2023 at 08:49:52AM +0000, Deepak Rathore -X (deeratho - E-INFO CHIPS INC at Cisco) wrote:
-----Original Message----- From: Greg KH gregkh@linuxfoundation.org Sent: Friday, September 8, 2023 12:39 PM To: Deepak Rathore -X (deeratho - E-INFO CHIPS INC at Cisco) deeratho@cisco.com Cc: stable@vger.kernel.org; linux-kernel@vger.kernel.org Subject: Re: [v6.1.52][PATCH] Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition
A: http://en.wikipedia.org/wiki/Top_post Q: Were do I find info about this thing called top-posting? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
A: No. Q: Should I include quotations after my reply?
On Fri, Sep 08, 2023 at 06:54:06AM +0000, Deepak Rathore -X (deeratho - E-INFO CHIPS INC at Cisco) wrote:
Hi Greg,
This change is required to fix kernel CVE: CVE-2023-1989 which is reported in v6.1 kernel version.
Which change?
[Deepak]: I am referring below change. This below change is required to fix kernel CVE: CVE-2023-1989 which is reported in v6.1 kernel.
Subject: [v6.1.52][PATCH] Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition
From: Zheng Wang zyytlz.wz@163.com
[ Upstream commit 73f7b171b7c09139eb3c6a5677c200dc1be5f318 ]
This commit is already in the 6.1.52 kernel release, why do you want it included again?
confused,
greg k-h
Hi Greg, Salvatore,
When I have submitted this patch for review, at that time, 6.1.52 was not released.
It will be good if you can share me guideline or details like how I can share CVE fix patch to upstream for review like what details I need to include in patch for review so from next time, we can save time in query discussion.
Why does the random assignment of a CVE number mean anything should be done differently than the normal process of getting a stable patch merged?
You have read: https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
right?
That should cover it.
thanks,
greg k-h