On Tue, Oct 08, 2024 at 01:16:28PM +0200, Pavel Machek wrote:
On Wed 2024-10-02 09:26:46, Jens Axboe wrote:
On 10/2/24 9:05 AM, Vegard Nossum wrote:
Christophe JAILLET (1): null_blk: Remove usage of the deprecated ida_simple_xx() API
Yu Kuai (1): null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'
I don't see how either of these are CVEs? Obviously not a problem to backport either of them to stable, but I wonder what the reasoning for that is. IOW, feels like those CVEs are bogus, which I guess is hardly surprising :-)
"CVE" has become meaningless for kernel. Greg simply assigns CVE to anything that remotely resembles a bug.
Stop spreading nonsense. We are following the cve.org rules with regards to assigning vulnerabilities to their definition.
And yes, many bugs at this level (turns out about 25% of all stable commits) match that definition, which is fine. If you have a problem with this, please take it up with cve.org and their rules, but don't go making stuff up please.
greg k-h