On Mon, Aug 25, 2025 at 01:12:27PM +0000, Subramaniam, Sujana wrote:

Dear Kernel Developers,

Hereby we attach patch backported from kernel 6.13 (as proposed by Greg k-h on the full disclosure mailing list) to 6.12 for CVE-2025-21751 vulnerability.

This patch was tested on metal and virtual machines and rolled out in production.

I hope patch is sufficient for cherry-pick. Please let us know if something has to be updated/modified.

Hi Sujana,

Thanks for the backports! There are a few issues that needs to be addressed first:

1. Every stable backport must reference the upstream commit being backported. The patch description must contain the line "commit XXXX upstream" where XXXX is the full SHA-1 of the mainline commit. This is mandatory per Documentation/process/stable-kernel-rules.rst section 2. Without this reference, we cannot verify what is being backported or whether it has been properly tested upstream.

2. Stable patches cannot be submitted as attachments, especially not base64-encoded ones. All patches must be sent inline in the email body using git send-email. This allows for proper review, commenting, and application by maintainers. See Documentation/process/submitting-patches.rst section 7 "No MIME, no links, no compression, no attachments. Just plain text" and Documentation/process/email-clients.rst for configuration guidance.

3. Missing original commit message: The patch must include the complete original upstream commit message, including the problem description, solution explanation, and all tags (Signed-off-by, Reviewed-by, etc.) from the original commit. You cannot replace this with your own description. The original commit message documents why the change was made and is essential for understanding the fix. See Documentation/process/stable-kernel-rules.rst which states backports should be "equivalent" to the upstream commit or a subset thereof.

Please resubmit following the documented process. You can find examples of properly formatted stable backports on the stable mailing list archives.