This repository has been archived by the owner on May 2, 2024. It is now read-only.
[DATA] CVE-2021-4023 #374
Labels
Data
CVE information
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Change Type Requested
Update
CVE id number
CVE-2021-4023
References
https://bugzilla.redhat.com/show_bug.cgi?id=2026484
https://bugzilla.suse.com/show_bug.cgi?id=1193107
https://kernel.dance/#713b9825a4c47897f66ad69409581e7734a8728e
https://kernel.dance/#3146cba99aa284b1d4a10fbd923df953f1d18035
Additional context
Looking at RH bugzilla, Fixes: tag, etc., I think the causing commit (3146cba99a) and the fixing commit (713b9825a4) are correct, but the start version of the affected range is still UNK.
Both 3146cba99a and 713b9825a4 were merged as of v5.15-rc1. Therefore, the problematic code in 3146cba99a should have been fixed in the v5.15-rc1 release point. According to kernel.dance, 3146cba99a is not backported to any stable branch, so this CVE probably does not affect all release points, including rc versions. But...if this is correct, how can we show this in Linux Kernel CVEs? v5.15-rc1 to v5.15-rc1? this may cause confusion (or incorrectly described).
By the way, since this is an issue in io_wq, we can give v5.5-rc1 as a more sensible lower limit, considering it in the same way as #365.
torvalds/linux@771b53d
The text was updated successfully, but these errors were encountered: