Re: CVE-2024-46701: libfs: fix infinite directory reads for offset dir

From: Greg KH
Date: Tue Sep 24 2024 - 08:13:20 EST


On Tue, Sep 24, 2024 at 05:44:29PM +0800, Yu Kuai wrote:
> > > On the other hand, v6.6 is affected by this CVE, and this fix can't
> > > be backported to v6.6 because the patchset [1] must be backported first
> > > to expand offset from 32-bit to 64-bit.(This kind of refactor will
> > > break kabi, hence it's not acceptable in our downstream kernels)
> >
> > That's your business decision, and does not affect if we do, or do not,
> > assign a CVE at all. Go work with your management if you wish to change
> > this as it does not pertain to the community in any way.
>
> Yes, I understand, This is just the reason why I tried to close this
> CVE, please ignore this.
>
> BTW, if you still think this CVE is valid, can we bakport the refactor
> patchset to v6.6 as well? I can sent the patches to 6.6 lts, just let me
> know.

Sure, send them on, we are always willing to review potential stable
patches, to the stable@xxxxxxxxxxxxxxx list.

thanks,

greg k-h