On 2/20/24 19:06, Greg Kroah-Hartman wrote: > The Linux kernel CVE team has assigned CVE-2023-52435 to this issue. > > > Affected and fixed versions > =========================== > > Issue introduced in 4.8 with commit 3953c46c3ac7 and fixed in 6.6.11 > with commit 95b3904a261a > Issue introduced in 4.8 with commit 3953c46c3ac7 and fixed in 6.7 with > commit 23d05d563b7e
Hello, what is the advice for stable users of versions between 4.19 and 6.1? Are they not affected? Thanks, Vlastimil > > Please see https://www.kernel.org or a full list of currently supported > kernel versions by the kernel community. > > Unaffected versions might change over time as fixes are backported to > older supported kernel versions. The official CVE entry at > https://cve.org/CVERecord/?id=CVE-2023-52435 > will be updated if fixes are backported, please check that for the most > up to date information about this issue. > > > Affected files > ============== > > The file(s) affected by this issue are: > net/core/skbuff.c > > > Mitigation > ========== > > The Linux kernel CVE team recommends that you update to the latest > stable kernel version for this, and many other bugfixes. Individual > changes are never tested alone, but rather are part of a larger kernel > release. Cherry-picking individual commits is not recommended or > supported by the Linux kernel community at all. If however, updating to > the latest release is impossible, the individual changes to resolve this > issue can be found at these commits: > https://git.kernel.org/stable/c/95b3904a261a9f810205da560e802cc326f50d77 > https://git.kernel.org/stable/c/23d05d563b7e7b0314e65c8e882bc27eac2da8e7 >
