Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751470AbdILMeW (ORCPT ); Tue, 12 Sep 2017 08:34:22 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:60868 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751289AbdILMeT (ORCPT ); Tue, 12 Sep 2017 08:34:19 -0400 Date: Tue, 12 Sep 2017 05:34:18 -0700 From: "gregkh@linuxfoundation.org" To: Takashi Iwai Cc: "Grygorii Tertychnyi (gtertych)" , "alsa-devel@alsa-project.org" , "linux-kernel@vger.kernel.org" , "xe-linux-external(mailer list)" Subject: Re: [alsa-devel] [PATCH] ALSA: msnd: Optimize / harden DSP and MIDI loops Message-ID: <20170912123418.GB19179@kroah.com> References: <20170908160626.24771-1-gtertych@cisco.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.0 (2017-09-02) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 906 Lines: 27 On Tue, Sep 12, 2017 at 09:17:38AM +0200, Takashi Iwai wrote: > On Fri, 08 Sep 2017 19:47:32 +0200, > Grygorii Tertychnyi (gtertych) wrote: > > > > > > >> Hi Greg, > > >> > > >> Could you please apply it for 4.4-stable. > > >> This fixes https://nvd.nist.gov/vuln/detail/CVE-2017-9985 > > > > > > This vulnerability is just non-issue. You can't get it working > > > practically; it requires a modified hardware of the decade old ISA > > > sound card, and yet the system has to load / set up the module > > > beforehand. We should withdraw it from CVE, IMO. > > > > I think it is worth having it in 4.4, 4.9 and 4.12 also. > > ... even though the code has never been tested on the real hardware? > That doesn't sound good for stable kernels at all. That's why I > didn't put Cc to stable in the patch. Oh, I didn't know that, want me to drop the patch from the stable queues now? thanks, greg k-h