[Inquiry for CVE-2021-23133] -- necessity of the backporting


masashi.kudo@cybertrust.co.jp <masashi.kudo@...>
 

Hi, Jan-san, Minda-san,

https://lists.cip-project.org/g/cip-dev/message/6382
As was reported by Chen-Yu san last week, the following CVE security patch is not yet backported to kernels before 5.4.
CVE-2021-23133 [net/sctp: race in sctp_destroy_sock]

At this moment, sctp is enabled on PlatHome boards and Siemens boards.
We wonder whether sctp is really used or not. If not used, we would recommend to disable sctp for those boards, and we won't work on backporting this patch..

We are looking forward to hearing back from you.

Best regards,
--
M. Kudo

Join cip-dev@lists.cip-project.org to automatically receive all group messages.