Re: [Inquiry for CVE-2021-23133] -- necessity of the backporting

Jan Kiszka

On 26.04.21 07:49, wrote:
Hi, Jan-san, Minda-san,
As was reported by Chen-Yu san last week, the following CVE security patch is not yet backported to kernels before 5.4.
CVE-2021-23133 [net/sctp: race in sctp_destroy_sock]

At this moment, sctp is enabled on PlatHome boards and Siemens boards.
We wonder whether sctp is really used or not. If not used, we would recommend to disable sctp for those boards, and we won't work on backporting this patch..

We are looking forward to hearing back from you.
I can try to listen around, but I see way more users (based on configs) than us:

In that light, a backport might be required.


Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux

Join to automatically receive all group messages.