12 Sep
2017
12 Sep
'17
9:17 a.m.
On Fri, 08 Sep 2017 19:47:32 +0200, Grygorii Tertychnyi (gtertych) wrote:
Hi Greg,
Could you please apply it for 4.4-stable. This fixes https://nvd.nist.gov/vuln/detail/CVE-2017-9985
This vulnerability is just non-issue. You can't get it working practically; it requires a modified hardware of the decade old ISA sound card, and yet the system has to load / set up the module beforehand. We should withdraw it from CVE, IMO.
I think it is worth having it in 4.4, 4.9 and 4.12 also.
... even though the code has never been tested on the real hardware? That doesn't sound good for stable kernels at all. That's why I didn't put Cc to stable in the patch.
Takashi