Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2025041003-saddling-dart-5b8b@gregkh>
Date: Thu, 10 Apr 2025 15:31:03 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2024-50217: Linux kernel: btrfs:
 Use-after-free of block device file in __btrfs_free_extra_devids()

On Thu, Apr 10, 2025 at 12:22:46PM +0000, akendo@...ndo.eu wrote:
> Hey everyone,
> 
> Not too sure how or whom to ask about: But I saw that there is CVE-2024-50217 that affects every kernel since 4.8.
> 
> However, it is only fixed on more recent version of the linux kernel like 6.11 or 6.12. Any reason this wasn’t backported to older kernel versions?

That's usually because no one has taken the time to do so.  Same for the
thousands of other "unfixed" CVEs in older stable kernel trees.

As an example, for the latest 5.4.y stable kernel release, I see that
there are currently 1110 unfixed CVEs as of right now.

Feel free to send backports to the stable@...r.kernel.org mailing list
if you wish to see specific commits applied to older stable kernel
releases.

thanks,

greg k-h

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.