kernel / kernel-source

Clone
Source Code
GIT

2d7995 scripts/check-kernel-fix: do a full check in verbose mode

Authored and Committed by Michal Hocko a month ago
raw patch tree parent
1 file changed. 13 lines added. 8 lines removed.
scripts/check-kernel-fix
file modified
+13 -8 
    scripts/check-kernel-fix: do a full check in verbose mode
    
    we are skipping evaluation of ineligible (based on CVSS scoring) branches
    to save runtime because a common case is a low score CVE that is not
    eligible to any LTSS branches. Security team would like to know whether
    as specific branch is affected even in those case so let's change the
    implementation and do the full evaluation even if a branch is not
    eligible based on the scoring.
    
    With the current implementation we are getting
    ./scripts/check-kernel-fix -v CVE-2022-49320
    Security fix for CVE-2022-49320 bsc#1238394 with CVSS 5.5
    = f9a9f43a62a0 ("dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type") merged v5.19-rc1~100^2~37
    Fixes: b0cc417c1637 ("dmaengine: Add Xilinx zynqmp dma engine driver support") merged v4.8-rc1~117^2~7^2~2
    Experts candidates:  tiwai@suse.com (36) subsystem/role="DRIVERS"
    Link: https://git.kernel.org/linus/f9a9f43a62a04ec3183fb0da9226c7706eed0115
    SL-16.0: nope_commit_in_base
    SLE11-SP4-LTSS: nope_cvss
    SLE12-SP3-TD: nope_unaffected
    ACTION NEEDED!
    SLE12-SP5: MANUAL: backport f9a9f43a62a04ec3183fb0da9226c7706eed0115 (Fixes v4.12)
    SLE15-SP6: nope_commit_in_base
    SLE15-SP7-GA: nope_cvss
    cve/linux-5.14-LTSS: ok_reference_present
    cve/linux-5.3-LTSS: nope_cvss
    SUSE-2024: nope_commit_in_base
    SLE15-SP6-RT: nope_commit_in_base
    SLE15-SP6-COCO: nope_commit_in_base
    SLE15-SP6-AZURE: nope_commit_in_base
    SLE15-SP7: nope_commit_in_base
    SLE15-SP2-LTSS: nope_cvss
    SLE15-SP3-LTSS: ok_reference_present
    SUSE-2024-RT: nope_commit_in_base
    SLE15-SP7-RT: nope_commit_in_base
    SLE15-SP7-COCO: nope_commit_in_base
    SLE15-SP7-AZURE: nope_commit_in_base
    
    With the updated one we are getting a more specific answer for
    all branches whether they are eligible or not.
    
    ./scripts/check-kernel-fix -v CVE-2022-49320
    Security fix for CVE-2022-49320 bsc#1238394 with CVSS 5.5
    = f9a9f43a62a0 ("dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type") merged v5.19-rc1~100^2~37
    Fixes: b0cc417c1637 ("dmaengine: Add Xilinx zynqmp dma engine driver support") merged v4.8-rc1~117^2~7^2~2
    Experts candidates:  tiwai@suse.com (36) subsystem/role="DRIVERS"
    Link: https://git.kernel.org/linus/f9a9f43a62a04ec3183fb0da9226c7706eed0115
    SL-16.0: nope_commit_in_base
    SLE11-SP4-LTSS: nope_unaffected
    SLE12-SP3-TD: nope_unaffected
    ACTION NEEDED!
    SLE12-SP5: MANUAL: backport f9a9f43a62a04ec3183fb0da9226c7706eed0115 (Fixes v4.12)
    SLE15-SP6: nope_commit_in_base
    SLE15-SP7-GA: nope_commit_in_base
    cve/linux-5.14-LTSS: ok_reference_present
    cve/linux-5.3-LTSS: missing_commit_nope_cvss
    SLE12-SP5-RT: MANUAL: backport f9a9f43a62a04ec3183fb0da9226c7706eed0115 (Fixes v4.12)
    	WW CONFIG_XILINX_ZYNQMP_DMA not enabled.
    SUSE-2024: nope_commit_in_base
    SLE15-SP6-RT: nope_commit_in_base
    SLE15-SP6-COCO: nope_commit_in_base
    SLE15-SP6-AZURE: nope_commit_in_base
    SLE15-SP7: nope_commit_in_base
    SLE15-SP4-LTSS: ok_reference_present
    SLE15-SP5-LTSS: ok_reference_present
    SLE15-SP2-LTSS: missing_commit_nope_cvss
    SLE15-SP3-LTSS: ok_reference_present
    SUSE-2024-RT: nope_commit_in_base
    SLE15-SP7-RT: nope_commit_in_base
    SLE15-SP7-COCO: nope_commit_in_base
    SLE15-SP7-AZURE: nope_commit_in_base
    SLE15-SP4-RT-LTSS: ok_reference_present
    SLE15-SP5-RT-LTSS: ok_reference_present
    SLE15-SP3-RT-LTSS: ok_reference_present
file modified
+13 -8
Powered by Pagure 5.14.1
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.