i.MX ProcessorsのトピックHow to fix CVE bugs in NXP kernel (and uboot) version https://community.nxp.com/t5/i-MX-Processors/How-to-fix-CVE-bugs-in-NXP-kernel-and-uboot-version/m-p/1450564#M189804 <P>De community:</P><P>Our embeded product information: iMX6UL + BSP-4.1.15_1.0.0</P><P>Question:</P><P>We need to pass the Security certificate of software. There are more than 700 CVE bugs in our v4.1.15 NXP kernel which is scaned by Black Duck.</P><P>1. Could we use the upstream new LTS kernel (from <A href="http://www.kernel.org" target="_blank" rel="noopener">www.kernel.org</A>) version (<EM><SPAN class=""><A target="_blank">for</A> <A target="_blank">example</A></SPAN></EM>: v4.19.240) directly on imx6ul soc, yes or no?&nbsp;</P><P>Wheather or not the NXP have pushed all the imx6ul (or imx6 series) haredware related codes to the upstream kernel (include bug fix)?</P><P>Because there are minimum CVE bugs in the upstream new LTS version. It is difficult to backport the bug fix to the old v4.1.15 kernel.&nbsp;</P><P>2. Or We have to upgrade to the new NXP kernel version (for example: v5.10.72_2.2.0), But that means we have to upgrade the kernel version regularly.</P><P>NXP upgrade just 2 or 3 versions on a major kernel, then go to next new major version of kernel (<FONT color="#3366FF"><SPAN class="">4.14</SPAN></FONT><SPAN>.62_1.0.0 -&gt;&nbsp;</SPAN><FONT color="#3366FF"><SPAN class="">4.14</SPAN></FONT><SPAN>.78_1.0.0&nbsp; -&gt;&nbsp;</SPAN><FONT color="#3366FF"><SPAN class="">4.14</SPAN></FONT><SPAN>.98_2.0.0&nbsp; &nbsp;=&gt;&gt;&nbsp; &nbsp;</SPAN><SPAN class=""><FONT color="#3366FF">4.19</FONT>.</SPAN><SPAN>35_1.1.0</SPAN>). You know, it is also difficult to upgrade kernel version on embeded product regularly.</P><P>&nbsp;</P><P>Any <SPAN class="">constructive</SPAN> suggest?</P><P>Thanks anyway !</P><P>&nbsp;</P><P>.</P> Thu, 28 Apr 2022 09:09:45 GMT yunyangsihai 2022-04-28T09:09:45Z How to fix CVE bugs in NXP kernel (and uboot) version https://community.nxp.com/t5/i-MX-Processors/How-to-fix-CVE-bugs-in-NXP-kernel-and-uboot-version/m-p/1450564#M189804 <P>De community:</P><P>Our embeded product information: iMX6UL + BSP-4.1.15_1.0.0</P><P>Question:</P><P>We need to pass the Security certificate of software. There are more than 700 CVE bugs in our v4.1.15 NXP kernel which is scaned by Black Duck.</P><P>1. Could we use the upstream new LTS kernel (from <A href="http://www.kernel.org" target="_blank" rel="noopener">www.kernel.org</A>) version (<EM><SPAN class=""><A target="_blank">for</A> <A target="_blank">example</A></SPAN></EM>: v4.19.240) directly on imx6ul soc, yes or no?&nbsp;</P><P>Wheather or not the NXP have pushed all the imx6ul (or imx6 series) haredware related codes to the upstream kernel (include bug fix)?</P><P>Because there are minimum CVE bugs in the upstream new LTS version. It is difficult to backport the bug fix to the old v4.1.15 kernel.&nbsp;</P><P>2. Or We have to upgrade to the new NXP kernel version (for example: v5.10.72_2.2.0), But that means we have to upgrade the kernel version regularly.</P><P>NXP upgrade just 2 or 3 versions on a major kernel, then go to next new major version of kernel (<FONT color="#3366FF"><SPAN class="">4.14</SPAN></FONT><SPAN>.62_1.0.0 -&gt;&nbsp;</SPAN><FONT color="#3366FF"><SPAN class="">4.14</SPAN></FONT><SPAN>.78_1.0.0&nbsp; -&gt;&nbsp;</SPAN><FONT color="#3366FF"><SPAN class="">4.14</SPAN></FONT><SPAN>.98_2.0.0&nbsp; &nbsp;=&gt;&gt;&nbsp; &nbsp;</SPAN><SPAN class=""><FONT color="#3366FF">4.19</FONT>.</SPAN><SPAN>35_1.1.0</SPAN>). You know, it is also difficult to upgrade kernel version on embeded product regularly.</P><P>&nbsp;</P><P>Any <SPAN class="">constructive</SPAN> suggest?</P><P>Thanks anyway !</P><P>&nbsp;</P><P>.</P> Thu, 28 Apr 2022 09:09:45 GMT https://community.nxp.com/t5/i-MX-Processors/How-to-fix-CVE-bugs-in-NXP-kernel-and-uboot-version/m-p/1450564#M189804 yunyangsihai 2022-04-28T09:09:45Z