De community:
Our embeded product information: iMX6UL + BSP-4.1.15_1.0.0
Question:
We need to pass the Security certificate of software. There are more than 700 CVE bugs in our v4.1.15 NXP kernel which is scaned by Black Duck.
1. Could we use the upstream new LTS kernel (from www.kernel.org) version (for example: v4.19.240) directly on imx6ul soc, yes or no?
Wheather or not the NXP have pushed all the imx6ul (or imx6 series) haredware related codes to the upstream kernel (include bug fix)?
Because there are minimum CVE bugs in the upstream new LTS version. It is difficult to backport the bug fix to the old v4.1.15 kernel.
2. Or We have to upgrade to the new NXP kernel version (for example: v5.10.72_2.2.0), But that means we have to upgrade the kernel version regularly.
NXP upgrade just 2 or 3 versions on a major kernel, then go to next new major version of kernel (4.14.62_1.0.0 -> 4.14.78_1.0.0 -> 4.14.98_2.0.0 =>> 4.19.35_1.1.0). You know, it is also difficult to upgrade kernel version on embeded product regularly.
Any constructive suggest?
Thanks anyway !
.
