On Thu, Oct 5, 2023 at 10:14 PM <woojoong....@lge.com> wrote: > > Hi All, > > I am using different versions of the kernel and linux-libc-headers in the > project. > Some modules are built using linux-libc-headers. > > I'm wondering which version to use as the basis when searching for > vulnerability listings on nvd.nist.gov. > > To my knowledge, linux-libc-headers only contain headers and do not include > the kernel itself or source code. Additionally, the project may have only one > kernel version. > > For example, the kernel is version 5.4, and linux-libc-headers is version > 5.16. > In this case, should I primarily check for vulnerabilities based on the > kernel version, which is 5.4? or 5.16 also need to be checked?
linux-libc-headers provide UAPIs mostly, so for CVE POV it may not be interesting, although there might be case where CVEs could involve APIs but maybe rare. 5.4 is your kernel proper which is the candidate for CVEs > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188744): https://lists.openembedded.org/g/openembedded-core/message/188744 Mute This Topic: https://lists.openembedded.org/mt/101792123/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
