Additional context
Looking at RH bugzilla, Fixes: tag, etc., I think the causing commit (3146cba99a) and the fixing commit (713b9825a4) are correct, but the start version of the affected range is still UNK.
Both 3146cba99a and 713b9825a4 were merged as of v5.15-rc1. Therefore, the problematic code in 3146cba99a should have been fixed in the v5.15-rc1 release point. According to kernel.dance, 3146cba99a is not backported to any stable branch, so this CVE probably does not affect all release points, including rc versions. But...if this is correct, how can we show this in Linux Kernel CVEs? v5.15-rc1 to v5.15-rc1? this may cause confusion (or incorrectly described).
Change Type Requested Update
CVE id number CVE-2021-4023
References https://bugzilla.redhat.com/show_bug.cgi?id=2026484 https://bugzilla.suse.com/show_bug.cgi?id=1193107 https://kernel.dance/#713b9825a4c47897f66ad69409581e7734a8728e https://kernel.dance/#3146cba99aa284b1d4a10fbd923df953f1d18035
Additional context Looking at RH bugzilla, Fixes: tag, etc., I think the causing commit (3146cba99a) and the fixing commit (713b9825a4) are correct, but the start version of the affected range is still UNK.
Both 3146cba99a and 713b9825a4 were merged as of v5.15-rc1. Therefore, the problematic code in 3146cba99a should have been fixed in the v5.15-rc1 release point. According to kernel.dance, 3146cba99a is not backported to any stable branch, so this CVE probably does not affect all release points, including rc versions. But...if this is correct, how can we show this in Linux Kernel CVEs? v5.15-rc1 to v5.15-rc1? this may cause confusion (or incorrectly described).
By the way, since this is an issue in io_wq, we can give v5.5-rc1 as a more sensible lower limit, considering it in the same way as #365. https://github.com/torvalds/linux/commit/771b53d033e8663abdf59704806aa856b236dcdb