Hi!

> When I was reviewing CVE-2022-40307, I found commit
> 7f7838c92740fa423a5a3f12c00ed02d92851254
> ("efi: capsule-loader: Fix use-after-free in efi_capsule_write") is
> not in the cip/4.4-st.
> However, this commit exists in both cip/4.4 and cip/4.4-rt.

Let me investigate. 7f7838c92740fa423a5a3f12c00ed02d92851254 is
signed-off by me.

It is in v4.14 as:

commit 233d5c4d18971feee5fc2f33f00b63d8205cfc67
    efi: capsule-loader: Fix use-after-free in efi_capsule_write
    commit 9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95 upstream.

According to our scripts, our configurations do not compile this, at
least in 5.10.

It is in linux-4.4.y-cip: 7f7838c92740fa423a5a3f12c00ed02d92851254
(not having "upstream) marking. My fault, I guess.

It is not in linux-4.4.y-st, but we should have it in our -cip trees
and it is not that important, anyway.

I propose we leave it as it is.

Best regards,
								Pavel
-- 
DENX Software Engineering GmbH,        Managing Director: Erika Unter
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany