Hi,
Ken Dibble <ken@???> writes:
> Sorry for the noise, but the conflicting information, or possibly my
> misinterpretation of information,
>
> leaves me with some questions. BleepingComputer is reporting in an
> article dated 3-7-2022 that CVE-2022-0847 is being exploited and Max
> Kellerman says that all 5.8 and later kernels are affected.
>
> The article goes on and says that it is fixed in 5.16.11, 5.15.25, and
> 5.10.102.
>
> Debian says it is fixed in 5.10.92-2.
>
> There is no mention of the backported kernel branch 5.14 other than
> being "5.8 or later".
>
> Chimaera is still at 5.10.84-1.
>
> I have multiple machines running the 5.14.9-2~bpo11+1 kernel.
>
> Can someone help with a definitive answer on what kernels are and are
> not safe(fixed)?
Running 5.16.11-1 on daedalus myself (according to uname -a). I checked
the /usr/share/doc/linux-image-amd64/changelog.gz and found
linux (5.16.10-1) unstable; urgency=medium
- moxart: fix potential use-after-free on remove path (CVE-2022-0487)
so I'd say, check your kernel images' changelog for mention(s) of any
CVE(s) that worry you.
Oops! Just noticed that dyslexia got the better of me. Looks like my
kernel is not fixed yet. Not too surprising when running "testing".
Anyway, the advice should still be good though ;-)
But seeing you said 5.16.11 is fixed, I took a peek at the upstream
changelog at
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.11
mentioned in that changelog.gz and while I could not find the CVE,
searching for Max Kellerman, I did find
commit eddef98207d678f21261c2bd07da55938680df4e
Author: Max Kellermann <max.kellermann@???>
Date: Mon Feb 21 11:03:13 2022 +0100
lib/iov_iter: initialize "flags" in new pipe_buffer
commit 9d2231c5d74e13b2a0546fee6737ee4446017903 upstream.
The functions copy_page_to_iter_pipe() and push_pipe() can both
allocate a new pipe_buffer, but the "flags" member initializer is
missing.
Fixes: 241699cd72a8 ("new iov_iter flavour: pipe-backed")
To: Alexander Viro <viro@???>
To: linux-fsdevel@???
To: linux-kernel@???
Cc: stable@???
Signed-off-by: Max Kellermann <max.kellermann@???>
Signed-off-by: Al Viro <viro@???>
Signed-off-by: Greg Kroah-Hartman <gregkh@???>
so it looks like I'm good after all :-)
Hope this helps,
--
Olaf Meeuwissen FSF Associate Member since 2004-01-27
GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9
Support Free Software https://my.fsf.org/donate
Join the Free Software Foundation https://my.fsf.org/join