:: Re: [DNG] Kernel Vulnerabilities or…
Góra strony
Delete this message
Reply to this message
Autor: Olaf Meeuwissen
Data:  
Dla: dng
Temat: Re: [DNG] Kernel Vulnerabilities or who understands this mess
Hi,

Ken Dibble <ken@???> writes:

> Sorry for the noise, but the conflicting information, or possibly my
> misinterpretation of information,
>
> leaves me with some questions.  BleepingComputer is reporting in an
> article dated 3-7-2022 that CVE-2022-0847 is being exploited and Max
> Kellerman says that all 5.8 and later kernels are affected.
>
> The article goes on and says that it is fixed in 5.16.11, 5.15.25, and
> 5.10.102.
>
> Debian says it is fixed in 5.10.92-2.
>
> There is no mention of the backported kernel branch 5.14 other than
> being "5.8 or later".
>
> Chimaera is still at 5.10.84-1.
>
> I have multiple machines running the 5.14.9-2~bpo11+1 kernel.
>
> Can someone help with a definitive answer on what kernels are and are
> not safe(fixed)?


Running 5.16.11-1 on daedalus myself (according to uname -a). I checked
the /usr/share/doc/linux-image-amd64/changelog.gz and found

linux (5.16.10-1) unstable; urgency=medium

    - moxart: fix potential use-after-free on remove path (CVE-2022-0487)


so I'd say, check your kernel images' changelog for mention(s) of any
CVE(s) that worry you.

Oops! Just noticed that dyslexia got the better of me. Looks like my
kernel is not fixed yet. Not too surprising when running "testing".

Anyway, the advice should still be good though ;-)

But seeing you said 5.16.11 is fixed, I took a peek at the upstream
changelog at

https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.11

mentioned in that changelog.gz and while I could not find the CVE,
searching for Max Kellerman, I did find

commit eddef98207d678f21261c2bd07da55938680df4e
Author: Max Kellermann <max.kellermann@???>
Date: Mon Feb 21 11:03:13 2022 +0100

      lib/iov_iter: initialize "flags" in new pipe_buffer


      commit 9d2231c5d74e13b2a0546fee6737ee4446017903 upstream.


      The functions copy_page_to_iter_pipe() and push_pipe() can both
      allocate a new pipe_buffer, but the "flags" member initializer is
      missing.


      Fixes: 241699cd72a8 ("new iov_iter flavour: pipe-backed")
      To: Alexander Viro <viro@???>
      To: linux-fsdevel@???
      To: linux-kernel@???
      Cc: stable@???
      Signed-off-by: Max Kellermann <max.kellermann@???>
      Signed-off-by: Al Viro <viro@???>
      Signed-off-by: Greg Kroah-Hartman <gregkh@???>


so it looks like I'm good after all :-)

Hope this helps,
--
Olaf Meeuwissen                    FSF Associate Member since 2004-01-27
 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13  F43E B8A4 A88A F84A 2DD9
 Support Free Software                        https://my.fsf.org/donate
 Join the Free Software Foundation              https://my.fsf.org/join