Control: tags -1 + confirmed pending Control: found -1 6.1.82-1 Hi,
On Wed, Apr 10, 2024 at 12:16:21PM -0700, LW wrote: > Package: src:linux > Version: 6.1.76-1 > Severity: critical > Tags: upstream security > Justification: root security hole > X-Debbugs-Cc: lw-deb-...@greyskydesigns.com, Debian Security Team > <t...@security.debian.org> > > Dear Maintainer, > > A Reddit thread[1] linked to a Github page[2] with a local root > escalation exploit. This exploit works on the current "bookworm" > stable kernel, 6.1.0-18-amd64. > > It can be worked around by blocking the n_gsm driver: > > echo 'blacklist n_gsm' | sudo tee -a /etc/modprobe.d/blacklist-gsm.conf > sudo rmmod n_gsm > > > [1] > https://old.reddit.com/r/linux/comments/1c0i7tx/someone_found_a_kernel_0day/ > [2] https://github.com/YuriiCrimson/ExploitGSM/ Thanks we are already aware of the issue. Upstream is going to apply a mitigation for the issue: https://lore.kernel.org/stable/2024041054-asleep-replace-96e8@gregkh/T/#m3a8ce43359ad57e447faa4db6ecf4f4c1b60c498 Regards, Salvatore