Hi, Ken Dibble <k...@beckydibble.com> writes:
> Sorry for the noise, but the conflicting information, or possibly my > misinterpretation of information, > > leaves me with some questions. BleepingComputer is reporting in an > article dated 3-7-2022 that CVE-2022-0847 is being exploited and Max > Kellerman says that all 5.8 and later kernels are affected. > > The article goes on and says that it is fixed in 5.16.11, 5.15.25, and > 5.10.102. > > Debian says it is fixed in 5.10.92-2. > > There is no mention of the backported kernel branch 5.14 other than > being "5.8 or later". > > Chimaera is still at 5.10.84-1. > > I have multiple machines running the 5.14.9-2~bpo11+1 kernel. > > Can someone help with a definitive answer on what kernels are and are > not safe(fixed)? Running 5.16.11-1 on daedalus myself (according to uname -a). I checked the /usr/share/doc/linux-image-amd64/changelog.gz and found linux (5.16.10-1) unstable; urgency=medium - moxart: fix potential use-after-free on remove path (CVE-2022-0487) so I'd say, check your kernel images' changelog for mention(s) of any CVE(s) that worry you. Oops! Just noticed that dyslexia got the better of me. Looks like my kernel is not fixed yet. Not too surprising when running "testing". Anyway, the advice should still be good though ;-) But seeing you said 5.16.11 is fixed, I took a peek at the upstream changelog at https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.11 mentioned in that changelog.gz and while I could not find the CVE, searching for Max Kellerman, I did find commit eddef98207d678f21261c2bd07da55938680df4e Author: Max Kellermann <max.kellerm...@ionos.com> Date: Mon Feb 21 11:03:13 2022 +0100 lib/iov_iter: initialize "flags" in new pipe_buffer commit 9d2231c5d74e13b2a0546fee6737ee4446017903 upstream. The functions copy_page_to_iter_pipe() and push_pipe() can both allocate a new pipe_buffer, but the "flags" member initializer is missing. Fixes: 241699cd72a8 ("new iov_iter flavour: pipe-backed") To: Alexander Viro <v...@zeniv.linux.org.uk> To: linux-fsde...@vger.kernel.org To: linux-ker...@vger.kernel.org Cc: sta...@vger.kernel.org Signed-off-by: Max Kellermann <max.kellerm...@ionos.com> Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> so it looks like I'm good after all :-) Hope this helps, -- Olaf Meeuwissen FSF Associate Member since 2004-01-27 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9 Support Free Software https://my.fsf.org/donate Join the Free Software Foundation https://my.fsf.org/join _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng