Ignore:
Timestamp:
08/24/2022 08:42:49 AM (2 years ago)
Author:
Xi Ruoyao <xry111@…>
Branches:
11.2, 11.3, 11.3-rc1, 12.0, 12.0-rc1, 12.1, 12.1-rc1, 12.2, 12.2-rc1, bdubbs/gcc13, multilib, renodr/libudev-from-systemd, trunk, xry111/arm64, xry111/arm64-12.0, xry111/clfs-ng, xry111/loongarch, xry111/loongarch-12.0, xry111/loongarch-12.1, xry111/loongarch-12.2, xry111/mips64el, xry111/multilib, xry111/pip3, xry111/rust-wip-20221008, xry111/update-glibc
Children:
85cdcb09
Parents:
83b8644
git-author:
Xi Ruoyao <xry111@…> (08/24/2022 08:41:16 AM)
git-committer:
Xi Ruoyao <xry111@…> (08/24/2022 08:42:49 AM)
Message:

linux kernel: disable CONFIG_USERFAULTFD to avoid CVE-2022-2590 for now

File:
1 edited

Legend:

Unmodified
Added
Removed
  • chapter10/kernel.xml

    r83b8644 r098f4de  
    160160      <screen role="nodump">Processor type and features ---&gt;
    161161  [*] Support x2apic [CONFIG_X86_X2APIC]
     162Memory Management options  ---&gt;
     163  [ ] Enable userfaultfd() system call [CONFIG_USERFAULTFD]
    162164Device Drivers ---&gt;
    163165  [*] PCI Support ---&gt; [CONFIG_PCI]
     
    248250          or not available, but it's recommended to enable x2APIC in the
    249251          BIOS setting for a modern 64-bit x86 system.</para>
     252        </listitem>
     253      </varlistentry>
     254
     255      <varlistentry>
     256        <term><parameter>Enable userfaultfd() system call</parameter></term>
     257        <listitem>
     258          <para>If this option is enabled, a security vulnerability not
     259          resolved in Linux-&linux-version; yet will be exploitable.
     260          Disable this option to avoid the vulnerability.  This system call
     261          is not used by any part of LFS or BLFS.</para>
    250262        </listitem>
    251263      </varlistentry>
Note: See TracChangeset for help on using the changeset viewer.