Opened 3 years ago
Closed 3 years ago
#4863 closed enhancement (fixed)
linux-5.12.8
| Reported by: | Bruce Dubbs | Owned by: | |
|---|---|---|---|
| Priority: | high | Milestone: | 11.0 |
| Component: | Book | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (4)
comment:1 by , 3 years ago
| Priority: | normal → high |
|---|
comment:2 by , 3 years ago
According to lwn.net https://lwn.net/ml/oss-security/CAFzhf4r3C=hqrH_yXVQExeQV5iqrdim7kp-NBDTm6FmSCicbeQ@mail.gmail.com/ this is only if BPF has been enabled, however it seems that might now be a default - on at least one of my machines I see that is enabled, although I have not deliberately done so (and I've regarded it as trouble after the initial spectre reports which mentioned it re AMD) : looks as if CONFIG_NET selects it, so everyone who is online will have it enabled.
Also fixed in 5.10.41 and 5.4.123 if anyone is using those older series, all other 5.x kernels are no-longer maintained.
comment:3 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:4 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at @82366ae3f070c3d8a9b4f799e90b5f73625be19f
Security Advisory SA 10.1-054 created.
5.12.8 picks up the new fixes for 'Confused Deputy' privilege escalation attacks which go back to linux-2.6. See e.g. https://www.phoronix.com/scan.php?page=news_item&px=Linux-Confused-Deputy-2.6.12