CVE-2022-0847 "Dirty pipe" kernel vulnerability mitigation in buster-backports?

To: debian-kernel@lists.debian.org
Cc: waldi@debian.org, maks@debian.org, benh@debian.org, carnil@debian.org
Subject: CVE-2022-0847 "Dirty pipe" kernel vulnerability mitigation in buster-backports?
From: Mayeul Cantan <oss+debian@mayeul.net>
Date: Tue, 8 Mar 2022 14:21:54 +0100
Message-id: <[🔎] cddeab9b-4470-4d4f-4585-c44534349146@mayeul.net>


Hello, and thank you for your work on Debian and backports.

I was checking if my buster install was vunerable to CVE-2022-0847 (aka"Dirty pipe").

I use a kernel from buster-backports due to hardware constraints. Thelatest available version is 5.10.92 [1]. The vulnerability was fixed in5.10.102 [2]. I am assuming the current kernel is vulnerable?

I quickly checked various Debian mailing lists and bugtrackers, butcouldn't find a trace of that issue.

Some of my users have unprivileged shell access to that server. I wouldappreciate an updated kernel image, given the severity of the issue. Forcontext, [3] is the initial public report of the vulnerability.


Thank you in advance. Have a good day,

Mayeul

[1]:https://packages.debian.org/buster-backports/kernel-image-5.10.0-0.bpo.11-amd64-di

[2]: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.102commit b19ec7afa9297d862ed86443e0164643b97250ab


[3]: https://dirtypipe.cm4all.com/

Reply to:

Follow-Ups:
- Re: CVE-2022-0847 "Dirty pipe" kernel vulnerability mitigation in buster-backports?
  - From: Ben Hutchings <benh@debian.org>

Prev by Date: linux-signed-amd64_5.16.11+1~bpo11+1_source.changes is NEW
Next by Date: Bug#1006149: linux-image-5.16.0-1-686: Fails to boot on T41 Thinkpads
Previous by thread: linux-signed-amd64_5.16.11+1~bpo11+1_source.changes is NEW
Next by thread: Re: CVE-2022-0847 "Dirty pipe" kernel vulnerability mitigation in buster-backports?
Index(es):
- Date
- Thread