Re: CVE-2022-0847 "Dirty pipe" kernel vulnerability mitigation in buster-backports?

To: Mayeul Cantan <oss+debian@mayeul.net>, debian-kernel@lists.debian.org
Cc: waldi@debian.org, maks@debian.org, carnil@debian.org
Subject: Re: CVE-2022-0847 "Dirty pipe" kernel vulnerability mitigation in buster-backports?
From: Ben Hutchings <benh@debian.org>
Date: Tue, 08 Mar 2022 14:46:52 +0100
Message-id: <[🔎] e7b4a4267150c2441737f3a89a7ba25e9fbb39d6.camel@debian.org>
In-reply-to: <[🔎] cddeab9b-4470-4d4f-4585-c44534349146@mayeul.net>
References: <[🔎] cddeab9b-4470-4d4f-4585-c44534349146@mayeul.net>

On Tue, 2022-03-08 at 14:21 +0100, Mayeul Cantan wrote:
> Hello, and thank you for your work on Debian and backports.
> 
> I was checking if my buster install was vunerable to CVE-2022-0847 (aka 
> "Dirty pipe").
> 
> I use a kernel from buster-backports due to hardware constraints. The 
> latest available version is 5.10.92 [1]. The vulnerability was fixed in 
> 5.10.102 [2]. I am assuming the current kernel is vulnerable?
[...]

The fix was included in Debian version 5.10.92-2.  I'll update the
version in buster-backports shortly.

Ben.

-- 
Ben Hutchings - Debian developer, member of kernel, installer and LTS
teams

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- CVE-2022-0847 "Dirty pipe" kernel vulnerability mitigation in buster-backports?
  - From: Mayeul Cantan <oss+debian@mayeul.net>

Prev by Date: Processing of linux-signed-arm64_5.16.11+1~bpo11+1_source.changes
Next by Date: linux-signed-arm64_5.16.11+1~bpo11+1_source.changes is NEW
Previous by thread: CVE-2022-0847 "Dirty pipe" kernel vulnerability mitigation in buster-backports?
Next by thread: Processing of linux-signed-arm64_5.16.11+1~bpo11+1_source.changes
Index(es):
- Date
- Thread