1. Forum
  2. Usenet
  3. LINUX.DEBIAN.KERNEL

  • CVE-2022-0847 "Dirty pipe" kernel vulnerability mitigation in buster-ba

    From Mayeul Cantan@21:1/5 to All on Tue Mar 8 14:50:01 2022
    Hello, and thank you for your work on Debian and backports.

    I was checking if my buster install was vunerable to CVE-2022-0847 (aka
    "Dirty pipe").

    I use a kernel from buster-backports due to hardware constraints. The
    latest available version is 5.10.92 [1]. The vulnerability was fixed in 5.10.102 [2]. I am assuming the current kernel is vulnerable?

    I quickly checked various Debian mailing lists and bugtrackers, but
    couldn't find a trace of that issue.

    Some of my users have unprivileged shell access to that server. I would appreciate an updated kernel image, given the severity of the issue. For context, [3] is the initial public report of the vulnerability.

    Thank you in advance. Have a good day,

    Mayeul

    [1]: https://packages.debian.org/buster-backports/kernel-image-5.10.0-0.bpo.11-amd64-di

    [2]: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.102
    commit b19ec7afa9297d862ed86443e0164643b97250ab

    [3]: https://dirtypipe.cm4all.com/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ben Hutchings@21:1/5 to Mayeul Cantan on Tue Mar 8 15:30:01 2022
    On Tue, 2022-03-08 at 14:21 +0100, Mayeul Cantan wrote:
    Hello, and thank you for your work on Debian and backports.

    I was checking if my buster install was vunerable to CVE-2022-0847 (aka "Dirty pipe").

    I use a kernel from buster-backports due to hardware constraints. The
    latest available version is 5.10.92 [1]. The vulnerability was fixed in 5.10.102 [2]. I am assuming the current kernel is vulnerable?
    [...]

    The fix was included in Debian version 5.10.92-2. I'll update the
    version in buster-backports shortly.

    Ben.

    --
    Ben Hutchings - Debian developer, member of kernel, installer and LTS
    teams

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmInXkwACgkQ57/I7JWG EQmL9A/+LUBNNhubRSeNAH172uBluAPecrqRgyeTpdA1dYJfkO2ZIDAsDXNKNqX6 aPiS8qehchoIcZreSyV+1h+Hkg1Ngo4WQL0XeNGJi3h3ebCL4KoJaU6pFBbW5iw5 E6pZ6d5gW5qsRZvuSeZo/rwD6NZGDBrExSshDPyQN7Ul8snUeJwd2IApBC6IEM9Y tBqkbAugVKPu/IEicu2/aB+c5BdOzkm95xrDsNlod3auWzH7OPeuijJBt3gmvboc +R0Ih/GMAAkDmmDfyc+pk2iTHkPrtx24aCsgUJipah7L5hhFMwNJg+c4Dn8AV4VE JsrsjbaRUZ7CY1i/XvMZkI1G0cuO3b/Zy5DiVbJxOSjZMBDyyBY5ynAfaiJ4loe6 hQqgOsFqZ2tnYfRS6cw1zApRgYKuFJork9uj79tkcUaJ45Sep7XbG1A9sYsB7hpG bIKsdlTUP9LXunXnqZ0Qrfx/X+HNC9/UfpcOWw1LHl8wA05J4ZfIYWTbYuBkwGhB A9i4dLGqbOGujQLwQUTgpRxmgRYYjkd/dinmAND8TqYH2PKpn2lDaBXp1f1e9l8W MR2hjst2z05QlsvgQAt+sA/ZLQeD3TAQGaYUelDcfu0Uvq+227ymQIAlRLaWXZSd K0L7TRB1SBI4tlsqGalQMh7zx08clWNAxI3VLxmgW3tU482mzAQ=
    =fBBN
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)