Olimex Support Forum

OLinuXino Android / Linux boards and System On Modules => A64 => Topic started by: mossroy on March 10, 2022, 02:09:04 pm

Title: Kernel fix for "Dirty pipe" vulnerability (CVE-2022-0847)
Post by: mossroy on March 10, 2022, 02:09:04 pm
You probably heard of https://dirtypipe.cm4all.com/
It looks like a critical vulnerability in some linux kernel versions.

Debian Bullseye is affected (and released a fix: https://security-tracker.debian.org/tracker/CVE-2022-0847).
The problem appeared in kernel 5.8 so it's very probable that the kernel 5.10.x provided by Olimex is affected too.

The fix looks very simple: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d2231c5d74e13b2a0546fee6737ee4446017903

But I suppose it will need from Olimex to create a new branch in https://github.com/OLIMEX/linux-olimex, catch up with the upstream changes (the repo has no commit since August 2021), compile and release a new kernel package in their repo (and probably new images?).

The sooner, the better!
Title: Re: Kernel fix for "Dirty pipe" vulnerability (CVE-2022-0847)
Post by: mossroy on March 14, 2022, 05:49:42 pm
For information, I've created a PR for that. Someone from Olimex answered that a newer kernel is to be released "soon(ish)": https://github.com/OLIMEX/linux-olimex/pull/2
Title: Re: Kernel fix for "Dirty pipe" vulnerability (CVE-2022-0847)
Post by: mossroy on March 26, 2022, 02:38:20 pm
A kernel 5.10.105 has been released by Olimex, that seems to fix this vulnerability.

Unfortunately, I have unstable boards since I upgraded to this version. See https://www.olimex.com/forum/index.php?topic=8643.0