Kernel fix for "Dirty pipe" vulnerability (CVE-2022-0847)

Started by mossroy, March 10, 2022, 02:09:04 pm

Previous topic - Next topic

mossroy

You probably heard of https://dirtypipe.cm4all.com/
It looks like a critical vulnerability in some linux kernel versions.

Debian Bullseye is affected (and released a fix: https://security-tracker.debian.org/tracker/CVE-2022-0847).
The problem appeared in kernel 5.8 so it's very probable that the kernel 5.10.x provided by Olimex is affected too.

The fix looks very simple: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d2231c5d74e13b2a0546fee6737ee4446017903

But I suppose it will need from Olimex to create a new branch in https://github.com/OLIMEX/linux-olimex, catch up with the upstream changes (the repo has no commit since August 2021), compile and release a new kernel package in their repo (and probably new images?).

The sooner, the better!

mossroy

For information, I've created a PR for that. Someone from Olimex answered that a newer kernel is to be released "soon(ish)": https://github.com/OLIMEX/linux-olimex/pull/2

mossroy

A kernel 5.10.105 has been released by Olimex, that seems to fix this vulnerability.

Unfortunately, I have unstable boards since I upgraded to this version. See https://www.olimex.com/forum/index.php?topic=8643.0