[RESOLVED] Definitive answer, please?
Runaway1956
Status: Interested
Joined: 29 Mar 2015
Posts: 10
Reply Quote
Which kernel patches for the CVE-2022-0847 Dirty Pipe vulnerability? Or, are we still unpatched? Mmmm - let me rephrase that to "has it been patched yet"?

When I read one source of information, I'm assured that the vulnerability doesn't affect 5.16 kernels, then I read elsewhere that I need 5.16.11 to be patched. It gets confusing.

:: Code ::
$ uname -a
Linux mxpansive 5.16.0-9.1-liquorix-amd64 #1 ZEN SMP PREEMPT liquorix 5.16-8.1~bullseye (2022-02-15) x86_64 GNU/Linux


MX updater offers me this:

:: Code ::
full upgrade
  Reading package lists...
  Building dependency tree...
  Reading state information...
  Calculating upgrade...
  The following NEW packages will be installed:
     linux-headers-5.16.0-13.2-liquorix-amd64 (5.16-15.1~bullseye)
     linux-image-5.16.0-13.2-liquorix-amd64 (5.16-15.1~bullseye)


Perhaps I've found my answer at [link]

:: Quote ::
Steven Barrett has released a new Liquorix Linux Kernel based on Kernel 5.16.13 for Debian and Ubuntu.


5.16.13 is greater than 5.16.11 so updating to the kernel my distro offers should fix everything.
Back to top
damentz
Status: Assistant
Joined: 09 Sep 2008
Posts: 962
Reply Quote
Correct, as long as you're running the patched version or later, the dirty pipe vulnerability won't affect you.
Back to top
Display posts from previous:   

All times are GMT - 8 Hours