Kernels before 4.13.8 are affected by CVE-2017-15265: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15265 http://seclists.org/oss-sec/2017/q4/58 4.13.8 has a patch for it, which also compiles with stable (amd64) sys-kernel/gentoo-sources-4.12.12: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.13.8&id=71c766e18dd3f321bd450ec7c0c20643b2c4b74e (This is my first security related bug report here, so please tell me if I'm doing something wrong. Apologies for any mistakes in advance.)
I guess this was overshadowed by the Spectre / Meltdown disaster last year. So let's check the currently oldest kernel versions in the tree for the patch: sys-kernel/gentoo-sources-4.4.164: patched (commit 23709ae9b61429502fcd4686e7a97333f3b3544a) sys-kernel/gentoo-sources-4.9.140: patched (commit 35b84860667ff081eee56b62f3db2a28ca8a3823) sys-kernel/gentoo-sources-4.14.83: patched (commit 71105998845fb012937332fe2e806d443c09e026) sys-kernel/gentoo-sources-4.19.8: patched (commit 71105998845fb012937332fe2e806d443c09e026) sys-kernel/gentoo-sources-4.20.0: patched (commit 71105998845fb012937332fe2e806d443c09e026) As there is no unpatched version of sys-kernel/gentoo-sources left in the tree, IMHO this is resolved for sys-kernel/gentoo-sources. I haven't checked the other sys-kernel/*-sources ebuilds.
Fixed in 4.9.57, 4.14