From $url: ``` A use-after-free vulnerability was found in the way certain rlimit conversions to 'ucounts' were done, affecting kernels containing merge commit c54b245d0118 ("Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace") which is Linux v5.14 and newer. ``` According to the description, this can lead to privilege escalation if unprivileged user namespaces are enabled. Only kernels 5.14+ are affected. The fix is in 5.15.19 and 5.16.5.
Oh, and thanks to flow@ for reporting it on IRC.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a1a81e544afce367e5430de02df365922f97128 commit 8a1a81e544afce367e5430de02df365922f97128 Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2022-02-04 23:51:09 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2022-02-04 23:51:09 +0000 sys-kernel/gentoo-sources: Autostablize for security bug per policy Remove affected kernels Bug: https://bugs.gentoo.org/832717 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Mike Pagano <mpagano@gentoo.org> sys-kernel/gentoo-sources/Manifest | 18 -------------- .../gentoo-sources/gentoo-sources-5.15.16.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.15.17.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.15.18.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.15.19.ebuild | 2 +- .../gentoo-sources/gentoo-sources-5.16.2.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.16.3.ebuild | 28 ---------------------- .../gentoo-sources/gentoo-sources-5.16.4.ebuild | 28 ---------------------- 8 files changed, 1 insertion(+), 187 deletions(-)
All done!
