Summary: | kernel: local privesc via UAF in UNIX domain sockets (CVE-2022-2602) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Hank Leininger <hlein> |
Component: | Current packages | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | normal | CC: | dist-kernel, foufou33, jstein, kernel, mgorny |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://marc.info/?l=oss-security&m=166611365730093&w=4 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 878369, 878371, 878373 | ||
Bug Blocks: |
Description
Hank Leininger
2022-10-19 20:36:46 UTC
Thanks! I *suppose* this means they're queued for all of these branches: $ fix_in_what_release 0091bfc81741b8d3aeb3b7ab8636f911b2de6e80 queue-5.4 queue-5.10 queue-5.15 queue-5.19 queue-6.0 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=630782fa1ab40a7b7bf9c0116b232de8ec40d0c1 commit 630782fa1ab40a7b7bf9c0116b232de8ec40d0c1 Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2022-10-26 14:28:37 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2022-10-26 14:28:52 +0000 sys-kernel/gentoo-sources: Security stabilization for CVE-2022-2602 CVSS V3 scores this as High Bug: https://bugs.gentoo.org/877691 Signed-off-by: Mike Pagano <mpagano@gentoo.org> sys-kernel/gentoo-sources/gentoo-sources-5.15.75.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78f3b9bd6a441bb66d99394d0be16cc2e98f820e commit 78f3b9bd6a441bb66d99394d0be16cc2e98f820e Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2022-10-26 14:28:10 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2022-10-26 14:28:52 +0000 sys-kernel/gentoo-sources: Security stabilization for CVE-2022-2602 CVSS V3 scores this as High Bug: https://bugs.gentoo.org/877691 Signed-off-by: Mike Pagano <mpagano@gentoo.org> sys-kernel/gentoo-sources/gentoo-sources-5.10.150.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6934438117f816bc2996af69d5c01edd619c8718 commit 6934438117f816bc2996af69d5c01edd619c8718 Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2022-10-26 14:26:57 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2022-10-26 14:28:52 +0000 sys-kernel/gentoo-sources: Security stabilization for CVE-2022-2602 CVSS V3 scores this as High Bug: https://bugs.gentoo.org/877691 Signed-off-by: Mike Pagano <mpagano@gentoo.org> sys-kernel/gentoo-sources/gentoo-sources-5.4.220.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) dist-kernel cleanup done. Are 4.x kernels affected? Other than those, looks like gentoo-sources is cleaned up too. |