$URL says 5.4.y and 5.15.y definitely impacted. Exploits to be published on the 25th. Followup post says 5.10.y impacted as well. There's a commit ID that fixes it, but I do not yet see an -rc for any of those kernels on lkml, so releases including the fix are probably still several days away.
Thanks! I *suppose* this means they're queued for all of these branches: $ fix_in_what_release 0091bfc81741b8d3aeb3b7ab8636f911b2de6e80 queue-5.4 queue-5.10 queue-5.15 queue-5.19 queue-6.0
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=630782fa1ab40a7b7bf9c0116b232de8ec40d0c1 commit 630782fa1ab40a7b7bf9c0116b232de8ec40d0c1 Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2022-10-26 14:28:37 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2022-10-26 14:28:52 +0000 sys-kernel/gentoo-sources: Security stabilization for CVE-2022-2602 CVSS V3 scores this as High Bug: https://bugs.gentoo.org/877691 Signed-off-by: Mike Pagano <mpagano@gentoo.org> sys-kernel/gentoo-sources/gentoo-sources-5.15.75.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78f3b9bd6a441bb66d99394d0be16cc2e98f820e commit 78f3b9bd6a441bb66d99394d0be16cc2e98f820e Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2022-10-26 14:28:10 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2022-10-26 14:28:52 +0000 sys-kernel/gentoo-sources: Security stabilization for CVE-2022-2602 CVSS V3 scores this as High Bug: https://bugs.gentoo.org/877691 Signed-off-by: Mike Pagano <mpagano@gentoo.org> sys-kernel/gentoo-sources/gentoo-sources-5.10.150.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6934438117f816bc2996af69d5c01edd619c8718 commit 6934438117f816bc2996af69d5c01edd619c8718 Author: Mike Pagano <mpagano@gentoo.org> AuthorDate: 2022-10-26 14:26:57 +0000 Commit: Mike Pagano <mpagano@gentoo.org> CommitDate: 2022-10-26 14:28:52 +0000 sys-kernel/gentoo-sources: Security stabilization for CVE-2022-2602 CVSS V3 scores this as High Bug: https://bugs.gentoo.org/877691 Signed-off-by: Mike Pagano <mpagano@gentoo.org> sys-kernel/gentoo-sources/gentoo-sources-5.4.220.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
dist-kernel cleanup done.
Are 4.x kernels affected? Other than those, looks like gentoo-sources is cleaned up too.