So what about this CVE then?

Should I create an issue for it in Gitlab?

If so: in which project specifically?

Hi Paul,

as you can read in the Linux kernel changelog, the bugfix has been applied in kernel 5.15.16 already:

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.16

 vfs: fs_context: fix up param length parsing in legacy_parse_param
...

You can see the link between this fix and CVE-2022-0185 e.g. on Debian's tracker:

https://security-tracker.debian.org/tracker/CVE-2022-0185

Since Alpine already ships kernel 5.15.16 since 2022-01-21 in its linux-lts package, I would consider this fixed in Alpine (at least for 3.15):

https://pkgs.alpinelinux.org/package/edge/main/x86/linux-lts

Cheers, Daniel


On Tue, 25 Jan 2022 18:43:17 +0100
Paul Bakker <paul@jonar.com> wrote:

> So what about this CVE then?
> 
> Should I create an issue for it in Gitlab?
> 
> If so: in which project specifically?





On Tue, 25 Jan 2022 18:43:17 +0100
Paul Bakker <paul@jonar.com> wrote:

> So what about this CVE then?
> 
> Should I create an issue for it in Gitlab?
> 
> If so: in which project specifically?

On Tue Jan 25, 2022 at 7:10 PM CET, Daniel Kulesz wrote:
> Since Alpine already ships kernel 5.15.16 since 2022-01-21 in its linux-lts package, I would consider this fixed in Alpine (at least for 3.15):
3.15 ships 5.15.15, so is affected
only edge contains .16

3.14 and 3.13 ship 5.10.88 as well, which i think is also affected (and
would then be fixed in 5.10.93, i think)

So I'm not aware of how to properly address this: should a gitlab case 
be created or?

To me it seems quite urgent to get this resolved, but I must say I'm no 
expert here




-- 
This email has been checked for viruses by AVG.
https://www.avg.com