Kernel vulnerability discovered

[dee.]

http://www.phoronix.com/scan.php?page=n ... px=MTMxMTg

The article says this recently uncovered exploit affects kernels from 3.3 and up, but other sources claim earlier kernels are also affected.

Which is true and is this something a Mint user should worry about much? Here's hoping this gets fixed quickly and a kernel update is soon to come into the repositories.

Some even theorize this exploit was purposely planted to the kernel by CIA or something (seems pretty far out, but these days, who knows...)


edit: appears this exploit has already been patched. Anyone know when the kernel update comes to Mint or if it has come already?

[eanfrid]

The fixed kernel 3.5.0-25 is already available in the repos since a couple of days

Code: Select all

3.5.0-25-generic #39~precise1-Ubuntu SMP Tue Feb 26 00:07:14 UTC 2013 x86_64

[dee.]

The fixed kernel 3.5.0-25 is already available in the repos since a couple of days

Code: Select all

3.5.0-25-generic #39~precise1-Ubuntu SMP Tue Feb 26 00:07:14 UTC 2013 x86_64

Ok that's nice.

So what about the 3.2 kernel, I assume it's not affected by this exploit?

[Monsta]

So what about the 3.2 kernel, I assume it's not affected by this exploit?

Looks like it's not.

Did you even try to run the exploit on a v3.2 kernel? Or even more
simple, looked at the code of a v3.2 kernel? There is no sock_diag
anywhere in the kernel; there is only inet_diag. And inet_diag hadn't
and still does not have the out-of-bounds access issue. So no, this
bug is non-existent on a v3.2 kernel.

- from http://seclists.org/oss-sec/2013/q1/432

[dee.]

Yeah, looks good.