diff options
| author | Ben Hutchings <ben@decadent.org.uk> | 2022-05-15 21:22:51 +0200 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2022-05-15 21:25:05 +0200 |
| commit | d082da7610901f6e5718151a1cc52b7e89e5491d (patch) | |
| tree | 6caf95b53c7309c37f79abfb87fc74cc4402d956 /active/CVE-2021-33624 | |
| parent | 95642170dc992fb38a4a17f1af746df78deea5b0 (diff) | |
Ignore eBPF information leaks in stretch
Diffstat (limited to 'active/CVE-2021-33624')
| -rw-r--r-- | active/CVE-2021-33624 | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/active/CVE-2021-33624 b/active/CVE-2021-33624 index 0cbf2373..37e4a36d 100644 --- a/active/CVE-2021-33624 +++ b/active/CVE-2021-33624 @@ -6,6 +6,9 @@ Notes: carnil> mispredicted branches") is the main part of the fixes. carnil> The selftest fixes commit was included in later release as well carnil> in 5.10.57 but the CVE fixes covered already in 5.10.46. + bwh> I think this can be ignored. Privileged users can generally read + bwh> kernel memory through kprobes/tracepoints. Unprivileged use of + bwh> eBPF is now disabled by default in all Debian suites. Bugs: upstream: released (5.13-rc7) [d203b0fd863a2261e5d00b97f3d060c4c2a6db71, fe9a5ca7e370e613a9a75a13008a3845ea759d6e, 9183671af6dbf60a1219371d4ed73e23f43b49db, 973377ffe8148180b2651825b92ae91988141b05] 5.10-upstream-stable: released (5.10.46) [e9d271731d21647f8f9e9a261582cf47b868589a, 8c82c52d1de931532200b447df8b4fc92129cfd9, 5fc6ed1831ca5a30fb0ceefd5e33c7c689e7627b], (5.10.57) [30ea1c535291e88e41413464277fcf98a95cf8c6] @@ -14,4 +17,4 @@ upstream: released (5.13-rc7) [d203b0fd863a2261e5d00b97f3d060c4c2a6db71, fe9a5ca sid: released (5.10.46-1) 5.10-bullseye-security: N/A "Fixed before branching point" 4.19-buster-security: released (4.19.208-1) -4.9-stretch-security: needed +4.9-stretch-security: ignored "Too risky to backport, and mitigated by default" |