Comment 33 for bug 1926938

Revision history for this message
TuxInvader (tuxinvader) wrote :

This has become a security issue!

So the kernels are now being built with impish, and unless people are using my PPA or building their own, then the last install-able kernel for LTS (focal) was 5.11.16.

The 5.11.x series went EOL with 5.11.22, and all 5.11.x have a level 7.8 CVE: https://nvd.nist.gov/vuln/detail/CVE-2021-32606

As far as I can see this is still vulnerable up to and including 5.12.8. Linus applied the fix to his tree here: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/can?id=2b17c400aeb44daf041627722581ade527bb3c1d but that hasn't yet been applied to the stable 5.12.x branch.

Ooops: https://www.openwall.com/lists/oss-security/2021/05/28/2

If you're using mainline on focal, then you might want to drop back to a 5.10.x release which doesn't have the vulnerability, or use my PPA, or follow one of the build instructions posted in this thread.