Archive: https://archive.today/CQ2u7
From the post:
>An out-of-bounds access within the Linux kernel has existed in mainline the past three years that could be exploited by an unprivileged user submitting a specially crafted certificate to the kernel.
Among the last minute patches working their way into the mainline Git tree ahead of today's expected Linux 7.0 stable kernel release is for fixing an out-of-bounds access scenario within the X.509 certificate code. Unprivilged users could submit a specially crafted certificate to the kernel via the kernel's keyrings API to cause the OOB access. Making matters worse is that this has existed in the mainline kernel since 2023 in the Linux 6.4 kernel. So beyond this patch making it just in time for the Linux 7.0 kernel release, it's also marked for back-porting to all stable kernel versions still supported since Linux 6.4 (6.6 LTS, 6.12 LTS, 6.18 LTS, and 6.19).
Archive: https://archive.today/CQ2u7
From the post:
>>An out-of-bounds access within the Linux kernel has existed in mainline the past three years that could be exploited by an unprivileged user submitting a specially crafted certificate to the kernel.
Among the last minute patches working their way into the mainline Git tree ahead of today's expected Linux 7.0 stable kernel release is for fixing an out-of-bounds access scenario within the X.509 certificate code. Unprivilged users could submit a specially crafted certificate to the kernel via the kernel's keyrings API to cause the OOB access. Making matters worse is that this has existed in the mainline kernel since 2023 in the Linux 6.4 kernel. So beyond this patch making it just in time for the Linux 7.0 kernel release, it's also marked for back-porting to all stable kernel versions still supported since Linux 6.4 (6.6 LTS, 6.12 LTS, 6.18 LTS, and 6.19).
Login or register