Re: CVE-2017-5754 - ETA?
- Date: Fri, 12 Jan 2018 14:22:17 +0100
- From: Vincent Lefevre <vincent@xxxxxxxxxx>
- Subject: Re: CVE-2017-5754 - ETA?
On 2018-01-04 12:47:42 -0800, Don Armstrong wrote:
> On Thu, 04 Jan 2018, francis picabia wrote:
> > Redhat, Ubuntu and others have kernel updates available today for this
> > kernel patch that has been worked on since November. Normally Debian
> > has been quick out of the gate with security measures.
> > Is there an ETA when Debian will update kernel packages?
> The DSA has been (will be shortly?) released for stable. Unstable,
> testing, and likely oldstable will probably follow soon.
According to answers on
linux-image-4.9.0-5-amd64 4.9.65-3+deb9u2 is still vulnerable as shown
# dmesg | grep -i isolation
# cat /sys/kernel/debug/x86/pti_enabled
cat: /sys/kernel/debug/x86/pti_enabled: No such file or directory
The command line is:
root=UUID=... ro console=ttyS0 console=hvc0 nomce loglevel=5 net.ifnames=0
thus KPTI is not disabled via the command line.
Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)