Web lists-archives.com

Re: CVE-2017-5754 - ETA?

On 2018-01-04 12:47:42 -0800, Don Armstrong wrote:
> On Thu, 04 Jan 2018, francis picabia wrote:
> > Redhat, Ubuntu and others have kernel updates available today for this
> > kernel patch that has been worked on since November. Normally Debian
> > has been quick out of the gate with security measures.
> > 
> > Is there an ETA when Debian will update kernel packages?
> The DSA has been (will be shortly?) released for stable. Unstable,
> testing, and likely oldstable will probably follow soon.
> https://security-tracker.debian.org/tracker/DSA-4078-1

According to answers on


linux-image-4.9.0-5-amd64 4.9.65-3+deb9u2 is still vulnerable as shown

# dmesg | grep -i isolation
# cat /sys/kernel/debug/x86/pti_enabled
cat: /sys/kernel/debug/x86/pti_enabled: No such file or directory

The command line is:

  root=UUID=... ro console=ttyS0 console=hvc0 nomce loglevel=5 net.ifnames=0

thus KPTI is not disabled via the command line.

Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)