• We did not send an email asking for donations - please read this post.

Security Vulnerabilities for LTS Kernel 5.10

Herbert220930

New Member
Joined
Sep 30, 2022
Messages
3
Reaction score
0
Credits
34
A commercial security scan of Linux Kernel 5.10.136 (linux-5.10.136.tar.gz at https://cdn.kernel.org/pub/linux/kernel/v5.x) returned the following high severity vulnerabilities: CVE-2021-3493, CVE-2022-39189, WS-2021-0553, CVE-2021-32078, CVE-2017-15868, WS-2021-0561, WS-2021-0566, CVE-2022-1943, CVE-2021-20194, WS-2021-0557, WS-2021-0274

I believe that most of them are false positives because:
I took a deeper look into CVE-2021-3493 which is fixed by https://github.com/gregkh/linux/commit/7c03e2cda4a584cadc398e8f6641ca9988a39d52. It is merged to kernel versions 5.11 or higher but NOT to version 5.10.

This raises the following questions:
  • What is the policy regarding fixes of security bugs for the Kernel 5.10?
  • Is anywhere a documentation for security vulnerabilities available which minimum kernel release introduced this vulnerability?
  • Is there any other LTS/stable branch with a lower number of known vulnerabilities?
 


kc1di

Well-Known Member
Joined
May 14, 2021
Messages
1,292
Reaction score
1,080
Credits
9,279
which distro are you using? The answer to your last question will depend somewhat on the distro in use. For instance ubuntu has their own kernel team and produces modified kernels for their releases that are also used by Linux Mint and others.
 

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
7,826
Reaction score
6,653
Credits
28,988
@Herbert220930

Just in case of any misapprehension on your part, we are not an official arm nor organ of Linux, just scored the dot org name - we are manned by volunteer staff who share a love of Linux and have varying skills in various departments.

So basically, most of us would not a clue regarding your questions.

You are better advised to ask at kernel.org

Chris Turner
wizardfromoz
 
OP
H

Herbert220930

New Member
Joined
Sep 30, 2022
Messages
3
Reaction score
0
Credits
34
Hi Chris,

Thanks for your hint. Can you give me a more specific hint (like email address or full URL) where I can ask this question?

Many thanks,
Herbert
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation


Top