Security Vulnerabilities for LTS Kernel 5.10

Herbert220930

New Member
Joined
Sep 30, 2022
Messages
3
Reaction score
0
Credits
34
A commercial security scan of Linux Kernel 5.10.136 (linux-5.10.136.tar.gz at https://cdn.kernel.org/pub/linux/kernel/v5.x) returned the following high severity vulnerabilities: CVE-2021-3493, CVE-2022-39189, WS-2021-0553, CVE-2021-32078, CVE-2017-15868, WS-2021-0561, WS-2021-0566, CVE-2022-1943, CVE-2021-20194, WS-2021-0557, WS-2021-0274

I believe that most of them are false positives because:
I took a deeper look into CVE-2021-3493 which is fixed by https://github.com/gregkh/linux/commit/7c03e2cda4a584cadc398e8f6641ca9988a39d52. It is merged to kernel versions 5.11 or higher but NOT to version 5.10.

This raises the following questions:
  • What is the policy regarding fixes of security bugs for the Kernel 5.10?
  • Is anywhere a documentation for security vulnerabilities available which minimum kernel release introduced this vulnerability?
  • Is there any other LTS/stable branch with a lower number of known vulnerabilities?
 


which distro are you using? The answer to your last question will depend somewhat on the distro in use. For instance ubuntu has their own kernel team and produces modified kernels for their releases that are also used by Linux Mint and others.
 
@Herbert220930

Just in case of any misapprehension on your part, we are not an official arm nor organ of Linux, just scored the dot org name - we are manned by volunteer staff who share a love of Linux and have varying skills in various departments.

So basically, most of us would not a clue regarding your questions.

You are better advised to ask at kernel.org

Chris Turner
wizardfromoz
 
Hi Chris,

Thanks for your hint. Can you give me a more specific hint (like email address or full URL) where I can ask this question?

Many thanks,
Herbert
 

Members online


Top