Hello, and thank you for your work on Debian and backports.
I was checking if my buster install was vunerable to CVE-2022-0847 (aka
"Dirty pipe").
I use a kernel from buster-backports due to hardware constraints. The
latest available version is 5.10.92 [1]. The vulnerability was fixed in
5.10.102 [2]. I am assuming the current kernel is vulnerable?
I quickly checked various Debian mailing lists and bugtrackers, but
couldn't find a trace of that issue.
Some of my users have unprivileged shell access to that server. I would
appreciate an updated kernel image, given the severity of the issue. For
context, [3] is the initial public report of the vulnerability.
Thank you in advance. Have a good day,
Mayeul
[1]:
https://packages.debian.org/buster-backports/kernel-image-5.10.0-0.bpo.11-amd64-di
[2]: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.102
commit b19ec7afa9297d862ed86443e0164643b97250ab
[3]: https://dirtypipe.cm4all.com/