I am opening this discussion to ask about the integration timeline for the upstream kernel patches addressing the recently disclosed "dirtyfrag" vulnerability CVE not yet assigned.
On the core of this, this kind of bug needs to go through the kernel's stable process (and once a patch becomes available, this part will happen reasonably quickly), at which point it may or may not be deemed important enough for a maintenance release.
2 Likes
This exploit gets you root privileges on an OS where there's only one user for logging in, root...
What's the rush ?
4 Likes
technically true why there are so many vulnerabilities are coming up
Because there are a lot of entities worldwide actively searching for them and increasingly throwing LLMs at this task. Both blackhats/ whitehats, state sponsored 3-letter agencies and their commercial minions, organized crime, researchers, developers trying to harden their code and -increasingly- random people looking for 'fame', to boost their CV and maybe score some bug bounties.
7 Likes
PRs are already there for main/master...