Updated:
Description:
In the Linux kernel, the following vulnerability has been resolved: sysctl: always initialize i_uid/i_gid Always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them. Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when set_ownership() was not implemented. It also missed adjusting net_ctl_set_ownership() to use the same default values in case the computation of a better value failed.
CVSS3: 5.5
| OS | Vendor version | Errata |
|---|---|---|
| Debian 11 | 5.10.226-1 | DLA-3912-1 |
| Ubuntu 22.04 | 5.15.0-125.135 | USN-7100-1 |
| Ubuntu 22.04 AWS | 5.15.0-1072.78 | USN-7100-2 |
| Ubuntu 22.04 Azure | 5.15.0-1075.84 | USN-7123-1 |
| Debian 11 cloud | 5.10.226-1 | DLA-3912-1 |
| Ubuntu 20.04 HWE AWS | 5.15.0-1072.78~20.04.1 | USN-7100-1 |
| Oracle Linux 9 UEK 7 | 5.15.0-302.167.6.el9uek | ELSA-2024-12815 |
| Oracle Linux 8 UEK 7 | 5.15.0-302.167.6.el8uek | ELSA-2024-12815 |
| Ubuntu 24.04 | 6.8.0-50.51 | USN-7154-1 |
| OS | Original kernel version | State |
|---|---|---|
| Debian 11 | |
Planned |
| Ubuntu 22.04 | |
Planned |
| Ubuntu 22.04 AWS | |
Planned |
| Ubuntu 22.04 Azure | |
Planned |
| Debian 11 cloud | |
Planned |
| Ubuntu 20.04 HWE AWS | |
Planned |
| Oracle Linux 9 UEK 7 | |
Planned |
| Oracle Linux 8 UEK 7 | |
Planned |
| Debian 12 | |
Planned |
| Ubuntu 24.04 | |
Planned |