Questions regarding vulnerabilities CVE-2022-0185 and CVE-2021-4034

Support for security such as Firewalls and securing linux
Post Reply
nullpid
Posts: 4
Joined: 2022/01/26 10:08:09

Questions regarding vulnerabilities CVE-2022-0185 and CVE-2021-4034

Post by nullpid » 2022/01/26 10:30:08

Hello everyone,

I have a few questions regarding the below two vulnerabilities since searching the forums didn't return any results:

* CVE-2022-0185
* CVE-2021-4034

Regarding CVE-2022-0185, I see RedHat mentioning that kernels of RHEL 7 are not affected but it doesn't mention any specific kernel versions. Does that mean that all kernel versions in CentOS 7 are also not affected by this issue? Is there a way to verify that? For example how can I verify that my 3.10 kernels are vulnerable or not on this vulnerability?

For CVE-2021-4034, there's a detection script that defines the vulnerable versions in it, so I suppose that in that case if any of the systems use any of these versiosn then it's vulnerable to this vulnerability.

Regards,
nullpid

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Questions regarding vulnerabilities CVE-2022-0185 and CVE-2021-4034

Post by TrevorH » 2022/01/26 10:47:58

Regarding CVE-2022-0185, I see RedHat mentioning that kernels of RHEL 7 are not affected but it doesn't mention any specific kernel version
The bug was introduced in 5.1-rc1 so a 3.10 kernel is not affected.

All versions of polkit everywhere on everything are affected by CVE-2021-4034.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

tmandel
Posts: 8
Joined: 2022/01/25 13:38:52

Re: Questions regarding vulnerabilities CVE-2022-0185 and CVE-2021-4034

Post by tmandel » 2022/01/26 11:00:28

If I to refer to https://access.redhat.com/security/cve/CVE-2022-0185, CentOS 8 might be impacted tho, even if it's in 4.18, feature might have been backported.

nullpid
Posts: 4
Joined: 2022/01/26 10:08:09

Re: Questions regarding vulnerabilities CVE-2022-0185 and CVE-2021-4034

Post by nullpid » 2022/01/26 11:02:12

Hi TrevorH and thank you for your quick response.

I'm happy that 3.10 kernel is not affected but also a little confused: isn't RHEL (and CentOS) backporting features to 3.10 kernels from newer kernels or did I misunderstand this and backporting is just happening only to patch issues whenever the occur?

Regards, nullpid

nullpid
Posts: 4
Joined: 2022/01/26 10:08:09

Re: Questions regarding vulnerabilities CVE-2022-0185 and CVE-2021-4034

Post by nullpid » 2022/01/26 11:04:10

tmandel wrote:
2022/01/26 11:00:28
If I to refer to https://access.redhat.com/security/cve/CVE-2022-0185, CentOS 8 might be impacted tho, even if it's in 4.18, feature might have been backported.
Yes, if I understand that correctly, CentOS 8 was affected and now is marked as fixed as there are updates available to mitigate the issue.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Questions regarding vulnerabilities CVE-2022-0185 and CVE-2021-4034

Post by TrevorH » 2022/01/26 11:09:14

Red Hat backport fixes to both CentOS 7 and 8 still. Red Hat backport enhancements and new features only for CentOS 8 (CentOS 7 has moved out of the relevant maintenance phase to get such active support).
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

nullpid
Posts: 4
Joined: 2022/01/26 10:08:09

Re: Questions regarding vulnerabilities CVE-2022-0185 and CVE-2021-4034

Post by nullpid » 2022/01/26 11:11:24

TrevorH wrote:
2022/01/26 11:09:14
Red Hat backport fixes to both CentOS 7 and 8 still. Red Hat backport enhancements and new features only for CentOS 8 (CentOS 7 has moved out of the relevant maintenance phase to get such active support).
Thank you very much for clarifying this.

Regards,
nullpid

tmandel
Posts: 8
Joined: 2022/01/25 13:38:52

Re: Questions regarding vulnerabilities CVE-2022-0185 and CVE-2021-4034

Post by tmandel » 2022/01/26 11:16:12

TrevorH wrote:
2022/01/26 11:09:14
Red Hat backport fixes to both CentOS 7 and 8 still. Red Hat backport enhancements and new features only for CentOS 8 (CentOS 7 has moved out of the relevant maintenance phase to get such active support).
Yup, Kernel 5.x was in RC phase while RH8 was being pushed out, so we can assume they got in and took features they wanted.
We can also assume that most resources went to RH8 instead of RH7, so once RH8 got out, RH7 is pretty much going in maintenance mode, and subsequent release 7.8 & 7.9 are mostly security release, including maybe some 3rd party package upgrade, but take that with caution, I'm not related to RedHat, I'm just assuming here.

Post Reply