CVE-2022-0847
CVE-2022-0847
Hello,
How do i know Centos 7 3.12 kernel affected CVE-2022-0847? Cant find anything related
How do i know Centos 7 3.12 kernel affected CVE-2022-0847? Cant find anything related
Re: CVE-2022-0847
I can't work out whether you are asking if the CentOS 7.3 kernel is affected by this particular CVE or if you are running a non-standard 3.12 kernel on CentOS 7. Either way the answer is probably a big fat YES since CentOS 7.3 is from late 2016 and any kernel from it is missing all fixes post-2016 and a 3.12 kernel is not a CentOS one and must therefore be built from the mainline linux kernel sources and the last 3.12 kernel was 3.12.74 released 09-May-2017 so also missing all fixes since that time.
All CentOS 7 supplied kernels are 3.10.0-xxx and have never been 3.12. There are more than 50,000 lines in the kernel rpm changelog since 3.10.0-514 (the 7.3 kernel series version).
If you check https://access.redhat.com/security/cve/cve-2022-0847 then it says that CentOS 7 is not affected by this particular CVE. However there are numerous other high severity unpatched CVEs in the CentOS 7 kernel if you have not updated for 5 years!
All CentOS 7 supplied kernels are 3.10.0-xxx and have never been 3.12. There are more than 50,000 lines in the kernel rpm changelog since 3.10.0-514 (the 7.3 kernel series version).
If you check https://access.redhat.com/security/cve/cve-2022-0847 then it says that CentOS 7 is not affected by this particular CVE. However there are numerous other high severity unpatched CVEs in the CentOS 7 kernel if you have not updated for 5 years!
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2022-0847
What's the output of this: uname -a
Re: CVE-2022-0847
Hello, Our kernel is 3.10.0-1160.42.2.el7.x86_64
Re: CVE-2022-0847
The 3.10.0-1160.42.2.el7 is an update to CentOS 7.9 kernel that was released September 2021.
In October 2021, 3.10.0-1160.45.1.el7 was released and currently latest kernel version 3.10.0-1160.59.1.el7 was released in February 2022.
Therefore, you have installed at least some CentOS 7.9 content (at some point), but your system is not completely up to date.
I would do sudo yum update to ensure that latest available versions get installed and then reboot to get everything in use.
In October 2021, 3.10.0-1160.45.1.el7 was released and currently latest kernel version 3.10.0-1160.59.1.el7 was released in February 2022.
Therefore, you have installed at least some CentOS 7.9 content (at some point), but your system is not completely up to date.
I would do sudo yum update to ensure that latest available versions get installed and then reboot to get everything in use.
Re: CVE-2022-0847
And the CVE page I pointed to says that the RHEL 7 kernels are not affected by this bug.
But don't let that stop you from running yum update more regularly as security patches come out all the time, not just the flashy ones with their own name and website but also others that don't make the news and can be just as dangerous.
But don't let that stop you from running yum update more regularly as security patches come out all the time, not just the flashy ones with their own name and website but also others that don't make the news and can be just as dangerous.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2022-0847
I am currently using centos7, and the kernel version is: 3.10.0-1160.el7.x86_64.
Is this version affected by CVE-2022-0847?
Is this version affected by CVE-2022-0847?
Re: CVE-2022-0847
No but it is vulnerable to other things and you need to yum update and reboot afterwards. The current CentOS 7 kernel is kernel-3.10.0-1160.59.1.el7.x86_64
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2022-0847
Hi, I have the same problem.
What is the latest supported kernel version?
Thanks
What is the latest supported kernel version?
Thanks
Re: CVE-2022-0847
It'll be the one offered to yuou when you run yum update which is currently kernel-3.10.0-1160.66.1.el7.x86_64
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke