CVE-2022-0847

Support for security such as Firewalls and securing linux
Post Reply
zanabazar
Posts: 2
Joined: 2022/03/09 09:30:13

CVE-2022-0847

Post by zanabazar » 2022/03/09 09:31:53

Hello,
How do i know Centos 7 3.12 kernel affected CVE-2022-0847? Cant find anything related

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2022-0847

Post by TrevorH » 2022/03/09 09:44:53

I can't work out whether you are asking if the CentOS 7.3 kernel is affected by this particular CVE or if you are running a non-standard 3.12 kernel on CentOS 7. Either way the answer is probably a big fat YES since CentOS 7.3 is from late 2016 and any kernel from it is missing all fixes post-2016 and a 3.12 kernel is not a CentOS one and must therefore be built from the mainline linux kernel sources and the last 3.12 kernel was 3.12.74 released 09-May-2017 so also missing all fixes since that time.

All CentOS 7 supplied kernels are 3.10.0-xxx and have never been 3.12. There are more than 50,000 lines in the kernel rpm changelog since 3.10.0-514 (the 7.3 kernel series version).

If you check https://access.redhat.com/security/cve/cve-2022-0847 then it says that CentOS 7 is not affected by this particular CVE. However there are numerous other high severity unpatched CVEs in the CentOS 7 kernel if you have not updated for 5 years!
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

tunk
Posts: 1205
Joined: 2017/02/22 15:08:17

Re: CVE-2022-0847

Post by tunk » 2022/03/09 13:57:05

What's the output of this: uname -a

zanabazar
Posts: 2
Joined: 2022/03/09 09:30:13

Re: CVE-2022-0847

Post by zanabazar » 2022/03/10 01:49:27

Hello, Our kernel is 3.10.0-1160.42.2.el7.x86_64

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: CVE-2022-0847

Post by jlehtone » 2022/03/10 07:46:02

The 3.10.0-1160.42.2.el7 is an update to CentOS 7.9 kernel that was released September 2021.
In October 2021, 3.10.0-1160.45.1.el7 was released and currently latest kernel version 3.10.0-1160.59.1.el7 was released in February 2022.

Therefore, you have installed at least some CentOS 7.9 content (at some point), but your system is not completely up to date.
I would do sudo yum update to ensure that latest available versions get installed and then reboot to get everything in use.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2022-0847

Post by TrevorH » 2022/03/10 11:02:40

And the CVE page I pointed to says that the RHEL 7 kernels are not affected by this bug.

But don't let that stop you from running yum update more regularly as security patches come out all the time, not just the flashy ones with their own name and website but also others that don't make the news and can be just as dangerous.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Yun
Posts: 1
Joined: 2022/03/25 03:00:21

Re: CVE-2022-0847

Post by Yun » 2022/03/25 03:02:48

I am currently using centos7, and the kernel version is: 3.10.0-1160.el7.x86_64.
Is this version affected by CVE-2022-0847?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2022-0847

Post by TrevorH » 2022/03/25 08:32:10

No but it is vulnerable to other things and you need to yum update and reboot afterwards. The current CentOS 7 kernel is kernel-3.10.0-1160.59.1.el7.x86_64
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

juankax
Posts: 1
Joined: 2022/05/27 15:40:57

Re: CVE-2022-0847

Post by juankax » 2022/05/27 15:51:19

Hi, I have the same problem.
What is the latest supported kernel version?
Thanks

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2022-0847

Post by TrevorH » 2022/05/27 16:45:37

It'll be the one offered to yuou when you run yum update which is currently kernel-3.10.0-1160.66.1.el7.x86_64
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply