CVE-2022-1966

[linux team]

CVE-2022-1966 Aaron Adams discovered a use-after-free in Netfilter which may result in local privilege escalation to root.
https://www.heise.de/news/Fehler-in-Linux-Kernel-ermoeglicht-Rechteausweitung-7134791.html

Are there any recommendations for securing Poroxmox servers running LXC containers?

best, stephan

 

[oguz]

hi,

upgrade your kernel to the latest version (pve-kernel-5.15.35-2-pve: 5.15.35-5), the fix is already available [0]

Are there any recommendations for securing Poroxmox servers running LXC containers?

upgrading the host kernel should be enough (since containers reuse the kernel)

[0]: https://git.proxmox.com/?p=pve-kernel.git;a=commit;h=ad0a766ee2b271b97397ad0e949e7ce492eef697

 

[fabian]

yeah - upgrade to the fixed kernel and reboot.

 

[fabian]

for PVE 6.4, an updated kernel (pve-kernel-5.4.189-2-pve) is available on pvetest as well.

 

[Andreas Bochem]

Hi Fabian,

is there an estimate about when the fixed Kernel for 6.4 will make it from pvetest to pve-enterprise?

Best regards,
Andreas

 

[fabian]

should be available shortly.