Linux: root vulnerability (CVE-2024-1086)

[inno-forum]

Proxmox (8.2) is based on Debian bookworm, according to the Debian documentation the bug has been fixed in the bookworm 6.1.76-1 kernel.
bookworm (security) 6.1.90-1. (https://security-tracker.debian.org/tracker/CVE-2024-1086)
I noticed that in our infrastructure Proxmox has kernel 6.8.4-3-pve.
Could you tell me if the fix is in this version?

 

[spirit]

proxmox kernel is based on ubuntu (6.8 is from the ubuntu 24.04 lts).

so yes it's fixed
https://ubuntu.com/security/CVE-2024-1086

 

[inno-forum]

proxmox kernel is based on ubuntu (6.8 is from the ubuntu 24.04 lts).

so yes it's fixed
https://ubuntu.com/security/CVE-2024-1086

https://www.proxmox.com/en/proxmox-virtual-environment/features -> "Proxmox Virtual Environment is based on Debian GNU/Linux and uses a custom Linux Kernel"

 

[shanreich]

https://www.proxmox.com/en/proxmox-virtual-environment/features -> "Proxmox Virtual Environment is based on Debian GNU/Linux and uses a custom Linux Kernel"

The kernel is based on the Ubuntu kernel [1].

[1] https://pve.proxmox.com/pve-docs/pve-admin-guide.html#chapter_system_administration

 

[inno-forum]

proxmox kernel is based on ubuntu (6.8 is from the ubuntu 24.04 lts).

so yes it's fixed
https://ubuntu.com/security/CVE-2024-1086

Thanks!
could you tell me where you see that the bug is fixed?
in the list I see Pending (6.8.0-7.7) and Released (6.8~rc2)
but 6.8 rc2 is not installed on proxmox. @shanreich