Pinephone kernel affected by CVE-2022-0847
Describe your issue
I believe my kernel (5.16.4
) is vulnerable to dirty pipe
What's the expected behaviour?
A newer version of the kernel that is not vulnerable.
What's the current behaviour?
It is vulnerable.
How to reproduce your issue?
Using a fresh build of postmarketOS from the latest pypi version of pmbootstrap
and updating using apt
from the edge
repositories results in an old kernel.
What device are you using?
pine64-pinephone
On what postmarketOS version did you encounter the issue?
-
edge ( master
branch) -
v21.12
On what environment did you encounter the issue?
Phone environments
-
Phosh -
Plasma Mobile -
Sxmo (Wayland/Sway)
Other
-
No environment -
GNOME -
KDE Plasma -
Kodi -
MATE -
Shelli -
Sway -
Weston -
Xfce4 -
fbkeyboard -
i3wm -
Sxmo (Xorg/Dwm)
How did you get postmarketOS image?
-
from https://images.postmarketos.org -
I built it using pmbootstrap -
It was preinstalled on my device
What's the build date of the image? (in yyyy-mm-dd format)
2022-03-20
Additional information
Here is a privesc proof using traitor Also, sorry about the lack of info and formatting. It's my first time opening an issue here.