Can we get some update on CVE-2024-26581?

This article came into my notice today that there is a PoC Exploit released for Linux kernel vulnerability that allows root access. Two other distros gave their update already. Shouldn’t we get Fedora update? Please read the article here: PoC Exploit Released for Linux Kernel Vulnerability that Allows Root Access.

1 Like

https://bugzilla.redhat.com/show_bug.cgi?id=2265185

1 Like

I don’t have such in-depth knowledge to understand those technical jargon. If you kindly explain it in simple English, it will be very helpful.

from what i understand is that it already got fixed, just keep your system updated

2 Likes

This issue has been known and patched in the kernel since February 2024:

https://nvd.nist.gov/vuln/detail/CVE-2024-26581

The Red Hat bugzilla ticket was mostly needed because RHEL runs an old/stable kernel. But the Fedora kernel is already well past the patched version.

Affected: < 6.7.5
Current: 6.10.8

4 Likes

From the Bugzilla link

Justin M. Forbes 2024-02-21 23:00:03 UTC

This was fixed for Fedora with the 6.7.5 stable kernel updates.

Fedora kernel maintainers addressed this vulnerability half a year ago.

1 Like

@litemotiv made the point: Fedora uses a different kernel as RHEL, whereas the above mentioned bug ticket is about RHEL.

Fedora is currently running with 6.10.X kernels, which are NOT affected: NVD - CVE-2024-26581

Therefore, if users keep following the advise to keep their systems updated, they can ignore this vulnerability.

→ The fixed kernel (6.7.5) was already built in Fedora 3 days before the CVE was published. I think that’s quite a good response time :classic_smiley:

6 Likes

Thanks @finlike for the info and @litemotiv for more info. Actually some web newspaper publish old news as new to get views which creates the confusion. Sorry for disturbing. :disappointed:

1 Like

No need to be sorry. There is a lot of information around, and especially when people are not involved with kernel-related stuff and such, it is hard to identify what is relevant and what not for oneself. Actually, even if you are involved with it, there are regularly things you have to ask about as it is simply one of the most complex pieces of technology in history. No single person can understand all implications of the kernel.

Therefore, you had a rational question ( → is Fedora vulnerable and do we need to act?), and we did our best to answer it. It is always ok to ask.

Just when it is about vulnerabilities or such, it is important to be clear and explicit, and maybe also to avoid false impressions. This is why we aimed to be so clear in our answers that Fedora is not affected. We want to avoid that other people who read this get the impression Fedora is vulnerable when it actually is not.

You could aim to avoid assumptions when you ask, such as the assumption that Fedora is vulnerable in your original question, but asking is always ok :wink: So no worries. See you around :classic_smiley:

1 Like

Thank you for sharing this invaluable insight. Actually, though I am new to Fedora (only 2 months or something), I did quite a research to choose my distro because distro-hoping is not for me. I need to replace Windows for my professional and everyday work as soon as possible. After doing a vast research, I choose Fedora although I knew Davinci Resolve, the only professional video editor is still not working in Fedora, but I have high hope that within 1 year time, I will find a way with the help of my friends here and also Fedora may show some way to install it.
Another thing, whenever Fedora shows update waiting, I instantly update it. :slightly_smiling_face:

1 Like