[elrepo] CVE-2022-0185 kernel update

[Phil Perry]

On 28/01/2022 19:40, Trevor Hemsley wrote:
> On 28/01/2022 18:48, Scott Van Caster wrote:
>  > Team,
>  >
>  > I am testing on Centos 7.9 your kernel patch for the CVE-2022-0185.  I
>  > have
>  > tried the ml and tl versions and it looks like I need the driver for
>  > my nic card.  I did not find this one listed.
>  > 19:00.0 Ethernet controller [0200]: Intel Corporation Ethernet Controller
>  >  X710 for 10GbE SFP+ [8086:1572] (rev 02)
>  >
>  > Are there any workarounds for my situation?
> 
> 
> That card is supported by the i40e module which should be part of both
> kernel-ml and -lt. The card is supported by the default distro
> 3.10.0-1160.53.1.el7 kernel as well.
> 
> Check with `grep 8086 /lib/modules/$(uname -r)/modules.* | grep 1572`
> and you should see a line like
> 
> grep: /lib/modules/5.15.13-100.fc34.x86_64/modules.alias.bin: binary
> file matches
> 
> (mine is on Fedora but the idea is the same).
> 
> Trevor
> 

Confirmed, the required driver for that device is i40e and is supported 
by the latest el7 distro kernel:

$ grep -i 8086 /lib/modules/*/modules.alias | grep -i 1572
/lib/modules/3.10.0-1160.45.1.el7.x86_64/modules.alias:alias 
pci:v00008086d00001572sv*sd*bc*sc*i* i40e
/lib/modules/3.10.0-1160.49.1.el7.x86_64/modules.alias:alias 
pci:v00008086d00001572sv*sd*bc*sc*i* i40e
/lib/modules/3.10.0-1160.53.1.el7.x86_64/modules.alias:alias 
pci:v00008086d00001572sv*sd*bc*sc*i* i40e
/lib/modules/3.10.0-1160.el7.x86_64/modules.alias:alias 
pci:v00008086d00001572sv*sd*bc*sc*i* i40e

either in the el7 distro kernel or the elrepo kernel-lt or kernel-ml 
packages.

Regarding CVE-2022-0185, both kernel-lt and kernel-ml latest packages 
contain fixed for CVE-2022-0185. The el7 distro kernel is not affected 
by the issue so no fix required.

https://access.redhat.com/security/cve/cve-2022-0185

Phil