Re: Unable to update to 14.1-p6

Reply: Kevin Oberman : "Re: Unable to update to 14.1-p6"
In reply to: Kevin Oberman : "Unable to update to 14.1-p6"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Dag-Erling_Smørgrav <des_at_FreeBSD.org>
Date: Mon, 18 Nov 2024 11:48:48 UTC

Kevin Oberman <rkoberman@gmail.com> writes:
> I am running 14.1-p5 and get a daily message that I have a kernel security vulnerability:
> Checking for security vulnerabilities in base (userland & kernel):
> Fetching vuln.xml.xz: .......... done
> FreeBSD-kernel-14.1_5 is vulnerable:
>   FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer
>   CVE: CVE-2024-39281
>   WWW: https://vuxml.FreeBSD.org/freebsd/8caa5d60-a174-11ef-9a62-002590c1f29c.html

It's a false positive.  The advisory only affected the ctl driver, which
is not included in the GENERIC kernel, therefore the kernel itself was
not updated and does not reflect the patch level.

DES
-- 
Dag-Erling Smørgrav - des@FreeBSD.org