`kernel:CVE-2022-0847` tweak: clarity with affected versions

[petecooper]

I ran v0.0.14 on a fully-patched (at least as far as apt permits) Ubuntu 22.04LTS, and got this result:

▀█▀ █▀█ ▄▀█ █ ▀█▀ █▀█ █▀█
░█░ █▀▄ █▀█ █ ░█░ █▄█ █▀▄ v0.0.14
https://github.com/liamg/traitor

[+] Assessing machine state...
[+] Checking for opportunities...
[+][kernel:CVE-2022-0847] Kernel version 5.15.0 is vulnerable!
[+][kernel:CVE-2022-0847] System is vulnerable! Run again with '--exploit kernel:CVE-2022-0847' to exploit it.

Checking the installed kernel version, I get this:

$ cat /proc/version_signature
Ubuntu 5.15.0-25.25-generic 5.15.30

According to the vendor (see https://ubuntu.com/kernel for details), the mainline kernel release is the 5.15.30 part. According to NIST (see https://nvd.nist.gov/vuln/detail/CVE-2022-0847), the CVE details state that 5.15.0 to 5.15.24 are affected, with 5.15.25 and newer not affected.

Given that Ubuntu LTS is a relatively popular choice among server operating systems – and 22.04 is the most recent LTS cut – it might be worth clarifying what kernel versions are affected by CVE-2022-0847 at a patch release level instead of minor release branch.

Thanks for your consideration.

[petecooper]

Follow up: the detection code is here – https://github.com/liamg/traitor/blob/main/pkg/exploits/cve20220847/exploit.go#L59 – and does check for >5.15.25 as an unaffected version, so perhaps the kernel version detection for Ubuntu (or Debian derivatives, I am not sure) is not working as expected.