yuta-hayama
commented
10 months ago CVE id number CVE-2022-1508
Ubuntu and SUSE Bugzilla indicate that the following commit is the cause of the issue: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=632546c4b5a4dad8e3ac456406c65c0db9a0b570
Therefore, the start version would be v5.11-rc1.
References https://ubuntu.com/security/CVE-2022-1508 https://bugzilla.suse.com/show_bug.cgi?id=1198968#c1
CVE id number CVE-2023-2430
Ubuntu and SUSE Bugzilla indicate that the following commit is the cause of the issue: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f57f06ce2186c31c3da52386125dc57b1cd6f96
Therefore, the start version would be v5.18-rc1.
References https://ubuntu.com/security/CVE-2023-2430 https://bugzilla.suse.com/show_bug.cgi?id=1211014#c1
Change Type Requested Update
CVE id number CVE-2022-1508 CVE-2023-2430 CVE-2023-6560
References https://github.com/torvalds/linux/commit/2b188cc1bb857a9d4701ae59aa7768b5124e262e
Additional context io_uring was added in 5.1-rc1, so any issues can not date back to earlier kernels. I have not checked the introduction of individual sub-functions, just giving a more sensible lower bound than 2.6.12-rc2.
These are the 3 active issues that I found in the data file that have lower versions than 5.1-rc1 or unknown. Another candidate may be the rejected CVE-2022-20424 as it affects io_uring as well.