Date: Mon, 18 Nov 2024 12:48:48 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@FreeBSD.org> To: Kevin Oberman <rkoberman@gmail.com> Cc: "freebsd-questions@freebsd.org" <questions@freebsd.org> Subject: Re: Unable to update to 14.1-p6 Message-ID: <86serosqxr.fsf@ltc.des.dev> In-Reply-To: <CAN6yY1stBxS5OVeLpZyzBKn%2B=b_jqFqtRsYM1Zx16OC3DWBu8A@mail.gmail.com> (Kevin Oberman's message of "Sat, 16 Nov 2024 10:45:22 -0800") References: <CAN6yY1stBxS5OVeLpZyzBKn%2B=b_jqFqtRsYM1Zx16OC3DWBu8A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Kevin Oberman <rkoberman@gmail.com> writes: > I am running 14.1-p5 and get a daily message that I have a kernel securit= y vulnerability: > Checking for security vulnerabilities in base (userland & kernel): > Fetching vuln.xml.xz: .......... done > FreeBSD-kernel-14.1_5 is vulnerable: > =C2=A0 FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer > =C2=A0 CVE: CVE-2024-39281 > =C2=A0 WWW: https://vuxml.FreeBSD.org/freebsd/8caa5d60-a174-11ef-9a62-002= 590c1f29c.html It's a false positive. The advisory only affected the ctl driver, which is not included in the GENERIC kernel, therefore the kernel itself was not updated and does not reflect the patch level. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86serosqxr.fsf>