Date: Mon, 18 Nov 2024 12:48:48 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@FreeBSD.org> To: Kevin Oberman <rkoberman@gmail.com> Cc: "freebsd-questions@freebsd.org" <questions@freebsd.org> Subject: Re: Unable to update to 14.1-p6 Message-ID: <86serosqxr.fsf@ltc.des.dev> In-Reply-To: <CAN6yY1stBxS5OVeLpZyzBKn%2B=b_jqFqtRsYM1Zx16OC3DWBu8A@mail.gmail.com> (Kevin Oberman's message of "Sat, 16 Nov 2024 10:45:22 -0800") References: <CAN6yY1stBxS5OVeLpZyzBKn%2B=b_jqFqtRsYM1Zx16OC3DWBu8A@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
Kevin Oberman <rkoberman@gmail.com> writes: > I am running 14.1-p5 and get a daily message that I have a kernel security vulnerability: > Checking for security vulnerabilities in base (userland & kernel): > Fetching vuln.xml.xz: .......... done > FreeBSD-kernel-14.1_5 is vulnerable: > FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer > CVE: CVE-2024-39281 > WWW: https://vuxml.FreeBSD.org/freebsd/8caa5d60-a174-11ef-9a62-002590c1f29c.html It's a false positive. The advisory only affected the ctl driver, which is not included in the GENERIC kernel, therefore the kernel itself was not updated and does not reflect the patch level. DES -- Dag-Erling Smørgrav - des@FreeBSD.orghome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86serosqxr.fsf>