gronod/lfs
1
0
Fork 0
mirror of https://git.linuxfromscratch.org/lfs.git synced 2025-06-18 19:29:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

linux kernel: disable CONFIG_USERFAULTFD to avoid CVE-2022-2590 for now

Browse Source
This commit is contained in:
Xi Ruoyao 2022-08-24 16:41:16 +08:00
parent 83b86449a1
commit 098f4de336
No known key found for this signature in database
GPG Key ID: ACAAD20E19E710E3
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
chapter10/kernel.xml
View File

@ -159,6 +159,8 @@ File systems --->
<screen role="nodump">Processor type and features ---&gt; <screen role="nodump">Processor type and features ---&gt;
[*] Support x2apic [CONFIG_X86_X2APIC] [*] Support x2apic [CONFIG_X86_X2APIC]
Memory Management options ---&gt;
[ ] Enable userfaultfd() system call [CONFIG_USERFAULTFD]
Device Drivers ---&gt; Device Drivers ---&gt;
[*] PCI Support ---&gt; [CONFIG_PCI] [*] PCI Support ---&gt; [CONFIG_PCI]
[*] Message Signaled Interrupts (MSI and MSI-X) [CONFIG_PCI_MSI] [*] Message Signaled Interrupts (MSI and MSI-X) [CONFIG_PCI_MSI]
@ -250,6 +252,16 @@ Device Drivers ---&gt;
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><parameter>Enable userfaultfd() system call</parameter></term>
<listitem>
<para>If this option is enabled, a security vulnerability not
resolved in Linux-&linux-version; yet will be exploitable.
Disable this option to avoid the vulnerability. This system call
is not used by any part of LFS or BLFS.</para>
</listitem>
</varlistentry>
</variablelist> </variablelist>
<para>Alternatively, <command>make oldconfig</command> may be more <para>Alternatively, <command>make oldconfig</command> may be more