Date: Thu, 9 Aug 2018 16:27:38 +0100 From: Simon McVittie <smcv@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: Re: Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem On Thu, 09 Aug 2018 at 16:21:03 +0200, Andrey Konovalov wrote: > See the comment in the exploit source code for a > usage example that shows how to read /etc/shadow on Ubuntu xenial > 4.13.0-38-generic Note that because of the way Debian and Ubuntu kernels are packaged, this is an "ABI version" describing a class of kernels with compatible module ABIs, not a specific version number. The version number for Ubuntu kernels looks like 4.13.0-38.43~16.04.1 or similar. If you are illustrating how to reproduce an exploit against a specific binary kernel, you'll probably want to quote both the package name and the version number: for example https://packages.ubuntu.com/xenial/linux-image-4.13.0-38-generic currently lists "linux-image-4.13.0-38-generic (4.13.0-38.43~16.04.1)". smcv
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.