CVE-2022-2602 security vulnerability
Hello everyone! Recently, the CVE-2022-2602 security vulnerability was reported on OpenWall that can potentially lead to privilege escalation due to some issue with Unix-domain sockets. There also seems to be a proposed fix -- the commit that was mentioned in the OpenWall message as one that fixes the issue. While it's for 6.x kernels, I've managed to introduce the corrections into 5.19.16 kernel (a fix for the io_uring/rsrc.c file was added to the corresponding place in the io_uring/io_uring.c file -- this file seems to have been split into separate parts in the 6.x kernel) by manually editing files according to the git diff file.
I think that we can wait for the PoC and see whether it works in Puppy Linux.
P.S. The kernel is published here.