Hello,
We got an email at work about the following advisories about a denial of service vulnerability in the TCP implementation in kernel versions 4.9 and greater:
https://www.kb.cert.org/vuls/id/962459.
There’s a patch, called out in the above link, and the patch comments describe the issue and the current fix:
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/patch/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e
If we’re running kernel version 4.9 or greater on our beaglebone/beagleboard products, what do you recommend we do?
Should we go ahead and apply the patch to every image we download from beagleboard.org with kernel 4.9 or greater if we’re connecting our beagles on the internet and are concerned about the attack, or has the fix already be “rolled” into certain images?
Thanks!!!
Jeff
Robert,
We’ve got a BBB where we’re running, bone-debian-9.3-console-armhf-2018-03-05-1gb.img. It has kernel 4.9.82-ti-r102.
We need to stick with kernel version 4.9 as our WiFi driver (SI Labs WF111) currently only compiles for kernels up to 4.9. Compile breaks for kernel 4.14.69.
To apply the DoS patch to 4.9.82-ti-r102, is there an easier way than to apply a kernel patch, then to have to re-build the kernel from the patched kernel source?? For instance, is there a package which will apply the patch? We’re trying to stick as close as possible to stock images, if at all possible, so that people less familiar with Linux can re-generate an image.
Also, if we need to re-build the kernel, the above links reference 2 patches with minor differences. Is there a specific version of the patch we need for kernel 4.9, or can we just apply the latest patch for 4.17.11?
Thanks in advance!!
Jeff
Ok thanks a lot Robert!!!
Okay, pushed.. 4.9.126-ti-r115
no RT, too many changes for me to deal with..
Regards,
Thanks a lot Robert!!!
Will fetch it, build it, deploy, and test on our image..
Regards,
Jeff