Comment by arcfour

16 hours ago

It's unfortunate that this does not include which versions of the kernel are vulnerable/patched, especially since this is a builtin module which cannot be easily removed with rmmod...

I was wondering if I was vulnerable running Fedora 44, kernel 6.19.14, and after a few minutes of digging I was able to find the linux-cve-announce mailing list post: https://lore.kernel.org/linux-cve-announce/2026042214-CVE-20... which says:

  ...fixed in 6.18.22 with commit fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8

  ...fixed in 6.19.12 with commit ce42ee423e58dffa5ec03524054c9d8bfd4f6237

  ...fixed in 7.0 with commit a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5

Hope that helps.

3 comments

arcfour

noisy_boy 1 hour ago

Thanks for this - I was wondering why I got the password prompt on my Fedora 43 with latest packages.

hnarn 11 hours ago

most distros backport fixes which does not increment that version number. i.e. they patch it, they do not ship a completely new kernel release.

baggy_trough 3 hours ago

Greg KH says more backports coming soon.

https://openwall.com/lists/oss-security/2026/04/30/12