diff options
| author | Xi Ruoyao <xry111@xry111.site> | 2022-08-24 16:41:16 +0800 |
|---|---|---|
| committer | Xi Ruoyao <xry111@xry111.site> | 2022-08-24 16:42:49 +0800 |
| commit | 098f4de3369ae0fc7d50fc6060b059eb5627de4e (patch) | |
| tree | 64335aa2e61ca8c2d5ff112bc00aa20d0f04c7a2 | |
| parent | 83b86449a152433dbb623a7b275b6cc5a4becdf6 (diff) | |
linux kernel: disable CONFIG_USERFAULTFD to avoid CVE-2022-2590 for now
| -rw-r--r-- | chapter10/kernel.xml | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/chapter10/kernel.xml b/chapter10/kernel.xml index 32c9682b8..4775d9ad7 100644 --- a/chapter10/kernel.xml +++ b/chapter10/kernel.xml @@ -159,6 +159,8 @@ File systems ---> <screen role="nodump">Processor type and features ---> [*] Support x2apic [CONFIG_X86_X2APIC] +Memory Management options ---> + [ ] Enable userfaultfd() system call [CONFIG_USERFAULTFD] Device Drivers ---> [*] PCI Support ---> [CONFIG_PCI] [*] Message Signaled Interrupts (MSI and MSI-X) [CONFIG_PCI_MSI] @@ -250,6 +252,16 @@ Device Drivers ---> </listitem> </varlistentry> + <varlistentry> + <term><parameter>Enable userfaultfd() system call</parameter></term> + <listitem> + <para>If this option is enabled, a security vulnerability not + resolved in Linux-&linux-version; yet will be exploitable. + Disable this option to avoid the vulnerability. This system call + is not used by any part of LFS or BLFS.</para> + </listitem> + </varlistentry> + </variablelist> <para>Alternatively, <command>make oldconfig</command> may be more |