generated from sig_core/wiki-template
issues/CVE-2024-1086.md: Hopefully fix mitigations list formatting #28
@ -22,7 +22,7 @@ Both EL9 and EL8 are affected. We will of course rebuild upstream's fix as soon
|
|||||||
|
|
||||||
Meanwhile, we recommend two mitigations:
|
Meanwhile, we recommend two mitigations:
|
||||||
|
|
||||||
1. If you don't use containers, we recommend that you disable user namespaces e.g. by running the below commands as root:
|
- If you don't use containers, we recommend that you disable user namespaces e.g. by running the below commands as root:
|
||||||
|
|
||||||
```
|
```
|
||||||
echo user.max_user_namespaces=0 > /etc/sysctl.d/userns.conf
|
echo user.max_user_namespaces=0 > /etc/sysctl.d/userns.conf
|
||||||
@ -32,7 +32,7 @@ sysctl -p /etc/sysctl.d/userns.conf
|
|||||||
This is a mitigation also suggested by Red Hat.
|
This is a mitigation also suggested by Red Hat.
|
||||||
It is expected to fully mitigate this and other/future related vulnerabilities.
|
It is expected to fully mitigate this and other/future related vulnerabilities.
|
||||||
|
|
||||||
2. Install our [package of LKRG](../packages/lkrg.md), start and enable the service.
|
- Install our [package of LKRG](../packages/lkrg.md), start and enable the service.
|
||||||
|
|
||||||
This does not fully mitigate the vulnerability,
|
This does not fully mitigate the vulnerability,
|
||||||
but it reliably prevents the specific exploit referenced above from working and produces LKRG alerts when the exploit is run.
|
but it reliably prevents the specific exploit referenced above from working and produces LKRG alerts when the exploit is run.
|
||||||
|
Loading…
Reference in New Issue
Block a user