kernel

History

Andrew Lukoshko cc48c27cd1 Bump version to 5.14.0-611.54.6 ptrace: require CAP_SYS_PTRACE when task has no mm kABI-safe AlmaLinux backport of upstream commit 31e62c2ebbfd ("ptrace: slightly saner 'get_dumpable()' logic"). The upstream fix adds a user_dumpable bit to task_struct and caches it from exit_mm() -- both layout changes would break the kABI signature of struct task_struct (referenced by stablelist exports such as set_cpus_allowed_ptr and wake_up_process). Instead, take the minimal kABI-safe slice: in __ptrace_may_access(), when task->mm == NULL, require CAP_SYS_PTRACE in init_user_ns unconditionally. This closes the Qualys Security Advisory hole without touching task_struct or exit.c. The only behavioural delta versus upstream is that an already-exited user task whose mm has been cleared now also requires CAP_SYS_PTRACE.	2026-05-15 07:33:53 +00:00
..
kernel.spec	Bump version to 5.14.0-611.54.6	2026-05-15 07:33:53 +00:00

Andrew Lukoshko cc48c27cd1 Bump version to 5.14.0-611.54.6

ptrace: require CAP_SYS_PTRACE when task has no mm

kABI-safe AlmaLinux backport of upstream commit 31e62c2ebbfd
("ptrace: slightly saner 'get_dumpable()' logic"). The upstream
fix adds a user_dumpable bit to task_struct and caches it from
exit_mm() -- both layout changes would break the kABI signature
of struct task_struct (referenced by stablelist exports such as
set_cpus_allowed_ptr and wake_up_process).

Instead, take the minimal kABI-safe slice: in __ptrace_may_access(),
when task->mm == NULL, require CAP_SYS_PTRACE in init_user_ns
unconditionally. This closes the Qualys Security Advisory hole
without touching task_struct or exit.c. The only behavioural
delta versus upstream is that an already-exited user task whose
mm has been cleared now also requires CAP_SYS_PTRACE.

2026-05-15 07:33:53 +00:00

kernel.spec

Bump version to 5.14.0-611.54.6

2026-05-15 07:33:53 +00:00