
2025-07-13 20:53:33
Obscure kernel bug use-after-free and then the VLAI severity told me "maybe important" before I read the drama #kernel
Obscure kernel bug use-after-free and then the VLAI severity told me "maybe important" before I read the drama #kernel
New set of #Gentoo #Linux Distribution Kernels (6.1.143, 6.6.96, 6.12.36, 6.15.5) is out. This set brings some major changes:
• I've backported a bunch of changes from sys-kernel/gentoo-kernel to sys-kernel/vanilla-kernel that were missing — notably wider architecture support.
• I've added default #RISCV configs to 6.12 (in addition to 6.15), since Fedora had them.
• All three packages are based off the baseline kernel tarball upstream patch (vanilla-kernel used to fetch patch-level tarball every time, and gentoo-kernel* used genpatches for patch versions). This should reduce disk space and bandwidth use.
• All three packages now support verify-sig. Rather than verifying the uncompressed tarball signature, we now use upstream `sha256sums.asc` file to verify the compressed tarball and patch.
• sys-kernel/gentoo-kernel* now repackages genpatches. This means patchset that's much leaner and faster to apply (since we just fetch and use the combined upstream patch rather than including point patches). This also means that we are able to release Distribution Kernels before gentoo-sources are done.
The changes still need to be done to 5.15 and 5.10 branches — we're going to do for the next upstream releases of these.
#kernel
Linux kernel 6.16 is out :)
#linux #kernel
https://www.youtube.com/watch?v=lhXgGU2BBq8…
Well, I am complaining about #AI slop introducing some random bugs in a minor userspace project, and in the meantime I learn that #Linux #kernel LTS developers are using AI to backport patches, and creating new vulnerabilities in the process.
Note: the whole thread is quite toxic, so I'd take it with a grain of salt, but still looks like the situation is quite serious.
"You too can crash today's 6.12.43 LTS kernel thanks to a stable maintainer's AI slop."
And apparently this isn't the first time either:
"When AI decided to select a random CPU mitigation patch for backport last month that turned a mitigation into a no-op, nothing was done, it sat unfixed with a report for a month (instead of just immediately reverting it), and they rejected a CVE request for it."
#security #LLM #NVIDIA #Gentoo