Kernel

unklar · Yesterday 07:56:49

^Because a new kernel just came in...

❯ dpkg -l linux* | grep ii
ii  linux-base                                 4.12.1       all          Linux image base package
ii  linux-cpupower                             6.12.90-2    amd64        CPU power management tools for Linux
ii  linux-image-6.12.90+deb13-amd64            6.12.90-1    amd64        Linux 6.12 for 64-bit PCs (signed)
ii  linux-image-6.12.90+deb13.1-amd64          6.12.90-2    amd64        Linux 6.12 for 64-bit PCs (signed)
ii  linux-image-amd64                          6.12.90-2    amd64        Linux for 64-bit PCs (meta-package)
ii  linux-sysctl-defaults                      4.12.1       all          default sysctl configuration for Linux

Please update your systems regularly (nothing unusual for me at siduction every day)!

Everyone should know that AI-based security vulnerabilities have been discovered in the kernel in recent weeks.
e.g.
CVE-2026-43284 ("DirtyFrag")
CVE-2026-46333 (ssh-keysign-pwn)
CVE-2026-46300 (Fragnesia)
CVE-2026-43494 ("PinTheft")
(Probably not complete and not in the order in which they were discovered)

Currently are:

❯ curl -sL https://www.kernel.org | grep "browse" | cut -d '.' -f 2- | cut -d '"' -f 1
kernel.org/torvalds/h/v7.1-rc5
kernel.org/stable/h/v7.0.10
kernel.org/stable/h/v6.18.33
kernel.org/stable/h/v6.12.91
kernel.org/stable/h/v6.6.141
kernel.org/stable/h/v6.1.174
kernel.org/stable/h/v5.15.208
kernel.org/stable/h/v5.10.257
kernel.org/next/linux-next/h/next-20260528

❯ curl https://api.ftp-master.debian.org/madison?package=linux-image-amd64&s=experimental
[1] 3428

❯ linux-image-amd64 | 5.10.223-1        | oldoldstable               | amd64
linux-image-amd64 | 6.1.170-3         | oldstable                  | amd64
linux-image-amd64 | 6.1.172-1         | oldstable-proposed-updates | amd64
linux-image-amd64 | 6.1.174-1         | oldstable-new              | amd64
linux-image-amd64 | 6.12.86-1         | stable                     | amd64
linux-image-amd64 | 6.12.90-1~bpo12+1 | buildd-oldstable-backports | amd64
linux-image-amd64 | 6.12.90-1~bpo12+1 | oldstable-backports        | amd64
linux-image-amd64 | 6.12.90-1         | proposed-updates           | amd64
linux-image-amd64 | 6.12.90-2         | stable-new                 | amd64
linux-image-amd64 | 7.0.7-1~bpo13+1   | stable-backports           | amd64
linux-image-amd64 | 7.0.9-1           | testing                    | amd64
linux-image-amd64 | 7.0.10-1          | buildd-unstable            | amd64
linux-image-amd64 | 7.0.10-1          | unstable                   | amd64
linux-image-amd64 | 7.1~rc5-1~exp1    | experimental               | amd64

Debian fixes the kernels very reliably. I've had cases where a newly discovered vulnerability was being discussed in internet forums and Debian had already fixed the kernel for me 2 hours beforehand.
I'm really not worried about that. So, remember that.

Sector11 · Yesterday 11:48:26

That's a huge Thank You unklar!

DeepDayze · Yesterday 14:10:21

Great info and it's certainly advisable to update kernels regularly, even on stable.

hhh · Yesterday 20:30:00

Current debian stable is 12.90?

~ 
❯ uname -a
Linux electric-mayhem 6.12.90+deb13.1-rt-amd64 #1 SMP PREEMPT_RT Debian 6.12.90-2 (2026-05-27) x86_64 GNU/Linux

unklar · Today 11:33:13

hhh wrote:

Current debian stable is 12.90?

~ 
❯ uname -a
Linux electric-mayhem 6.12.90+deb13.1-rt-amd64 #1 SMP PREEMPT_RT Debian 6.12.90-2 (2026-05-27) x86_64 GNU/Linux

Yes

linux-image-amd64 | 6.12.90-2         | stable-new                 | amd64

hhh · Today 16:04:27

^ Sorry, I thought I was on sid with that uname, I was on trixie.

hhh@sid:~$ uname -a
Linux sid 7.0.10+deb14-amd64 #1 SMP PREEMPT_DYNAMIC Debian 7.0.10-1 (2026-05-27) x86_64 GNU/Linux

The kernel updates have been pretty steady for trixie this cycle.

unklar · Today 17:41:34

^^no problem

The status as of today 1:41 p.m. CEST

linux-vulnerability-mitigation check
  fixed              CVE-2026-31431  "2026-04-29"  "Copy Fail"
  fixed              CVE-2026-43284  "2026-05-07"  "Dirty Frag (Part 1) / Copy Fail 2"
  mitigated          CVE-2026-43494  "2026-05-19"  "PinTheft"
  fixed              CVE-2026-43500  "2026-05-07"  "Dirty Frag (Part 2)"
  fixed              CVE-2026-46300  "2026-05-13"  "Fragnesia"
  fixed              CVE-2026-46333  "2026-05-15"  "ssh-keysign-pwn"

https://security-tracker.debian.org/tra … kage/linux

dbickin · Today 18:07:29

unklar wrote:

^Because a new kernel just came in...

❯ curl https://api.ftp-master.debian.org/madison?package=linux-image-amd64&s=experimental
[1] 3428

❯ linux-image-amd64 | 5.10.223-1        | oldoldstable               | amd64
linux-image-amd64 | 6.1.170-3         | oldstable                  | amd64
linux-image-amd64 | 6.1.172-1         | oldstable-proposed-updates | amd64
linux-image-amd64 | 6.1.174-1         | oldstable-new              | amd64

Because I don't entirely understand the process... I am running Boron, which I believe is being called oldstable now.

dbickin@bunsen-boron-sda6:~$ uname -a
Linux bunsen-boron-sda6 6.1.0-44-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.164-1 (2026-03-09) x86_64 GNU/Linux

I have noticed over the past few weeks, I would be notified that there were updates, and I have been applying them as they arrive. But if I am reading this right, I am at 6.1.164-1, but your chart suggests I should be at 6.1.17x-x.

Am I misunderstanding, or is something wrong with my system?

Thanks,
David

#1 Yesterday 07:56:49

Kernel

#2 Yesterday 11:48:26

Re: Kernel

#3 Yesterday 14:10:21

Re: Kernel

#4 Yesterday 20:30:00

Re: Kernel

#5 Today 11:33:13

Re: Kernel

#6 Today 16:04:27

Re: Kernel

#7 Today 17:41:34

Re: Kernel

#8 Today 18:07:29

Re: Kernel

Board footer