Bug 1213163

Summary: Convenient check for integrated security patches
Product: [openSUSE] openSUSE Distribution Reporter: Topper Harley <webforen>
Component: KernelAssignee: openSUSE Kernel Bugs <kernel-bugs>
Status: NEW --- QA Contact: E-mail List <qa-bugs>
Severity: Enhancement    
Priority: P5 - None    
Version: Leap 15.4   
Target Milestone: ---   
Hardware: x86-64   
OS: openSUSE Leap 15.4   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Topper Harley 2023-07-09 21:06:40 UTC 
What do you think about providing a human readable /sys/ entry to let the user/admin conveniently check, what security patches the running kernel has already implemented?

Something like


cat /sys/kernel/security/secpatches | grep -i stackrot
GOOD StackRot (CVE-2023-3269) patch is integrated in running kernel!

For CPU vulnerabilities we have such a mechanism with
/sys/devices/system/cpu/vulnerabilities

I wish, I could have something similar for "standard" kernel vulnerabilities.

My guess is, if you ever considered this to be useful, you´d first offer this in Tumbleweed I guess?

Thanks for listening.
Comment 1 Marcus Meissner 2023-07-10 07:12:38 UTC 
this would be quite a long list and i think it would be better if upstream would do that first.