Bug 1213163 - Convenient check for integrated security patches
Summary: Convenient check for integrated security patches
Status: NEW
Alias: None
Product: openSUSE Distribution
Classification: openSUSE
Component: Kernel (show other bugs)
Version: Leap 15.4
Hardware: x86-64 openSUSE Leap 15.4
: P5 - None : Enhancement (vote)
Target Milestone: ---
Assignee: openSUSE Kernel Bugs
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-09 21:06 UTC by Topper Harley
Modified: 2023-07-10 07:12 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Topper Harley 2023-07-09 21:06:40 UTC 
What do you think about providing a human readable /sys/ entry to let the user/admin conveniently check, what security patches the running kernel has already implemented?

Something like


cat /sys/kernel/security/secpatches | grep -i stackrot
GOOD StackRot (CVE-2023-3269) patch is integrated in running kernel!

For CPU vulnerabilities we have such a mechanism with
/sys/devices/system/cpu/vulnerabilities

I wish, I could have something similar for "standard" kernel vulnerabilities.

My guess is, if you ever considered this to be useful, you´d first offer this in Tumbleweed I guess?

Thanks for listening.
Comment 1 Marcus Meissner 2023-07-10 07:12:38 UTC 
this would be quite a long list and i think it would be better if upstream would do that first.