> Ubuntu 24.04’s kernel, which is based on (on 6.8.12), uses the old GC algorithm. Thus, the change to unix_gc does not apply (the upstream patch is for the new GC algorithm).
> But somehow Ubuntu still went with it and applied the change
This vulnerability was a direct consequence of the "just backport important-looking patches" mindset. Just using the latest stable upstream kernel instead would avoid this entire class of vulnerabilities.
josephcsible•2h ago
> Ubuntu 24.04’s kernel, which is based on (on 6.8.12), uses the old GC algorithm. Thus, the change to unix_gc does not apply (the upstream patch is for the new GC algorithm).
> But somehow Ubuntu still went with it and applied the change
This vulnerability was a direct consequence of the "just backport important-looking patches" mindset. Just using the latest stable upstream kernel instead would avoid this entire class of vulnerabilities.