Was this vulnerability CVE-2021-33909 pached by kernel 5.8.0-63-generic?

Question

On 21.7.2021 this ZDNET article wrote about serious vulnerability CVE-2021-3390: https://www.zdnet.com/article/patch-now-linux-file-system-security-hole-dubbed-sequoia-can-take-over-systems/?ftag=TRE-03-10aaa6b&bhid=%7B%24external_id%7D&mid=%7B%24MESSAGE_ID%7D&cid=%7B%24contact_id%7D&eh=%7B%24CF_emailHash%7D

On 22.7.2021 there was kernel update of Ubuntu 20.04 LTS from 5.8.0-59-generic to 5.8.0-63-generic. Was this vulnerability CVE-2021-33909 patched by this update?

You could easily find the answer via any search engine with key words "CVE-2021-33909 ubuntu". The answer is in this link https://ubuntu.com/security/CVE-2021-33909 — kenn, Jul 23 '21 at 15:02
Does this answer your question? How can I tell if a CVE has been fixed in Ubuntu's repositories? — muru, Jul 26 '21 at 09:41

Thomas Ward · Answer 1 · 2021-07-23T16:34:32.993

1

The Ubuntu CVE tracker linked to you by @kenn in the comments is going to answer this question instantly.

As you can see, the version of the package 5.8.0-63.71 (in Ubuntu 20.10) will contain the package updates. You can verify your package version by looking at the output of apt-cache policy linux-image-generic and looking at the "Installed" lines. If the "Installed" line is equal to or greater than the version strings below (replace the '-' with a dot for the equivalent version matching syntax for APT packaging versions to kernel versions), you are patched.

edited Jul 23 '21 at 16:34

answered Jul 23 '21 at 15:06

Thomas Ward

74,764

@kenn and Thomas Ward Thank you very much for the exact and pithy replies! Br Kapel – Kapel Jul 24 '21 at 07:58

Was this vulnerability CVE-2021-33909 pached by kernel 5.8.0-63-generic?

1 Answers1