If "lsmod | grep algif_aead" returns nothing, is the vulnerability not exploitable?
Most of my Linux machines are running older, non-patched kernels, but it doesn't seem like the affected kernel module is active... so does that mean a system that returns nothing for "lsmod | grep algif_aead" is not at risk for this exploit?
#Linux
I don’t want to run a mitigation that doesn’t need to be run. Just in case that introduces a problem in a system that is currently working fine and not exploitable.
So from what I’ve learned so far:
lsmod | grep algif_aead
this checks to see if the exploitable module is loaded.
You can check if the module is present in the system, but not currently loaded with:
modinfo algif_aead 2>/dev/null
If that returns information, the module is present and could be loaded.
But you have to have root privileges to load the module.
So my logic is that if
lsmod | grep algif_aead
returns nothing, the vulnerable Linux kernel module is not loaded and therefore not exploitable… even if the module is present on the system but not loaded.
Please correct me if I am wrong.
@matthew My service provider performed well today. I got an email pointing at this bug, saying I should probably either disable the module or update the system.
Logged in, did an zypper up, rebooted, and all is well.
It took me about 3-4 minutes in total.
I like that my service provider sent me the email based on the public internet facing VM:s they have.
Then of course I only have one static web site and one hidden
