Linux Kernel CVEs Don't Care About Your Distro's Release Schedule — Here's What Actually Happens (opens in new tab)

TL;DR: The thing that caught me off guard the first time I seriously tracked a kernel CVE was realizing I had no idea what "patched" actually meant. I'd see a CVE entry marked as resolved, open a terminal on my Ubuntu 22. 📖 Reading time: ~36 min What's in this article The Gap Between 'Kernel Patched' and 'Your Server Is Safe' How Distros Actually Handle Upstream Kernel Vulnerabilities Reading a Real Kernel CVE: CVE-2023-3269 (StackRot) as a Case Study Commands You Actually Need to Audit Your ...