[ddaalluu2]

1st 2 links report cve id not found Redhat & Ubuntu have cookie walls and Debian pages are the only readable without pressing or clicking or agreeing or disagreeing on anything. However none of the sites mention a fix.

What is the fix? Surely they don't release this kind of info without a fix.

[mananaysiempre]

The oss-security message has the commit hashes, these links (aside from the NVD, which seems to just lack information for the moment) are is only needed to figure out when their backports hit your distro kernel. The answer to that seems to be “not yet” for all the liked distros, which is weird.

I do not see a mitigation mentioned, but the impact of both of these seems to be limited to users with the ability to install nftables bytecode, so it seems having user namespaces disabled (if you don’t need them) would make this irrelevant?

[vaylian]

Yes, this confuses me as well. It would be good to know what kind of fixes the grandparent has applied.

[ddaalluu2]

Further down "MayeuIC" wrote 1015 is fixed in latest lts and stable kernels. Idk how to link to particular comments here. I'm on the phone and copy/pasting is a bit difficult.

So bottom line - upgrade kernels to latest of your branch, if you're able.