Are LTS kernels recommended for security?

SkewedZeppelin · August 13, 2024, 3:16am

@ikelatomig
yep, this is why I can’t recommend any desktop distro that doesn’t use official kernel.org branches

take a look at this example:

CVE-2023-0461
- There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation.
- fix authored January 3rd 2023, pushed January 4th
  - net/ulp: prevent ULP without clone op from entering the LISTEN status - kernel/git/torvalds/linux.git - Linux kernel source tree
- kernel.org shipped it on January 14th: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.6
CVE-2023-0179
- This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.
- fix authored and pushed January 11th 2023
  - netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits - kernel/git/torvalds/linux.git - Linux kernel source tree
- kernel.org shipped it January 18th: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.7
Ubuntu shipped them March 2nd: USN-5912-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu
Ubuntu shipped LivePatch updates for them March 27th: LSN-0093-1: Kernel Live Patch Security Notice | Ubuntu security notices | Ubuntu

Topic		Replies	Views
Is Ubuntu more secure than Debian? Questions	1	343	September 22, 2024
Why aren't LTS distros notorious for security breaches? Questions	6	529	July 20, 2024
Are newer android versions more resistant to 0-days than the previous Questions	30	527	October 1, 2024
Debian-based distro that has the latest kernel patches? Questions	84	1245	September 8, 2024
Is it ok not to upgrade to ubuntu server 24.04 LTS? Questions	2	192	September 2, 2024