@Slabrie I’m sure your team has been monitoring the CopyFail security incident closely. Most cloud service providers have rushed to patch kernels, at times even with forced upgrades.
What is the plan for Flame installs on Rocky?
From what I understand the kernel image itself has to be updated, the vulnerability is in a file that is compiled into the kernel, not a loaded module. With kernel patches available now for most Rocky releases.
Can we expect a DKU that addresses that, or at least instructions on how a kernel update can be safely applied?
In my understanding the fix ultimately is ‘sudo dnf update kernel’ + reboot. But has the potential to break NVidia drivers and other aspects of the system. Thus having instructions that are suitable for the ADSK ISO would be greatly appreciated, and a DKU even better.
Looking forward to to your thoughts.
PS: I understand that Flame machines aren’t necessarily exposed to external network traffic, and that exploits may require an initial entry point. That being said, an increasing number of us do run ComfyUI and other software on our Flame systems out of necessity of modern workflows and to share valuable GPU capacity. So the attack surface may be larger than a pure Flame system.