Bpf door 악성코드 관련 커널패치 되어있을까요?

RockyLinux 8.10 운영중인데요
BPFDOOR 악성코드 관련하여
백도어 설치를 위한 취약점이 있다고 해서 문의드립니다

CVE-2021-3156 sudo 권한상승 취약점
CVE-2021-26084 Atlassian Confluence RCE
CVE-2021-22986 F5 BIG-IP RCE
CVE-2022-22954 VMware Workspace ONE Access RCE

위 CVE 커널패치 필요한가요?
전문가님들 조언이 필요합니다

No there isn’t, use:

dnf changelog sudo | grep -i cve

you will see CVE-2021-3156 is mentioned, and therefore is not vulnerable.

This has nothing to do with Rocky Linux - contact Atlassian.

Rocky Linux is not F5 - contact F5 Networks.

Rocky is not VMware - Contact Broadcom/VMware.

CVE-2021-3156 언급은 되었지만
fixes 되었단 정보는 없는데 적용되어있는건가요?

Expanding the detail:

[root@rocky8 ~]# dnf changelog sudo | grep -A2 3156
- CVE-2021-3156
Resolves: rhbz#1917734

which shows it references Red Hat Bugzilla and therefore has been fixed. So whatever your security scanner is, it is wrong.