Thanks for the link - though I really couldn't find it in article. Doing a quick Ctrl+F on the source code doesn't show securityfocus being linked to at all.
Edit: HolyCarp: it looks like my ancient 2.4 kernel actually is vulnerable!
This looks more like an automatically generated list of all releases "prior to 5.0.8". Since this vulnerability is apparently connected with net namespaces I doubt it goes all the way back to 2.0.
Edit: git blame shows this commit introducing the if statement that is touched by the patch linked by OP. It happened somewhere in the 4.2 branch. This doesn't mean that the problem was introduced exactly then, but it does show that it's relatively recent code.
6 comments
[ 13.5 ms ] story [ 148 ms ] threadPrior to 5.0.8 seems a little vague, or is my 2.4 box actually affected?
Edit: HolyCarp: it looks like my ancient 2.4 kernel actually is vulnerable!
Quite an impressive list of Kernel indeed.
Edit: git blame shows this commit introducing the if statement that is touched by the patch linked by OP. It happened somewhere in the 4.2 branch. This doesn't mean that the problem was introduced exactly then, but it does show that it's relatively recent code.
https://github.com/torvalds/linux/commit/467fa15356acfb7b2ef...
https://www.reddit.com/r/netsec/comments/bofpri/linux_kernel...
https://www.cert-bund.de/advisoryshort/CB-K19-0400