Thread: Firmware Update Kindle Firmware 5.16.2.1
View Single Post
Old 10-04-2023, 12:29 PM   #52
Frogm4n
Evangelist
Frogm4n ought to be getting tired of karma fortunes by now.Frogm4n ought to be getting tired of karma fortunes by now.Frogm4n ought to be getting tired of karma fortunes by now.Frogm4n ought to be getting tired of karma fortunes by now.Frogm4n ought to be getting tired of karma fortunes by now.Frogm4n ought to be getting tired of karma fortunes by now.Frogm4n ought to be getting tired of karma fortunes by now.Frogm4n ought to be getting tired of karma fortunes by now.Frogm4n ought to be getting tired of karma fortunes by now.Frogm4n ought to be getting tired of karma fortunes by now.Frogm4n ought to be getting tired of karma fortunes by now.
 
Posts: 461
Karma: 3579113
Join Date: Jul 2023
Device: Scribe 2022, OA2, PRS-350
> This vulnerability was introduced in April 2021 (glibc 2.34)

This is a very narrow window of vulnerability, esp. for production embedded devices. Amazon does not use glibc in these devices. I just checked the most recent 5.16.3.1 code for the Scribe and Amazon uses klibc_1.5.25. So they use an old version even of that (current klibc is 2.0.10).

https://www.amazon.com/gp/help/custo...deId=200203720

https://en.wikipedia.org/wiki/Klibc

EDIT: I guess I could be misreading what they use klibc for. It may not be for the userland on a fully booted kernel. In any case, Amazon isn't using bleeding edge versions, nor even "fresh" versions.
Last edited by Frogm4n; 10-04-2023 at 03:28 PM.
Frogm4n is offline   Reply With Quote