On Tue, Aug 17, 2021 at 05:02:02PM +0100, Mark Woolfson wrote: > Unfortunately the manufacturer of our application software will only support > it on RHEL/CentOS 7.0. I have asked and that is all they say. This is absurd. The 7.0 kernel has so many vulnerabilities that are well known and well documented, they're forcing you to run a kernel that can be trivially exploited. I would seriously push back with the manufacturer. Does it have a custom kernel module that it requires? Or did they only test it on RHEL or CentOS 7.0 and never updated their documentation? In the past, I've asked vendors that tried this kind of nonsense if they're willing to indemnify their customers for any security issues that arise as a result of using their product. Feel free to list all the CVEs in the current CentOS 7 kernel. I see there are 1,125 CVEs mentioned in the kernel changelog. It won't hold any legal water, most likely, but it might get someone to at least look closer at the issue. -- Jonathan Billings <billings at negate.org>