This bug is awaiting verification that the linux-gke/5.4.0-1061.64 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-gke in Ubuntu. https://bugs.launchpad.net/bugs/1959173 Title: Vulnerability in af_packet handling Status in linux-gke package in Ubuntu: Invalid Status in linux-gke source package in Focal: In Progress Bug description: CVE-2021-22600 A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function packet_set_ring of the file net/packet/af_packet.c. The manipulation with an unknown input leads to a memory corruption vulnerability. This is going to have an impact on confidentiality, integrity, and availability. The weakness was released 01/26/2022. The advisory is shared for download at git.kernel.org. This vulnerability is traded as CVE-2021-22600 since 01/05/2021. The exploitability is told to be easy. It is possible to launch the attack remotely. A authentication is required for exploitation. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 01/26/2022). Applying a patch is able to eliminate this problem. The fix is https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 More information at: https://partnerissuetracker.corp.google.com/issues/215427453 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-gke/+bug/1959173/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
