[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
The Hirsute Hippo has reached End of Life, so this bug will not be fixed for that release. ** Changed in: linux (Ubuntu Hirsute) Status: Fix Committed => Won't Fix -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-oem-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1914668 Title: Exploitable vulnerabilities in AF_VSOCK implementation Status in linux package in Ubuntu: Fix Committed Status in linux-hwe-5.8 package in Ubuntu: Invalid Status in linux-oem-5.6 package in Ubuntu: Fix Released Status in linux-riscv package in Ubuntu: Fix Released Status in linux-hwe-5.8 source package in Focal: Fix Released Status in linux source package in Groovy: Fix Released Status in linux source package in Hirsute: Won't Fix Bug description: https://www.openwall.com/lists/oss-security/2021/02/04/5 The following mainline patch is required for all kernels >= v5.8: {focal hwe-5.8, groovy, hirsute}: [linux] c518adafa39f vsock: fix the race conditions in multi-transport support or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport support [Impact] * Patches an exploitable vulnerability. [Test Case] * See disclosure article. [Regression Potential] * Low: straightforward race condition fix; upstream cherry-pick. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
** Changed in: linux-hwe-5.8 (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-oem-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1914668 Title: Exploitable vulnerabilities in AF_VSOCK implementation Status in linux package in Ubuntu: Fix Committed Status in linux-hwe-5.8 package in Ubuntu: Invalid Status in linux-oem-5.6 package in Ubuntu: Fix Released Status in linux-riscv package in Ubuntu: Fix Released Status in linux-hwe-5.8 source package in Focal: Fix Released Status in linux source package in Groovy: Fix Released Status in linux source package in Hirsute: Fix Committed Bug description: https://www.openwall.com/lists/oss-security/2021/02/04/5 The following mainline patch is required for all kernels >= v5.8: {focal hwe-5.8, groovy, hirsute}: [linux] c518adafa39f vsock: fix the race conditions in multi-transport support or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport support [Impact] * Patches an exploitable vulnerability. [Test Case] * See disclosure article. [Regression Potential] * Low: straightforward race condition fix; upstream cherry-pick. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
** Description changed: https://www.openwall.com/lists/oss-security/2021/02/04/5 The following mainline patch is required for >= groovy: [linux] c518adafa39f vsock: fix the race conditions in multi-transport support [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport support + + + [Impact] + + * Patches an exploitable vulnerability. + + [Test Case] + + * See disclosure article. + + [Regression Potential] + + * Low: straightforward race condition fix; upstream cherry-pick. ** Description changed: https://www.openwall.com/lists/oss-security/2021/02/04/5 The following mainline patch is required for >= groovy: [linux] c518adafa39f vsock: fix the race conditions in multi-transport support [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport support - [Impact] - * Patches an exploitable vulnerability. + * Patches an exploitable vulnerability. [Test Case] - * See disclosure article. + * See disclosure article. [Regression Potential] - * Low: straightforward race condition fix; upstream cherry-pick. + * Low: straightforward race condition fix; upstream cherry-pick. ** Description changed: https://www.openwall.com/lists/oss-security/2021/02/04/5 - The following mainline patch is required for >= groovy: + The following mainline patch is required for all kernels >= v5.8: {focal + hwe-5.8, groovy, hirsute}: - [linux] c518adafa39f vsock: fix the race conditions in multi-transport support - [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport support + [linux] c518adafa39f vsock: fix the race conditions in multi-transport + support + + or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi- + transport support + [Impact] * Patches an exploitable vulnerability. [Test Case] * See disclosure article. [Regression Potential] * Low: straightforward race condition fix; upstream cherry-pick. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1914668 Title: Exploitable vulnerabilities in AF_VSOCK implementation Status in linux package in Ubuntu: Incomplete Status in linux source package in Groovy: Incomplete Status in linux source package in Hirsute: Incomplete Bug description: https://www.openwall.com/lists/oss-security/2021/02/04/5 The following mainline patch is required for all kernels >= v5.8: {focal hwe-5.8, groovy, hirsute}: [linux] c518adafa39f vsock: fix the race conditions in multi-transport support or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport support [Impact] * Patches an exploitable vulnerability. [Test Case] * See disclosure article. [Regression Potential] * Low: straightforward race condition fix; upstream cherry-pick. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
https://lists.ubuntu.com/archives/kernel-team/2021-February/117143.html ** Changed in: linux (Ubuntu Groovy) Status: Incomplete => In Progress ** Changed in: linux (Ubuntu Hirsute) Status: Incomplete => In Progress ** Changed in: linux (Ubuntu Groovy) Importance: Undecided => High ** Changed in: linux (Ubuntu Hirsute) Importance: Undecided => High ** Also affects: linux-hwe-5.8 (Ubuntu) Importance: Undecided Status: New ** No longer affects: linux-hwe-5.8 (Ubuntu Groovy) ** No longer affects: linux-hwe-5.8 (Ubuntu Hirsute) ** Also affects: linux (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: linux-hwe-5.8 (Ubuntu Focal) Importance: Undecided Status: New ** No longer affects: linux (Ubuntu Focal) ** Changed in: linux-hwe-5.8 (Ubuntu Focal) Status: New => In Progress ** Changed in: linux-hwe-5.8 (Ubuntu Focal) Importance: Undecided => High ** Changed in: linux (Ubuntu Groovy) Assignee: (unassigned) => Kamal Mostafa (kamalmostafa) ** Changed in: linux (Ubuntu Hirsute) Assignee: (unassigned) => Kamal Mostafa (kamalmostafa) ** Changed in: linux-hwe-5.8 (Ubuntu Focal) Assignee: (unassigned) => Kamal Mostafa (kamalmostafa) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1914668 Title: Exploitable vulnerabilities in AF_VSOCK implementation Status in linux package in Ubuntu: In Progress Status in linux-hwe-5.8 package in Ubuntu: New Status in linux-hwe-5.8 source package in Focal: In Progress Status in linux source package in Groovy: In Progress Status in linux source package in Hirsute: In Progress Bug description: https://www.openwall.com/lists/oss-security/2021/02/04/5 The following mainline patch is required for all kernels >= v5.8: {focal hwe-5.8, groovy, hirsute}: [linux] c518adafa39f vsock: fix the race conditions in multi-transport support or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport support [Impact] * Patches an exploitable vulnerability. [Test Case] * See disclosure article. [Regression Potential] * Low: straightforward race condition fix; upstream cherry-pick. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
** Changed in: linux (Ubuntu Groovy) Status: In Progress => Fix Committed ** Changed in: linux (Ubuntu Hirsute) Status: In Progress => Fix Committed ** Also affects: linux-riscv (Ubuntu) Importance: Undecided Status: New ** Changed in: linux-riscv (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1914668 Title: Exploitable vulnerabilities in AF_VSOCK implementation Status in linux package in Ubuntu: Fix Committed Status in linux-hwe-5.8 package in Ubuntu: New Status in linux-riscv package in Ubuntu: Fix Committed Status in linux-hwe-5.8 source package in Focal: In Progress Status in linux source package in Groovy: Fix Committed Status in linux source package in Hirsute: Fix Committed Bug description: https://www.openwall.com/lists/oss-security/2021/02/04/5 The following mainline patch is required for all kernels >= v5.8: {focal hwe-5.8, groovy, hirsute}: [linux] c518adafa39f vsock: fix the race conditions in multi-transport support or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport support [Impact] * Patches an exploitable vulnerability. [Test Case] * See disclosure article. [Regression Potential] * Low: straightforward race condition fix; upstream cherry-pick. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
** Also affects: linux-oem-5.6 (Ubuntu) Importance: Undecided Status: New ** Changed in: linux-oem-5.6 (Ubuntu) Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo) ** Changed in: linux-oem-5.6 (Ubuntu) Importance: Undecided => Critical ** Changed in: linux-oem-5.6 (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1914668 Title: Exploitable vulnerabilities in AF_VSOCK implementation Status in linux package in Ubuntu: Fix Committed Status in linux-hwe-5.8 package in Ubuntu: New Status in linux-oem-5.6 package in Ubuntu: Fix Committed Status in linux-riscv package in Ubuntu: Fix Committed Status in linux-hwe-5.8 source package in Focal: In Progress Status in linux source package in Groovy: Fix Committed Status in linux source package in Hirsute: Fix Committed Bug description: https://www.openwall.com/lists/oss-security/2021/02/04/5 The following mainline patch is required for all kernels >= v5.8: {focal hwe-5.8, groovy, hirsute}: [linux] c518adafa39f vsock: fix the race conditions in multi-transport support or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport support [Impact] * Patches an exploitable vulnerability. [Test Case] * See disclosure article. [Regression Potential] * Low: straightforward race condition fix; upstream cherry-pick. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- groovy' to 'verification-done-groovy'. If the problem still exists, change the tag 'verification-needed-groovy' to 'verification-failed- groovy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-groovy -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-oem-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1914668 Title: Exploitable vulnerabilities in AF_VSOCK implementation Status in linux package in Ubuntu: Fix Committed Status in linux-hwe-5.8 package in Ubuntu: New Status in linux-oem-5.6 package in Ubuntu: Fix Committed Status in linux-riscv package in Ubuntu: Fix Committed Status in linux-hwe-5.8 source package in Focal: In Progress Status in linux source package in Groovy: Fix Committed Status in linux source package in Hirsute: Fix Committed Bug description: https://www.openwall.com/lists/oss-security/2021/02/04/5 The following mainline patch is required for all kernels >= v5.8: {focal hwe-5.8, groovy, hirsute}: [linux] c518adafa39f vsock: fix the race conditions in multi-transport support or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport support [Impact] * Patches an exploitable vulnerability. [Test Case] * See disclosure article. [Regression Potential] * Low: straightforward race condition fix; upstream cherry-pick. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-oem-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1914668 Title: Exploitable vulnerabilities in AF_VSOCK implementation Status in linux package in Ubuntu: Fix Committed Status in linux-hwe-5.8 package in Ubuntu: New Status in linux-oem-5.6 package in Ubuntu: Fix Committed Status in linux-riscv package in Ubuntu: Fix Committed Status in linux-hwe-5.8 source package in Focal: In Progress Status in linux source package in Groovy: Fix Committed Status in linux source package in Hirsute: Fix Committed Bug description: https://www.openwall.com/lists/oss-security/2021/02/04/5 The following mainline patch is required for all kernels >= v5.8: {focal hwe-5.8, groovy, hirsute}: [linux] c518adafa39f vsock: fix the race conditions in multi-transport support or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport support [Impact] * Patches an exploitable vulnerability. [Test Case] * See disclosure article. [Regression Potential] * Low: straightforward race condition fix; upstream cherry-pick. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
This bug was fixed in the package linux-hwe-5.8 - 5.8.0-43.49~20.04.1 --- linux-hwe-5.8 (5.8.0-43.49~20.04.1) focal; urgency=medium * focal/linux-hwe-5.8: 5.8.0-43.49~20.04.1 -proposed tracker (LP: #1914688) [ Ubuntu: 5.8.0-43.49 ] * groovy/linux: 5.8.0-43.49 -proposed tracker (LP: #1914689) * Packaging resync (LP: #1786013) - update dkms package versions * Exploitable vulnerabilities in AF_VSOCK implementation (LP: #1914668) - vsock: fix the race conditions in multi-transport support -- Kleber Sacilotto de Souza Fri, 05 Feb 2021 10:18:10 +0100 ** Changed in: linux-hwe-5.8 (Ubuntu Focal) Status: In Progress => Fix Released ** Changed in: linux (Ubuntu Groovy) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-oem-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1914668 Title: Exploitable vulnerabilities in AF_VSOCK implementation Status in linux package in Ubuntu: Fix Committed Status in linux-hwe-5.8 package in Ubuntu: New Status in linux-oem-5.6 package in Ubuntu: Fix Committed Status in linux-riscv package in Ubuntu: Fix Released Status in linux-hwe-5.8 source package in Focal: Fix Released Status in linux source package in Groovy: Fix Released Status in linux source package in Hirsute: Fix Committed Bug description: https://www.openwall.com/lists/oss-security/2021/02/04/5 The following mainline patch is required for all kernels >= v5.8: {focal hwe-5.8, groovy, hirsute}: [linux] c518adafa39f vsock: fix the race conditions in multi-transport support or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport support [Impact] * Patches an exploitable vulnerability. [Test Case] * See disclosure article. [Regression Potential] * Low: straightforward race condition fix; upstream cherry-pick. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
This bug was fixed in the package linux - 5.8.0-43.49 --- linux (5.8.0-43.49) groovy; urgency=medium * groovy/linux: 5.8.0-43.49 -proposed tracker (LP: #1914689) * Packaging resync (LP: #1786013) - update dkms package versions * Exploitable vulnerabilities in AF_VSOCK implementation (LP: #1914668) - vsock: fix the race conditions in multi-transport support -- Khalid Elmously Thu, 04 Feb 2021 21:41:23 -0500 ** Changed in: linux-riscv (Ubuntu) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-16120 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-oem-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1914668 Title: Exploitable vulnerabilities in AF_VSOCK implementation Status in linux package in Ubuntu: Fix Committed Status in linux-hwe-5.8 package in Ubuntu: New Status in linux-oem-5.6 package in Ubuntu: Fix Committed Status in linux-riscv package in Ubuntu: Fix Released Status in linux-hwe-5.8 source package in Focal: Fix Released Status in linux source package in Groovy: Fix Released Status in linux source package in Hirsute: Fix Committed Bug description: https://www.openwall.com/lists/oss-security/2021/02/04/5 The following mainline patch is required for all kernels >= v5.8: {focal hwe-5.8, groovy, hirsute}: [linux] c518adafa39f vsock: fix the race conditions in multi-transport support or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport support [Impact] * Patches an exploitable vulnerability. [Test Case] * See disclosure article. [Regression Potential] * Low: straightforward race condition fix; upstream cherry-pick. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
This bug was fixed in the package linux-riscv - 5.8.0-16.18 --- linux-riscv (5.8.0-16.18) groovy; urgency=medium * groovy/linux-riscv: 5.8.0-16.18 -proposed tracker (LP: #1914687) [ Ubuntu: 5.8.0-43.49 ] * groovy/linux: 5.8.0-43.49 -proposed tracker (LP: #1914689) * Packaging resync (LP: #1786013) - update dkms package versions * Exploitable vulnerabilities in AF_VSOCK implementation (LP: #1914668) - vsock: fix the race conditions in multi-transport support [ Ubuntu: 5.8.0-41.46 ] * groovy/linux: 5.8.0-41.46 -proposed tracker (LP: #1912219) * Groovy update: upstream stable patchset 2020-12-17 (LP: #1908555) // nvme drive fails after some time (LP: #1910866) - Revert "nvme-pci: remove last_sq_tail" * initramfs unpacking failed (LP: #1835660) - SAUCE: lib/decompress_unlz4.c: correctly handle zero-padding around initrds. * overlay: permission regression in 5.4.0-51.56 due to patches related to CVE-2020-16120 (LP: #1900141) - ovl: do not fail because of O_NOATIME [ Ubuntu: 5.8.0-40.45 ] * Packaging resync (LP: #1786013) - update dkms package versions -- Stefan Bader Fri, 05 Feb 2021 09:13:11 +0100 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-oem-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1914668 Title: Exploitable vulnerabilities in AF_VSOCK implementation Status in linux package in Ubuntu: Fix Committed Status in linux-hwe-5.8 package in Ubuntu: New Status in linux-oem-5.6 package in Ubuntu: Fix Committed Status in linux-riscv package in Ubuntu: Fix Released Status in linux-hwe-5.8 source package in Focal: Fix Released Status in linux source package in Groovy: Fix Released Status in linux source package in Hirsute: Fix Committed Bug description: https://www.openwall.com/lists/oss-security/2021/02/04/5 The following mainline patch is required for all kernels >= v5.8: {focal hwe-5.8, groovy, hirsute}: [linux] c518adafa39f vsock: fix the race conditions in multi-transport support or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport support [Impact] * Patches an exploitable vulnerability. [Test Case] * See disclosure article. [Regression Potential] * Low: straightforward race condition fix; upstream cherry-pick. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
This bug was fixed in the package linux-oem-5.6 - 5.6.0-1047.51 --- linux-oem-5.6 (5.6.0-1047.51) focal; urgency=medium * focal/linux-oem-5.6: 5.6.0-1047.51 -proposed tracker (LP: #1914751) * Exploitable vulnerabilities in AF_VSOCK implementation (LP: #1914668) - vsock: fix the race conditions in multi-transport support -- Thadeu Lima de Souza Cascardo Fri, 05 Feb 2021 08:01:29 -0300 ** Changed in: linux-oem-5.6 (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-oem-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1914668 Title: Exploitable vulnerabilities in AF_VSOCK implementation Status in linux package in Ubuntu: Fix Committed Status in linux-hwe-5.8 package in Ubuntu: New Status in linux-oem-5.6 package in Ubuntu: Fix Released Status in linux-riscv package in Ubuntu: Fix Released Status in linux-hwe-5.8 source package in Focal: Fix Released Status in linux source package in Groovy: Fix Released Status in linux source package in Hirsute: Fix Committed Bug description: https://www.openwall.com/lists/oss-security/2021/02/04/5 The following mainline patch is required for all kernels >= v5.8: {focal hwe-5.8, groovy, hirsute}: [linux] c518adafa39f vsock: fix the race conditions in multi-transport support or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport support [Impact] * Patches an exploitable vulnerability. [Test Case] * See disclosure article. [Regression Potential] * Low: straightforward race condition fix; upstream cherry-pick. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp