[Kernel-packages] [Bug 1976184] Re: Linux PV device frontends vulnerable to attacks by backends
All of these CVEs related to https://xenbits.xen.org/xsa/advisory-396.html have been addressed in every kernel except for - Ubuntu 20.04's linux-oem-5.14 - CVE-2022-23041 has not been addressed in the 4.15 based kernels. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1976184 Title: Linux PV device frontends vulnerable to attacks by backends Status in linux package in Ubuntu: Confirmed Status in linux-aws package in Ubuntu: New Status in linux-aws-5.15 package in Ubuntu: Fix Released Status in linux-aws-5.4 package in Ubuntu: Fix Released Status in linux-azure package in Ubuntu: Fix Released Status in linux-azure-4.15 package in Ubuntu: New Status in linux-azure-5.4 package in Ubuntu: Fix Released Status in linux-bluefield package in Ubuntu: Fix Released Status in linux-dell300x package in Ubuntu: New Status in linux-gcp package in Ubuntu: Fix Released Status in linux-gcp-4.15 package in Ubuntu: New Status in linux-gcp-5.4 package in Ubuntu: Fix Released Status in linux-gke package in Ubuntu: Fix Released Status in linux-gke-5.4 package in Ubuntu: Fix Released Status in linux-gkeop package in Ubuntu: Fix Released Status in linux-gkeop-5.4 package in Ubuntu: Fix Released Status in linux-hwe-5.4 package in Ubuntu: Fix Released Status in linux-ibm package in Ubuntu: Fix Released Status in linux-ibm-5.4 package in Ubuntu: Fix Released Status in linux-intel-iotg-5.15 package in Ubuntu: Fix Released Status in linux-kvm package in Ubuntu: New Status in linux-oem-5.14 package in Ubuntu: Won't Fix Status in linux-oracle package in Ubuntu: New Status in linux-oracle-5.4 package in Ubuntu: Fix Released Status in linux-raspi package in Ubuntu: Fix Released Status in linux-raspi-5.4 package in Ubuntu: Fix Released Status in linux-snapdragon package in Ubuntu: New Bug description: The packages listed above are vulnerable to the CVEs below in at least one Ubuntu release, as stated in the Ubuntu CVE Tracker, except for linux-azure-4.15, linux-dell300x, linux-gcp-4.15 and linux-snapdragon, that are only vulnerable to CVE-2022-23041. Please release fixed packages. Xen released a security advisory on March 10. (I was informed by the security team that it does not track security issues via Launchpad bugs, but in the Ubuntu CVE Tracker. However, the issue is unpatched for over 2.5 months and marked as needed for these combinations of source package and Ubuntu version in the Tracker, and therefore I am filing this bug.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1976184/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1976184] Re: Linux PV device frontends vulnerable to attacks by backends
I am using this bug to track 7 security vulnerabilities in Ubuntu kernels. ** Changed in: linux-aws-5.15 (Ubuntu) Status: New => Fix Released ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed ** Changed in: linux-azure (Ubuntu) Status: New => Fix Released ** Changed in: linux-gcp (Ubuntu) Status: New => Fix Released ** Changed in: linux-gcp-5.4 (Ubuntu) Status: New => Fix Released ** Changed in: linux-gke (Ubuntu) Status: New => Fix Released ** Changed in: linux-gkeop-5.4 (Ubuntu) Status: New => Fix Released ** No longer affects: linux-hwe-5.13 (Ubuntu) ** Changed in: linux-intel-iotg-5.15 (Ubuntu) Status: New => Fix Released ** Changed in: linux-raspi (Ubuntu) Status: New => Fix Released ** No longer affects: linux-riscv (Ubuntu) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1976184 Title: Linux PV device frontends vulnerable to attacks by backends Status in linux package in Ubuntu: Confirmed Status in linux-aws package in Ubuntu: New Status in linux-aws-5.15 package in Ubuntu: Fix Released Status in linux-aws-5.4 package in Ubuntu: Fix Released Status in linux-azure package in Ubuntu: Fix Released Status in linux-azure-4.15 package in Ubuntu: New Status in linux-azure-5.4 package in Ubuntu: Fix Released Status in linux-bluefield package in Ubuntu: Fix Released Status in linux-dell300x package in Ubuntu: New Status in linux-gcp package in Ubuntu: Fix Released Status in linux-gcp-4.15 package in Ubuntu: New Status in linux-gcp-5.4 package in Ubuntu: Fix Released Status in linux-gke package in Ubuntu: Fix Released Status in linux-gke-5.4 package in Ubuntu: Fix Released Status in linux-gkeop package in Ubuntu: Fix Released Status in linux-gkeop-5.4 package in Ubuntu: Fix Released Status in linux-hwe-5.4 package in Ubuntu: Fix Released Status in linux-ibm package in Ubuntu: Fix Released Status in linux-ibm-5.4 package in Ubuntu: Fix Released Status in linux-intel-iotg-5.15 package in Ubuntu: Fix Released Status in linux-kvm package in Ubuntu: New Status in linux-oem-5.14 package in Ubuntu: Won't Fix Status in linux-oracle package in Ubuntu: New Status in linux-oracle-5.4 package in Ubuntu: Fix Released Status in linux-raspi package in Ubuntu: Fix Released Status in linux-raspi-5.4 package in Ubuntu: Fix Released Status in linux-snapdragon package in Ubuntu: New Bug description: The packages listed above are vulnerable to the CVEs below in at least one Ubuntu release, as stated in the Ubuntu CVE Tracker, except for linux-azure-4.15, linux-dell300x, linux-gcp-4.15 and linux-snapdragon, that are only vulnerable to CVE-2022-23041. Please release fixed packages. Xen released a security advisory on March 10. (I was informed by the security team that it does not track security issues via Launchpad bugs, but in the Ubuntu CVE Tracker. However, the issue is unpatched for over 2.5 months and marked as needed for these combinations of source package and Ubuntu version in the Tracker, and therefore I am filing this bug.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1976184/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1976184] Re: Linux PV device frontends vulnerable to attacks by backends
** Changed in: linux-aws-5.4 (Ubuntu) Status: New => Fix Released ** Changed in: linux-ibm-5.4 (Ubuntu) Status: New => Fix Released ** Changed in: linux-ibm (Ubuntu) Status: New => Fix Released ** Changed in: linux-hwe-5.4 (Ubuntu) Status: New => Fix Released ** Changed in: linux-gke-5.4 (Ubuntu) Status: New => Fix Released ** Changed in: linux-gkeop (Ubuntu) Status: New => Fix Released ** Changed in: linux-azure-5.4 (Ubuntu) Status: New => Fix Released ** Changed in: linux-bluefield (Ubuntu) Status: New => Fix Released ** Changed in: linux-raspi-5.4 (Ubuntu) Status: New => Fix Released ** Changed in: linux-oracle-5.4 (Ubuntu) Status: New => Fix Released ** No longer affects: linux-aws-5.13 (Ubuntu) ** No longer affects: linux-oracle-5.13 (Ubuntu) ** No longer affects: linux-gcp-5.13 (Ubuntu) ** No longer affects: linux-azure-5.13 (Ubuntu) ** Also affects: linux-intel-iotg-5.15 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1976184 Title: Linux PV device frontends vulnerable to attacks by backends Status in linux package in Ubuntu: Confirmed Status in linux-aws package in Ubuntu: New Status in linux-aws-5.15 package in Ubuntu: Fix Released Status in linux-aws-5.4 package in Ubuntu: Fix Released Status in linux-azure package in Ubuntu: Fix Released Status in linux-azure-4.15 package in Ubuntu: New Status in linux-azure-5.4 package in Ubuntu: Fix Released Status in linux-bluefield package in Ubuntu: Fix Released Status in linux-dell300x package in Ubuntu: New Status in linux-gcp package in Ubuntu: Fix Released Status in linux-gcp-4.15 package in Ubuntu: New Status in linux-gcp-5.4 package in Ubuntu: Fix Released Status in linux-gke package in Ubuntu: Fix Released Status in linux-gke-5.4 package in Ubuntu: Fix Released Status in linux-gkeop package in Ubuntu: Fix Released Status in linux-gkeop-5.4 package in Ubuntu: Fix Released Status in linux-hwe-5.4 package in Ubuntu: Fix Released Status in linux-ibm package in Ubuntu: Fix Released Status in linux-ibm-5.4 package in Ubuntu: Fix Released Status in linux-intel-iotg-5.15 package in Ubuntu: New Status in linux-kvm package in Ubuntu: New Status in linux-oem-5.14 package in Ubuntu: Won't Fix Status in linux-oracle package in Ubuntu: New Status in linux-oracle-5.4 package in Ubuntu: Fix Released Status in linux-raspi package in Ubuntu: New Status in linux-raspi-5.4 package in Ubuntu: Fix Released Status in linux-riscv package in Ubuntu: New Status in linux-snapdragon package in Ubuntu: New Bug description: The packages listed above are vulnerable to the CVEs below in at least one Ubuntu release, as stated in the Ubuntu CVE Tracker, except for linux-azure-4.15, linux-dell300x, linux-gcp-4.15 and linux-snapdragon, that are only vulnerable to CVE-2022-23041. Please release fixed packages. Xen released a security advisory on March 10. (I was informed by the security team that it does not track security issues via Launchpad bugs, but in the Ubuntu CVE Tracker. However, the issue is unpatched for over 2.5 months and marked as needed for these combinations of source package and Ubuntu version in the Tracker, and therefore I am filing this bug.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1976184/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1976184] Re: Linux PV device frontends vulnerable to attacks by backends
** Also affects: linux-aws-5.15 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-aws in Ubuntu. https://bugs.launchpad.net/bugs/1976184 Title: Linux PV device frontends vulnerable to attacks by backends Status in linux package in Ubuntu: New Status in linux-aws package in Ubuntu: New Status in linux-aws-5.13 package in Ubuntu: New Status in linux-aws-5.15 package in Ubuntu: New Status in linux-aws-5.4 package in Ubuntu: Fix Released Status in linux-azure package in Ubuntu: New Status in linux-azure-4.15 package in Ubuntu: New Status in linux-azure-5.13 package in Ubuntu: New Status in linux-azure-5.4 package in Ubuntu: New Status in linux-bluefield package in Ubuntu: New Status in linux-dell300x package in Ubuntu: New Status in linux-gcp package in Ubuntu: New Status in linux-gcp-4.15 package in Ubuntu: New Status in linux-gcp-5.13 package in Ubuntu: New Status in linux-gcp-5.4 package in Ubuntu: New Status in linux-gke package in Ubuntu: New Status in linux-gke-5.4 package in Ubuntu: New Status in linux-gkeop package in Ubuntu: New Status in linux-gkeop-5.4 package in Ubuntu: New Status in linux-hwe-5.13 package in Ubuntu: New Status in linux-hwe-5.4 package in Ubuntu: New Status in linux-ibm package in Ubuntu: New Status in linux-ibm-5.4 package in Ubuntu: New Status in linux-kvm package in Ubuntu: New Status in linux-oem-5.14 package in Ubuntu: Won't Fix Status in linux-oracle package in Ubuntu: New Status in linux-oracle-5.13 package in Ubuntu: New Status in linux-oracle-5.4 package in Ubuntu: New Status in linux-raspi package in Ubuntu: New Status in linux-raspi-5.4 package in Ubuntu: New Status in linux-riscv package in Ubuntu: New Status in linux-snapdragon package in Ubuntu: New Bug description: The packages listed above are vulnerable to the CVEs below in at least one Ubuntu release, as stated in the Ubuntu CVE Tracker, except for linux-azure-4.15, linux-dell300x, linux-gcp-4.15 and linux-snapdragon, that are only vulnerable to CVE-2022-23041. Please release fixed packages. Xen released a security advisory on March 10. (I was informed by the security team that it does not track security issues via Launchpad bugs, but in the Ubuntu CVE Tracker. However, the issue is unpatched for over 2.5 months and marked as needed for these combinations of source package and Ubuntu version in the Tracker, and therefore I am filing this bug.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1976184/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1976184] Re: Linux PV device frontends vulnerable to attacks by backends
oem-5.14 will be eol soon ** Changed in: linux-oem-5.14 (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-aws in Ubuntu. https://bugs.launchpad.net/bugs/1976184 Title: Linux PV device frontends vulnerable to attacks by backends Status in linux-aws package in Ubuntu: New Status in linux-aws-5.13 package in Ubuntu: New Status in linux-aws-5.4 package in Ubuntu: New Status in linux-azure package in Ubuntu: New Status in linux-azure-4.15 package in Ubuntu: New Status in linux-azure-5.13 package in Ubuntu: New Status in linux-azure-5.4 package in Ubuntu: New Status in linux-bluefield package in Ubuntu: New Status in linux-dell300x package in Ubuntu: New Status in linux-gcp package in Ubuntu: New Status in linux-gcp-4.15 package in Ubuntu: New Status in linux-gcp-5.13 package in Ubuntu: New Status in linux-gcp-5.4 package in Ubuntu: New Status in linux-gke package in Ubuntu: New Status in linux-gke-5.4 package in Ubuntu: New Status in linux-gkeop package in Ubuntu: New Status in linux-gkeop-5.4 package in Ubuntu: New Status in linux-hwe-5.13 package in Ubuntu: New Status in linux-hwe-5.4 package in Ubuntu: New Status in linux-ibm package in Ubuntu: New Status in linux-ibm-5.4 package in Ubuntu: New Status in linux-kvm package in Ubuntu: New Status in linux-oem-5.14 package in Ubuntu: Won't Fix Status in linux-oracle package in Ubuntu: New Status in linux-oracle-5.13 package in Ubuntu: New Status in linux-oracle-5.4 package in Ubuntu: New Status in linux-raspi package in Ubuntu: New Status in linux-raspi-5.4 package in Ubuntu: New Status in linux-riscv package in Ubuntu: New Status in linux-snapdragon package in Ubuntu: New Bug description: The packages listed above are vulnerable to the CVEs below in at least one Ubuntu release, as stated in the Ubuntu CVE Tracker, except for linux-azure-4.15, linux-dell300x, linux-gcp-4.15 and linux-snapdragon, that are only vulnerable to CVE-2022-23041. Please release fixed packages. Xen released a security advisory on March 10. (I was informed by the security team that it does not track security issues via Launchpad bugs, but in the Ubuntu CVE Tracker. However, the issue is unpatched for over 2.5 months and marked as needed for these combinations of source package and Ubuntu version in the Tracker, and therefore I am filing this bug.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1976184/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1976184] Re: Linux PV device frontends vulnerable to attacks by backends
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23042 ** Description changed: The packages listed above are vulnerable to the CVEs below in at least - one Ubuntu release, as stated in the Ubuntu CVE Tracker. + one Ubuntu release, as stated in the Ubuntu CVE Tracker, except for + linux-azure-4.15, linux-dell300x, linux-gcp-4.15 and linux-snapdragon, + that are only vulnerable to CVE-2022-23041. Please release fixed packages. Xen released a security advisory on March 10. (I was informed by the security team that it does not track security issues via Launchpad bugs, but in the Ubuntu CVE Tracker. However, the issue is unpatched for over 2.5 months and marked as needed for these combinations of source package and Ubuntu version in the Tracker, and therefore I am filing this bug.) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-aws in Ubuntu. https://bugs.launchpad.net/bugs/1976184 Title: Linux PV device frontends vulnerable to attacks by backends Status in linux-aws package in Ubuntu: New Status in linux-aws-5.13 package in Ubuntu: New Status in linux-aws-5.4 package in Ubuntu: New Status in linux-azure package in Ubuntu: New Status in linux-azure-4.15 package in Ubuntu: New Status in linux-azure-5.13 package in Ubuntu: New Status in linux-azure-5.4 package in Ubuntu: New Status in linux-bluefield package in Ubuntu: New Status in linux-dell300x package in Ubuntu: New Status in linux-gcp package in Ubuntu: New Status in linux-gcp-4.15 package in Ubuntu: New Status in linux-gcp-5.13 package in Ubuntu: New Status in linux-gcp-5.4 package in Ubuntu: New Status in linux-gke package in Ubuntu: New Status in linux-gke-5.4 package in Ubuntu: New Status in linux-gkeop package in Ubuntu: New Status in linux-gkeop-5.4 package in Ubuntu: New Status in linux-hwe-5.13 package in Ubuntu: New Status in linux-hwe-5.4 package in Ubuntu: New Status in linux-ibm package in Ubuntu: New Status in linux-ibm-5.4 package in Ubuntu: New Status in linux-kvm package in Ubuntu: New Status in linux-oem-5.14 package in Ubuntu: New Status in linux-oracle package in Ubuntu: New Status in linux-oracle-5.13 package in Ubuntu: New Status in linux-oracle-5.4 package in Ubuntu: New Status in linux-raspi package in Ubuntu: New Status in linux-raspi-5.4 package in Ubuntu: New Status in linux-riscv package in Ubuntu: New Status in linux-snapdragon package in Ubuntu: New Bug description: The packages listed above are vulnerable to the CVEs below in at least one Ubuntu release, as stated in the Ubuntu CVE Tracker, except for linux-azure-4.15, linux-dell300x, linux-gcp-4.15 and linux-snapdragon, that are only vulnerable to CVE-2022-23041. Please release fixed packages. Xen released a security advisory on March 10. (I was informed by the security team that it does not track security issues via Launchpad bugs, but in the Ubuntu CVE Tracker. However, the issue is unpatched for over 2.5 months and marked as needed for these combinations of source package and Ubuntu version in the Tracker, and therefore I am filing this bug.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1976184/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1976184] Re: Linux PV device frontends vulnerable to attacks by backends
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23041 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-aws in Ubuntu. https://bugs.launchpad.net/bugs/1976184 Title: Linux PV device frontends vulnerable to attacks by backends Status in linux-aws package in Ubuntu: New Status in linux-aws-5.13 package in Ubuntu: New Status in linux-aws-5.4 package in Ubuntu: New Status in linux-azure package in Ubuntu: New Status in linux-azure-4.15 package in Ubuntu: New Status in linux-azure-5.13 package in Ubuntu: New Status in linux-azure-5.4 package in Ubuntu: New Status in linux-bluefield package in Ubuntu: New Status in linux-dell300x package in Ubuntu: New Status in linux-gcp package in Ubuntu: New Status in linux-gcp-4.15 package in Ubuntu: New Status in linux-gcp-5.13 package in Ubuntu: New Status in linux-gcp-5.4 package in Ubuntu: New Status in linux-gke package in Ubuntu: New Status in linux-gke-5.4 package in Ubuntu: New Status in linux-gkeop package in Ubuntu: New Status in linux-gkeop-5.4 package in Ubuntu: New Status in linux-hwe-5.13 package in Ubuntu: New Status in linux-hwe-5.4 package in Ubuntu: New Status in linux-ibm package in Ubuntu: New Status in linux-ibm-5.4 package in Ubuntu: New Status in linux-kvm package in Ubuntu: New Status in linux-oem-5.14 package in Ubuntu: New Status in linux-oracle package in Ubuntu: New Status in linux-oracle-5.13 package in Ubuntu: New Status in linux-oracle-5.4 package in Ubuntu: New Status in linux-raspi package in Ubuntu: New Status in linux-raspi-5.4 package in Ubuntu: New Status in linux-riscv package in Ubuntu: New Status in linux-snapdragon package in Ubuntu: New Bug description: The packages listed above are vulnerable to the CVEs below in at least one Ubuntu release, as stated in the Ubuntu CVE Tracker. Please release fixed packages. Xen released a security advisory on March 10. (I was informed by the security team that it does not track security issues via Launchpad bugs, but in the Ubuntu CVE Tracker. However, the issue is unpatched for over 2.5 months and marked as needed for these combinations of source package and Ubuntu version in the Tracker, and therefore I am filing this bug.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1976184/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1976184] Re: Linux PV device frontends vulnerable to attacks by backends
** Also affects: linux-azure-4.15 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-dell300x (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gcp-4.15 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-snapdragon (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-aws in Ubuntu. https://bugs.launchpad.net/bugs/1976184 Title: Linux PV device frontends vulnerable to attacks by backends Status in linux-aws package in Ubuntu: New Status in linux-aws-5.13 package in Ubuntu: New Status in linux-aws-5.4 package in Ubuntu: New Status in linux-azure package in Ubuntu: New Status in linux-azure-4.15 package in Ubuntu: New Status in linux-azure-5.13 package in Ubuntu: New Status in linux-azure-5.4 package in Ubuntu: New Status in linux-bluefield package in Ubuntu: New Status in linux-dell300x package in Ubuntu: New Status in linux-gcp package in Ubuntu: New Status in linux-gcp-4.15 package in Ubuntu: New Status in linux-gcp-5.13 package in Ubuntu: New Status in linux-gcp-5.4 package in Ubuntu: New Status in linux-gke package in Ubuntu: New Status in linux-gke-5.4 package in Ubuntu: New Status in linux-gkeop package in Ubuntu: New Status in linux-gkeop-5.4 package in Ubuntu: New Status in linux-hwe-5.13 package in Ubuntu: New Status in linux-hwe-5.4 package in Ubuntu: New Status in linux-ibm package in Ubuntu: New Status in linux-ibm-5.4 package in Ubuntu: New Status in linux-kvm package in Ubuntu: New Status in linux-oem-5.14 package in Ubuntu: New Status in linux-oracle package in Ubuntu: New Status in linux-oracle-5.13 package in Ubuntu: New Status in linux-oracle-5.4 package in Ubuntu: New Status in linux-raspi package in Ubuntu: New Status in linux-raspi-5.4 package in Ubuntu: New Status in linux-riscv package in Ubuntu: New Status in linux-snapdragon package in Ubuntu: New Bug description: The packages listed above are vulnerable to the CVEs below in at least one Ubuntu release, as stated in the Ubuntu CVE Tracker. Please release fixed packages. Xen released a security advisory on March 10. (I was informed by the security team that it does not track security issues via Launchpad bugs, but in the Ubuntu CVE Tracker. However, the issue is unpatched for over 2.5 months and marked as needed for these combinations of source package and Ubuntu version in the Tracker, and therefore I am filing this bug.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1976184/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1976184] Re: Linux PV device frontends vulnerable to attacks by backends
** Summary changed: - CVE-2022-23036, CVE-2022-23037 and CVE-2022-23038 + Linux PV device frontends vulnerable to attacks by backends ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23039 ** Description changed: - The following packages are vulnerable to CVE-2022-23036, CVE-2022-23037 - and CVE-2022-23038 in at least one Ubuntu release, as stated in the - Ubuntu CVE Tracker. + The packages listed above are vulnerable to the CVEs below in at least + one Ubuntu release, as stated in the Ubuntu CVE Tracker. Please release fixed packages. Xen released a security advisory on March 10. (I was informed by the security team that it does not track security issues via Launchpad bugs, but in the Ubuntu CVE Tracker. However, the issue is unpatched for over 2.5 months and marked as needed for these combinations of source package and Ubuntu version in the Tracker, and therefore I am filing this bug.) ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23040 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-aws in Ubuntu. https://bugs.launchpad.net/bugs/1976184 Title: Linux PV device frontends vulnerable to attacks by backends Status in linux-aws package in Ubuntu: New Status in linux-aws-5.13 package in Ubuntu: New Status in linux-aws-5.4 package in Ubuntu: New Status in linux-azure package in Ubuntu: New Status in linux-azure-5.13 package in Ubuntu: New Status in linux-azure-5.4 package in Ubuntu: New Status in linux-bluefield package in Ubuntu: New Status in linux-gcp package in Ubuntu: New Status in linux-gcp-5.13 package in Ubuntu: New Status in linux-gcp-5.4 package in Ubuntu: New Status in linux-gke package in Ubuntu: New Status in linux-gke-5.4 package in Ubuntu: New Status in linux-gkeop package in Ubuntu: New Status in linux-gkeop-5.4 package in Ubuntu: New Status in linux-hwe-5.13 package in Ubuntu: New Status in linux-hwe-5.4 package in Ubuntu: New Status in linux-ibm package in Ubuntu: New Status in linux-ibm-5.4 package in Ubuntu: New Status in linux-kvm package in Ubuntu: New Status in linux-oem-5.14 package in Ubuntu: New Status in linux-oracle package in Ubuntu: New Status in linux-oracle-5.13 package in Ubuntu: New Status in linux-oracle-5.4 package in Ubuntu: New Status in linux-raspi package in Ubuntu: New Status in linux-raspi-5.4 package in Ubuntu: New Status in linux-riscv package in Ubuntu: New Bug description: The packages listed above are vulnerable to the CVEs below in at least one Ubuntu release, as stated in the Ubuntu CVE Tracker. Please release fixed packages. Xen released a security advisory on March 10. (I was informed by the security team that it does not track security issues via Launchpad bugs, but in the Ubuntu CVE Tracker. However, the issue is unpatched for over 2.5 months and marked as needed for these combinations of source package and Ubuntu version in the Tracker, and therefore I am filing this bug.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1976184/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
