I am using this bug to track 7 security vulnerabilities in Ubuntu
kernels.
** Changed in: linux-aws-5.15 (Ubuntu)
Status: New => Fix Released
** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
** Changed in: linux-azure (Ubuntu)
Status: New => Fix Released
**
** Changed in: linux-aws-5.4 (Ubuntu)
Status: New => Fix Released
** Changed in: linux-ibm-5.4 (Ubuntu)
Status: New => Fix Released
** Changed in: linux-ibm (Ubuntu)
Status: New => Fix Released
** Changed in: linux-hwe-5.4 (Ubuntu)
Status: New => Fix Released
**
** Also affects: linux-aws-5.15 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
** Changed in: linux-hwe-5.15 (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1987413
Title:
[amdgpu] Several stability bugs in pre-5.17
Adding a comment with the bug links to watch their status and
importance:
https://gitlab.freedesktop.org/drm/amd/-/issues/1819
https://gitlab.freedesktop.org/drm/amd/-/issues/1871
https://gitlab.freedesktop.org/drm/amd/-/issues/1887
** Bug watch added: gitlab.freedesktop.org/drm/amd/-/issues
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1987413
Title:
[amdgpu] Several stability bugs in pre-5.17
The Kernel Packages team already owns the firmware-sof package. Ubuntu
Package Archive Administrators, please promote the package to the main
component in Ubuntu 22.04 and Kinetic.
** Changed in: firmware-sof (Ubuntu)
Status: Incomplete => New
--
You received this bug notification
The dependency change is already done: linux-firmware recommends
firmware-sof-signed, that is built by the firmware-sof source package.
Please promote the firmware-sof source package (currently in restricted)
to main.
--
You received this bug notification because you are a member of Kernel
It is actually Intel-signed SOF firmware.
** Changed in: firmware-sof (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to firmware-sof in Ubuntu.
https://bugs.launchpad.net/bugs/1956104
Title:
Fixed in linux-bluefield 5.4.0-1040.44.
** Changed in: linux-bluefield (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/1971205
** Changed in: linux-gke-5.4 (Ubuntu)
Status: Fix Committed => Fix Released
** Changed in: linux-oracle-5.13 (Ubuntu)
Status: Fix Committed => Fix Released
** Changed in: linux-bluefield (Ubuntu)
Status: Confirmed => Fix Committed
--
You received this bug notification
** Changed in: linux-aws-5.4 (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/1971205
Title:
CVE-2022-25258 and CVE-2022-25375
** Changed in: linux-raspi2 (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/1971205
Title:
CVE-2022-25258 and CVE-2022-25375
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23042
** Description changed:
The packages listed above are vulnerable to the CVEs below in at least
- one Ubuntu release, as stated in the Ubuntu CVE Tracker.
+ one Ubuntu release, as stated in the Ubuntu CVE Tracker, except
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23041
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/1976184
Title:
Linux PV device frontends vulnerable to attacks
** Also affects: linux-azure-4.15 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-dell300x (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-gcp-4.15 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-snapdragon
** Summary changed:
- CVE-2022-23036, CVE-2022-23037 and CVE-2022-23038
+ Linux PV device frontends vulnerable to attacks by backends
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23039
** Description changed:
- The following packages are vulnerable to CVE-2022-23036,
** Summary changed:
- CVE-2022-23036
+ CVE-2022-23036 and CVE-2022-23037
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23036
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23037
** Summary changed:
- CVE-2022-23036 and CVE-2022-23037
+ CVE-2022-23036,
** Also affects: linux-ibm-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-kvm (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-oem-5.14 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-oracle (Ubuntu)
** Also affects: linux-aws (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-aws-5.13 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-aws-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-azure (Ubuntu)
*** This bug is a security vulnerability ***
Public security bug reported:
The following packages are vulnerable in at least one Ubuntu release, as
stated in the Ubuntu CVE Tracker.
Please release fixed packages.
Xen released a security advisory on March 10.
(I was informed by the security
*** This bug is a security vulnerability ***
Public security bug reported:
The version in Focal is vulnerable to CVE-2021-28711 and CVE-2021-28712.
Please release patched versions.
Xen released a security advisory on December 20:
https://xenbits.xen.org/xsa/advisory-391.html
** Affects:
** Changed in: linux-riscv (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/1971205
Title:
CVE-2022-25258 and CVE-2022-25375
** Changed in: linux-gkeop-5.4 (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: linux-hwe-5.13 (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: linux-hwe-5.4 (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: linux-ibm (Ubuntu)
Status:
** Changed in: linux-gcp-5.13 (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: linux-gke (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: linux-gke-5.4 (Ubuntu)
Status: Confirmed => Fix Committed
** Changed in: linux-gkeop (Ubuntu)
Status: Confirmed
I filed this bug to alert that these vulnerabilities were unpatched for
2 months. Some kernels in supported Ubuntu releases are still affected:
$ wget https://git.launchpad.net/ubuntu-cve-tracker/plain/active/CVE-2022-25258
$ grep -vE '^(upstream_[a-z0-9.-]+: |Patches_[a-z0-9.-]+:$|
** No longer affects: linux-azure-fde (Ubuntu)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/1971205
Title:
CVE-2022-25258 and CVE-2022-25375
Status in linux-aws package in
*** This bug is a security vulnerability ***
Public security bug reported:
These packages are vulnerable to CVE-2022-25258 and CVE-2022-25375 in at
least one Ubuntu release, as stated in the Ubuntu CVE Tracker.
Please release fixed packages.
Debian released an advisory on March 7.
** Affects:
*** This bug is a security vulnerability ***
Public security bug reported:
The version in Focal is vulnerable to CVE-2022-0330.
Debian released an advisory on March 7.
** Affects: linux-azure-fde (Ubuntu)
Importance: Undecided
Status: New
** CVE added:
29 matches
Mail list logo
