*** This bug is a security vulnerability ***
Public security bug reported:
These packages are vulnerable to CVE-2022-25258 and CVE-2022-25375 in at
least one Ubuntu release, as stated in the Ubuntu CVE Tracker.
Please release fixed packages.
Debian released an advisory on March 7.
** Affects: linux-aws (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-aws-5.13 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-aws-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-azure (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-azure-4.15 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-azure-5.13 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-azure-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-azure-fde (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-bluefield (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-dell300x (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-gcp (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-gcp-4.15 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-gcp-5.13 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-gcp-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-gke (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-gke-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-gkeop (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-gkeop-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-hwe-5.13 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-hwe-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-ibm (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-ibm-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-kvm (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-oracle (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-oracle-5.13 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-oracle-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-raspi (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-raspi-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-raspi2 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-riscv (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-snapdragon (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-aws (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-aws-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
- The version in Focal is vulnerable to CVE-2022-25258.
+ These packages are vulnerable to CVE-2022-25258 in at least one Ubuntu
+ release, as stated in the Ubuntu CVE Tracker.
Please release fixed packages.
Debian released an advisory on March 7.
** Also affects: linux-azure (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-azure-4.15 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-azure-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-bluefield (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-dell300x (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-gcp (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-gcp-4.15 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-gcp-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-gke (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-gke-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-gkeop (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-gkeop-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-hwe-5.13 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-hwe-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-ibm (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-kvm (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-oracle (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-oracle-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-raspi (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-raspi-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-raspi2 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-riscv (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-azure-fde (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-gcp-5.13 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-ibm-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-oracle-5.13 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-aws-5.13 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-snapdragon (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
- These packages are vulnerable to CVE-2022-25258 in at least one Ubuntu
- release, as stated in the Ubuntu CVE Tracker.
+ These packages are vulnerable to CVE-2022-25258 and CVE-2022-25375 in at
+ least one Ubuntu release, as stated in the Ubuntu CVE Tracker.
Please release fixed packages.
Debian released an advisory on March 7.
** Summary changed:
- CVE-2022-25258
+ CVE-2022-25258 and CVE-2022-25375
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-25258
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-25375
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1971205
Title:
CVE-2022-25258 and CVE-2022-25375
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1971205/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
