*** This bug is a security vulnerability *** Public security bug reported:
These packages are vulnerable to CVE-2022-25258 and CVE-2022-25375 in at least one Ubuntu release, as stated in the Ubuntu CVE Tracker. Please release fixed packages. Debian released an advisory on March 7. ** Affects: linux-aws (Ubuntu) Importance: Undecided Status: New ** Affects: linux-aws-5.13 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-aws-5.4 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-azure (Ubuntu) Importance: Undecided Status: New ** Affects: linux-azure-4.15 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-azure-5.13 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-azure-5.4 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-azure-fde (Ubuntu) Importance: Undecided Status: New ** Affects: linux-bluefield (Ubuntu) Importance: Undecided Status: New ** Affects: linux-dell300x (Ubuntu) Importance: Undecided Status: New ** Affects: linux-gcp (Ubuntu) Importance: Undecided Status: New ** Affects: linux-gcp-4.15 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-gcp-5.13 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-gcp-5.4 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-gke (Ubuntu) Importance: Undecided Status: New ** Affects: linux-gke-5.4 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-gkeop (Ubuntu) Importance: Undecided Status: New ** Affects: linux-gkeop-5.4 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-hwe-5.13 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-hwe-5.4 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-ibm (Ubuntu) Importance: Undecided Status: New ** Affects: linux-ibm-5.4 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-kvm (Ubuntu) Importance: Undecided Status: New ** Affects: linux-oracle (Ubuntu) Importance: Undecided Status: New ** Affects: linux-oracle-5.13 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-oracle-5.4 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-raspi (Ubuntu) Importance: Undecided Status: New ** Affects: linux-raspi-5.4 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-raspi2 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-riscv (Ubuntu) Importance: Undecided Status: New ** Affects: linux-snapdragon (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-aws (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-aws-5.4 (Ubuntu) Importance: Undecided Status: New ** Description changed: - The version in Focal is vulnerable to CVE-2022-25258. + These packages are vulnerable to CVE-2022-25258 in at least one Ubuntu + release, as stated in the Ubuntu CVE Tracker. Please release fixed packages. Debian released an advisory on March 7. ** Also affects: linux-azure (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-azure-4.15 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-azure-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-bluefield (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-dell300x (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gcp (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gcp-4.15 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gcp-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gke (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gke-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gkeop (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gkeop-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-hwe-5.13 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-hwe-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-ibm (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-kvm (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-oracle (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-oracle-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-raspi (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-raspi-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-raspi2 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-riscv (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-azure-fde (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gcp-5.13 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-ibm-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-oracle-5.13 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-aws-5.13 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-snapdragon (Ubuntu) Importance: Undecided Status: New ** Description changed: - These packages are vulnerable to CVE-2022-25258 in at least one Ubuntu - release, as stated in the Ubuntu CVE Tracker. + These packages are vulnerable to CVE-2022-25258 and CVE-2022-25375 in at + least one Ubuntu release, as stated in the Ubuntu CVE Tracker. Please release fixed packages. Debian released an advisory on March 7. ** Summary changed: - CVE-2022-25258 + CVE-2022-25258 and CVE-2022-25375 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-25258 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-25375 ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971205 Title: CVE-2022-25258 and CVE-2022-25375 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1971205/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs