*** This bug is a security vulnerability ***
You have been subscribed to a public security bug:
[Feature Description]
CVE-2022-0847
A critical linux kernel vulnerability has been found, which exists since Linux
kernel v5.8 or later.
If linux kernel has this commit f6dd975583bd ("pipe: merge
anon_pipe_buf*_ops"), please backport this patch:
9d2231c5d74e13b2a0546fee6737ee4446017903(“lib/iov_iter: initialize "flags" in
new pipe_buffer”) to fix.
Please note: This commit f6dd975583bd did not introduce the bug, it just made
it easier to exploit.
The vulnerability has been fixed in linux kernel 5.16.11, 5.15.25 and 5.10.102.
For more details see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847
Commit: 9d2231c5d74e13b2a0546fee6737ee4446017903
git tag --contains 9d2231c5d74e13b2a0546fee6737ee4446017903
v5.17-rc6
Commit:f6dd975583bd
git tag --contains f6dd975583bd
v5.10
Target Kernel: 5.17
Target Release: 22.10/22.04/Others
[HW/SW Information]
Bug fix for vulnerability
[Business Justification]
Function improvement
** Affects: intel
Importance: Undecided
Status: New
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Fix Released
** Tags: intel-kernel-22.10
--
[Security] CVE-2022-0847 lib/iov_iter: initialize "flags" in new pipe_buffer
https://bugs.launchpad.net/bugs/1964427
You received this bug notification because you are a member of Kernel Packages,
which is subscribed to linux in Ubuntu.
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
