This was fixed in affected kernels in
https://ubuntu.com/security/notices/USN-5317-1 and
https://ubuntu.com/security/notices/USN-5362-1
** Package changed: ubuntu => linux (Ubuntu)
** Changed in: linux (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1964427
Title:
[Security] CVE-2022-0847 lib/iov_iter: initialize "flags" in new
pipe_buffer
Status in intel:
New
Status in linux package in Ubuntu:
Fix Released
Bug description:
[Feature Description]
CVE-2022-0847
A critical linux kernel vulnerability has been found, which exists since
Linux kernel v5.8 or later.
If linux kernel has this commit f6dd975583bd ("pipe: merge
anon_pipe_buf*_ops"), please backport this patch:
9d2231c5d74e13b2a0546fee6737ee4446017903(“lib/iov_iter: initialize "flags" in
new pipe_buffer”) to fix.
Please note: This commit f6dd975583bd did not introduce the bug, it just made
it easier to exploit.
The vulnerability has been fixed in linux kernel 5.16.11, 5.15.25 and
5.10.102.
For more details see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847
Commit: 9d2231c5d74e13b2a0546fee6737ee4446017903
git tag --contains 9d2231c5d74e13b2a0546fee6737ee4446017903
v5.17-rc6
Commit:f6dd975583bd
git tag --contains f6dd975583bd
v5.10
Target Kernel: 5.17
Target Release: 22.10/22.04/Others
[HW/SW Information]
Bug fix for vulnerability
[Business Justification]
Function improvement
To manage notifications about this bug go to:
https://bugs.launchpad.net/intel/+bug/1964427/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
