*** This bug is a security vulnerability ***
Public security bug reported:
These packages are vulnerable to CVE-2022-25258 and CVE-2022-25375 in at
least one Ubuntu release, as stated in the Ubuntu CVE Tracker.
Please release fixed packages.
Debian released an advisory on March 7.
** Affects: linux-aws (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-aws-5.13 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-aws-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-azure (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-azure-4.15 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-azure-5.13 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-azure-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-azure-fde (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-bluefield (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-dell300x (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-gcp (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-gcp-4.15 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-gcp-5.13 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-gcp-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-gke (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-gke-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-gkeop (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-gkeop-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-hwe-5.13 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-hwe-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-ibm (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-ibm-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-kvm (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-oracle (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-oracle-5.13 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-oracle-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-raspi (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-raspi-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-raspi2 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-riscv (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-snapdragon (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-aws (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-aws-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
- The version in Focal is vulnerable to CVE-2022-25258.
+ These packages are vulnerable to CVE-2022-25258 in at least one Ubuntu
+ release, as stated in the Ubuntu CVE Tracker.
Please release fixed packages.
Debian released an advisory on March 7.
** Also affects: linux-azure (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-azure-4.15 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-azure-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-bluefield (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-dell300x (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-gcp (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-gcp-4.15 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-gcp-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-gke (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-gke-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-gkeop (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-gkeop-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-hwe-5.13 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-hwe-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-ibm (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-kvm (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-oracle (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-oracle-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-raspi (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-raspi-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-raspi2 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-riscv (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-azure-fde (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-gcp-5.13 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-ibm-5.4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-oracle-5.13 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-aws-5.13 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-snapdragon (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
- These packages are vulnerable to CVE-2022-25258 in at least one Ubuntu
- release, as stated in the Ubuntu CVE Tracker.
+ These packages are vulnerable to CVE-2022-25258 and CVE-2022-25375 in at
+ least one Ubuntu release, as stated in the Ubuntu CVE Tracker.
Please release fixed packages.
Debian released an advisory on March 7.
** Summary changed:
- CVE-2022-25258
+ CVE-2022-25258 and CVE-2022-25375
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-25258
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-25375
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/1971205
Title:
CVE-2022-25258 and CVE-2022-25375
Status in linux-aws package in Ubuntu:
New
Status in linux-aws-5.13 package in Ubuntu:
New
Status in linux-aws-5.4 package in Ubuntu:
New
Status in linux-azure package in Ubuntu:
New
Status in linux-azure-4.15 package in Ubuntu:
New
Status in linux-azure-5.13 package in Ubuntu:
New
Status in linux-azure-5.4 package in Ubuntu:
New
Status in linux-azure-fde package in Ubuntu:
New
Status in linux-bluefield package in Ubuntu:
New
Status in linux-dell300x package in Ubuntu:
New
Status in linux-gcp package in Ubuntu:
New
Status in linux-gcp-4.15 package in Ubuntu:
New
Status in linux-gcp-5.13 package in Ubuntu:
New
Status in linux-gcp-5.4 package in Ubuntu:
New
Status in linux-gke package in Ubuntu:
New
Status in linux-gke-5.4 package in Ubuntu:
New
Status in linux-gkeop package in Ubuntu:
New
Status in linux-gkeop-5.4 package in Ubuntu:
New
Status in linux-hwe-5.13 package in Ubuntu:
New
Status in linux-hwe-5.4 package in Ubuntu:
New
Status in linux-ibm package in Ubuntu:
New
Status in linux-ibm-5.4 package in Ubuntu:
New
Status in linux-kvm package in Ubuntu:
New
Status in linux-oracle package in Ubuntu:
New
Status in linux-oracle-5.13 package in Ubuntu:
New
Status in linux-oracle-5.4 package in Ubuntu:
New
Status in linux-raspi package in Ubuntu:
New
Status in linux-raspi-5.4 package in Ubuntu:
New
Status in linux-raspi2 package in Ubuntu:
New
Status in linux-riscv package in Ubuntu:
New
Status in linux-snapdragon package in Ubuntu:
New
Bug description:
These packages are vulnerable to CVE-2022-25258 and CVE-2022-25375 in
at least one Ubuntu release, as stated in the Ubuntu CVE Tracker.
Please release fixed packages.
Debian released an advisory on March 7.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1971205/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
