[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
The Hirsute Hippo has reached End of Life, so this bug will not be fixed
for that release.
** Changed in: linux (Ubuntu Hirsute)
Status: Fix Committed => Won't Fix
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.6 in Ubuntu.
https://bugs.launchpad.net/bugs/1914668
Title:
Exploitable vulnerabilities in AF_VSOCK implementation
Status in linux package in Ubuntu:
Fix Committed
Status in linux-hwe-5.8 package in Ubuntu:
Invalid
Status in linux-oem-5.6 package in Ubuntu:
Fix Released
Status in linux-riscv package in Ubuntu:
Fix Released
Status in linux-hwe-5.8 source package in Focal:
Fix Released
Status in linux source package in Groovy:
Fix Released
Status in linux source package in Hirsute:
Won't Fix
Bug description:
https://www.openwall.com/lists/oss-security/2021/02/04/5
The following mainline patch is required for all kernels >= v5.8:
{focal hwe-5.8, groovy, hirsute}:
[linux] c518adafa39f vsock: fix the race conditions in multi-transport
support
or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in
multi-transport support
[Impact]
* Patches an exploitable vulnerability.
[Test Case]
* See disclosure article.
[Regression Potential]
* Low: straightforward race condition fix; upstream cherry-pick.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
** Changed in: linux-hwe-5.8 (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.6 in Ubuntu.
https://bugs.launchpad.net/bugs/1914668
Title:
Exploitable vulnerabilities in AF_VSOCK implementation
Status in linux package in Ubuntu:
Fix Committed
Status in linux-hwe-5.8 package in Ubuntu:
Invalid
Status in linux-oem-5.6 package in Ubuntu:
Fix Released
Status in linux-riscv package in Ubuntu:
Fix Released
Status in linux-hwe-5.8 source package in Focal:
Fix Released
Status in linux source package in Groovy:
Fix Released
Status in linux source package in Hirsute:
Fix Committed
Bug description:
https://www.openwall.com/lists/oss-security/2021/02/04/5
The following mainline patch is required for all kernels >= v5.8:
{focal hwe-5.8, groovy, hirsute}:
[linux] c518adafa39f vsock: fix the race conditions in multi-transport
support
or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in
multi-transport support
[Impact]
* Patches an exploitable vulnerability.
[Test Case]
* See disclosure article.
[Regression Potential]
* Low: straightforward race condition fix; upstream cherry-pick.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
This bug was fixed in the package linux-oem-5.6 - 5.6.0-1047.51
---
linux-oem-5.6 (5.6.0-1047.51) focal; urgency=medium
* focal/linux-oem-5.6: 5.6.0-1047.51 -proposed tracker (LP: #1914751)
* Exploitable vulnerabilities in AF_VSOCK implementation (LP: #1914668)
- vsock: fix the race conditions in multi-transport support
-- Thadeu Lima de Souza Cascardo Fri, 05 Feb
2021 08:01:29 -0300
** Changed in: linux-oem-5.6 (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.6 in Ubuntu.
https://bugs.launchpad.net/bugs/1914668
Title:
Exploitable vulnerabilities in AF_VSOCK implementation
Status in linux package in Ubuntu:
Fix Committed
Status in linux-hwe-5.8 package in Ubuntu:
New
Status in linux-oem-5.6 package in Ubuntu:
Fix Released
Status in linux-riscv package in Ubuntu:
Fix Released
Status in linux-hwe-5.8 source package in Focal:
Fix Released
Status in linux source package in Groovy:
Fix Released
Status in linux source package in Hirsute:
Fix Committed
Bug description:
https://www.openwall.com/lists/oss-security/2021/02/04/5
The following mainline patch is required for all kernels >= v5.8:
{focal hwe-5.8, groovy, hirsute}:
[linux] c518adafa39f vsock: fix the race conditions in multi-transport
support
or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in
multi-transport support
[Impact]
* Patches an exploitable vulnerability.
[Test Case]
* See disclosure article.
[Regression Potential]
* Low: straightforward race condition fix; upstream cherry-pick.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
This bug was fixed in the package linux-riscv - 5.8.0-16.18
---
linux-riscv (5.8.0-16.18) groovy; urgency=medium
* groovy/linux-riscv: 5.8.0-16.18 -proposed tracker (LP: #1914687)
[ Ubuntu: 5.8.0-43.49 ]
* groovy/linux: 5.8.0-43.49 -proposed tracker (LP: #1914689)
* Packaging resync (LP: #1786013)
- update dkms package versions
* Exploitable vulnerabilities in AF_VSOCK implementation (LP: #1914668)
- vsock: fix the race conditions in multi-transport support
[ Ubuntu: 5.8.0-41.46 ]
* groovy/linux: 5.8.0-41.46 -proposed tracker (LP: #1912219)
* Groovy update: upstream stable patchset 2020-12-17 (LP: #1908555) // nvme
drive fails after some time (LP: #1910866)
- Revert "nvme-pci: remove last_sq_tail"
* initramfs unpacking failed (LP: #1835660)
- SAUCE: lib/decompress_unlz4.c: correctly handle zero-padding around
initrds.
* overlay: permission regression in 5.4.0-51.56 due to patches related to
CVE-2020-16120 (LP: #1900141)
- ovl: do not fail because of O_NOATIME
[ Ubuntu: 5.8.0-40.45 ]
* Packaging resync (LP: #1786013)
- update dkms package versions
-- Stefan Bader Fri, 05 Feb 2021 09:13:11
+0100
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.6 in Ubuntu.
https://bugs.launchpad.net/bugs/1914668
Title:
Exploitable vulnerabilities in AF_VSOCK implementation
Status in linux package in Ubuntu:
Fix Committed
Status in linux-hwe-5.8 package in Ubuntu:
New
Status in linux-oem-5.6 package in Ubuntu:
Fix Committed
Status in linux-riscv package in Ubuntu:
Fix Released
Status in linux-hwe-5.8 source package in Focal:
Fix Released
Status in linux source package in Groovy:
Fix Released
Status in linux source package in Hirsute:
Fix Committed
Bug description:
https://www.openwall.com/lists/oss-security/2021/02/04/5
The following mainline patch is required for all kernels >= v5.8:
{focal hwe-5.8, groovy, hirsute}:
[linux] c518adafa39f vsock: fix the race conditions in multi-transport
support
or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in
multi-transport support
[Impact]
* Patches an exploitable vulnerability.
[Test Case]
* See disclosure article.
[Regression Potential]
* Low: straightforward race condition fix; upstream cherry-pick.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
This bug was fixed in the package linux - 5.8.0-43.49
---
linux (5.8.0-43.49) groovy; urgency=medium
* groovy/linux: 5.8.0-43.49 -proposed tracker (LP: #1914689)
* Packaging resync (LP: #1786013)
- update dkms package versions
* Exploitable vulnerabilities in AF_VSOCK implementation (LP: #1914668)
- vsock: fix the race conditions in multi-transport support
-- Khalid Elmously Thu, 04 Feb 2021
21:41:23 -0500
** Changed in: linux-riscv (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-16120
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.6 in Ubuntu.
https://bugs.launchpad.net/bugs/1914668
Title:
Exploitable vulnerabilities in AF_VSOCK implementation
Status in linux package in Ubuntu:
Fix Committed
Status in linux-hwe-5.8 package in Ubuntu:
New
Status in linux-oem-5.6 package in Ubuntu:
Fix Committed
Status in linux-riscv package in Ubuntu:
Fix Released
Status in linux-hwe-5.8 source package in Focal:
Fix Released
Status in linux source package in Groovy:
Fix Released
Status in linux source package in Hirsute:
Fix Committed
Bug description:
https://www.openwall.com/lists/oss-security/2021/02/04/5
The following mainline patch is required for all kernels >= v5.8:
{focal hwe-5.8, groovy, hirsute}:
[linux] c518adafa39f vsock: fix the race conditions in multi-transport
support
or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in
multi-transport support
[Impact]
* Patches an exploitable vulnerability.
[Test Case]
* See disclosure article.
[Regression Potential]
* Low: straightforward race condition fix; upstream cherry-pick.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
This bug was fixed in the package linux-hwe-5.8 - 5.8.0-43.49~20.04.1
---
linux-hwe-5.8 (5.8.0-43.49~20.04.1) focal; urgency=medium
* focal/linux-hwe-5.8: 5.8.0-43.49~20.04.1 -proposed tracker (LP:
#1914688)
[ Ubuntu: 5.8.0-43.49 ]
* groovy/linux: 5.8.0-43.49 -proposed tracker (LP: #1914689)
* Packaging resync (LP: #1786013)
- update dkms package versions
* Exploitable vulnerabilities in AF_VSOCK implementation (LP: #1914668)
- vsock: fix the race conditions in multi-transport support
-- Kleber Sacilotto de Souza Fri, 05 Feb
2021 10:18:10 +0100
** Changed in: linux-hwe-5.8 (Ubuntu Focal)
Status: In Progress => Fix Released
** Changed in: linux (Ubuntu Groovy)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.6 in Ubuntu.
https://bugs.launchpad.net/bugs/1914668
Title:
Exploitable vulnerabilities in AF_VSOCK implementation
Status in linux package in Ubuntu:
Fix Committed
Status in linux-hwe-5.8 package in Ubuntu:
New
Status in linux-oem-5.6 package in Ubuntu:
Fix Committed
Status in linux-riscv package in Ubuntu:
Fix Released
Status in linux-hwe-5.8 source package in Focal:
Fix Released
Status in linux source package in Groovy:
Fix Released
Status in linux source package in Hirsute:
Fix Committed
Bug description:
https://www.openwall.com/lists/oss-security/2021/02/04/5
The following mainline patch is required for all kernels >= v5.8:
{focal hwe-5.8, groovy, hirsute}:
[linux] c518adafa39f vsock: fix the race conditions in multi-transport
support
or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in
multi-transport support
[Impact]
* Patches an exploitable vulnerability.
[Test Case]
* See disclosure article.
[Regression Potential]
* Low: straightforward race condition fix; upstream cherry-pick.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
focal' to 'verification-done-focal'. If the problem still exists, change
the tag 'verification-needed-focal' to 'verification-failed-focal'.
If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.
See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!
** Tags added: verification-needed-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.6 in Ubuntu.
https://bugs.launchpad.net/bugs/1914668
Title:
Exploitable vulnerabilities in AF_VSOCK implementation
Status in linux package in Ubuntu:
Fix Committed
Status in linux-hwe-5.8 package in Ubuntu:
New
Status in linux-oem-5.6 package in Ubuntu:
Fix Committed
Status in linux-riscv package in Ubuntu:
Fix Committed
Status in linux-hwe-5.8 source package in Focal:
In Progress
Status in linux source package in Groovy:
Fix Committed
Status in linux source package in Hirsute:
Fix Committed
Bug description:
https://www.openwall.com/lists/oss-security/2021/02/04/5
The following mainline patch is required for all kernels >= v5.8:
{focal hwe-5.8, groovy, hirsute}:
[linux] c518adafa39f vsock: fix the race conditions in multi-transport
support
or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in
multi-transport support
[Impact]
* Patches an exploitable vulnerability.
[Test Case]
* See disclosure article.
[Regression Potential]
* Low: straightforward race condition fix; upstream cherry-pick.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
groovy' to 'verification-done-groovy'. If the problem still exists,
change the tag 'verification-needed-groovy' to 'verification-failed-
groovy'.
If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.
See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!
** Tags added: verification-needed-groovy
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.6 in Ubuntu.
https://bugs.launchpad.net/bugs/1914668
Title:
Exploitable vulnerabilities in AF_VSOCK implementation
Status in linux package in Ubuntu:
Fix Committed
Status in linux-hwe-5.8 package in Ubuntu:
New
Status in linux-oem-5.6 package in Ubuntu:
Fix Committed
Status in linux-riscv package in Ubuntu:
Fix Committed
Status in linux-hwe-5.8 source package in Focal:
In Progress
Status in linux source package in Groovy:
Fix Committed
Status in linux source package in Hirsute:
Fix Committed
Bug description:
https://www.openwall.com/lists/oss-security/2021/02/04/5
The following mainline patch is required for all kernels >= v5.8:
{focal hwe-5.8, groovy, hirsute}:
[linux] c518adafa39f vsock: fix the race conditions in multi-transport
support
or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in
multi-transport support
[Impact]
* Patches an exploitable vulnerability.
[Test Case]
* See disclosure article.
[Regression Potential]
* Low: straightforward race condition fix; upstream cherry-pick.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
** Also affects: linux-oem-5.6 (Ubuntu)
Importance: Undecided
Status: New
** Changed in: linux-oem-5.6 (Ubuntu)
Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo)
** Changed in: linux-oem-5.6 (Ubuntu)
Importance: Undecided => Critical
** Changed in: linux-oem-5.6 (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1914668
Title:
Exploitable vulnerabilities in AF_VSOCK implementation
Status in linux package in Ubuntu:
Fix Committed
Status in linux-hwe-5.8 package in Ubuntu:
New
Status in linux-oem-5.6 package in Ubuntu:
Fix Committed
Status in linux-riscv package in Ubuntu:
Fix Committed
Status in linux-hwe-5.8 source package in Focal:
In Progress
Status in linux source package in Groovy:
Fix Committed
Status in linux source package in Hirsute:
Fix Committed
Bug description:
https://www.openwall.com/lists/oss-security/2021/02/04/5
The following mainline patch is required for all kernels >= v5.8:
{focal hwe-5.8, groovy, hirsute}:
[linux] c518adafa39f vsock: fix the race conditions in multi-transport
support
or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in
multi-transport support
[Impact]
* Patches an exploitable vulnerability.
[Test Case]
* See disclosure article.
[Regression Potential]
* Low: straightforward race condition fix; upstream cherry-pick.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
** Changed in: linux (Ubuntu Groovy)
Status: In Progress => Fix Committed
** Changed in: linux (Ubuntu Hirsute)
Status: In Progress => Fix Committed
** Also affects: linux-riscv (Ubuntu)
Importance: Undecided
Status: New
** Changed in: linux-riscv (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1914668
Title:
Exploitable vulnerabilities in AF_VSOCK implementation
Status in linux package in Ubuntu:
Fix Committed
Status in linux-hwe-5.8 package in Ubuntu:
New
Status in linux-riscv package in Ubuntu:
Fix Committed
Status in linux-hwe-5.8 source package in Focal:
In Progress
Status in linux source package in Groovy:
Fix Committed
Status in linux source package in Hirsute:
Fix Committed
Bug description:
https://www.openwall.com/lists/oss-security/2021/02/04/5
The following mainline patch is required for all kernels >= v5.8:
{focal hwe-5.8, groovy, hirsute}:
[linux] c518adafa39f vsock: fix the race conditions in multi-transport
support
or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in
multi-transport support
[Impact]
* Patches an exploitable vulnerability.
[Test Case]
* See disclosure article.
[Regression Potential]
* Low: straightforward race condition fix; upstream cherry-pick.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
https://lists.ubuntu.com/archives/kernel-team/2021-February/117143.html
** Changed in: linux (Ubuntu Groovy)
Status: Incomplete => In Progress
** Changed in: linux (Ubuntu Hirsute)
Status: Incomplete => In Progress
** Changed in: linux (Ubuntu Groovy)
Importance: Undecided => High
** Changed in: linux (Ubuntu Hirsute)
Importance: Undecided => High
** Also affects: linux-hwe-5.8 (Ubuntu)
Importance: Undecided
Status: New
** No longer affects: linux-hwe-5.8 (Ubuntu Groovy)
** No longer affects: linux-hwe-5.8 (Ubuntu Hirsute)
** Also affects: linux (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: linux-hwe-5.8 (Ubuntu Focal)
Importance: Undecided
Status: New
** No longer affects: linux (Ubuntu Focal)
** Changed in: linux-hwe-5.8 (Ubuntu Focal)
Status: New => In Progress
** Changed in: linux-hwe-5.8 (Ubuntu Focal)
Importance: Undecided => High
** Changed in: linux (Ubuntu Groovy)
Assignee: (unassigned) => Kamal Mostafa (kamalmostafa)
** Changed in: linux (Ubuntu Hirsute)
Assignee: (unassigned) => Kamal Mostafa (kamalmostafa)
** Changed in: linux-hwe-5.8 (Ubuntu Focal)
Assignee: (unassigned) => Kamal Mostafa (kamalmostafa)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1914668
Title:
Exploitable vulnerabilities in AF_VSOCK implementation
Status in linux package in Ubuntu:
In Progress
Status in linux-hwe-5.8 package in Ubuntu:
New
Status in linux-hwe-5.8 source package in Focal:
In Progress
Status in linux source package in Groovy:
In Progress
Status in linux source package in Hirsute:
In Progress
Bug description:
https://www.openwall.com/lists/oss-security/2021/02/04/5
The following mainline patch is required for all kernels >= v5.8:
{focal hwe-5.8, groovy, hirsute}:
[linux] c518adafa39f vsock: fix the race conditions in multi-transport
support
or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in
multi-transport support
[Impact]
* Patches an exploitable vulnerability.
[Test Case]
* See disclosure article.
[Regression Potential]
* Low: straightforward race condition fix; upstream cherry-pick.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation
** Description changed:
https://www.openwall.com/lists/oss-security/2021/02/04/5
The following mainline patch is required for >= groovy:
[linux] c518adafa39f vsock: fix the race conditions in multi-transport support
[linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport
support
+
+
+ [Impact]
+
+ * Patches an exploitable vulnerability.
+
+ [Test Case]
+
+ * See disclosure article.
+
+ [Regression Potential]
+
+ * Low: straightforward race condition fix; upstream cherry-pick.
** Description changed:
https://www.openwall.com/lists/oss-security/2021/02/04/5
The following mainline patch is required for >= groovy:
[linux] c518adafa39f vsock: fix the race conditions in multi-transport support
[linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport
support
-
[Impact]
- * Patches an exploitable vulnerability.
+ * Patches an exploitable vulnerability.
[Test Case]
- * See disclosure article.
+ * See disclosure article.
[Regression Potential]
- * Low: straightforward race condition fix; upstream cherry-pick.
+ * Low: straightforward race condition fix; upstream cherry-pick.
** Description changed:
https://www.openwall.com/lists/oss-security/2021/02/04/5
- The following mainline patch is required for >= groovy:
+ The following mainline patch is required for all kernels >= v5.8: {focal
+ hwe-5.8, groovy, hirsute}:
- [linux] c518adafa39f vsock: fix the race conditions in multi-transport support
- [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport
support
+ [linux] c518adafa39f vsock: fix the race conditions in multi-transport
+ support
+
+ or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-
+ transport support
+
[Impact]
* Patches an exploitable vulnerability.
[Test Case]
* See disclosure article.
[Regression Potential]
* Low: straightforward race condition fix; upstream cherry-pick.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1914668
Title:
Exploitable vulnerabilities in AF_VSOCK implementation
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Groovy:
Incomplete
Status in linux source package in Hirsute:
Incomplete
Bug description:
https://www.openwall.com/lists/oss-security/2021/02/04/5
The following mainline patch is required for all kernels >= v5.8:
{focal hwe-5.8, groovy, hirsute}:
[linux] c518adafa39f vsock: fix the race conditions in multi-transport
support
or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in
multi-transport support
[Impact]
* Patches an exploitable vulnerability.
[Test Case]
* See disclosure article.
[Regression Potential]
* Low: straightforward race condition fix; upstream cherry-pick.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
