Public bug reported:
[Feature Description]
CVE-2022-0847
A critical linux kernel vulnerability has been found, which exists since Linux
kernel v5.8 or later.
If linux kernel has this commit f6dd975583bd ("pipe: merge
anon_pipe_buf*_ops"), please backport this patch:
9d2231c5d74e13b2a0546fee6737ee4446017903(“lib/iov_iter: initialize "flags" in
new pipe_buffer”) to fix.
Please note: This commit f6dd975583bd did not introduce the bug, it just made
it easier to exploit.
The vulnerability has been fixed in linux kernel 5.16.11, 5.15.25 and 5.10.102.
For more details see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847
Commit: 9d2231c5d74e13b2a0546fee6737ee4446017903
git tag --contains 9d2231c5d74e13b2a0546fee6737ee4446017903
v5.17-rc6
Commit:f6dd975583bd
git tag --contains f6dd975583bd
v5.10
Target Kernel: 5.17
Target Release: 22.10/22.04/Others
[HW/SW Information]
Bug fix for vulnerability
[Business Justification]
Function improvement
** Affects: intel
Importance: Undecided
Status: New
** Affects: ubuntu
Importance: Undecided
Status: New
** Tags: intel-kernel-22.10
** Also affects: ubuntu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1964427
Title:
[Secutiry] CVE-2022-0847 lib/iov_iter: initialize "flags" in new
pipe_buffer
To manage notifications about this bug go to:
https://bugs.launchpad.net/intel/+bug/1964427/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
