[Bug 1971205] Re: CVE-2022-25258 and CVE-2022-25375

Fri, 13 May 2022 04:46:05 -0700 

I filed this bug to alert that these vulnerabilities were unpatched for
2 months. Some kernels in supported Ubuntu releases are still affected:

$ wget https://git.launchpad.net/ubuntu-cve-tracker/plain/active/CVE-2022-25258
$ grep -vE '^(upstream_[a-z0-9.-]+: |Patches_[a-z0-9.-]+:$| 
break-fix:|([a-z]+|trusty/esm|esm-infra/xenial)_[a-z0-9.-]+: (DNE$|released 
|not-affected($| )|ignored)|$)' CVE-2022-25258

bionic_linux-aws-5.4: pending (5.4.0-1073.78~18.04.1)
focal_linux-bluefield: needed
fips/xenial_linux-fips: needs-triage
fips-updates/xenial_linux-fips: needs-triage
fips/bionic_linux-fips: needs-triage
fips-updates/bionic_linux-fips: needs-triage
fips/focal_linux-fips: needs-triage
fips-updates/focal_linux-fips: needs-triage
bionic_linux-gke-5.4: pending (5.4.0-1069.72~18.04.1)
bionic_linux-raspi2: pending (4.15.0-1109.116)
impish_linux-riscv: pending (5.13.0-1021.23)
focal_linux-oracle-5.13: pending (5.13.0-1028.33~20.04.1)

Please release patched versions of linux-bluefield and linux-fips.

** Changed in: linux-aws (Ubuntu)
       Status: Confirmed => Fix Released

** Changed in: linux-aws-5.13 (Ubuntu)
       Status: Confirmed => Fix Released

** Changed in: linux-aws-5.4 (Ubuntu)
       Status: Confirmed => Fix Committed

** Changed in: linux-azure (Ubuntu)
       Status: Confirmed => Fix Released

** Changed in: linux-azure-4.15 (Ubuntu)
       Status: Confirmed => Fix Released

** Changed in: linux-azure-5.13 (Ubuntu)
       Status: Confirmed => Fix Released

** Changed in: linux-azure-5.4 (Ubuntu)
       Status: Confirmed => Fix Released

** Changed in: linux-dell300x (Ubuntu)
       Status: Confirmed => Fix Released

** Changed in: linux-gcp (Ubuntu)
       Status: Confirmed => Fix Released

** Changed in: linux-gcp-4.15 (Ubuntu)
       Status: Confirmed => Fix Released

** Changed in: linux-gcp-5.4 (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1971205

Title:
  CVE-2022-25258 and CVE-2022-25375

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1971205/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to