This issue was reported publicly to https://lore.kernel.org/linux- wireless/caov16xesck0-smenjfxvwikqogbj4pqwa2dvjbvwq-g+ntv...@mail.gmail.com/T/#u
Therefore, I am making this bug report public as well. The new report claims that "Debian systems are not affected.". If Ubuntu is truly the only distro affected, the Canonical CNA can assign a CVE. Otherwise, CVE assignment should be made by upstream, MITRE, or a Root CNA like Red Hat. To restate this, it is not known if Ubuntu is an affected downstream of this vulnerability or if the issue truly originates in Ubuntu as the upstream provider. My hunch is the prior. ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073500 Title: Ubuntu RT2x00 USB Driver Kernel Use-After-Free Vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2073500/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
