Linux PV device frontends vulnerable to attacks by backends
Bug #1976184 reported by
Luís Infante da Câmara
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
| linux-aws (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
| linux-aws-5.15 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-aws-5.4 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-azure (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-azure-4.15 (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
| linux-azure-5.4 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-bluefield (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-dell300x (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
| linux-gcp (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-gcp-4.15 (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
| linux-gcp-5.4 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-gke (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-gke-5.4 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-gkeop (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-gkeop-5.4 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-hwe-5.4 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-ibm (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-ibm-5.4 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-intel-iotg-5.15 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-kvm (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
| linux-oem-5.14 (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
| linux-oracle (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
| linux-oracle-5.4 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-raspi (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-raspi-5.4 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-snapdragon (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
The packages listed above are vulnerable to the CVEs below in at least one Ubuntu release, as stated in the Ubuntu CVE Tracker, except for linux-azure-4.15, linux-dell300x, linux-gcp-4.15 and linux-snapdragon, that are only vulnerable to CVE-2022-23041.
Please release fixed packages.
Xen released a security advisory on March 10.
(I was informed by the security team that it does not track security issues via Launchpad bugs, but in the Ubuntu CVE Tracker. However, the issue is unpatched for over 2.5 months and marked as needed for these combinations of source package and Ubuntu version in the Tracker, and therefore I am filing this bug.)
CVE References
| information type: | Private Security → Public Security |
| no longer affects: | linux (Ubuntu) |
| summary: |
- CVE-2022-23036 + CVE-2022-23036 and CVE-2022-23037 |
| summary: |
- CVE-2022-23036 and CVE-2022-23037 + CVE-2022-23036, CVE-2022-23037 and CVE-2022-23038 |
| description: | updated |
| summary: |
- CVE-2022-23036, CVE-2022-23037 and CVE-2022-23038 + Linux PV device frontends vulnerable to attacks by backends |
| description: | updated |
| description: | updated |
Revision history for this message
| Timo Aaltonen (tjaalton) wrote | #1 |
| Changed in linux-oem-5.14 (Ubuntu): | |
| status: | New → Won't Fix |
| Changed in linux-aws-5.4 (Ubuntu): | |
| status: | New → Fix Released |
| Changed in linux-gcp-4.15 (Ubuntu): | |
| status: | New → Fix Released |
| Changed in linux-ibm-5.4 (Ubuntu): | |
| status: | New → Fix Released |
| Changed in linux-ibm (Ubuntu): | |
| status: | New → Fix Released |
| Changed in linux-hwe-5.4 (Ubuntu): | |
| status: | New → Fix Released |
| Changed in linux-gcp-4.15 (Ubuntu): | |
| status: | Fix Released → New |
| Changed in linux-gke-5.4 (Ubuntu): | |
| status: | New → Fix Released |
| Changed in linux-gkeop (Ubuntu): | |
| status: | New → Fix Released |
| Changed in linux-azure-5.4 (Ubuntu): | |
| status: | New → Fix Released |
| Changed in linux-bluefield (Ubuntu): | |
| status: | New → Fix Released |
| Changed in linux-raspi-5.4 (Ubuntu): | |
| status: | New → Fix Released |
| Changed in linux-oracle-5.4 (Ubuntu): | |
| status: | New → Fix Released |
| no longer affects: | linux-aws-5.13 (Ubuntu) |
| no longer affects: | linux-oracle-5.13 (Ubuntu) |
| no longer affects: | linux-gcp-5.13 (Ubuntu) |
| no longer affects: | linux-azure-5.13 (Ubuntu) |
Revision history for this message
| Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote Missing required logs. | #2 |
| Changed in linux (Ubuntu): | |
| status: | New → Incomplete |
Revision history for this message
| Luís Infante da Câmara (luis220413) wrote | #3 |
| Changed in linux-aws-5.15 (Ubuntu): | |
| status: | New → Fix Released |
| Changed in linux (Ubuntu): | |
| status: | Incomplete → Confirmed |
| Changed in linux-azure (Ubuntu): | |
| status: | New → Fix Released |
| Changed in linux-gcp (Ubuntu): | |
| status: | New → Fix Released |
| Changed in linux-gcp-5.4 (Ubuntu): | |
| status: | New → Fix Released |
| Changed in linux-gke (Ubuntu): | |
| status: | New → Fix Released |
| Changed in linux-gkeop-5.4 (Ubuntu): | |
| status: | New → Fix Released |
| no longer affects: | linux-hwe-5.13 (Ubuntu) |
| Changed in linux-intel-iotg-5.15 (Ubuntu): | |
| status: | New → Fix Released |
| Changed in linux-raspi (Ubuntu): | |
| status: | New → Fix Released |
| no longer affects: | linux-riscv (Ubuntu) |
Revision history for this message
| Steve Beattie (sbeattie) wrote | #4 |
To post a comment you must log in.
oem-5.14 will be eol soon