[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation

Launchpad Bug Tracker Mon, 08 Feb 2021 14:02:06 -0800

This bug was fixed in the package linux-riscv - 5.8.0-16.18

---------------
linux-riscv (5.8.0-16.18) groovy; urgency=medium


  * groovy/linux-riscv: 5.8.0-16.18 -proposed tracker (LP: #1914687)

  [ Ubuntu: 5.8.0-43.49 ]

  * groovy/linux: 5.8.0-43.49 -proposed tracker (LP: #1914689)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * Exploitable vulnerabilities in AF_VSOCK implementation (LP: #1914668)
    - vsock: fix the race conditions in multi-transport support

  [ Ubuntu: 5.8.0-41.46 ]

  * groovy/linux: 5.8.0-41.46 -proposed tracker (LP: #1912219)
  * Groovy update: upstream stable patchset 2020-12-17 (LP: #1908555) // nvme
    drive fails after some time (LP: #1910866)
    - Revert "nvme-pci: remove last_sq_tail"
  * initramfs unpacking failed (LP: #1835660)
    - SAUCE: lib/decompress_unlz4.c: correctly handle zero-padding around 
initrds.
  * overlay: permission regression in 5.4.0-51.56 due to patches related to
    CVE-2020-16120 (LP: #1900141)
    - ovl: do not fail because of O_NOATIME

  [ Ubuntu: 5.8.0-40.45 ]

  * Packaging resync (LP: #1786013)
    - update dkms package versions

 -- Stefan Bader <stefan.ba...@canonical.com>  Fri, 05 Feb 2021 09:13:11
+0100

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.6 in Ubuntu.
https://bugs.launchpad.net/bugs/1914668

Title:
  Exploitable vulnerabilities in AF_VSOCK implementation

Status in linux package in Ubuntu:
  Fix Committed
Status in linux-hwe-5.8 package in Ubuntu:
  New
Status in linux-oem-5.6 package in Ubuntu:
  Fix Committed
Status in linux-riscv package in Ubuntu:
  Fix Released
Status in linux-hwe-5.8 source package in Focal:
  Fix Released
Status in linux source package in Groovy:
  Fix Released
Status in linux source package in Hirsute:
  Fix Committed

Bug description:
  https://www.openwall.com/lists/oss-security/2021/02/04/5

  The following mainline patch is required for all kernels >= v5.8:
  {focal hwe-5.8, groovy, hirsute}:

  [linux] c518adafa39f vsock: fix the race conditions in multi-transport
  support

  or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in
  multi-transport support

  
  [Impact]

   * Patches an exploitable vulnerability.

  [Test Case]

   * See disclosure article.

  [Regression Potential]

   * Low: straightforward race condition fix; upstream cherry-pick.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1914668] Re: Exploitable vulnerabilities in AF_VSOCK implementation

Reply via email to