This bug is missing log files that will aid in diagnosing the problem.
While running an Ubuntu kernel (not a mainline or third-party kernel)
please enter the following command in a terminal window:
apport-collect 1976184
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.
** Changed in: linux (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1976184
Title:
Linux PV device frontends vulnerable to attacks by backends
Status in linux package in Ubuntu:
Confirmed
Status in linux-aws package in Ubuntu:
New
Status in linux-aws-5.15 package in Ubuntu:
Fix Released
Status in linux-aws-5.4 package in Ubuntu:
Fix Released
Status in linux-azure package in Ubuntu:
Fix Released
Status in linux-azure-4.15 package in Ubuntu:
New
Status in linux-azure-5.4 package in Ubuntu:
Fix Released
Status in linux-bluefield package in Ubuntu:
Fix Released
Status in linux-dell300x package in Ubuntu:
New
Status in linux-gcp package in Ubuntu:
Fix Released
Status in linux-gcp-4.15 package in Ubuntu:
New
Status in linux-gcp-5.4 package in Ubuntu:
Fix Released
Status in linux-gke package in Ubuntu:
Fix Released
Status in linux-gke-5.4 package in Ubuntu:
Fix Released
Status in linux-gkeop package in Ubuntu:
Fix Released
Status in linux-gkeop-5.4 package in Ubuntu:
Fix Released
Status in linux-hwe-5.4 package in Ubuntu:
Fix Released
Status in linux-ibm package in Ubuntu:
Fix Released
Status in linux-ibm-5.4 package in Ubuntu:
Fix Released
Status in linux-intel-iotg-5.15 package in Ubuntu:
New
Status in linux-kvm package in Ubuntu:
New
Status in linux-oem-5.14 package in Ubuntu:
Won't Fix
Status in linux-oracle package in Ubuntu:
New
Status in linux-oracle-5.4 package in Ubuntu:
Fix Released
Status in linux-raspi package in Ubuntu:
New
Status in linux-raspi-5.4 package in Ubuntu:
Fix Released
Status in linux-riscv package in Ubuntu:
New
Status in linux-snapdragon package in Ubuntu:
New
Bug description:
The packages listed above are vulnerable to the CVEs below in at least
one Ubuntu release, as stated in the Ubuntu CVE Tracker, except for
linux-azure-4.15, linux-dell300x, linux-gcp-4.15 and linux-snapdragon,
that are only vulnerable to CVE-2022-23041.
Please release fixed packages.
Xen released a security advisory on March 10.
(I was informed by the security team that it does not track security
issues via Launchpad bugs, but in the Ubuntu CVE Tracker. However, the
issue is unpatched for over 2.5 months and marked as needed for these
combinations of source package and Ubuntu version in the Tracker, and
therefore I am filing this bug.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1976184/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
