Hello Varun, Thank you for your report.
Since February 2024, Linux Kernel CVEs have been assigned and published by people at kernel.org. Their understanding of a CVE sadly differs from the commonly accepted CVE standards, especially regarding selection criteria, vulnerability descriptions, and severity evaluation. Due to this policy and methodology change, the Linux Kernel world receives approximately 120 CVEs monthly. This used to be around 15 until January 2024. We, the Kernel Security Squad here at Canonical, are always working hard to fix any significantly important CVE within an acceptable timeframe, however, due to the sheer number of incoming CVEs, we have to postpone some and prioritize others, even though they seem to have equal CVSS. (Two Mediums can differ greatly from each other due to configuration changes in Ubuntu). I assure you that we will carefully evaluate the list of CVEs you shared and act accordingly, however, it would be impossible for me to propose an ETA right now. Thank you for your understanding. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-aws-5.15 in Ubuntu. https://bugs.launchpad.net/bugs/2080555 Title: ubunutu 20 has many vulnerability for the package linux-aws-5.15 Status in linux-aws-5.15 package in Ubuntu: New Bug description: Hello Team, We are testing the ubunutu 20 AMI and it has more than 200+ vulnerability for the package linux-aws-5.15 AMI - ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20240821 AMI-ID - ami-079467ea8dd191734 Region - us-west-2 We are reaching out to check if there is any ETA we can expect the patched version of this package Regards, Varun Agarwal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws-5.15/+bug/2080555/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
