Given that this commit is in 6.16, it will end up in Ubuntu 25.10. Also,
given that it was backported to 6.6.x and 5.15.x, it should end up in
the 22.04 and 24.04 kernels in the future. We're also tracking this in
our CVE database at https://ubuntu.com/security/CVE-2025-38403 .
** Changed in: linux (Ubuntu)
Status: New => Triaged
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => Canonical Kernel Team (canonical-kernel-team)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2119601
Title:
Backport Request: vmw_vsock_vmci_transport (Version: 1.0.5.0-k) to
Ubuntu 25.10
Status in linux package in Ubuntu:
Triaged
Bug description:
Hello Ubuntu team,
The current vmw_vsock_vmci_transport driver in older kernels may
contain an information disclosure vulnerability due to the usage of an
uninitialized memory in vSockets.
Fix Commit(s):
Commit Id:- 223e2288f4b8
Description:- Fix vsock/vmci: Clear the vmci transport packet properly when
initializing it
Upstream version:- 6.16
Link:-
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=223e2288f4b8
We respectfully request that the updates to the
vmw_vsock_vmci_transport driver be backported to the next Ubuntu 25.x
release, such as 25.10. These update addresses a security issue.
Thank you for your support.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2119601/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
