** Changed in: linux-gke (Ubuntu)
Status: New => Invalid
** Changed in: linux-gke (Ubuntu Focal)
Importance: Undecided => Medium
** Changed in: linux-gke (Ubuntu Focal)
Status: New => In Progress
** Changed in: linux-gke (Ubuntu Focal)
Assignee: (unassigned) => Khaled El Mously (kmously)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-gke in Ubuntu.
https://bugs.launchpad.net/bugs/1959173
Title:
Vulnerability in af_packet handling
Status in linux-gke package in Ubuntu:
Invalid
Status in linux-gke source package in Focal:
In Progress
Bug description:
CVE-2021-22600
A vulnerability, which was classified as critical, was found in Linux
Kernel. Affected is the function packet_set_ring of the file
net/packet/af_packet.c. The manipulation with an unknown input leads
to a memory corruption vulnerability. This is going to have an impact
on confidentiality, integrity, and availability.
The weakness was released 01/26/2022. The advisory is shared for
download at git.kernel.org. This vulnerability is traded as
CVE-2021-22600 since 01/05/2021. The exploitability is told to be
easy. It is possible to launch the attack remotely. A authentication
is required for exploitation. There are known technical details, but
no exploit is available. The current price for an exploit might be
approx. USD $5k-$25k (estimation calculated on 01/26/2022).
Applying a patch is able to eliminate this problem. The fix is
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
More information at:
https://partnerissuetracker.corp.google.com/issues/215427453
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-gke/+bug/1959173/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
