*** This bug is a security vulnerability *** Public security bug reported:
These packages are vulnerable to CVE-2022-25258 and CVE-2022-25375 in at least one Ubuntu release, as stated in the Ubuntu CVE Tracker. Please release fixed packages. Debian released an advisory on March 7. ** Affects: linux-aws (Ubuntu) Importance: Undecided Status: New ** Affects: linux-aws-5.13 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-aws-5.4 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-azure (Ubuntu) Importance: Undecided Status: New ** Affects: linux-azure-4.15 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-azure-5.13 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-azure-5.4 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-azure-fde (Ubuntu) Importance: Undecided Status: New ** Affects: linux-bluefield (Ubuntu) Importance: Undecided Status: New ** Affects: linux-dell300x (Ubuntu) Importance: Undecided Status: New ** Affects: linux-gcp (Ubuntu) Importance: Undecided Status: New ** Affects: linux-gcp-4.15 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-gcp-5.13 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-gcp-5.4 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-gke (Ubuntu) Importance: Undecided Status: New ** Affects: linux-gke-5.4 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-gkeop (Ubuntu) Importance: Undecided Status: New ** Affects: linux-gkeop-5.4 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-hwe-5.13 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-hwe-5.4 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-ibm (Ubuntu) Importance: Undecided Status: New ** Affects: linux-ibm-5.4 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-kvm (Ubuntu) Importance: Undecided Status: New ** Affects: linux-oracle (Ubuntu) Importance: Undecided Status: New ** Affects: linux-oracle-5.13 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-oracle-5.4 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-raspi (Ubuntu) Importance: Undecided Status: New ** Affects: linux-raspi-5.4 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-raspi2 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-riscv (Ubuntu) Importance: Undecided Status: New ** Affects: linux-snapdragon (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-aws (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-aws-5.4 (Ubuntu) Importance: Undecided Status: New ** Description changed: - The version in Focal is vulnerable to CVE-2022-25258. + These packages are vulnerable to CVE-2022-25258 in at least one Ubuntu + release, as stated in the Ubuntu CVE Tracker. Please release fixed packages. Debian released an advisory on March 7. ** Also affects: linux-azure (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-azure-4.15 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-azure-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-bluefield (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-dell300x (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gcp (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gcp-4.15 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gcp-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gke (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gke-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gkeop (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gkeop-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-hwe-5.13 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-hwe-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-ibm (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-kvm (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-oracle (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-oracle-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-raspi (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-raspi-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-raspi2 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-riscv (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-azure-fde (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gcp-5.13 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-ibm-5.4 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-oracle-5.13 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-aws-5.13 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-snapdragon (Ubuntu) Importance: Undecided Status: New ** Description changed: - These packages are vulnerable to CVE-2022-25258 in at least one Ubuntu - release, as stated in the Ubuntu CVE Tracker. + These packages are vulnerable to CVE-2022-25258 and CVE-2022-25375 in at + least one Ubuntu release, as stated in the Ubuntu CVE Tracker. Please release fixed packages. Debian released an advisory on March 7. ** Summary changed: - CVE-2022-25258 + CVE-2022-25258 and CVE-2022-25375 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-25258 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-25375 ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-aws in Ubuntu. https://bugs.launchpad.net/bugs/1971205 Title: CVE-2022-25258 and CVE-2022-25375 Status in linux-aws package in Ubuntu: New Status in linux-aws-5.13 package in Ubuntu: New Status in linux-aws-5.4 package in Ubuntu: New Status in linux-azure package in Ubuntu: New Status in linux-azure-4.15 package in Ubuntu: New Status in linux-azure-5.13 package in Ubuntu: New Status in linux-azure-5.4 package in Ubuntu: New Status in linux-azure-fde package in Ubuntu: New Status in linux-bluefield package in Ubuntu: New Status in linux-dell300x package in Ubuntu: New Status in linux-gcp package in Ubuntu: New Status in linux-gcp-4.15 package in Ubuntu: New Status in linux-gcp-5.13 package in Ubuntu: New Status in linux-gcp-5.4 package in Ubuntu: New Status in linux-gke package in Ubuntu: New Status in linux-gke-5.4 package in Ubuntu: New Status in linux-gkeop package in Ubuntu: New Status in linux-gkeop-5.4 package in Ubuntu: New Status in linux-hwe-5.13 package in Ubuntu: New Status in linux-hwe-5.4 package in Ubuntu: New Status in linux-ibm package in Ubuntu: New Status in linux-ibm-5.4 package in Ubuntu: New Status in linux-kvm package in Ubuntu: New Status in linux-oracle package in Ubuntu: New Status in linux-oracle-5.13 package in Ubuntu: New Status in linux-oracle-5.4 package in Ubuntu: New Status in linux-raspi package in Ubuntu: New Status in linux-raspi-5.4 package in Ubuntu: New Status in linux-raspi2 package in Ubuntu: New Status in linux-riscv package in Ubuntu: New Status in linux-snapdragon package in Ubuntu: New Bug description: These packages are vulnerable to CVE-2022-25258 and CVE-2022-25375 in at least one Ubuntu release, as stated in the Ubuntu CVE Tracker. Please release fixed packages. Debian released an advisory on March 7. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1971205/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp