Vulnerability in af_packet handling
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-gke (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Medium
|
Khaled El Mously |
Bug Description
CVE-2021-22600
A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function packet_set_ring of the file net/packet/
The weakness was released 01/26/2022. The advisory is shared for download at git.kernel.org. This vulnerability is traded as CVE-2021-22600 since 01/05/2021. The exploitability is told to be easy. It is possible to launch the attack remotely. A authentication is required for exploitation. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 01/26/2022).
Applying a patch is able to eliminate this problem. The fix is https:/
More information at: https:/
no longer affects: | klibc (Ubuntu) |
Changed in linux-gke (Ubuntu): | |
status: | New → Invalid |
Changed in linux-gke (Ubuntu Focal): | |
assignee: | nobody → Khaled El Mously (kmously) |
importance: | Undecided → Medium |
status: | New → In Progress |
tags: |
added: verification-done-focal removed: verification-needed-focal |
This bug is awaiting verification that the linux-gke/ 5.4.0-1061. 64 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- focal' to 'verification- done-focal' . If the problem still exists, change the tag 'verification- needed- focal' to 'verification- failed- focal'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!