Ubuntu
intel-microcode package

intel-microcode

Bug #2040112 reported by Rick S
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
intel-microcode (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

pro fix CVE-2022-40982
CVE-2022-40982: Linux kernel (BlueField) vulnerabilities
 - https://ubuntu.com/security/CVE-2022-40982

2 affected source packages are installed: intel-microcode, linux
(1/2) linux:
A fix is coming soon. Try again tomorrow.
(2/2) intel-microcode:
A fix is available in Ubuntu standard updates.
The update is already installed.

1 package is still affected: linux
✘ CVE-2022-40982 is not resolved.

apt policy intel-microcode
intel-microcode:
  Installed: 3.20230808.1
  Candidate: 3.20230808.1
  Version table:
 *** 3.20230808.1 500
        500 http://archive.ubuntu.com/ubuntu mantic/main amd64 Packages
        100 /var/lib/dpkg/status

ProblemType: Bug
DistroRelease: Ubuntu 23.10
Package: intel-microcode 3.20230808.1
ProcVersionSignature: Ubuntu 6.5.0-9.9-generic 6.5.3
Uname: Linux 6.5.0-9-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia zfs
ApportVersion: 2.27.0-0ubuntu5
Architecture: amd64
CasperMD5CheckMismatches: ./md5sum.txt ./boot/grub/i386-pc/eltorito.img
CasperMD5CheckResult: fail
CurrentDesktop: XFCE
Date: Sun Oct 22 10:50:09 2023
InstallationDate: Installed on 2023-10-12 (11 days ago)
InstallationMedia: Linux Lite 6.6 - Release amd64
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: intel-microcode
UpgradeStatus: No upgrade log present (probably fresh install)

CVE References

Revision history for this message
Rick S (1fallen) wrote :
Revision history for this message
Alex Murray (alexmurray) wrote :

The fix for intel-microcode is already installed as you can see, and correctly identified as such by the pro client:

(2/2) intel-microcode:
A fix is available in Ubuntu standard updates.
The update is already installed.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The issue here seems to be that the pro client itself is complaining that the associated fix for the linux kernel package is not installed.

The CVE page at https://ubuntu.com/security/CVE-2022-40982 shows the fix for mantic (Ubuntu 23.10) is still pending, so nothing seems to be amiss that I can see.

Changed in intel-microcode (Ubuntu):
status: New → Invalid
information type: Private Security → Public
Revision history for this message
Rick S (1fallen) wrote : Re: [Bug 2040112] Re: intel-microcode

No I wasn't worried about it another user in the forum brought it to our
attention and maybe we could make it word a little bit cleaner.
Thanks Alex

On Sun, Oct 22, 2023, 6:05 PM Alex Murray <email address hidden>
wrote:

> The fix for intel-microcode is already installed as you can see, and
> correctly identified as such by the pro client:
>
> (2/2) intel-microcode:
> A fix is available in Ubuntu standard updates.
> The update is already installed.
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> The issue here seems to be that the pro client itself is complaining
> that the associated fix for the linux kernel package is not installed.
>
> The CVE page at https://ubuntu.com/security/CVE-2022-40982 shows the fix
> for mantic (Ubuntu 23.10) is still pending, so nothing seems to be amiss
> that I can see.
>
> ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-40982
>
> ** Changed in: intel-microcode (Ubuntu)
> Status: New => Invalid
>
> ** Information type changed from Private Security to Public
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/2040112
>
> Title:
> intel-microcode
>
> Status in intel-microcode package in Ubuntu:
> Invalid
>
> Bug description:
> pro fix CVE-2022-40982
> CVE-2022-40982: Linux kernel (BlueField) vulnerabilities
> - https://ubuntu.com/security/CVE-2022-40982
>
> 2 affected source packages are installed: intel-microcode, linux
> (1/2) linux:
> A fix is coming soon. Try again tomorrow.
> (2/2) intel-microcode:
> A fix is available in Ubuntu standard updates.
> The update is already installed.
>
> 1 package is still affected: linux
> ✘ CVE-2022-40982 is not resolved.
>
> apt policy intel-microcode
> intel-microcode:
> Installed: 3.20230808.1
> Candidate: 3.20230808.1
> Version table:
> *** 3.20230808.1 500
> 500 http://archive.ubuntu.com/ubuntu mantic/main amd64 Packages
> 100 /var/lib/dpkg/status
>
> ProblemType: Bug
> DistroRelease: Ubuntu 23.10
> Package: intel-microcode 3.20230808.1
> ProcVersionSignature: Ubuntu 6.5.0-9.9-generic 6.5.3
> Uname: Linux 6.5.0-9-generic x86_64
> NonfreeKernelModules: nvidia_modeset nvidia zfs
> ApportVersion: 2.27.0-0ubuntu5
> Architecture: amd64
> CasperMD5CheckMismatches: ./md5sum.txt ./boot/grub/i386-pc/eltorito.img
> CasperMD5CheckResult: fail
> CurrentDesktop: XFCE
> Date: Sun Oct 22 10:50:09 2023
> InstallationDate: Installed on 2023-10-12 (11 days ago)
> InstallationMedia: Linux Lite 6.6 - Release amd64
> RebootRequiredPkgs: Error: path contained symlinks.
> SourcePackage: intel-microcode
> UpgradeStatus: No upgrade log present (probably fresh install)
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/2040112/+subscriptions
>
>

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.