Exploitable vulnerabilities in AF_VSOCK implementation
Bug #1914668 reported by
Kamal Mostafa
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Committed
|
High
|
Kamal Mostafa | ||
Groovy |
Fix Released
|
High
|
Kamal Mostafa | ||
Hirsute |
Won't Fix
|
High
|
Kamal Mostafa | ||
linux-hwe-5.8 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
High
|
Kamal Mostafa | ||
linux-oem-5.6 (Ubuntu) |
Fix Released
|
Critical
|
Thadeu Lima de Souza Cascardo | ||
linux-riscv (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
https:/
The following mainline patch is required for all kernels >= v5.8: {focal hwe-5.8, groovy, hirsute}:
[linux] c518adafa39f vsock: fix the race conditions in multi-transport support
or [linux-5.10-y] 55d900415b81 vsock: fix the race conditions in multi-transport support
[Impact]
* Patches an exploitable vulnerability.
[Test Case]
* See disclosure article.
[Regression Potential]
* Low: straightforward race condition fix; upstream cherry-pick.
CVE References
description: | updated |
description: | updated |
description: | updated |
Changed in linux (Ubuntu Groovy): | |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
Changed in linux (Ubuntu Hirsute): | |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
Changed in linux-hwe-5.8 (Ubuntu Focal): | |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
Changed in linux (Ubuntu Groovy): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Hirsute): | |
status: | In Progress → Fix Committed |
Changed in linux-riscv (Ubuntu): | |
status: | New → Fix Committed |
Changed in linux-oem-5.6 (Ubuntu): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
importance: | Undecided → Critical |
status: | New → Fix Committed |
Changed in linux-hwe-5.8 (Ubuntu): | |
status: | New → Invalid |
To post a comment you must log in.
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1914668
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.