10

I have been informed about the CVE-2022-0847 vulnerability. I'm wondering what versions of Ubuntu are affected by such a bug.

tomodachi
  • 15,370
floatingpurr
  • 627

4 Answers4

9

I can confirm that kernel versions 5.13.0-28-generic and 5.11.0-40-generic for Ubuntu 20.04 are affected.

Carsten Agger
  • 750
5

Given the incredible severity of this CVE, I did a lot of research on this.

Yes, this has been patched and pushed (as of 2022-03-08) for 21.10 (Impish).

Update 2022-03-09:

A comment below (@fuzzydrawings), mentioned the fix was pushed to 20.04 (focal) as of 2022-03-08. I believe various versions of 18.04 (bionic) have been released as well. I have linked the commits for impish and bionic below.

Also:

https://ubuntu.com/security/notices can be helpful, and https://ubuntu.com/security/notices/USN-5317-1 is the notice for this CVE. However it only mentions 21.10 and 20.04 LTS. I linked below to the commits for bionic that contain the fix.

21.10 (impish)

After I did a sudo apt update, I did a sudo apt list --upgradable to see if the kernel was updated. It was.

The important line is here: linux-generic/impish-updates 5.13.0.35.44 amd64

Googling for the answer didn't come up with any clear answers. So I went to the ubuntu git repository at:

https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/impish

(this URL is specific to impish)

You can then see that this version contains the patch from Max Kellerman: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/impish/commit/?id=181cbcef9f8c158189a3b1094c532b6686f14acf

The following commit tags it: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/impish/commit/?id=b07bbb7a296b9be80e48973bba8b03fb1101547f

linux (5.13.0-35.40) impish; urgency=medium

20.04 (focal)

the two kernel versions have received the update (5.4 and 5.13 HWE). Here are the commits:

https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=114ece9d1f915886450030af5333287437bbf74b

https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=438da6e5c849ffe553fc15379471bf331346c3d2

18.04 (bionic)

the two kernel versions have received the update (4.15 and 5.4 HWE). Here are the commits:

https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/bionic/commit/?id=aeae4fd15ccbf0012f84d792ea7aef08e299da30

https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/bionic/commit/?id=10de766b07707fc67eb3e0a7ffcbaa27603d7c64

drudru
  • 171
2

It's very likely that all Ubuntu releases with 5.8 kernels or later are currently affected as no patches for this have been released at this moment.

Bill Lipa
  • 129
1

All ubuntu versions without patch linux-generic-hwe-20.04 from version 5.13.0.35.40~20.04.20 are affected by CVE-2022-0847

How to check it:

  1. run terminal
  2. run command: apt list --installed | grep linux-generic

If you see message (command run on ubuntu 20.04) linux-generic-hwe-20.04/focal-updates,focal-security,now 5.13.0.35.40~20.04.20 amd64 [installed] it means, that patch is applied and is't affect on your ubuntu.

How to install it:

  1. run terminal
  2. run command: sudo apt-get install linux-generic-hwe-20.04
  3. confirm it by pressing Y key.
Lorenz Keel
  • 9,511
Igor-Potapov
  • 161