Home / ubuntu / Questions / 1396518
In Process
floatingpurr
Asked: 2022-03-09 03:09:00 +0800 CST

What Ubuntu versions are affected by CVE-2022-0847 [duplicate]

  • 772

I have been informed about the CVE-2022-0847 vulnerability. I'm wondering what versions of Ubuntu are affected by such a bug.

bug-reporting

4 Answers

  1. I can confirm that kernel versions 5.13.0-28-generic and 5.11.0-40-generic for Ubuntu 20.04 are affected.

    • 9

  2. Given the incredible severity of this CVE, I did a lot of research on this.

    Yes, this has been patched and pushed (as of 2022-03-08) for 21.10 (Impish).

    Update 2022-03-09:

    A comment below (@fuzzydrawings), mentioned the fix was pushed to 20.04 (focal) as of 2022-03-08. I believe various versions of 18.04 (bionic) have been released as well. I have linked the commits for impish and bionic below.

    Also:

    https://ubuntu.com/security/notices can be helpful, and https://ubuntu.com/security/notices/USN-5317-1 is the notice for this CVE. However it only mentions 21.10 and 20.04 LTS. I linked below to the commits for bionic that contain the fix.

    21.10 (impish)

    After I did a sudo apt update, I did a sudo apt list --upgradable to see if the kernel was updated. It was.

    The important line is here: linux-generic/impish-updates 5.13.0.35.44 amd64

    Googling for the answer didn't come up with any clear answers. So I went to the ubuntu git repository at:

    https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/impish

    (this URL is specific to impish)

    You can then see that this version contains the patch from Max Kellerman: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/impish/commit/?id=181cbcef9f8c158189a3b1094c532b6686f14acf

    The following commit tags it: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/impish/commit/?id=b07bbb7a296b9be80e48973bba8b03fb1101547f

    linux (5.13.0-35.40) impish; urgency=medium

    20.04 (focal)

    the two kernel versions have received the update (5.4 and 5.13 HWE). Here are the commits:

    https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=114ece9d1f915886450030af5333287437bbf74b

    https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=438da6e5c849ffe553fc15379471bf331346c3d2

    18.04 (bionic)

    the two kernel versions have received the update (4.15 and 5.4 HWE). Here are the commits:

    https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/bionic/commit/?id=aeae4fd15ccbf0012f84d792ea7aef08e299da30

    https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/bionic/commit/?id=10de766b07707fc67eb3e0a7ffcbaa27603d7c64

    • 5

  3. It's very likely that all Ubuntu releases with 5.8 kernels or later are currently affected as no patches for this have been released at this moment.

    • 2

  4. All ubuntu versions without patch linux-generic-hwe-20.04 from version 5.13.0.35.40~20.04.20 are affected by CVE-2022-0847

    How to check it:

    1. run terminal
    2. run command: apt list --installed | grep linux-generic

    If you see message (command run on ubuntu 20.04) linux-generic-hwe-20.04/focal-updates,focal-security,now 5.13.0.35.40~20.04.20 amd64 [installed] it means, that patch is applied and is't affect on your ubuntu.

    How to install it:

    1. run terminal
    2. run command: sudo apt-get install linux-generic-hwe-20.04
    3. confirm it by pressing Y key.
    • 1