Ubuntu CVE-2022-0847 Dirty Pipe Vulnerability. Not vulnerable version available

camacho027 2022-03-09 15:38:53 UTC #1

Hello All

Our security team recently raise the flag to address this vulnerability Specially on ubuntu. Reference https://www.csa.gov.sg/en/singcert/Alerts/al-2022-011
The flaw has been fixed in versions 5.16.11, 5.15.25, and 5.10.102. but I notice there are not those version available on the Bigfix console (the latest available version is Linux-Image-5.13.0).

Can any provide a workaround to possible solution to this?

Thank you in advance

JasonWalker 2022-03-09 15:48:30 UTC #2

Our content team is aware and prepared to build Fixlets.

At this point, Ubuntu hasn’t yet released their kernel packages for most versions - see https://ubuntu.com/security/CVE-2022-0847

Which Ubuntu versions are you needing?

camacho027 2022-03-09 16:08:11 UTC #3

The version fixed are 5.16.11, 5.15.25, and 5.10.102

JasonWalker 2022-03-09 16:24:15 UTC #4

Those are kernel builds, I mean to say Ubuntu versions (where we would find Ubuntu bulletins and debian package repos)…like 20.04 Server LTS, 18.04 LTS, etc.

JasonWalker 2022-03-09 16:41:07 UTC #5

For another example, this Ubuntu page lists the “Kernel” security bulletins

At time of posting, at least 18.04 and 20.04 LTS will require updates but they have not yet been released by Ubuntu. 21.10 has a published updated, but our Patch content for Ubuntu only covers the LTS releases. I’m not sure whether 22.04 LTS will have an update.

talsela87 2022-03-22 04:40:45 UTC #6

hi Jason
any update ?
Is there a solution to identify this weakness through Bigfix?

thanks