Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: CVE-2022-40982 is not resolved.

Hybrid View

  1. #1
    Join Date
    Nov 2013
    Location
    EU
    Beans
    11
    Distro
    Ubuntu

    CVE-2022-40982 is not resolved.

    Running Ubuntu 22.04.3 with kernel 6.2.0-35-generic

    Output of $ pro fix CVE-2022-40982

    CVE-2022-40982: Linux kernel (BlueField) vulnerabilities - https://ubuntu.com/security/CVE-2022-40982

    4 affected source packages are installed: intel-microcode, linux, linux-
    hwe-5.19, linux-hwe-6.2
    (1/4) linux-hwe-5.19:
    Sorry, no fix is available.
    (2/4, 3/4, 4/4) intel-microcode, linux, linux-hwe-6.2:
    A fix is available in Ubuntu standard updates.
    The update is already installed.

    1 package is still affected: linux-hwe-5.19
    ✘ CVE-2022-40982 is not resolved.

    Tried $ sudo apt remove linux-hwe-5.19 , output is:

    Reading package lists... Done
    Building dependency tree... Done
    Reading state information... Done
    E: Unable to locate package linux-hwe-5.19
    E: Couldn't find any package by glob 'linux-hwe-5.19'

    $ apt list --installed | grep linux-image shows:

    linux-image-6.2.0-34-generic/jammy-updates,jammy-security,now 6.2.0-34.34~22.04.1 amd64 [installed,automatic]
    linux-image-6.2.0-35-generic/jammy-updates,jammy-security,now 6.2.0-35.35~22.04.1 amd64 [installed,automatic]
    linux-image-generic-hwe-22.04/jammy-updates,jammy-security,now 6.2.0.35.35~22.04.13 amd64 [installed,automatic]

    I'm confused, how do I get rid of linux-hwe-5.19 ?

    EDIT: also tried $ sudo apt autoremove , still no go.
    Last edited by rjgoverna; October 21st, 2023 at 09:52 AM.

  2. #2
    Join Date
    Mar 2010
    Location
    USA
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: CVE-2022-40982 is not resolved.

    I think you are going to find this instead:
    Code:
    mafoelffen@Mikes-ThinkPad-T520:~$ apt list linux-hwe* --installed
    Listing... Done
    linux-hwe-5.13-headers-5.13.0-25/now 5.13.0-25.26~20.04.1 all [installed,local]
    linux-hwe-5.19-headers-5.19.0-46/jammy-updates,jammy-updates,jammy-security,jammy-security,now 5.19.0-46.47~22.04.1 all [installed,automatic]
    linux-hwe-6.2-headers-6.2.0-32/jammy-updates,jammy-updates,jammy-security,jammy-security,now 6.2.0-32.32~22.04.1 all [installed,automatic]
    linux-hwe-6.2-headers-6.2.0-33/jammy-updates,jammy-updates,jammy-security,jammy-security,now 6.2.0-33.33~22.04.1 all [installed,automatic]
    mafoelffen@Mikes-ThinkPad-T520:~$ apt list linux-image-generic* --installed
    Listing... Done
    linux-image-generic-hwe-22.04/jammy-updates,jammy-security,now 6.2.0.33.33~22.04.10 amd64 [installed,automatic]
    linux-image-generic/jammy-updates,jammy-security,now 5.15.0.84.81 amd64 [installed,automatic]
    mafoelffen@Mikes-ThinkPad-T520:~$ apt list linux-image-*-generic --installed
    Listing... Done
    linux-image-5.15.0-84-generic/jammy-updates,jammy-security,now 5.15.0-84.93 amd64 [installed,automatic]
    linux-image-6.2.0-32-generic/jammy-updates,jammy-security,now 6.2.0-32.32~22.04.1 amd64 [installed,automatic]
    linux-image-6.2.0-33-generic/jammy-updates,jammy-security,now 6.2.0-33.33~22.04.1 amd64 [installed,automatic]
    As you can see on mine, there is no 5-19.0 active kernel, but the header file for it is still there (for some unknown reason).
    Code:
    mafoelffen@Mikes-ThinkPad-T520:~$ pro fix CVE-2022-40982
    CVE-2022-40982: Linux kernel (BlueField) vulnerabilities
     - https://ubuntu.com/security/CVE-2022-40982
    
    5 affected source packages are installed: intel-microcode, linux, linux-
        hwe-5.13, linux-hwe-5.19, linux-hwe-6.2
    (1/5) linux-hwe-5.13:
    Source package does not exist on this release.
    (2/5) linux-hwe-5.19:
    Sorry, no fix is available.
    (3/5, 4/5, 5/5) intel-microcode, linux, linux-hwe-6.2:
    A fix is available in Ubuntu standard updates.
    The update is already installed.
    
    2 packages are still affected: linux-hwe-5.13, linux-hwe-5.19
    ✘ CVE-2022-40982 is not resolved.
    Same result (so far)

    Note: I had to remove / purge both packages linux-hwe-5.19-headers-5.19.0-46 & linux-hwe-5.13-headers-5.13.0-25. When I removed just the first, then it said it wasn't resolved because the second was present, so...
    Code:
    sudo apt remove --purge linux-hwe-5.19-headers-5.19.0-46 linux-hwe-5.13-headers-5.13.0-25
    Then
    Code:
    mafoelffen@Mikes-ThinkPad-T520:~$ pro fix CVE-2022-40982
    CVE-2022-40982: Linux kernel (BlueField) vulnerabilities
     - https://ubuntu.com/security/CVE-2022-40982
    
    3 affected source packages are installed: intel-microcode, linux, linux-hwe-6.2
    (1/3, 2/3, 3/3) intel-microcode, linux, linux-hwe-6.2:
    A fix is available in Ubuntu standard updates.
    The update is already installed.
    
    ✔ CVE-2022-40982 is resolved.
    It was not really a problem, because of those header files, neither had an active kernel installed... But removing them both satisfied the CVE fix 'test'.
    Last edited by MAFoElffen; October 22nd, 2023 at 12:54 AM.

    "Concurrent coexistence of Windows, Linux and UNIX..." || Ubuntu user # 33563, Linux user # 533637
    Sticky: Graphics Resolution | UbuntuForums 'system-info' Script | Posting Guidelines | Code Tags

  3. #3
    Join Date
    Jan 2014
    Beans
    16

    Re: CVE-2022-40982 is not resolved.

    interestingly, i've a quite similar situation:

    uname -a
    HTML Code:
    Linux pro 6.5.0-9-generic #9-Ubuntu SMP PREEMPT_DYNAMIC Sat Oct  7 01:35:40 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
    23.10 Mantic

    An pro fix CVE-2022-40982 gives me an ✘ CVE-2022-40982 is not resolved. as well. Strangely without a specific description of the affected package:
    Code:
    1 package is still affected: linux
    But, when i look up the CVW here: https://ubuntu.com/security/CVE-2022-40982
    it is mentioned that the fix is contained with the new version of intel-microcode: mantic Released (3.20230808.1)
    And that's the version i seem to have installed:
    apt show intel-microcode
    Code:
    Package: intel-microcode
    Version: 3.20230808.1
    Any idea's on that? Thank you very much for your help (-:

  4. #4
    Join Date
    Nov 2013
    Location
    EU
    Beans
    11
    Distro
    Ubuntu

    Re: CVE-2022-40982 is not resolved.

    @MAFoElffen : Yep, that did the trick. Much appreciated!
    Last edited by rjgoverna; October 22nd, 2023 at 03:04 PM.

  5. #5
    Join Date
    Mar 2010
    Location
    USA
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: CVE-2022-40982 is not resolved.

    @jauntyjackolope2

    You are right. Please start a thread of your own here in this section for this. You have what they say is the fix for that.

    I would file a bug against intel-microcode and mark it as "affects security"... There is a checkbox for that when you file bug reports. That marks the report as a priority and sends it directly to the security team for them to triage.
    Code:
    ubuntu-bug intel-microcode
    Include the intel-microcode package version, (like you did here), and the pro --fix CVE output showing that it reports the CVE as not fixed.

    Please post the details again in the new thread you created in this section, and post the link to that Bug Report so we can follow it.
    Last edited by MAFoElffen; October 22nd, 2023 at 08:32 PM.

    "Concurrent coexistence of Windows, Linux and UNIX..." || Ubuntu user # 33563, Linux user # 533637
    Sticky: Graphics Resolution | UbuntuForums 'system-info' Script | Posting Guidelines | Code Tags

  6. #6
    Join Date
    Aug 2016
    Location
    Wandering
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: CVE-2022-40982 is not resolved.

    Quote Originally Posted by MAFoElffen View Post
    Include the intel-microcode package version, (like you did here), and the pro --fix CVE output showing that it reports the CVE as not fixed.

    Please post the details again in the new thread you created in this section, and post the link to that Bug Report so we can follow it.
    Filed here: snip
    Broken link
    Last edited by 1fallen; October 22nd, 2023 at 07:28 PM.
    With realization of one's own potential and self-confidence in one's ability, one can build a better world.
    Dalai Lama>>
    Code Tags | System-info | Forum Guide lines | Arch Linux, Debian Unstable, FreeBSD

  7. #7
    Join Date
    Mar 2010
    Location
    USA
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: CVE-2022-40982 is not resolved.

    @1fallen -- Sent you a PM on this... (You have Mail... LOL)

    "Concurrent coexistence of Windows, Linux and UNIX..." || Ubuntu user # 33563, Linux user # 533637
    Sticky: Graphics Resolution | UbuntuForums 'system-info' Script | Posting Guidelines | Code Tags

  8. #8
    Join Date
    Jan 2014
    Beans
    16

    Re: CVE-2022-40982 is not resolved.

    Quote Originally Posted by MAFoElffen View Post
    @jauntyjackolope2

    You are right. Please start a thread of your own here in this section for this. You have what they say is the fix for that.

    I would file a bug against intel-microcode and mark it as "affects security"... There is a checkbox for that when you file bug reports. That marks the report as a priority and sends it directly to the security team for them to triage.
    Code:
    ubuntu-bug intel-microcode
    Include the intel-microcode package version, (like you did here), and the pro --fix CVE output showing that it reports the CVE as not fixed.

    Please post the details again in the new thread you created in this section, and post the link to that Bug Report so we can follow it.
    Hi MAFoElffen,

    thanks for your help and the advice! you guys may have got me wrong, i simply have no mail info about answers in this thread, and didn't assumed that the replies come so fast. i looked in my favourites once a while but saw no answer, and then did forget about this thread for 2 days (working and other fun things (-: ). so, no need to break in open doors, i LOVE linux and the idea of contribution!!

    so, i did file a report:
    https://bugs.launchpad.net/ubuntu/+s...e/+bug/2040280

    It said that it is private, since i flagged it as security relevant, as you suggested. i'll upload a picture of it and open a own topic of it later, when i have more time (again, working and other fun stuff on my schedule). thanks everybody and see you later (-:

    edit 1: checked it with private browser, the link seem to be indeed private. here's a picture: https://ibb.co/kgd8mnk
    edit 2: here is the own thread for this topic, as suggested:https://ubuntuforums.org/showthread....4#post14162424
    Last edited by jauntyjackalope2; October 24th, 2023 at 04:20 PM.

  9. #9
    Join Date
    Aug 2016
    Location
    Wandering
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: CVE-2022-40982 is not resolved.

    Thanks that link is lost?? IJDK.
    It may have been linked to 1-18 with the same, "bug/2040112" in Launchpad"
    FTR:
    Code:
    ubuntu-bug intel-microcode
    
    *** Collecting problem information
    
    The collected information can be sent to the developers to improve the
    application. This might take a few minutes.
    .........................
    
    *** Send problem report to the developers?
    
    After the problem report has been sent, please fill out the form in the
    automatically opened web browser.
    
    What would you like to do? Your options are:
      S: Send report (4.0 KB)
      V: View report
      K: Keep report file for sending later or copying to somewhere else
      I: Cancel and ignore future crashes of this program version
      C: Cancel
    Please choose (S/V/K/I/C): S
    
    *** Uploading problem information
    
    The collected information is being sent to the bug tracking system.
    This might take a few minutes.
    99.07394609536973%
    
    *** To continue, you must visit the following URL:
    
      https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+filebug/1fc5d138-70fb-11ee-85a7-c7116d9f638e?
    
    You can launch a browser now, or copy this URL into a browser on another computer.
    
    
    Choices:
      1: Launch a browser now
      C: Cancel
    Please choose (1/C): 1
    With realization of one's own potential and self-confidence in one's ability, one can build a better world.
    Dalai Lama>>
    Code Tags | System-info | Forum Guide lines | Arch Linux, Debian Unstable, FreeBSD

  10. #10
    Join Date
    Mar 2010
    Location
    USA
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: CVE-2022-40982 is not resolved.

    @jauntyjackolope2

    Please post a new bug report as in Post #5... Launchpad will triage it quickly, as they did with 1fallen (and deferred it for other reasons, LOL). If a duplicate, they will link it to where it needs to go. As 1fallen just tried to report it himself, maybe they will remember that and start paying attention that this is really affecting people... LOL

    I don't see where there is a bug report marked for this "yet"...
    Last edited by MAFoElffen; October 22nd, 2023 at 08:37 PM.

    "Concurrent coexistence of Windows, Linux and UNIX..." || Ubuntu user # 33563, Linux user # 533637
    Sticky: Graphics Resolution | UbuntuForums 'system-info' Script | Posting Guidelines | Code Tags

Page 1 of 3 123 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •