Release 7: Akraino CVE and KHV Vulnerability Exception Request

Blueprints that have vulnerabilities with a CVSS score >= 9.0 and meet the following criteria should submit their information in the chart below to have the vulnerability considered for an exception:

Running at least the minimum OS version required by the Akraino Security Sub-Committee
- Ubuntu
- CentOS
- Debian
- Fedora
- Suse Enterprise Server

Legend

Priority/Score Descriptions

Not Vulnerable	Packages which do not exist in the archive, are not affected by the vulnerability or have a fix applied in the archive.
Pending	A fix has been applied and updated packages are awaiting arrival into the archive. For example, this might be used when wider testing is requested for the updated package.
Unknown	Open vulnerability where the priority is currently unknown and needs to be triaged.
Negligible	Open vulnerability that may be a problem but otherwise does not impose a security risk due to various factors. Examples include when the vulnerability is only theoretical in nature, requires a very special situation, has almost no install base or does no real damage. These typically will not receive security updates unless there is an easy fix and some other issue causes an update.
Low	Open vulnerability that is a problem but does very little damage or is otherwise hard to exploit due to small user base or other factors such as requiring specific environment, uncommon configuration, user assistance, etc. These tend to be included in security updates only when higher priority issues require an update or if many low priority issues have built up.
Medium	Open vulnerability that is a real problem and is exploitable for many users of the affected software. Examples include network daemon denial of service, cross-site scripting and gaining user privileges.
High	Open vulnerability that is a real problem and is exploitable for many users in the default configuration of the affected software. Examples include serious remote denial of service of the system, local root privilege escalations or local data theft.
Critical	Open vulnerability that is a world-burning problem and is exploitable for most Ubuntu users. Examples include remote root privilege escalations or remote data theft.

CVE/KHV #	Blueprint	Blueprint OS/Ver	URL Showing OS Patch Not Available	Contact Name	Contact Email	Comment	Vendor CVSS Score	Vendor Patch Available	Exception Status
CVE-2016-1585	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)	https://security-tracker.debian.org/tracker/CVE-2016-1585	Inoue Reo	inoue.reo@fujitsu.com			No	Approved
CVE-2017-18201	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)	https://security-tracker.debian.org/tracker/CVE-2017-17479	Inoue Reo	inoue.reo@fujitsu.com			No	Approved
CVE-2019-17041	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)	https://security-tracker.debian.org/tracker/CVE-2019-17041	Inoue Reo	inoue.reo@fujitsu.com	Please add to the "Vendor Patch Available" column output from the following commands: lsb_release -a dpkg -l \| grep <package name associated with CVE>		I installed a later version of the software than the version that has been fixed for CVE. $ lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 11 (bullseye) Release: 11 Codename: bullseye $ dpkg -l \|grep rsyslog ii rsyslog 8.2102.0-2+deb11u1 arm64 reliable system and kernel logging daemon	Approved
CVE-2019-17042	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)	https://security-tracker.debian.org/tracker/CVE-2019-17042	Inoue Reo	inoue.reo@fujitsu.com	Please add to the "Vendor Patch Available" column output from the following commands: lsb_release -a dpkg -l \| grep <package name associated with CVE>		I installed a later version of the software than the version that has been fixed for CVE. $ lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 11 (bullseye) Release: 11 Codename: bullseye $ dpkg -l \|grep rsyslog ii rsyslog 8.2102.0-2+deb11u1 arm64 reliable system and kernel logging daemon	Approved
CVE-2022-3649	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)	https://security-tracker.debian.org/tracker/CVE-2022-3649	Inoue Reo	inoue.reo@fujitsu.com			No	Approved
CVE-2019-20433	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)	https://security-tracker.debian.org/tracker/CVE-2019-20433	Inoue Reo	inoue.reo@fujitsu.com			No	Approved
CVE-2022-24303	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)	https://security-tracker.debian.org/tracker/CVE-2022-24303	Inoue Reo	inoue.reo@fujitsu.com			No	Approved
CVE-2022-39319	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)	https://security-tracker.debian.org/tracker/CVE-2022-39319	Inoue Reo	inoue.reo@fujitsu.com			No
CVE-2022-41877	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)	https://security-tracker.debian.org/tracker/CVE-2022-41877	Inoue Reo	inoue.reo@fujitsu.com			No	Approved
CVE-2016-1585	Robot basic architecture based on SSES	Ubuntu 18.04	https://ubuntu.com/security/CVE-2016-1585	Inoue Reo	inoue.reo@fujitsu.com		Medium	No	Approved
CVE-2017-18201	Robot basic architecture based on SSES	Ubuntu 18.04	https://ubuntu.com/security/CVE-2017-18201	Inoue Reo	inoue.reo@fujitsu.com		Low	No	Approved
CVE-2017-7827	Robot basic architecture based on SSES	Ubuntu 18.04	https://ubuntu.com/security/CVE-2017-7827	Inoue Reo	inoue.reo@fujitsu.com		Medium	No	Approved
CVE-2018-5090	Robot basic architecture based on SSES	Ubuntu 18.04	https://ubuntu.com/security/CVE-2018-5090	Inoue Reo	inoue.reo@fujitsu.com		Medium	No	Approved
CVE-2018-5126	Robot basic architecture based on SSES	Ubuntu 18.04	https://ubuntu.com/security/CVE-2018-5126	Inoue Reo	inoue.reo@fujitsu.com		Medium	No	Approved
CVE-2018-5145	Robot basic architecture based on SSES	Ubuntu 18.04	https://ubuntu.com/security/CVE-2018-5145	Inoue Reo	inoue.reo@fujitsu.com		Medium	No	Approved
CVE-2018-5151	Robot basic architecture based on SSES	Ubuntu 18.04	https://ubuntu.com/security/CVE-2018-5151	Inoue Reo	inoue.reo@fujitsu.com		Medium	No	Approved
CVE-2019-17041	Robot basic architecture based on SSES	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-17041	Inoue Reo	inoue.reo@fujitsu.com		Low	No	Approved
CVE-2019-17042	Robot basic architecture based on SSES	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-17042	Inoue Reo	inoue.reo@fujitsu.com		Low	No	Approved
CVE-2022-0318	Robot basic architecture based on SSES	Ubuntu 18.04	https://ubuntu.com/security/CVE-2022-0318	Inoue Reo	inoue.reo@fujitsu.com		Medium	No	Approved
CVE-2022-3649	Robot basic architecture based on SSES	Ubuntu 18.04	https://ubuntu.com/security/CVE-2022-3649	Inoue Reo	inoue.reo@fujitsu.com		Medium	No	Approved
CVE-2022-3890	Robot basic architecture based on SSES	Ubuntu 18.04	https://ubuntu.com/security/CVE-2022-3890	Inoue Reo	inoue.reo@fujitsu.com		Medium	No	Approved
CVE-2022-4135	Robot basic architecture based on SSES	Ubuntu 18.04	https://ubuntu.com/security/CVE-2022-4135	Inoue Reo	inoue.reo@fujitsu.com		Medium	No	Approved
CVE-2016-9180	Robot basic architecture based on SSES	Ubuntu 18.04	https://ubuntu.com/security/CVE-2016-9180	Inoue Reo	inoue.reo@fujitsu.com		Low	No	Approved
CVE-2019-20433	Robot basic architecture based on SSES	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-20433	Inoue Reo	inoue.reo@fujitsu.com		Low	No	Approved
CVE-2022-24303	Robot basic architecture based on SSES	Ubuntu 18.04	https://ubuntu.com/security/CVE-2022-24303	Inoue Reo	inoue.reo@fujitsu.com		Low	No	Approved
CVE-2016-1585	Robot basic architecture based on SSES	Ubuntu 22.04	https://ubuntu.com/security/CVE-2016-1585	Inoue Reo	inoue.reo@fujitsu.com		Medium	No	Approved
CVE-2022-3649	Robot basic architecture based on SSES	Ubuntu 22.04	https://ubuntu.com/security/CVE-2022-3649	Inoue Reo	inoue.reo@fujitsu.com		Medium	No	Approved
CVE-2016-1585	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2016-1585	Colin Peters	colin.peters@fujitsu.com		Medium	No	Approved
CVE-2022-0318	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2022-0318	Colin Peters	colin.peters@fujitsu.com		Medium	No	Approved
CVE-2022-3643	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2022-3643	Colin Peters	colin.peters@fujitsu.com		Medium	No	Approved
CVE-2022-3649	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2022-3649	Colin Peters	colin.peters@fujitsu.com		Medium	No	Approved
CVE-2022-44640	IEC Type 5: SmartNIC for Integrated Edge Cloud (IEC) Blueprint Family	Ubuntu 20.04	https://ubuntu.com/security/CVE-2022-44640	jin peng	jinpeng@socnoc.ai		Medium	No	Approved
CVE-2022-37434	CFN (Computing Force Network) Ubiquitous Computing Force Scheduling - Akraino - Akraino Confluence	CentoOS 7.6	CVE-2022-37434- Red Hat Customer Portal	hanyu ding	dinghanyu@chinamobile.com 13366022056@163.com		9.8	Not fixed in centos 7.x	Approved
CVE-2015-4042	CFN (Computing Force Network) Ubiquitous Computing Force Scheduling - Akraino - Akraino Confluence	CentoOS 7.6	CVE-2015-4042- Red Hat Customer Portal	hanyu ding	dinghanyu@chinamobile.com 13366022056@163.com		9.8	Not fixed yet in centos 7.x	Approved
CVE-2014-9939	CFN (Computing Force Network) Ubiquitous Computing Force Scheduling - Akraino - Akraino Confluence	CentoOS 7.6	CVE-2014-9939- Red Hat Customer Portal	hanyu ding	dinghanyu@chinamobile.com 13366022056@163.com		9.8	Not fixed yet in centos 7.x	Approved

Space shortcuts

Page tree