UbuntuUpdates.org

Package "linux-azure-5.15"

This package belongs to a PPA: Canonical Kernel Team

Name: linux-azure-5.15

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Linux kernel version specific cloud tools for version 5.15.0-1060
  • Header files related to Linux kernel version 5.15.0
  • Linux kernel version specific tools for version 5.15.0-1060
  • Linux kernel buildinfo for version 5.15.0 on 64 bit x86 SMP

Latest version: 5.15.0-1060.69~20.04.1
Release: focal (20.04)
Level: base
Repository: main

Links



Other versions of "linux-azure-5.15" in Focal

Repository Area Version
security main 5.15.0-1059.67~20.04.1
updates main 5.15.0-1059.67~20.04.1
proposed main 5.15.0-1060.69~20.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.15.0-1053.61~20.04.1 2023-11-21 19:08:52 UTC

 linux-azure-5.15 (5.15.0-1053.61~20.04.1) focal; urgency=medium
 .
   * focal/linux-azure-5.15: 5.15.0-1053.61~20.04.1 -proposed tracker
     (LP: #2041564)
 .
   [ Ubuntu: 5.15.0-1053.61 ]
 .
   * jammy/linux-azure: 5.15.0-1053.61 -proposed tracker (LP: #2041565)
   * Packaging resync (LP: #1786013)
     - [Packaging] resync update-dkms-versions helper
   * Azure: Improve SQL DB latency (LP: #2040300)
     - tcp: Set pingpong threshold via sysctl
   * jammy/linux: 5.15.0-91.101 -proposed tracker (LP: #2043452)
   * USB bus error after upgrading to proposed kernel on lunar and jammy
     (LP: #2043197)
     - USB: core: Fix oversight in SuperSpeed initialization
   * jammy/linux: 5.15.0-90.100 -proposed tracker (LP: #2041603)
   * CVE-2023-25775
     - RDMA/irdma: Remove irdma_uk_mw_bind()
     - RDMA/irdma: Remove irdma_sc_send_lsmm_nostag()
     - RDMA/irdma: Remove irdma_cqp_up_map_cmd()
     - RDMA/irdma: Remove irdma_get_hw_addr()
     - RDMA/irdma: Make irdma_uk_cq_init() return a void
     - RDMA/irdma: optimize rx path by removing unnecessary copy
     - RDMA/irdma: Remove enum irdma_status_code
     - RDMA/irdma: Remove excess error variables
     - RDMA/irdma: Prevent zero-length STAG registration
   * CVE-2023-39189
     - netfilter: nfnetlink_osf: avoid OOB read
   * SMC stats: Wrong bucket calculation for payload of exactly 4096 bytes
     (LP: #2039575)
     - net/smc: Fix pos miscalculation in statistics
   * CVE-2023-45871
     - igb: set max size RX buffer when store bad packet is enabled
   * CVE-2023-39193
     - netfilter: xt_sctp: validate the flag_info count
   * CVE-2023-39192
     - netfilter: xt_u32: validate user space input
   * CVE-2023-31085
     - ubi: Refuse attaching if mtd's erasesize is 0
   * CVE-2023-5717
     - perf: Disallow mis-matched inherited group reads
   * CVE-2023-5178
     - nvmet-tcp: Fix a possible UAF in queue intialization setup
   * CVE-2023-5158
     - vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
   * [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
     (LP: #2033406)
     - [Packaging] Make WWAN driver loadable modules
   * HP ProBook 450 G8 Notebook fail to wifi test (LP: #2037513)
     - iwlwifi: mvm: Don't fail if PPAG isn't supported
     - wifi: iwlwifi: fw: skip PPAG for JF
   * usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439)
     - [Packaging] Make linux-tools-common depend on hwdata
   * scripts/pahole-flags.sh change return to exit 0 (LP: #2035123)
     - SAUCE: scripts/pahole-flags.sh change return to exit 0
   * Unable to use nvme drive to install Ubuntu 23.10 (LP: #2040157)
     - misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to
       probe
   * Jammy update: v5.15.131 upstream stable release (LP: #2039610)
     - erofs: ensure that the post-EOF tails are all zeroed
     - ksmbd: fix wrong DataOffset validation of create context
     - ksmbd: replace one-element array with flex-array member in struct
       smb2_ea_info
     - ARM: pxa: remove use of symbol_get()
     - mmc: au1xmmc: force non-modular build and remove symbol_get usage
     - net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index
     - rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff
     - modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
     - USB: serial: option: add Quectel EM05G variant (0x030e)
     - USB: serial: option: add FOXCONN T99W368/T99W373 product
     - ALSA: usb-audio: Fix init call orders for UAC1
     - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption
     - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0
     - HID: wacom: remove the battery when the EKR is off
     - staging: rtl8712: fix race condition
     - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race
       condition
     - wifi: mt76: mt7921: do not support one stream on secondary antenna only
     - serial: qcom-geni: fix opp vote on shutdown
     - serial: sc16is7xx: fix broken port 0 uart init
     - serial: sc16is7xx: fix bug when first setting GPIO direction
     - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
     - fsi: master-ast-cf: Add MODULE_FIRMWARE macro
     - tcpm: Avoid soft reset when partner does not support get_status
     - nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
     - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
     - pinctrl: amd: Don't show `Invalid config param` errors
     - usb: typec: tcpci: move tcpci.h to include/linux/usb/
     - usb: typec: tcpci: clear the fault status bit
     - Linux 5.15.131
   * Jammy update: v5.15.130 upstream stable release (LP: #2039608)
     - ACPI: thermal: Drop nocrt parameter
     - module: Expose module_init_layout_section()
     - arm64: module-plts: inline linux/moduleloader.h
     - arm64: module: Use module_init_layout_section() to spot init sections
     - ARM: module: Use module_init_layout_section() to spot init sections
     - rcu: Prevent expedited GP from enabling tick on offline CPU
     - rcu-tasks: Fix IPI failure handling in trc_wait_for_one_reader
     - rcu-tasks: Wait for trc_read_check_handler() IPIs
     - rcu-tasks: Add trc_inspect_reader() checks for exiting critical section
     - Linux 5.15.130
   * CVE-2023-42754
     - ipv4: fix null-deref in ipv4_link_failure
   * Jammy update: v5.15.129 upstream stable release (LP: #2039227)
     - NFSv4.2: fix error handling in nfs42_proc_getxattr
     - NFSv4: fix out path in __nfs4_get_acl_uncached
     - xprtrdma: Remap Receive buffers after a reconnect
     - PCI: acpiphp: Reassign resources on bridge if necessary
     - dlm: improve plock logging if interrupted
     - dlm: replace usage of found with dedicated list iterator variable
     - fs: dlm: add pid to debug log
     - fs: dlm: change plock interrupted message to debug again
     - fs: dlm: use dlm_plock_info for do_unlock_close
     - fs: dlm: fix

Source diff to previous version
1786013 Packaging resync
2040300 Azure: Improve SQL DB latency
2043197 USB bus error after upgrading to proposed kernel on lunar and jammy
2039575 SMC stats: Wrong bucket calculation for payload of exactly 4096 bytes
2033406 [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
2037513 HP ProBook 450 G8 Notebook fail to wifi test
2039439 usbip: error: failed to open /usr/share/hwdata//usb.ids
2035123 scripts/pahole-flags.sh change return to exit 0
2040157 Unable to use nvme drive to install Ubuntu 23.10
2039610 Jammy update: v5.15.131 upstream stable release
2039608 Jammy update: v5.15.130 upstream stable release
2039227 Jammy update: v5.15.129 upstream stable release
2038486 Jammy update: v5.15.128 upstream stable release
2038382 Jammy update: v5.15.127 upstream stable release
CVE-2023-25775 Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentia
CVE-2023-39189 A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num
CVE-2023-45871 An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be ade
CVE-2023-39193 A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local pr
CVE-2023-39192 A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw all
CVE-2023-31085 An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirec
CVE-2023-5178 A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` ...
CVE-2023-5158 A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a d
CVE-2023-42754 A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before c
CVE-2023-37453 An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/us

Version: 5.15.0-1051.59~20.04.1 2023-10-17 19:08:51 UTC

 linux-azure-5.15 (5.15.0-1051.59~20.04.1) focal; urgency=medium
 .
   * focal/linux-azure-5.15: 5.15.0-1051.59~20.04.1 -proposed tracker
     (LP: #2038018)
 .
   [ Ubuntu: 5.15.0-1051.59 ]
 .
   * jammy/linux-azure: 5.15.0-1051.59 -proposed tracker (LP: #2038019)
   * Azure: Update CIFS to v6.5 (LP: #2036450)
     - Revert "UBUNTU: SAUCE: Fix cifs: fix mid leak during reconnection after
       timeout threshold"
     - Revert "smb3: lower default deferred close timeout to address perf
       regression"
     - Revert "smb3: allow deferred close timeout to be configurable"
     - Revert "cifs: remove minor build warning"
     - Revert "cifs: remove some camelCase and also some static build warnings"
     - Revert "cifs: remove unnecessary (void*) conversions."
     - Revert "cifs: remove unnecessary type castings"
     - Revert "cifs: remove redundant initialization to variable mnt_sign_enabled"
     - Revert "smb3: workaround negprot bug in some Samba servers"
     - Revert "cifs: remove unnecessary locking of chan_lock while freeing session"
     - Revert "cifs: fix race condition with delayed threads"
     - Revert "cifs: update cifs_ses::ip_addr after failover"
     - Revert "cifs: avoid deadlocks while updating iface"
     - Revert "cifs: periodically query network interfaces from server"
     - Revert "cifs: during reconnect, update interface if necessary"
     - Revert "cifs: change iface_list from array to sorted linked list"
     - Revert "smb3: use netname when available on secondary channels"
     - Revert "smb3: fix empty netname context on secondary channels"
     - Revert "cifs: when a channel is not found for server, log its connection id"
     - Revert "smb3: add trace point for SMB2_set_eof"
     - Revert "cifs: populate empty hostnames for extra channels"
     - Revert "cifs: fix uninitialized pointer in error case in
       dfs_cache_get_tgt_share"
     - Revert "cifs: skip trailing separators of prefix paths"
     - Revert "cifs: update internal module number"
     - Revert "cifs: do not build smb1ops if legacy support is disabled"
     - Revert "cifs: fix potential deadlock in direct reclaim"
     - Revert "cifs: remove repeated debug message on cifs_put_smb_ses()"
     - Revert "smb3: remove unneeded null check in cifs_readdir"
     - Revert "cifs: fix ntlmssp on old servers"
     - Revert "cifs: cache the dirents for entries in a cached directory"
     - Revert "cifs: avoid parallel session setups on same channel"
     - Revert "cifs: use new enum for ses_status"
     - Revert "cifs: do not use tcpStatus after negotiate completes"
     - Revert "smb3: add mount parm nosparse"
     - Revert "smb3: don't set rc when used and unneeded in query_info_compound"
     - Revert "cifs: fix minor compile warning"
     - Revert "Add various fsctl structs"
     - Revert "Add defines for various newer FSCTLs"
     - Revert "smb3: add trace point for oplock not found"
     - Revert "cifs: return the more nuanced writeback error on close()"
     - Revert "smb3: add trace point for lease not found issue"
     - Revert "cifs: smbd: fix typo in comment"
     - Revert "cifs: set the CREATE_NOT_FILE when opening the directory in
       use_cached_dir()"
     - Revert "cifs: check for smb1 in open_cached_dir()"
     - Revert "cifs: move definition of cifs_fattr earlier in cifsglob.h"
     - Revert "cifs: print TIDs as hex"
     - Revert "cifs: return ENOENT for DFS lookup_cache_entry()"
     - Revert "cifs: don't call cifs_dfs_query_info_nonascii_quirk() if nodfs was
       set"
     - Revert "cifs: fix signed integer overflow when fl_end is OFFSET_MAX"
     - Revert "cifs: use correct lock type in cifs_reconnect()"
     - Revert "cifs: fix NULL ptr dereference in refresh_mounts()"
     - Revert "cifs: Use kzalloc instead of kmalloc/memset"
     - Revert "cifs: Split the smb3_add_credits tracepoint"
     - Revert "cifs: update internal module number"
     - Revert "cifs: force new session setup and tcon for dfs"
     - Revert "cifs: remove check of list iterator against head past the loop body"
     - Revert "cifs: fix potential race with cifsd thread"
     - Revert "fs: Remove ->readpages address space operation"
     - Revert "smb3: fix ksmbd bigendian bug in oplock break, and move its struct
       to smbfs_common"
     - Revert "smb3: cleanup and clarify status of tree connections"
     - Revert "smb3: move defines for query info and query fsinfo to smbfs_common"
     - Revert "smb3: move defines for ioctl protocol header and SMB2 sizes to
       smbfs_common"
     - Revert "move more common protocol header definitions to smbfs_common"
     - Revert "cifs: fix incorrect use of list iterator after the loop"
     - Revert "cifs: fix bad fids sent over wire"
     - Revert "cifs: change smb2_query_info_compound to use a cached fid, if
       available"
     - Revert "cifs: convert the path to utf16 in smb2_query_info_compound"
     - Revert "cifs: do not skip link targets when an I/O fails"
     - Revert "cifs: use a different reconnect helper for non-cifsd threads"
     - Revert "cifs: truncate the inode and mapping when we simulate fcollapse"
     - Revert "smb3: fix incorrect session setup check for multiuser mounts"
     - Revert "treewide: Replace zero-length arrays with flexible-array members"
     - Revert "cifs: mark sessions for reconnection in helper function"
     - Revert "cifs: call helper functions for marking channels for reconnect"
     - Revert "cifs: call cifs_reconnect when a connection is marked"
     - Revert "improve error message when mount options conflict with posix"
     - Revert "cifs: fix workstation_name for multiuser mounts"
     - Revert "cifs: unlock chan_lock before calling cifs_put_tcp_session"
     - Revert "Fix a warning about a malformed kernel doc comment in cifs"
     - Revert "cifs: update internal module number"
     - Revert "smb3: send NTLMSSP version information"
     - Revert "cifs: cifs_ses_mark_for_reconnect should also update reconnect

Source diff to previous version
2036450 Azure: Update CIFS to v6.5
2037403 PCI BARs larger than 128GB are disabled
2037077 Fix unstable audio at low levels on Thinkpad P1G4
1945989 Check for changes relevant for security certifications
2037593 Jammy update: v5.15.126 upstream stable release
2036843 Jammy update: v5.15.125 upstream stable release
2035163 Avoid address overwrite in kernel_connect
2035166 NULL Pointer Dereference During KVM MMU Page Invalidation
2034479 Fix suspend hang on Lenovo workstation
2034745 [regression] Unable to initialize SGX enclaves with XFRM other than 3
2035400 Jammy update: v5.15.124 upstream stable release
2034612 Jammy update: v5.15.123 upstream stable release
1786013 Packaging resync
CVE-2023-42756 A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic
CVE-2023-42755 wild pointer access in rsvp classifer in the Linux kernel
CVE-2023-42753 An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->n
CVE-2023-42752 integer overflows in kmalloc_reserve()
CVE-2023-4881 ** REJECT ** CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.
CVE-2023-31083 An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSET
CVE-2023-3772 A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADM

Version: 5.15.0-1049.56~20.04.1 2023-09-21 15:08:36 UTC

 linux-azure-5.15 (5.15.0-1049.56~20.04.1) focal; urgency=medium
 .
   * focal/linux-azure-5.15: 5.15.0-1049.56~20.04.1 -proposed tracker
     (LP: #2036536)
 .
   [ Ubuntu: 5.15.0-1049.56 ]
 .
   * jammy/linux-azure: 5.15.0-1049.56 -proposed tracker (LP: #2036537)
   * jammy/linux: 5.15.0-86.96 -proposed tracker (LP: #2036575)
   * 5.15.0-85 live migration regression (LP: #2036675)
     - Revert "KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES"
     - Revert "x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0"
   * Regression for ubuntu_bpf test build on Jammy 5.15.0-85.95 (LP: #2035181)
     - selftests/bpf: fix static assert compilation issue for test_cls_*.c
   * `refcount_t: underflow; use-after-free.` on hidon w/ 5.15.0-85-generic
     (LP: #2034447)
     - crypto: rsa-pkcs1pad - Use helper to set reqsize
 .

Source diff to previous version
2036675 5.15.0-85 live migration regression
2035181 Regression for ubuntu_bpf test build on Jammy 5.15.0-85.95
2034447 `refcount_t: underflow; use-after-free.` on hidon w/ 5.15.0-85-generic

Version: 5.15.0-1048.55~20.04.1 2023-09-11 21:08:36 UTC

 linux-azure-5.15 (5.15.0-1048.55~20.04.1) focal; urgency=medium
 .
   * focal/linux-azure-5.15: 5.15.0-1048.55~20.04.1 -proposed tracker
     (LP: #2033785)
 .
   [ Ubuntu: 5.15.0-1048.55 ]
 .
   * jammy/linux-azure: 5.15.0-1048.55 -proposed tracker (LP: #2033786)
   * Packaging resync (LP: #1786013)
     - [Packaging] update helper scripts
   * Azure: Fix Infiniband identifier order (LP: #2034747)
     - RDMA: Add ERDMA to rdma_driver_id definition
   * Azure: net: mana: Fix MANA VF unload when hardware is unresponsive
     (LP: #2033531)
     - net: mana: Fix MANA VF unload when hardware is unresponsive
   * Azure: net: mana: Add page pool for RX buffers (LP: #2034277)
     - net: mana: Add page pool for RX buffers
   * jammy/linux: 5.15.0-85.95 -proposed tracker (LP: #2033821)
   * Please enable Renesas RZ platform serial installer (LP: #2022361)
     - [Config] enable hihope RZ/G2M serial console
     - [Config] Mark sh-sci as built-in
   * Request backport of xen timekeeping performance improvements (LP: #2033122)
     - x86/xen/time: prefer tsc as clocksource when it is invariant
   * kdump doesn't work with UEFI secure boot and kernel lockdown enabled on
     ARM64 (LP: #2033007)
     - [Config]: Enable CONFIG_KEXEC_IMAGE_VERIFY_SIG
     - kexec, KEYS: make the code in bzImage64_verify_sig generic
     - arm64: kexec_file: use more system keyrings to verify kernel image signature
   * ubuntu_kernel_selftests:net:vrf-xfrm-tests.sh: 8 failed test cases on
     jammy/fips (LP: #2019880)
     - selftests: net: vrf-xfrm-tests: change authentication and encryption algos
   * ubuntu_kernel_selftests:net:tls: 88 failed test cases on jammy/fips
     (LP: #2019868)
     - selftests/harness: allow tests to be skipped during setup
     - selftests: net: tls: check if FIPS mode is enabled
   * A general-proteciton exception during guest migration to unsupported PKRU
     machine (LP: #2032164)
     - x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0
     - KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES
   * CVE-2023-4569
     - netfilter: nf_tables: deactivate catchall elements in next generation
   * CVE-2023-20569
     - x86/cpu, kvm: Add support for CPUID_80000021_EAX
     - x86/srso: Add a Speculative RAS Overflow mitigation
     - x86/srso: Add IBPB_BRTYPE support
     - x86/srso: Add SRSO_NO support
     - x86/srso: Add IBPB
     - x86/srso: Add IBPB on VMEXIT
     - x86/srso: Fix return thunks in generated code
     - x86/srso: Tie SBPB bit setting to microcode patch detection
     - x86: fix backwards merge of GDS/SRSO bit
     - x86/srso: Fix build breakage with the LLVM linker
     - x86/cpu: Fix __x86_return_thunk symbol type
     - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk()
     - x86/alternative: Make custom return thunk unconditional
     - objtool: Add frame-pointer-specific function ignore
     - x86/ibt: Add ANNOTATE_NOENDBR
     - x86/cpu: Clean up SRSO return thunk mess
     - x86/cpu: Rename original retbleed methods
     - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1
     - x86/cpu: Cleanup the untrain mess
     - x86/srso: Explain the untraining sequences a bit more
     - x86/static_call: Fix __static_call_fixup()
     - x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()
     - x86/srso: Disable the mitigation on unaffected configurations
     - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG
     - objtool/x86: Fixup frame-pointer vs rethunk
     - x86/srso: Correct the mitigation status when SMT is disabled
     - objtool/x86: Fix SRSO mess
     - Ubuntu: [Config]: enable Speculative Return Stack Overflow mitigation
   * Fix unreliable ethernet cable detection on I219 NIC (LP: #2028122)
     - e1000e: Use PME poll to circumvent unreliable ACPI wake
   * Need to get fine-grained control for FAN(TFN) Participant. (LP: #2031333)
     - ACPI: fan: Separate file for attributes creation
     - ACPI: fan: Optimize struct acpi_fan_fif
     - ACPI: fan: Properly handle fine grain control
     - ACPI: fan: Add additional attributes for fine grain control
   * [SRU][Ubuntu 22.04.1] Unable to interpret the frequency values in
     cpuinfo_min_freq and cpuino_max_freq sysfs files. (LP: #2030924)
     - cpufreq: intel_pstate: Fix scaling for hybrid-capable
   * CVE-2023-40283
     - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
   * CVE-2023-20588
     - x86/bugs: Increase the x86 bugs vector size to two u32s
     - x86/CPU/AMD: Do not leak quotient data after a division by 0
     - x86/CPU/AMD: Fix the DIV(0) initial fix attempt
   * CVE-2023-4194
     - net: tun_chr_open(): set sk_uid from current_fsuid()
     - net: tap_open(): set sk_uid from current_fsuid()
   * CVE-2023-4155
     - KVM: SEV: Refactor out sev_es_state struct
     - KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary
     - KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure
     - KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors
     - KVM: SEV: snapshot the GHCB before accessing it
     - KVM: SEV: only access GHCB fields once
   * CVE-2023-1206
     - tcp: Reduce chance of collisions in inet6_hashfn().
   * Crashing with CPU soft lock on GA kernel 5.15.0.79.76 and HWE kernel
     5.19.0-46.47-22.04.1 (LP: #2032176)
     - Revert "KVM: x86: enable TDP MMU by default"
   * Jammy update: v5.15.122 upstream stable release (LP: #2032690)
     - Linux 5.15.122
     - Upstream stable to v5.15.122
   * Jammy update: v5.15.121 upstream stable release (LP: #2032689)
     - netfilter: nf_tables: drop map element references from preparation phase
     - fs: pipe: reveal missing function protoypes
     - x86/resctrl: Only show tasks' pid in current pid namespace
     - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
     - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
     - md/raid10: fix overflow of md/safe_mode_delay
     - md/raid10: fix wrong sett

Source diff to previous version
1786013 Packaging resync
2034747 Azure: Fix Infiniband identifier order
2033531 Azure: net: mana: Fix MANA VF unload when hardware is unresponsive
2034277 Azure: net: mana: Add page pool for RX buffers
2022361 Please enable Renesas RZ platform serial installer
2033122 Request backport of xen timekeeping performance improvements
2033007 kdump doesn't work with UEFI secure boot and kernel lockdown enabled on ARM64
2019880 ubuntu_kernel_selftests:net:vrf-xfrm-tests.sh: 8 failed test cases on jammy/fips
2019868 ubuntu_kernel_selftests:net:tls: 88 failed test cases on jammy/fips
2032164 A general-proteciton exception during guest migration to unsupported PKRU machine
2028122 Fix unreliable ethernet cable detection on I219 NIC
2031333 Need to get fine-grained control for FAN(TFN) Participant.
2030924 [SRU][Ubuntu 22.04.1] Unable to interpret the frequency values in cpuinfo_min_freq and cpuino_max_freq sysfs files.
2032176 Crashing with CPU soft lock on GA kernel 5.15.0.79.76 and HWE kernel 5.19.0-46.47-22.04.1
2032690 Jammy update: v5.15.122 upstream stable release
2032689 Jammy update: v5.15.121 upstream stable release
2032688 Jammy update: v5.15.120 upstream stable release
2032683 Jammy update: v5.15.119 upstream stable release
2030239 Jammy update: v5.15.118 upstream stable release
2030107 Jammy update: v5.15.117 upstream stable release
CVE-2023-4569 A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to
CVE-2023-40283 An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the
CVE-2023-4194 A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized acc
CVE-2023-1206 A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN floo
CVE-2023-4273 A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, wh
CVE-2023-4128 A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local a
CVE-2023-3863 A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special

Version: 5.15.0-1046.53~20.04.1 2023-08-28 16:08:41 UTC

 linux-azure-5.15 (5.15.0-1046.53~20.04.1) focal; urgency=medium
 .
   * focal/linux-azure-5.15: 5.15.0-1046.53~20.04.1 -proposed tracker
     (LP: #2030386)
 .
   [ Ubuntu: 5.15.0-1046.53 ]
 .
   * jammy/linux-azure: 5.15.0-1046.53 -proposed tracker (LP: #2030387)
   * cifs: fix mid leak during reconnection after timeout threshold
     (LP: #2029138)
     - SAUCE: Fix cifs: fix mid leak during reconnection after timeout threshold
   * Packaging resync (LP: #1786013)
     - debian/dkms-versions -- update from kernel-versions (main/2023.08.07)
   * jammy/linux: 5.15.0-83.92 -proposed tracker (LP: #2031132)
   * libgnutls report "trap invalid opcode" when trying to install packages over
     https (LP: #2031093)
     - [Config]: disable CONFIG_GDS_FORCE_MITIGATION
   * jammy/linux: 5.15.0-81.90 -proposed tracker (LP: #2030422)
   * Packaging resync (LP: #1786013)
     - [Packaging] resync update-dkms-versions helper
     - [Packaging] resync getabis
     - debian/dkms-versions -- update from kernel-versions (main/2023.08.07)
   * CVE-2022-40982
     - x86/mm: Initialize text poking earlier
     - x86/mm: fix poking_init() for Xen PV guests
     - x86/mm: Use mm_alloc() in poking_init()
     - mm: Move mm_cachep initialization to mm_init()
     - init: Provide arch_cpu_finalize_init()
     - x86/cpu: Switch to arch_cpu_finalize_init()
     - ARM: cpu: Switch to arch_cpu_finalize_init()
     - sparc/cpu: Switch to arch_cpu_finalize_init()
     - um/cpu: Switch to arch_cpu_finalize_init()
     - init: Remove check_bugs() leftovers
     - init: Invoke arch_cpu_finalize_init() earlier
     - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
     - x86/init: Initialize signal frame size late
     - x86/fpu: Remove cpuinfo argument from init functions
     - x86/fpu: Mark init functions __init
     - x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
     - x86/xen: Fix secondary processors' FPU initialization
     - x86/speculation: Add Gather Data Sampling mitigation
     - x86/speculation: Add force option to GDS mitigation
     - x86/speculation: Add Kconfig option for GDS
     - KVM: Add GDS_NO support to KVM
     - Documentation/x86: Fix backwards on/off logic about YMM support
     - [Config]: Enable CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and
       CONFIG_GDS_FORCE_MITIGATION
   * CVE-2023-3609
     - net/sched: cls_u32: Fix reference counter leak leading to overflow
   * CVE-2023-21400
     - io_uring: ensure IOPOLL locks around deferred work
   * CVE-2023-4015
     - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
       set/chain
     - netfilter: nf_tables: unbind non-anonymous set if rule construction fails
     - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
   * CVE-2023-3995
     - netfilter: nf_tables: disallow rule addition to bound chain via
       NFTA_RULE_CHAIN_ID
   * CVE-2023-3777
     - netfilter: nf_tables: skip bound chain on rule flush
   * losetup with mknod fails on jammy with kernel 5.15.0-69-generic
     (LP: #2015400)
     - loop: do not enforce max_loop hard limit by (new) default
   * Include the MAC address pass through function on RTL8153DD-CG (LP: #2020295)
     - r8152: add USB device driver for config selection
   * Jammy update: v5.15.116 upstream stable release (LP: #2029401)
     - RDMA/bnxt_re: Fix the page_size used during the MR creation
     - RDMA/efa: Fix unsupported page sizes in device
     - RDMA/hns: Fix base address table allocation
     - RDMA/hns: Modify the value of long message loopback slice
     - dmaengine: at_xdmac: Move the free desc to the tail of the desc list
     - dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved()
     - RDMA/bnxt_re: Fix a possible memory leak
     - RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx
     - iommu/rockchip: Fix unwind goto issue
     - iommu/amd: Don't block updates to GATag if guest mode is on
     - dmaengine: pl330: rename _start to prevent build error
     - riscv: Fix unused variable warning when BUILTIN_DTB is set
     - net/mlx5: fw_tracer, Fix event handling
     - net/mlx5e: Don't attach netdev profile while handling internal error
     - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure
     - netrom: fix info-leak in nr_write_internal()
     - af_packet: Fix data-races of pkt_sk(sk)->num.
     - amd-xgbe: fix the false linkup in xgbe_phy_status
     - mtd: rawnand: ingenic: fix empty stub helper definitions
     - RDMA/irdma: Add SW mechanism to generate completions on error
     - RDMA/irdma: Prevent QP use after free
     - RDMA/irdma: Fix Local Invalidate fencing
     - af_packet: do not use READ_ONCE() in packet_bind()
     - tcp: deny tcp_disconnect() when threads are waiting
     - tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
     - net/sched: sch_ingress: Only create under TC_H_INGRESS
     - net/sched: sch_clsact: Only create under TC_H_CLSACT
     - net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs
     - net/sched: Prohibit regrafting ingress or clsact Qdiscs
     - net: sched: fix NULL pointer dereference in mq_attach
     - net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report
     - udp6: Fix race condition in udp6_sendmsg & connect
     - net/mlx5e: Fix error handling in mlx5e_refresh_tirs
     - net/mlx5: Read embedded cpu after init bit cleared
     - net: dsa: mv88e6xxx: Increase wait after reset deactivation
     - mtd: rawnand: marvell: ensure timing values are written
     - mtd: rawnand: marvell: don't set the NAND frequency select
     - rtnetlink: call validate_linkmsg in rtnl_create_link
     - drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init"
     - watchdog: menz069_wdt: fix watchdog initialisation
     - ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs.
     - drm/amdgpu: Use the default reset when loading or reloading the driver
     - mailbox: m

2029138 cifs: fix mid leak during reconnection after timeout threshold
1786013 Packaging resync
2031093 libgnutls report \
2015400 losetup with mknod fails on jammy with kernel 5.15.0-69-generic
2029401 Jammy update: v5.15.116 upstream stable release
2028550 Backport support to tolerate ZSTD compressed firmware files
2016398 stacked overlay file system mounts that have chroot() called against them appear to be getting locked (by the kernel most likely?)
2026028 usbrtl sometimes doesn't reload firmware
2028799 Jammy update: v5.15.115 upstream stable release
2028701 Jammy update: v5.15.114 upstream stable release
2028408 Jammy update: v5.15.113 upstream stable release
2026607 Jammy update: v5.15.112 upstream stable release
CVE-2022-40982 Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may al
CVE-2023-20593 An issue in \u201cZen 2\u201d CPUs, under specific microarchitectural ...
CVE-2023-4004 A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a
CVE-2023-2898 There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user t
CVE-2023-31084 An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNI



About   -   Send Feedback to @ubuntu_updates