Package "linux-hwe-5.15"
Name: |
linux-hwe-5.15
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- Linux kernel buildinfo for version 5.15.0 on 64 bit x86 SMP
- Linux kernel buildinfo for version 5.15.0 on 64 bit x86 SMP
- Linux kernel buildinfo for version 5.15.0 on 64 bit x86 SMP
- Linux kernel version specific cloud tools for version 5.15.0-102
|
Latest version: |
5.15.0-106.116~20.04.1 |
Release: |
focal (20.04) |
Level: |
base |
Repository: |
main |
Links
Other versions of "linux-hwe-5.15" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
linux-hwe-5.15 (5.15.0-91.101~20.04.1) focal; urgency=medium
.
* focal/linux-hwe-5.15: 5.15.0-91.101~20.04.1 -proposed tracker (LP: #2041601)
.
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
- [Packaging] resync update-dkms-versions helper
.
[ Ubuntu: 5.15.0-91.101 ]
.
* jammy/linux: 5.15.0-91.101 -proposed tracker (LP: #2043452)
* USB bus error after upgrading to proposed kernel on lunar and jammy
(LP: #2043197)
- USB: core: Fix oversight in SuperSpeed initialization
.
[ Ubuntu: 5.15.0-90.100 ]
.
* jammy/linux: 5.15.0-90.100 -proposed tracker (LP: #2041603)
* CVE-2023-25775
- RDMA/irdma: Remove irdma_uk_mw_bind()
- RDMA/irdma: Remove irdma_sc_send_lsmm_nostag()
- RDMA/irdma: Remove irdma_cqp_up_map_cmd()
- RDMA/irdma: Remove irdma_get_hw_addr()
- RDMA/irdma: Make irdma_uk_cq_init() return a void
- RDMA/irdma: optimize rx path by removing unnecessary copy
- RDMA/irdma: Remove enum irdma_status_code
- RDMA/irdma: Remove excess error variables
- RDMA/irdma: Prevent zero-length STAG registration
* CVE-2023-39189
- netfilter: nfnetlink_osf: avoid OOB read
* SMC stats: Wrong bucket calculation for payload of exactly 4096 bytes
(LP: #2039575)
- net/smc: Fix pos miscalculation in statistics
* CVE-2023-45871
- igb: set max size RX buffer when store bad packet is enabled
* CVE-2023-39193
- netfilter: xt_sctp: validate the flag_info count
* CVE-2023-39192
- netfilter: xt_u32: validate user space input
* CVE-2023-31085
- ubi: Refuse attaching if mtd's erasesize is 0
* CVE-2023-5717
- perf: Disallow mis-matched inherited group reads
* CVE-2023-5178
- nvmet-tcp: Fix a possible UAF in queue intialization setup
* CVE-2023-5158
- vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
* [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
(LP: #2033406)
- [Packaging] Make WWAN driver loadable modules
* HP ProBook 450 G8 Notebook fail to wifi test (LP: #2037513)
- iwlwifi: mvm: Don't fail if PPAG isn't supported
- wifi: iwlwifi: fw: skip PPAG for JF
* usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439)
- [Packaging] Make linux-tools-common depend on hwdata
* scripts/pahole-flags.sh change return to exit 0 (LP: #2035123)
- SAUCE: scripts/pahole-flags.sh change return to exit 0
* Unable to use nvme drive to install Ubuntu 23.10 (LP: #2040157)
- misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to
probe
* Jammy update: v5.15.131 upstream stable release (LP: #2039610)
- erofs: ensure that the post-EOF tails are all zeroed
- ksmbd: fix wrong DataOffset validation of create context
- ksmbd: replace one-element array with flex-array member in struct
smb2_ea_info
- ARM: pxa: remove use of symbol_get()
- mmc: au1xmmc: force non-modular build and remove symbol_get usage
- net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index
- rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff
- modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
- USB: serial: option: add Quectel EM05G variant (0x030e)
- USB: serial: option: add FOXCONN T99W368/T99W373 product
- ALSA: usb-audio: Fix init call orders for UAC1
- usb: dwc3: meson-g12a: do post init to fix broken usb after resumption
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0
- HID: wacom: remove the battery when the EKR is off
- staging: rtl8712: fix race condition
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race
condition
- wifi: mt76: mt7921: do not support one stream on secondary antenna only
- serial: qcom-geni: fix opp vote on shutdown
- serial: sc16is7xx: fix broken port 0 uart init
- serial: sc16is7xx: fix bug when first setting GPIO direction
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
- fsi: master-ast-cf: Add MODULE_FIRMWARE macro
- tcpm: Avoid soft reset when partner does not support get_status
- nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
- nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
- pinctrl: amd: Don't show `Invalid config param` errors
- usb: typec: tcpci: move tcpci.h to include/linux/usb/
- usb: typec: tcpci: clear the fault status bit
- Linux 5.15.131
* Jammy update: v5.15.130 upstream stable release (LP: #2039608)
- ACPI: thermal: Drop nocrt parameter
- module: Expose module_init_layout_section()
- arm64: module-plts: inline linux/moduleloader.h
- arm64: module: Use module_init_layout_section() to spot init sections
- ARM: module: Use module_init_layout_section() to spot init sections
- rcu: Prevent expedited GP from enabling tick on offline CPU
- rcu-tasks: Fix IPI failure handling in trc_wait_for_one_reader
- rcu-tasks: Wait for trc_read_check_handler() IPIs
- rcu-tasks: Add trc_inspect_reader() checks for exiting critical section
- Linux 5.15.130
* CVE-2023-42754
- ipv4: fix null-deref in ipv4_link_failure
* Jammy update: v5.15.129 upstream stable release (LP: #2039227)
- NFSv4.2: fix error handling in nfs42_proc_getxattr
- NFSv4: fix out path in __nfs4_get_acl_uncached
- xprtrdma: Remap Receive buffers after a reconnect
- PCI: acpiphp: Reassign resources on bridge if necessary
- dlm: improve plock logging if interrupted
- dlm: replace usage of found with dedicated list iterator variable
- fs: dlm: add pid to debug log
- fs: dlm: change plock interrupted message to debug again
- fs: dlm: use dlm_plock_info for do_unlock_close
- fs: dlm: fix mismatch of plock results from userspace
- MIPS: cpu-features: Enable octeon_cache by cpu_type
|
Source diff to previous version |
1786013 |
Packaging resync |
2043197 |
USB bus error after upgrading to proposed kernel on lunar and jammy |
2039575 |
SMC stats: Wrong bucket calculation for payload of exactly 4096 bytes |
2033406 |
[SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module |
2037513 |
HP ProBook 450 G8 Notebook fail to wifi test |
2039439 |
usbip: error: failed to open /usr/share/hwdata//usb.ids |
2035123 |
scripts/pahole-flags.sh change return to exit 0 |
2040157 |
Unable to use nvme drive to install Ubuntu 23.10 |
2039610 |
Jammy update: v5.15.131 upstream stable release |
2039608 |
Jammy update: v5.15.130 upstream stable release |
2039227 |
Jammy update: v5.15.129 upstream stable release |
2038486 |
Jammy update: v5.15.128 upstream stable release |
2038382 |
Jammy update: v5.15.127 upstream stable release |
CVE-2023-25775 |
Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentia |
CVE-2023-39189 |
A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num |
CVE-2023-45871 |
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be ade |
CVE-2023-39193 |
A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local pr |
CVE-2023-39192 |
A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw all |
CVE-2023-31085 |
An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirec |
CVE-2023-5178 |
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` ... |
CVE-2023-5158 |
A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a d |
CVE-2023-42754 |
A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before c |
CVE-2023-37453 |
An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/us |
|
linux-hwe-5.15 (5.15.0-88.98~20.04.1) focal; urgency=medium
.
* focal/linux-hwe-5.15: 5.15.0-88.98~20.04.1 -proposed tracker (LP: #2038053)
.
[ Ubuntu: 5.15.0-88.98 ]
.
* jammy/linux: 5.15.0-88.98 -proposed tracker (LP: #2038055)
* CVE-2023-4244
- netfilter: nf_tables: don't skip expired elements during walk
- netfilter: nf_tables: adapt set backend to use GC transaction API
- netfilter: nft_set_hash: mark set element as dead when deleting from packet
path
- netfilter: nf_tables: GC transaction API to avoid race with control plane
- netfilter: nf_tables: remove busy mark and gc batch API
- netfilter: nf_tables: don't fail inserts if duplicate has expired
- netfilter: nf_tables: fix kdoc warnings after gc rework
- netfilter: nf_tables: fix GC transaction races with netns and netlink event
exit path
- netfilter: nf_tables: GC transaction race with netns dismantle
- netfilter: nf_tables: GC transaction race with abort path
- netfilter: nf_tables: use correct lock to protect gc_list
- netfilter: nf_tables: defer gc run if previous batch is still pending
- netfilter: nft_dynset: disallow object maps
- netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
* CVE-2023-42756
- netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
* CVE-2023-4623
- net/sched: sch_hfsc: Ensure inner classes have fsc curve
* PCI BARs larger than 128GB are disabled (LP: #2037403)
- PCI: Support BAR sizes up to 8TB
* Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
- ALSA: hda/realtek - ALC287 I2S speaker platform support
* Check for changes relevant for security certifications (LP: #1945989)
- [Packaging] Add a new fips-checks script
* Jammy update: v5.15.126 upstream stable release (LP: #2037593)
- io_uring: gate iowait schedule on having pending requests
- perf: Fix function pointer case
- net/mlx5: Free irqs only on shutdown callback
- arm64: errata: Add workaround for TSB flush failures
- arm64: errata: Add detection for TRBE write to out-of-range
- [Config] updateconfigs for ARM64_ERRATUM_ and
ARM64_WORKAROUND_TSB_FLUSH_FAILURE
- iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
- iommu/arm-smmu-v3: Document MMU-700 erratum 2812531
- iommu/arm-smmu-v3: Add explicit feature for nesting
- iommu/arm-smmu-v3: Document nesting-related errata
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux
- word-at-a-time: use the same return type for has_zero regardless of
endianness
- KVM: s390: fix sthyi error handling
- wifi: cfg80211: Fix return value in scan logic
- net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
- net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
- bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing
- rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length
- net: dsa: fix value check in bcm_sf2_sw_probe()
- perf test uprobe_from_different_cu: Skip if there is no gcc
- net: sched: cls_u32: Fix match key mis-addressing
- mISDN: hfcpci: Fix potential deadlock on &hc->lock
- qed: Fix kernel-doc warnings
- qed: Fix scheduling in a tasklet while getting stats
- net: annotate data-races around sk->sk_max_pacing_rate
- net: add missing READ_ONCE(sk->sk_rcvlowat) annotation
- net: add missing READ_ONCE(sk->sk_sndbuf) annotation
- net: add missing READ_ONCE(sk->sk_rcvbuf) annotation
- net: add missing data-race annotations around sk->sk_peek_off
- net: add missing data-race annotation for sk_ll_usec
- net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX.
- bpf, cpumap: Handle skb as well when clean up ptr_ring
- bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire
- net: ll_temac: Switch to use dev_err_probe() helper
- net: ll_temac: fix error checking of irq_of_parse_and_map()
- net: korina: handle clk prepare error in korina_probe()
- net: netsec: Ignore 'phy-mode' on SynQuacer in DT mode
- net: dcb: choose correct policy to parse DCB_ATTR_BCN
- s390/qeth: Don't call dev_close/dev_open (DOWN/UP)
- ip6mr: Fix skb_under_panic in ip6mr_cache_report()
- vxlan: Fix nexthop hash size
- net/mlx5: fs_core: Make find_closest_ft more generic
- net/mlx5: fs_core: Skip the FTs in the same FS_TYPE_PRIO_CHAINS fs_prio
- prestera: fix fallback to previous version on same major version
- tcp_metrics: fix addr_same() helper
- tcp_metrics: annotate data-races around tm->tcpm_stamp
- tcp_metrics: annotate data-races around tm->tcpm_lock
- tcp_metrics: annotate data-races around tm->tcpm_vals[]
- tcp_metrics: annotate data-races around tm->tcpm_net
- tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
- scsi: zfcp: Defer fc_rport blocking until after ADISC response
- scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices
- libceph: fix potential hang in ceph_osdc_notify()
- USB: zaurus: Add ID for A-300/B-500/C-700
- ceph: defer stopping mdsc delayed_work
- firmware: arm_scmi: Drop OF node reference in the transport channel setup
- exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree
- exfat: release s_lock before calling dir_emit()
- mtd: spinand: toshiba: Fix ecc_get_status
- mtd: rawnand: meson: fix OOB available bytes for ECC
- arm64: dts: stratix10: fix incorrect I2C property for SCL signal
- wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC)
- rbd: prevent busy loop when requesting exclusive lock
- bpf: Disable preemption in bpf_event_output
- open: make RESOLVE_CACHED correctly test for O_TMPFILE
- drm
|
Source diff to previous version |
2037403 |
PCI BARs larger than 128GB are disabled |
2037077 |
Fix unstable audio at low levels on Thinkpad P1G4 |
1945989 |
Check for changes relevant for security certifications |
2037593 |
Jammy update: v5.15.126 upstream stable release |
2036843 |
Jammy update: v5.15.125 upstream stable release |
2035163 |
Avoid address overwrite in kernel_connect |
2035166 |
NULL Pointer Dereference During KVM MMU Page Invalidation |
2034479 |
Fix suspend hang on Lenovo workstation |
2034745 |
[regression] Unable to initialize SGX enclaves with XFRM other than 3 |
2035400 |
Jammy update: v5.15.124 upstream stable release |
2034612 |
Jammy update: v5.15.123 upstream stable release |
1786013 |
Packaging resync |
CVE-2023-42756 |
A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic |
CVE-2023-42755 |
wild pointer access in rsvp classifer in the Linux kernel |
CVE-2023-42753 |
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->n |
CVE-2023-42752 |
integer overflows in kmalloc_reserve() |
CVE-2023-4881 |
** REJECT ** CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team. |
CVE-2023-31083 |
An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSET |
CVE-2023-3772 |
A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADM |
|
linux-hwe-5.15 (5.15.0-86.96~20.04.1) focal; urgency=medium
.
* focal/linux-hwe-5.15: 5.15.0-86.96~20.04.1 -proposed tracker (LP: #2036573)
.
[ Ubuntu: 5.15.0-86.96 ]
.
* jammy/linux: 5.15.0-86.96 -proposed tracker (LP: #2036575)
* 5.15.0-85 live migration regression (LP: #2036675)
- Revert "KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES"
- Revert "x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0"
* Regression for ubuntu_bpf test build on Jammy 5.15.0-85.95 (LP: #2035181)
- selftests/bpf: fix static assert compilation issue for test_cls_*.c
* `refcount_t: underflow; use-after-free.` on hidon w/ 5.15.0-85-generic
(LP: #2034447)
- crypto: rsa-pkcs1pad - Use helper to set reqsize
.
|
Source diff to previous version |
2036675 |
5.15.0-85 live migration regression |
2035181 |
Regression for ubuntu_bpf test build on Jammy 5.15.0-85.95 |
2034447 |
`refcount_t: underflow; use-after-free.` on hidon w/ 5.15.0-85-generic |
|
linux-hwe-5.15 (5.15.0-85.95~20.04.2) focal; urgency=medium
.
* focal/linux-hwe-5.15: 5.15.0-85.95~20.04.2 -proposed tracker (LP: #2033819)
.
* Jammy update: v5.15.118 upstream stable release (LP: #2030239)
- [Config] hwe-5.15: Mark decnet as removed
.
* Jammy update: v5.15.117 upstream stable release (LP: #2030107)
- [Config] hwe-5.15: Mark BLK_DEV_SX8 as removed
.
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
.
[ Ubuntu: 5.15.0-85.95 ]
.
* jammy/linux: 5.15.0-85.95 -proposed tracker (LP: #2033821)
* Please enable Renesas RZ platform serial installer (LP: #2022361)
- [Config] enable hihope RZ/G2M serial console
- [Config] Mark sh-sci as built-in
* Request backport of xen timekeeping performance improvements (LP: #2033122)
- x86/xen/time: prefer tsc as clocksource when it is invariant
* kdump doesn't work with UEFI secure boot and kernel lockdown enabled on
ARM64 (LP: #2033007)
- [Config]: Enable CONFIG_KEXEC_IMAGE_VERIFY_SIG
- kexec, KEYS: make the code in bzImage64_verify_sig generic
- arm64: kexec_file: use more system keyrings to verify kernel image signature
* ubuntu_kernel_selftests:net:vrf-xfrm-tests.sh: 8 failed test cases on
jammy/fips (LP: #2019880)
- selftests: net: vrf-xfrm-tests: change authentication and encryption algos
* ubuntu_kernel_selftests:net:tls: 88 failed test cases on jammy/fips
(LP: #2019868)
- selftests/harness: allow tests to be skipped during setup
- selftests: net: tls: check if FIPS mode is enabled
* A general-proteciton exception during guest migration to unsupported PKRU
machine (LP: #2032164)
- x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0
- KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES
* CVE-2023-4569
- netfilter: nf_tables: deactivate catchall elements in next generation
* CVE-2023-20569
- x86/cpu, kvm: Add support for CPUID_80000021_EAX
- x86/srso: Add a Speculative RAS Overflow mitigation
- x86/srso: Add IBPB_BRTYPE support
- x86/srso: Add SRSO_NO support
- x86/srso: Add IBPB
- x86/srso: Add IBPB on VMEXIT
- x86/srso: Fix return thunks in generated code
- x86/srso: Tie SBPB bit setting to microcode patch detection
- x86: fix backwards merge of GDS/SRSO bit
- x86/srso: Fix build breakage with the LLVM linker
- x86/cpu: Fix __x86_return_thunk symbol type
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk()
- x86/alternative: Make custom return thunk unconditional
- objtool: Add frame-pointer-specific function ignore
- x86/ibt: Add ANNOTATE_NOENDBR
- x86/cpu: Clean up SRSO return thunk mess
- x86/cpu: Rename original retbleed methods
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1
- x86/cpu: Cleanup the untrain mess
- x86/srso: Explain the untraining sequences a bit more
- x86/static_call: Fix __static_call_fixup()
- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()
- x86/srso: Disable the mitigation on unaffected configurations
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG
- objtool/x86: Fixup frame-pointer vs rethunk
- x86/srso: Correct the mitigation status when SMT is disabled
- objtool/x86: Fix SRSO mess
- Ubuntu: [Config]: enable Speculative Return Stack Overflow mitigation
* Fix unreliable ethernet cable detection on I219 NIC (LP: #2028122)
- e1000e: Use PME poll to circumvent unreliable ACPI wake
* Need to get fine-grained control for FAN(TFN) Participant. (LP: #2031333)
- ACPI: fan: Separate file for attributes creation
- ACPI: fan: Optimize struct acpi_fan_fif
- ACPI: fan: Properly handle fine grain control
- ACPI: fan: Add additional attributes for fine grain control
* [SRU][Ubuntu 22.04.1] Unable to interpret the frequency values in
cpuinfo_min_freq and cpuino_max_freq sysfs files. (LP: #2030924)
- cpufreq: intel_pstate: Fix scaling for hybrid-capable
* CVE-2023-40283
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
* CVE-2023-20588
- x86/bugs: Increase the x86 bugs vector size to two u32s
- x86/CPU/AMD: Do not leak quotient data after a division by 0
- x86/CPU/AMD: Fix the DIV(0) initial fix attempt
* CVE-2023-4194
- net: tun_chr_open(): set sk_uid from current_fsuid()
- net: tap_open(): set sk_uid from current_fsuid()
* CVE-2023-4155
- KVM: SEV: Refactor out sev_es_state struct
- KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary
- KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure
- KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors
- KVM: SEV: snapshot the GHCB before accessing it
- KVM: SEV: only access GHCB fields once
* CVE-2023-1206
- tcp: Reduce chance of collisions in inet6_hashfn().
* Crashing with CPU soft lock on GA kernel 5.15.0.79.76 and HWE kernel
5.19.0-46.47-22.04.1 (LP: #2032176)
- Revert "KVM: x86: enable TDP MMU by default"
* Jammy update: v5.15.122 upstream stable release (LP: #2032690)
- Linux 5.15.122
- Upstream stable to v5.15.122
* Jammy update: v5.15.121 upstream stable release (LP: #2032689)
- netfilter: nf_tables: drop map element references from preparation phase
- fs: pipe: reveal missing function protoypes
- x86/resctrl: Only show tasks' pid in current pid namespace
- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
- md/raid10: fix overflow of md/safe_mode_delay
- md/raid10: fix wrong setting of max_corr_read_errors
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
- md/raid10: fix io loss while replacement replace rdev
- irqchip/jcore-aic: Fix missing allocation of IRQ descri
|
Source diff to previous version |
2030239 |
Jammy update: v5.15.118 upstream stable release |
2030107 |
Jammy update: v5.15.117 upstream stable release |
1786013 |
Packaging resync |
2022361 |
Please enable Renesas RZ platform serial installer |
2033122 |
Request backport of xen timekeeping performance improvements |
2033007 |
kdump doesn't work with UEFI secure boot and kernel lockdown enabled on ARM64 |
2019880 |
ubuntu_kernel_selftests:net:vrf-xfrm-tests.sh: 8 failed test cases on jammy/fips |
2019868 |
ubuntu_kernel_selftests:net:tls: 88 failed test cases on jammy/fips |
2032164 |
A general-proteciton exception during guest migration to unsupported PKRU machine |
2028122 |
Fix unreliable ethernet cable detection on I219 NIC |
2031333 |
Need to get fine-grained control for FAN(TFN) Participant. |
2030924 |
[SRU][Ubuntu 22.04.1] Unable to interpret the frequency values in cpuinfo_min_freq and cpuino_max_freq sysfs files. |
2032176 |
Crashing with CPU soft lock on GA kernel 5.15.0.79.76 and HWE kernel 5.19.0-46.47-22.04.1 |
2032690 |
Jammy update: v5.15.122 upstream stable release |
2032689 |
Jammy update: v5.15.121 upstream stable release |
2032688 |
Jammy update: v5.15.120 upstream stable release |
2032683 |
Jammy update: v5.15.119 upstream stable release |
CVE-2023-4569 |
A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to |
CVE-2023-40283 |
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the |
CVE-2023-4194 |
A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized acc |
CVE-2023-1206 |
A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN floo |
CVE-2023-4273 |
A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, wh |
CVE-2023-4128 |
A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local a |
CVE-2023-3863 |
A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special |
|
linux-hwe-5.15 (5.15.0-83.92~20.04.1) focal; urgency=medium
.
* focal/linux-hwe-5.15: 5.15.0-83.92~20.04.1 -proposed tracker (LP: #2030420)
.
[ Ubuntu: 5.15.0-83.92 ]
.
* jammy/linux: 5.15.0-83.92 -proposed tracker (LP: #2031132)
* libgnutls report "trap invalid opcode" when trying to install packages over
https (LP: #2031093)
- [Config]: disable CONFIG_GDS_FORCE_MITIGATION
.
[ Ubuntu: 5.15.0-81.90 ]
.
* jammy/linux: 5.15.0-81.90 -proposed tracker (LP: #2030422)
* Packaging resync (LP: #1786013)
- [Packaging] resync update-dkms-versions helper
- [Packaging] resync getabis
- debian/dkms-versions -- update from kernel-versions (main/2023.08.07)
* CVE-2022-40982
- x86/mm: Initialize text poking earlier
- x86/mm: fix poking_init() for Xen PV guests
- x86/mm: Use mm_alloc() in poking_init()
- mm: Move mm_cachep initialization to mm_init()
- init: Provide arch_cpu_finalize_init()
- x86/cpu: Switch to arch_cpu_finalize_init()
- ARM: cpu: Switch to arch_cpu_finalize_init()
- sparc/cpu: Switch to arch_cpu_finalize_init()
- um/cpu: Switch to arch_cpu_finalize_init()
- init: Remove check_bugs() leftovers
- init: Invoke arch_cpu_finalize_init() earlier
- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
- x86/init: Initialize signal frame size late
- x86/fpu: Remove cpuinfo argument from init functions
- x86/fpu: Mark init functions __init
- x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
- x86/xen: Fix secondary processors' FPU initialization
- x86/speculation: Add Gather Data Sampling mitigation
- x86/speculation: Add force option to GDS mitigation
- x86/speculation: Add Kconfig option for GDS
- KVM: Add GDS_NO support to KVM
- Documentation/x86: Fix backwards on/off logic about YMM support
- [Config]: Enable CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and
CONFIG_GDS_FORCE_MITIGATION
* CVE-2023-3609
- net/sched: cls_u32: Fix reference counter leak leading to overflow
* CVE-2023-21400
- io_uring: ensure IOPOLL locks around deferred work
* CVE-2023-4015
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
set/chain
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails
- netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
* CVE-2023-3995
- netfilter: nf_tables: disallow rule addition to bound chain via
NFTA_RULE_CHAIN_ID
* CVE-2023-3777
- netfilter: nf_tables: skip bound chain on rule flush
* losetup with mknod fails on jammy with kernel 5.15.0-69-generic
(LP: #2015400)
- loop: do not enforce max_loop hard limit by (new) default
* Include the MAC address pass through function on RTL8153DD-CG (LP: #2020295)
- r8152: add USB device driver for config selection
* Jammy update: v5.15.116 upstream stable release (LP: #2029401)
- RDMA/bnxt_re: Fix the page_size used during the MR creation
- RDMA/efa: Fix unsupported page sizes in device
- RDMA/hns: Fix base address table allocation
- RDMA/hns: Modify the value of long message loopback slice
- dmaengine: at_xdmac: Move the free desc to the tail of the desc list
- dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved()
- RDMA/bnxt_re: Fix a possible memory leak
- RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx
- iommu/rockchip: Fix unwind goto issue
- iommu/amd: Don't block updates to GATag if guest mode is on
- dmaengine: pl330: rename _start to prevent build error
- riscv: Fix unused variable warning when BUILTIN_DTB is set
- net/mlx5: fw_tracer, Fix event handling
- net/mlx5e: Don't attach netdev profile while handling internal error
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure
- netrom: fix info-leak in nr_write_internal()
- af_packet: Fix data-races of pkt_sk(sk)->num.
- amd-xgbe: fix the false linkup in xgbe_phy_status
- mtd: rawnand: ingenic: fix empty stub helper definitions
- RDMA/irdma: Add SW mechanism to generate completions on error
- RDMA/irdma: Prevent QP use after free
- RDMA/irdma: Fix Local Invalidate fencing
- af_packet: do not use READ_ONCE() in packet_bind()
- tcp: deny tcp_disconnect() when threads are waiting
- tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
- net/sched: sch_ingress: Only create under TC_H_INGRESS
- net/sched: sch_clsact: Only create under TC_H_CLSACT
- net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs
- net/sched: Prohibit regrafting ingress or clsact Qdiscs
- net: sched: fix NULL pointer dereference in mq_attach
- net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report
- udp6: Fix race condition in udp6_sendmsg & connect
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs
- net/mlx5: Read embedded cpu after init bit cleared
- net: dsa: mv88e6xxx: Increase wait after reset deactivation
- mtd: rawnand: marvell: ensure timing values are written
- mtd: rawnand: marvell: don't set the NAND frequency select
- rtnetlink: call validate_linkmsg in rtnl_create_link
- drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init"
- watchdog: menz069_wdt: fix watchdog initialisation
- ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs.
- drm/amdgpu: Use the default reset when loading or reloading the driver
- mailbox: mailbox-test: Fix potential double-free in
mbox_test_message_write()
- drm/ast: Fix ARM compatibility
- btrfs: abort transaction when sibling keys check fails for leaves
- ARM: 9295/1: unwind:fix unwind abort for uleb128 case
- media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE
- pla
|
2031093 |
libgnutls report \ |
1786013 |
Packaging resync |
2029401 |
Jammy update: v5.15.116 upstream stable release |
2028550 |
Backport support to tolerate ZSTD compressed firmware files |
2016398 |
stacked overlay file system mounts that have chroot() called against them appear to be getting locked (by the kernel most likely?) |
2026028 |
usbrtl sometimes doesn't reload firmware |
2029138 |
cifs: fix mid leak during reconnection after timeout threshold |
2028799 |
Jammy update: v5.15.115 upstream stable release |
2028701 |
Jammy update: v5.15.114 upstream stable release |
2028408 |
Jammy update: v5.15.113 upstream stable release |
2026607 |
Jammy update: v5.15.112 upstream stable release |
CVE-2022-40982 |
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may al |
CVE-2023-20593 |
An issue in \u201cZen 2\u201d CPUs, under specific microarchitectural ... |
CVE-2023-4004 |
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a |
CVE-2023-2898 |
There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user t |
CVE-2023-31084 |
An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNI |
|
About
-
Send Feedback to @ubuntu_updates