UbuntuUpdates.org

Package "linux-hwe-5.8"

Name: linux-hwe-5.8

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Linux kernel buildinfo for version 5.8.0 on 64 bit x86 SMP
  • Linux kernel buildinfo for version 5.8.0 on 64 bit x86 SMP
  • Linux kernel version specific cloud tools for version 5.8.0-67
  • Linux kernel version specific cloud tools for version 5.8.0-67

Latest version: 5.8.0-67.75
Release: focal (20.04)
Level: proposed
Repository: main

Links



Other versions of "linux-hwe-5.8" in Focal

Repository Area Version
security main 5.8.0-63.71~20.04.1
updates main 5.8.0-63.71~20.04.1
PPA: Canonical Kernel Team 5.8.0-67.75

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.8.0-67.75 2021-10-29 12:06:19 UTC

  linux-hwe-5.8 (5.8.0-67.75) focal; urgency=medium

  * focal/linux-hwe-5.8: 5.8.0-67.75 -proposed tracker (LP: #1947262)

  * CVE-2021-3744 // CVE-2021-3764
    - crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()

  * CVE-2020-36385
    - RDMA/cma: Add missing locking to rdma_accept()
    - RDMA/ucma: Fix the locking of ctx->file
    - RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

  * Packaging resync (LP: #1786013)
    - [Packaging] update Ubuntu.md

 -- Stefan Bader <email address hidden> Wed, 27 Oct 2021 10:49:04 +0200

Source diff to previous version
1786013 Packaging resync
CVE-2021-3744 crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
CVE-2021-3764 DoS in ccp_run_aes_gcm_cmd() function
CVE-2020-36385 An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_l

Version: 5.8.0-66.74 2021-10-08 10:06:21 UTC

  linux-hwe-5.8 (5.8.0-66.74) focal; urgency=medium

  * focal/linux-hwe-5.8: 5.8.0-66.74 -proposed tracker (LP: #1944903)

  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2021.09.27)

  * linux: btrfs: fix NULL pointer dereference when deleting device by invalid
    id (LP: #1945987)
    - btrfs: fix NULL pointer dereference when deleting device by invalid id

  * CVE-2021-38199
    - NFSv4: Initialise connection to the server in nfs4_alloc_client()

  * BCM57800 SRIOV bug causes interfaces to disappear (LP: #1945707)
    - bnx2x: Fix enabling network interfaces without VFs

  * CVE-2021-3759
    - memcg: enable accounting of ipc resources

  * CVE-2019-19449
    - f2fs: fix wrong total_sections check and fsmeta check
    - f2fs: fix to do sanity check on segment/section count

  * Support builtin revoked certificates (LP: #1932029)
    - Revert "UBUNTU: SAUCE: Dump stack when X.509 certificates cannot be loaded"
    - integrity: Move import of MokListRT certs to a separate routine
    - integrity: Load certs from the EFI MOK config table
    - certs: Add EFI_CERT_X509_GUID support for dbx entries
    - certs: Move load_system_certificate_list to a common function
    - certs: Add ability to preload revocation certs
    - integrity: Load mokx variables into the blacklist keyring
    - certs: add 'x509_revocation_list' to gitignore
    - SAUCE: Dump stack when X.509 certificates cannot be loaded
    - [Packaging] build canonical-revoked-certs.pem from branch/arch certs
    - [Packaging] Revoke 2012 UEFI signing certificate as built-in
    - [Config] Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys

  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679)
    - efi: Support for MOK variable config table
    - efi: mokvar-table: fix some issues in new code
    - efi: mokvar: add missing include of asm/early_ioremap.h
    - efi/mokvar: Reserve the table only if it is in boot services data
    - SAUCE: integrity: add informational messages when revoking certs

  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679) // CVE-2020-26541 when certificates are revoked via
    MokListXRT.
    - SAUCE: integrity: Load mokx certs from the EFI MOK config table

  * CVE-2020-36311
    - KVM: SVM: Periodically schedule when unregistering regions on destroy

  * CVE-2021-22543
    - KVM: do not allow mapping valid but non-reference-counted pages

  * CVE-2021-3612
    - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl

  * CVE-2021-38207
    - net: ll_temac: Fix TX BD buffer overwrite

  * CVE-2021-40490
    - ext4: fix race writing to an inline_data file while its xattrs are changing

  * LRMv5: switch primary version handling to kernel-versions data set
    (LP: #1928921)
    - [Packaging] switch to kernel-versions

 -- Stefan Bader <email address hidden> Tue, 05 Oct 2021 10:54:57 +0200

Source diff to previous version
1786013 Packaging resync
1945987 linux: btrfs: fix NULL pointer dereference when deleting device by invalid id
1945707 BCM57800 SRIOV bug causes interfaces to disappear
1932029 Support builtin revoked certificates
1928679 Support importing mokx keys into revocation list from the mok table
1928921 LRMv5: switch primary version handling to kernel-versions data set
CVE-2021-38199 fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to caus
CVE-2021-3759 unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks
CVE-2019-19449 In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f
CVE-2020-26541 The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects c
CVE-2020-36311 An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by trigger
CVE-2021-22543 An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed
CVE-2021-3612 An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls i
CVE-2021-38207 drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow
CVE-2021-40490 A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.

Version: 5.8.0-65.73 2021-08-31 23:06:21 UTC

  linux-hwe-5.8 (5.8.0-65.73) focal; urgency=medium

  * focal/linux-hwe-5.8: 5.8.0-65.73 -proposed tracker (LP: #1939805)

  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - debian/dkms-versions -- update from kernel-versions (main/2021.08.16)

  * CVE-2021-3656
    - SAUCE: KVM: nSVM: always intercept VMLOAD/VMSAVE when nested

  * CVE-2021-3653
    - KVM: nSVM: introduce nested_svm_load_cr3()/nested_npt_enabled()
    - SAUCE: KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

 -- Stefan Bader <email address hidden> Fri, 13 Aug 2021 14:19:52 +0200

Source diff to previous version
1786013 Packaging resync
CVE-2021-3656 KVM: nSVM: always intercept VMLOAD/VMSAVE when nested
CVE-2021-3653 KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

Version: 5.8.0-64.72 2021-07-23 12:06:19 UTC

  linux-hwe-5.8 (5.8.0-64.72) focal; urgency=medium

  * focal/linux-hwe-5.8: 5.8.0-64.72 -proposed tracker (LP: #1937067)

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

  * large_dir in ext4 broken (LP: #1933074)
    - SAUCE: ext4: fix directory index node split corruption

  * Add l2tp.sh in net from ubuntu_kernel_selftests back (LP: #1934293)
    - Revert "UBUNTU: SAUCE: selftests/net -- disable l2tp.sh test"

  * icmp_redirect.sh in net from ubuntu_kernel_selftests failed on F-OEM-5.6 /
    F-OEM-5.10 / F-OEM-5.13 / F / G / H (LP: #1880645)
    - selftests: icmp_redirect: support expected failures

  * ubuntu-host driver lacks lseek ops (LP: #1934110)
    - ubuntu-host: add generic lseek op

  * ubuntu_kernel_selftests ftrace fails on arm64 F / aws-5.8 / amd64 F
    azure-5.8 (LP: #1927749)
    - selftests/ftrace: fix event-no-pid on 1-core machine

  * pmtu.sh from net in ubuntu_kernel_selftests failed with no error message
    (LP: #1887661)
    - selftests: pmtu.sh: improve the test result processing

  * cifs: On cifs_reconnect, resolve the hostname again (LP: #1929831)
    - cifs: rename reconn_inval_dfs_target()
    - cifs: Simplify reconnect code when dfs upcall is enabled
    - cifs: Avoid error pointer dereference
    - cifs: On cifs_reconnect, resolve the hostname again.

  * Pixel format change broken for Elgato Cam Link 4K (LP: #1932367)
    - (upstream) media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K

  * Groovy update: upstream stable patchset 2021-06-28 (LP: #1933877)
    - proc: Track /proc/$pid/attr/ opener mm_struct
    - ASoC: max98088: fix ni clock divider calculation
    - spi: Fix spi device unregister flow
    - net/nfc/rawsock.c: fix a permission check bug
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet
    - vfio-ccw: Serialize FSM IDLE state with I/O completion
    - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE
    - spi: sprd: Add missing MODULE_DEVICE_TABLE
    - isdn: mISDN: netjet: Fix crash in nj_probe:
    - bonding: init notify_work earlier to avoid uninitialized use
    - netlink: disable IRQs for netlink_lock_table()
    - net: mdiobus: get rid of a BUG_ON()
    - cgroup: disable controllers at parse time
    - wq: handle VM suspension in stall detection
    - net/qla3xxx: fix schedule while atomic in ql_sem_spinlock
    - RDS tcp loopback connection can hang
    - scsi: bnx2fc: Return failure if io_req is already in ABTS processing
    - scsi: vmw_pvscsi: Set correct residual data length
    - scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq
    - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal
    - net: macb: ensure the device is available before accessing GEMGXL control
      registers
    - net: appletalk: cops: Fix data race in cops_probe1
    - net: dsa: microchip: enable phy errata workaround on 9567
    - nvme-fabrics: decode host pathing error for connect
    - MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER
    - dm verity: fix require_signatures module_param permissions
    - bnx2x: Fix missing error code in bnx2x_iov_init_one()
    - nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME
    - powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers
    - powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers
    - spi: Don't have controller clean up spi device before driver unbind
    - spi: Cleanup on failure of initial setup
    - i2c: mpc: Make use of i2c_recover_bus()
    - i2c: mpc: implement erratum A-004447 workaround
    - x86/boot: Add .text.* to setup.ld
    - spi: bcm2835: Fix out-of-bounds access with more than 4 slaves
    - drm: Fix use-after-free read in drm_getunique()
    - drm: Lock pointer access in drm_master_release()
    - kvm: avoid speculation-based attacks from out-of-range memslot accesses
    - staging: rtl8723bs: Fix uninitialized variables
    - btrfs: return value from btrfs_mark_extent_written() in case of error
    - btrfs: promote debugging asserts to full-fledged checks in validate_super
    - cgroup1: don't allow '\n' in renaming
    - USB: f_ncm: ncm_bitrate (speed) is unsigned
    - usb: f_ncm: only first packet of aggregate needs to start timer
    - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms
    - usb: dwc3: ep0: fix NULL pointer exception
    - usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling
    - usb: typec: wcove: Use LE to CPU conversion when accessing msg->header
    - usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path
    - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind
    - USB: serial: ftdi_sio: add NovaTech OrionMX product ID
    - USB: serial: omninet: add device id for Zyxel Omni 56K Plus
    - USB: serial: quatech2: fix control-request directions
    - USB: serial: cp210x: fix alternate function for CP2102N QFN20
    - usb: gadget: eem: fix wrong eem header operation
    - usb: fix various gadgets null ptr deref on 10gbps cabling.
    - usb: fix various gadget panics on 10gbps cabling
    - regulator: core: resolve supply for boot-on/always-on regulators
    - regulator: max77620: Use device_set_of_node_from_dev()
    - usb: typec: mux: Fix copy-paste mistake in typec_mux_match
    - RDMA/ipoib: Fix warning caused by destroying non-initial netns
    - RDMA/mlx4: Do not map the core_clock page to user space unless enabled
    - vmlinux.lds.h: Avoid orphan section with !SMP
    - perf: Fix data race between pin_count increment/decrement
    - sched/fair: Make sure to update tg contrib for blocked load
    - KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message
    - IB/mlx5: Fix initializing CQ fragments buffer
    - NFS: Fix a potential NULL dereference in nfs_get_client()
    - NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode()
    - perf session: Correct buffer copying whe

Source diff to previous version
1786013 Packaging resync
1933074 large_dir in ext4 broken
1934110 ubuntu-host driver lacks lseek ops
1929831 cifs: On cifs_reconnect, resolve the hostname again
1932367 Pixel format change broken for Elgato Cam Link 4K
1933877 Groovy update: upstream stable patchset 2021-06-28
1930188 Acer Aspire 5 sound driver issues
1933541 Groovy update: upstream stable patchset 2021-06-24
1933262 Groovy update: upstream stable patchset 2021-06-22
1926165 Bass speakers not enabled on Lenovo Yoga 9i
1932359 Groovy update: upstream stable patchset 2021-06-17
1925057 [82A1, Realtek ALC287, Speaker, Internal] Underruns, dropouts or crackling sound
804178 \

Version: 5.8.0-61.68~20.04.1 2021-07-01 10:06:23 UTC

  linux-hwe-5.8 (5.8.0-61.68~20.04.1) focal; urgency=medium

  * focal/linux-hwe-5.8: 5.8.0-61.68~20.04.1 -proposed tracker (LP: #1934092)

  [ Ubuntu: 5.8.0-61.68 ]

  * test_pmtu_vti4_link_add_mtu() test from net/pmtu.sh in
    ubuntu_kernel_selftests cannot finish properly on 5.11 and 5.8
    (LP: #1933969)
    - ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
    - sit: proper dev_{hold|put} in ndo_[un]init methods
    - ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
    - ipv6: remove extra dev_hold() for fallback tunnels

1933969 test_pmtu_vti4_link_add_mtu() test from net/pmtu.sh in ubuntu_kernel_selftests cannot finish properly on 5.11 and 5.8



About   -   Send Feedback to @ubuntu_updates