UbuntuUpdates.org

Package "linux-oem-6.0-tools-host"

Name: linux-oem-6.0-tools-host

Description:

Linux kernel VM host tools

Latest version: 6.0.0-1021.21
Release: jammy (22.04)
Level: security
Repository: main
Head package: linux-oem-6.0

Links


Download "linux-oem-6.0-tools-host"


Other versions of "linux-oem-6.0-tools-host" in Jammy

Repository Area Version
updates main 6.0.0-1021.21
PPA: Canonical Kernel Team 6.0.0-1018.18

Changelog

Version: 6.0.0-1021.21 2023-09-19 13:09:17 UTC

  linux-oem-6.0 (6.0.0-1021.21) jammy; urgency=medium

  * jammy/linux-oem-6.0: 6.0.0-1021.21 -proposed tracker (LP: #2034204)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper

  * CVE-2023-3090
    - ipvlan:Fix out-of-bounds caused by unclear skb->cb

  * CVE-2023-1611
    - btrfs: fix race between quota disable and quota assign ioctls

  * CVE-2023-4194
    - net: tun_chr_open(): set sk_uid from current_fsuid()
    - net: tap_open(): set sk_uid from current_fsuid()

  * CVE-2023-1076
    - net: add sock_init_data_uid()
    - tun: tun_chr_open(): correctly initialize socket uid
    - tap: tap_open(): correctly initialize socket uid

  * CVE-2023-40283
    - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

  * CVE-2023-4569
    - netfilter: nf_tables: deactivate catchall elements in next generation

  * CVE-2023-4128
    - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_route: No longer copy tcf_result on update to avoid use-
      after-free

  * CVE-2023-4273
    - exfat: check if filename entries exceeds max filename length

  * CVE-2023-1206
    - tcp: Reduce chance of collisions in inet6_hashfn().

  * CVE-2023-3863
    - net: nfc: Fix use-after-free caused by nfc_llcp_find_local

  * CVE-2022-27672
    - x86/speculation: Identify processors vulnerable to SMT RSB predictions
    - KVM: x86: Mitigate the cross-thread return address predictions bug
    - Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions

  * CVE-2023-3141
    - memstick: r592: Fix UAF bug in r592_remove due to race condition

  * CVE-2023-3220
    - drm/msm/dpu: Add check for pstates

  * CVE-2022-4269
    - net/sched: act_mirred: better wording on protection against excessive stack
      growth
    - act_mirred: use the backlog for nested calls to mirred ingress

  * CVE-2023-28466
    - net: tls: fix possible race condition between do_tls_getsockopt_conf() and
      do_tls_setsockopt_conf()

  * CVE-2023-2235
    - perf: Fix check before add_event_to_groups() in perf_group_detach()

  * CVE-2023-2163
    - bpf: Fix incorrect verifier pruning due to missing register precision taints

  * CVE-2023-2002
    - bluetooth: Perform careful capability checks in hci_sock_ioctl()

  * CVE-2023-4015
    - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
      set/chain
    - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
    - netfilter: nf_tables: unbind non-anonymous set if rule construction fails

  * CVE-2023-3995
    - netfilter: nf_tables: disallow rule addition to bound chain via
      NFTA_RULE_CHAIN_ID

  * CVE-2023-3777
    - netfilter: nf_tables: skip bound chain on rule flush

  * CVE-2023-3390
    - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

  * CVE-2023-3609
    - net/sched: cls_u32: Fix reference counter leak leading to overflow

  * CVE-2023-20593
    - x86/cpu/amd: Move the errata checking functionality up
    - x86/cpu/amd: Add a Zenbleed fix

  * CVE-2023-4004
    - netfilter: nft_set_pipapo: fix improper element removal

  * CVE-2023-3611
    - net/sched: sch_qfq: refactor parsing of netlink parameters
    - net/sched: sch_qfq: account for stab overhead in qfq_enqueue

  * CVE-2023-3610
    - netfilter: nf_tables: fix chain binding transaction logic

  * CVE-2023-2162
    - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

  * CVE-2023-31436
    - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

  * CVE-2023-32269
    - netrom: Fix use-after-free caused by accept on already connected socket

  * CVE-2023-2898
    - f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()

  * CVE-2023-28328
    - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()

  * CVE-2023-0458
    - prlimit: do_prlimit needs to have a speculation check

  * CVE-2023-3776
    - net/sched: cls_fw: Fix improper refcount update leads to use-after-free

  * CVE-2023-2269
    - dm ioctl: fix nested locking in table_clear() to remove deadlock concern

  * CVE-2023-1380
    - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()

  * CVE-2023-1075
    - net/tls: tls_is_tx_ready() checked list_entry

  * Miscellaneous Ubuntu changes
    - [Config] Update gcc version

 -- Timo Aaltonen <email address hidden> Thu, 07 Sep 2023 16:59:43 +0300

Source diff to previous version
1786013 Packaging resync
CVE-2023-1611 A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the syste
CVE-2023-4194 A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized acc
CVE-2023-1076 A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization functi
CVE-2023-40283 An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the
CVE-2023-4569 A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to
CVE-2023-4128 A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local a
CVE-2023-4273 A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, wh
CVE-2023-1206 A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN floo
CVE-2023-3863 A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special
CVE-2022-27672 When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch po
CVE-2023-3141 A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker
CVE-2023-3220 An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the ret
CVE-2022-4269 A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress
CVE-2023-28466 do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-a
CVE-2023-2163 bpf: Fix incorrect verifier pruning due to missing register precision taints
CVE-2023-2002 A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This f
CVE-2023-4015 netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
CVE-2023-3995 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2023-4147.
CVE-2023-3777 netfilter: nf_tables: skip bound chain on rule flush
CVE-2023-20593 An issue in \u201cZen 2\u201d CPUs, under specific microarchitectural ...
CVE-2023-4004 A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a
CVE-2023-2162 A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In thi
CVE-2023-31436 qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
CVE-2023-32269 An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a
CVE-2023-2898 There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user t
CVE-2023-28328 A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space
CVE-2023-0458 A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is u
CVE-2023-2269 A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c
CVE-2023-1380 A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel.
CVE-2023-1075 A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the

Version: 6.0.0-1020.20 2023-07-24 22:07:32 UTC

  linux-oem-6.0 (6.0.0-1020.20) jammy; urgency=medium

  * jammy/linux-oem-6.0: 6.0.0-1020.20 -proposed tracker (LP: #2026458)

  * CVE-2023-2640 // CVE-2023-32629
    - Revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for
      trusted.overlayfs.* xattrs"
    - SAUCE: overlayfs: default to userxattr when mounted from non initial user
      namespace

  * CVE-2023-35001
    - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

  * CVE-2023-31248
    - netfilter: nf_tables: do not ignore genmask when looking up chain by id

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] update annotations scripts

  * CVE-2023-3389
    - io_uring/poll: serialize poll linked timer start with poll removal

  * CVE-2023-21106
    - drm/msm/gpu: Fix potential double-free

  * CVE-2022-47929
    - net: sched: disallow noqueue for qdisc classes

 -- Manuel Diewald <email address hidden> Thu, 13 Jul 2023 10:36:42 +0200

Source diff to previous version
1786013 Packaging resync
CVE-2023-35001 Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or
CVE-2023-31248 Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active a
CVE-2023-21106 In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege wit
CVE-2022-47929 In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of

Version: 6.0.0-1019.19 2023-07-18 12:07:04 UTC

  linux-oem-6.0 (6.0.0-1019.19) jammy; urgency=medium

  * jammy/linux-oem-6.0: 6.0.0-1019.19 -proposed tracker (LP: #2024151)

  * CVE-2023-2430
    - io_uring: get rid of double locking
    - io_uring: extract a io_msg_install_complete helper
    - io_uring/msg_ring: move double lock/unlock helpers higher up
    - io_uring/msg_ring: fix missing lock on overflow for IOPOLL

  * Various backlight issues with the 6.0 kernel (LP: #2023638)
    - ACPI: video: Add auto_detect arg to __acpi_video_get_backlight_type()
    - ACPI: video: Make acpi_backlight=video work independent from GPU driver
    - SAUCE: ACPI: video: Stop trying to use vendor backlight control on laptops
      from after ~2012

  * CVE-2022-4842
    - fs/ntfs3: Fix attr_punch_hole() null pointer derenference

  * CVE-2023-2124
    - xfs: verify buffer contents when we skip log replay

  * CVE-2023-0597
    - x86/kasan: Map shadow for percpu pages on demand
    - x86/mm: Randomize per-cpu entry area
    - x86/mm: Recompute physical address for every page of per-CPU CEA mapping
    - x86/mm: Populate KASAN shadow for entire per-CPU range of CPU entry area
    - x86/mm: Do not shuffle CPU entry areas without KASLR

  * cls_flower: off-by-one in fl_set_geneve_opt (LP: #2023577)
    - net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

  * Some INVLPG implementations can leave Global translations unflushed when
    PCIDs are enabled (LP: #2023220)
    - x86/mm: Avoid incomplete Global INVLPG flushes

  * CVE-2023-2176
    - RDMA/core: Refactor rdma_bind_addr

  * Fix Monitor lost after replug WD19TBS to SUT port with VGA/DVI to type-C
    dongle (LP: #2021949)
    - thunderbolt: Increase timeout of DP OUT adapter handshake
    - thunderbolt: Do not touch CL state configuration during discovery
    - thunderbolt: Increase DisplayPort Connection Manager handshake timeout

  * CVE-2023-1073
    - HID: check empty report_list in hid_validate_values()

  * CVE-2023-0459
    - uaccess: Add speculation barrier to copy_from_user()

  * selftest: fib_tests: Always cleanup before exit (LP: #2015956)
    - selftest: fib_tests: Always cleanup before exit

 -- Timo Aaltonen <email address hidden> Tue, 20 Jun 2023 12:57:07 +0300

Source diff to previous version
2023577 cls_flower: off-by-one in fl_set_geneve_opt
CVE-2023-2430 io_uring/msg_ring: fix missing lock on overflow for IOPOLL
CVE-2022-4842 A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the
CVE-2023-2124 An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty l
CVE-2023-0597 A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location o
CVE-2023-2176 A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-
CVE-2023-1073 A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This fl
CVE-2023-0459 Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check a

Version: 6.0.0-1017.17 2023-05-27 23:07:03 UTC

  linux-oem-6.0 (6.0.0-1017.17) jammy; urgency=medium

  * jammy/linux-oem-6.0: 6.0.0-1017.17 -proposed tracker (LP: #2019649)

  * CVE-2023-26606
    - fs/ntfs3: Fix slab-out-of-bounds read in ntfs_trim_fs

  * CVE-2023-32233
    - netfilter: nf_tables: deactivate anonymous set from preparation phase

  * CVE-2023-2612
    - SAUCE: shiftfs: prevent lock unbalance in shiftfs_create_object()

  * CVE-2023-1670
    - xirc2ps_cs: Fix use after free bug in xirc2ps_detach

  * CVE-2023-30456
    - KVM: nVMX: add missing consistency checks for CR0 and CR4

 -- Timo Aaltonen <email address hidden> Thu, 18 May 2023 15:32:19 +0300

Source diff to previous version
CVE-2023-26606 In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c.
CVE-2023-32233 In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and
CVE-2023-1670 A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the syst
CVE-2023-30456 An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.

Version: 6.0.0-1016.16 2023-05-18 21:07:21 UTC

  linux-oem-6.0 (6.0.0-1016.16) jammy; urgency=medium

  * jammy/linux-oem-6.0: 6.0.0-1016.16 -proposed tracker (LP: #2016550)

  * both dell_backlight and nvidia_0 backlight interface appear, and can't
    adjust the display brightness (LP: #2017774)
    - ACPI: video: Add acpi_video_backlight_use_native() helper
    - ACPI: video: Drop backlight_device_get_by_type() call from
      acpi_video_get_backlight_type()
    - ACPI: video: Refactor acpi_video_get_backlight_type() a bit
    - ACPI: video: Make acpi_video_backlight_use_native() always return true
    - ACPI: video: Simplify __acpi_video_get_backlight_type()
    - ACPI: video: Prefer native over vendor

  * CVE-2022-4139
    - drm/i915: fix TLB invalidation for Gen12 video and compute engines

 -- Timo Aaltonen <email address hidden> Thu, 27 Apr 2023 13:15:34 +0300

2017774 both dell_backlight and nvidia_0 backlight interface appear, and can't adjust the display brightness
CVE-2022-4139 An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. T



About   -   Send Feedback to @ubuntu_updates