UbuntuUpdates.org

Package "linux-hwe-6.2"

Name: linux-hwe-6.2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Linux kernel buildinfo for version 6.2.0 on 64 bit x86 SMP
  • Linux kernel buildinfo for version 6.2.0 on 64 bit x86 SMP
  • Linux kernel buildinfo for version 6.2.0 on 64 bit x86 SMP
  • Linux kernel buildinfo for version 6.2.0 on 64 bit x86 SMP

Latest version: 6.2.0-39.40~22.04.1
Release: jammy (22.04)
Level: updates
Repository: main

Links



Other versions of "linux-hwe-6.2" in Jammy

Repository Area Version
security main 6.2.0-39.40~22.04.1
proposed main 6.2.0-23.23~22.04.1
PPA: Canonical Kernel Team 6.2.0-39.40~22.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 6.2.0-39.40~22.04.1 2023-12-13 00:12:49 UTC

  linux-hwe-6.2 (6.2.0-39.40~22.04.1) jammy; urgency=medium

  * jammy/linux-hwe-6.2: 6.2.0-39.40~22.04.1 -proposed tracker (LP: #2041556)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] update variants

  [ Ubuntu: 6.2.0-39.40 ]

  * lunar/linux: 6.2.0-39.40 -proposed tracker (LP: #2043451)
  * USB bus error after upgrading to proposed kernel on lunar and jammy
    (LP: #2043197)
    - USB: core: Fix oversight in SuperSpeed initialization
  * Include cifs.ko in linux-modules package (LP: #2042546)
    - [Packaging] Replace fs/cifs with fs/smb/client in inclusion list

  [ Ubuntu: 6.2.0-38.39 ]

  * lunar/linux: 6.2.0-38.39 -proposed tracker (LP: #2041557)
  * CVE-2023-25775
    - RDMA/irdma: Prevent zero-length STAG registration
  * CVE-2023-5345
    - fs/smb/client: Reset password pointer to NULL
  * CVE-2023-39189
    - netfilter: nfnetlink_osf: avoid OOB read
  * SMC stats: Wrong bucket calculation for payload of exactly 4096 bytes
    (LP: #2039575)
    - net/smc: Fix pos miscalculation in statistics
  * [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
    (LP: #2033406)
    - [Packaging] Make WWAN driver loadable modules
  * CVE-2023-45871
    - igb: set max size RX buffer when store bad packet is enabled
  * CVE-2023-39193
    - netfilter: xt_sctp: validate the flag_info count
  * CVE-2023-39192
    - netfilter: xt_u32: validate user space input
  * CVE-2023-31085
    - ubi: Refuse attaching if mtd's erasesize is 0
  * CVE-2023-5717
    - perf: Disallow mis-matched inherited group reads
  * CVE-2023-5178
    - nvmet-tcp: Fix a possible UAF in queue intialization setup
  * CVE-2023-5158
    - vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
  * CVE-2023-5090
    - x86: KVM: SVM: always update the x2avic msr interception
  * usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439)
    - [Packaging] Make linux-tools-common depend on hwdata
  * Unable to use nvme drive to install Ubuntu 23.10 (LP: #2040157)
    - misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to
      probe
  * Lunar update: upstream stable patchset 2023-10-19 (LP: #2039884)
    - ACPI: thermal: Drop nocrt parameter
    - module: Expose module_init_layout_section()
    - arm64: module-plts: inline linux/moduleloader.h
    - arm64: module: Use module_init_layout_section() to spot init sections
    - ARM: module: Use module_init_layout_section() to spot init sections
    - lockdep: fix static memory detection even more
    - parisc: Cleanup mmap implementation regarding color alignment
    - parisc: sys_parisc: parisc_personality() is called from asm code
    - io_uring/parisc: Adjust pgoff in io_uring mmap() for parisc
    - kallsyms: Fix kallsyms_selftest failure
    - module/decompress: use vmalloc() for zstd decompression workspace
    - Upstream stable to v6.1.51, v6.4.14
    - erofs: ensure that the post-EOF tails are all zeroed
    - ksmbd: fix wrong DataOffset validation of create context
    - ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
    - ksmbd: replace one-element array with flex-array member in struct
      smb2_ea_info
    - ksmbd: reduce descriptor size if remaining bytes is less than request size
    - ARM: pxa: remove use of symbol_get()
    - mmc: au1xmmc: force non-modular build and remove symbol_get usage
    - net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index
    - rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff
    - modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
    - USB: serial: option: add Quectel EM05G variant (0x030e)
    - USB: serial: option: add FOXCONN T99W368/T99W373 product
    - ALSA: usb-audio: Fix init call orders for UAC1
    - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption
    - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0
    - HID: wacom: remove the battery when the EKR is off
    - staging: rtl8712: fix race condition
    - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race
      condition
    - wifi: mt76: mt7921: do not support one stream on secondary antenna only
    - wifi: mt76: mt7921: fix skb leak by txs missing in AMSDU
    - serial: qcom-geni: fix opp vote on shutdown
    - serial: sc16is7xx: fix broken port 0 uart init
    - serial: sc16is7xx: fix bug when first setting GPIO direction
    - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
    - fsi: master-ast-cf: Add MODULE_FIRMWARE macro
    - tcpm: Avoid soft reset when partner does not support get_status
    - dt-bindings: sc16is7xx: Add property to change GPIO function
    - nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
    - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
    - usb: typec: tcpci: clear the fault status bit
    - pinctrl: amd: Don't show `Invalid config param` errors
    - wifi: rtw88: usb: kill and free rx urbs on probe failure
    - Upstream stable to v6.1.52, v6.4.15
  * Lunar update: upstream stable patchset 2023-10-18 (LP: #2039742)
    - NFSv4.2: fix error handling in nfs42_proc_getxattr
    - NFSv4: fix out path in __nfs4_get_acl_uncached
    - xprtrdma: Remap Receive buffers after a reconnect
    - drm/ast: Use drm_aperture_remove_conflicting_pci_framebuffers
    - fbdev/radeon: use pci aperture helpers
    - PCI: acpiphp: Reassign resources on bridge if necessary
    - MIPS: cpu-features: Enable octeon_cache by cpu_type
    - MIPS: cpu-features: Use boot_cpu_type for CPU type based features
    - jbd2: remove t_checkpoint_io_list
    - jbd2: remove journal_clean_one_cp_list()
    - jbd2: fix a race when checking checkpoint buffer busy
    - can: raw: fix receiver memory leak
    - can: raw: fix lockdep issue in raw_release()
    - s390/zcrypt: remove unnecessary (void *) conversions
    - s390/zcrypt: fix reply buffer calculations for CCA replies

Source diff to previous version
1786013 Packaging resync
2043197 USB bus error after upgrading to proposed kernel on lunar and jammy
2042546 Include cifs.ko in linux-modules package
2039575 SMC stats: Wrong bucket calculation for payload of exactly 4096 bytes
2033406 [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
2039439 usbip: error: failed to open /usr/share/hwdata//usb.ids
2040157 Unable to use nvme drive to install Ubuntu 23.10
2039884 Lunar update: upstream stable patchset 2023-10-19
2039742 Lunar update: upstream stable patchset 2023-10-18
2039542 Remove duplication of devm_pwmchip_add function definition
2039110 Lunar update: upstream stable patchset 2023-10-11
2038969 Lunar update: upstream stable patchset 2023-10-10
2038236 Lunar update: upstream stable patchset 2023-10-02
CVE-2023-25775 Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentia
CVE-2023-5345 A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an e
CVE-2023-39189 A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num
CVE-2023-45871 An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be ade
CVE-2023-39193 A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local pr
CVE-2023-39192 A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw all
CVE-2023-31085 An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirec
CVE-2023-5717 A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local pri
CVE-2023-5178 A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` ...
CVE-2023-5158 A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a d
CVE-2023-5090 x86: KVM: SVM: always update the x2avic msr interception
CVE-2023-42754 A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before c
CVE-2023-37453 An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/us

Version: 6.2.0-37.38~22.04.1 2023-11-21 02:07:13 UTC

  linux-hwe-6.2 (6.2.0-37.38~22.04.1) jammy; urgency=medium

  * jammy/linux-hwe-6.2: 6.2.0-37.38~22.04.1 -proposed tracker (LP: #2041898)

  * Include cifs.ko in linux-modules package (LP: #2042546)
    - [Packaging] Replace fs/cifs with fs/smb/client in inclusion list

  [ Ubuntu: 6.2.0-37.38 ]

  * lunar/linux: 6.2.0-37.38 -proposed tracker (LP: #2041899)
  * CVE-2023-31085
    - ubi: Refuse attaching if mtd's erasesize is 0
  * CVE-2023-25775
    - RDMA/irdma: Prevent zero-length STAG registration
  * CVE-2023-45871
    - igb: set max size RX buffer when store bad packet is enabled
  * CVE-2023-5345
    - fs/smb/client: Reset password pointer to NULL
  * CVE-2023-5090
    - x86: KVM: SVM: always update the x2avic msr interception
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

 -- Stefan Bader <email address hidden> Thu, 02 Nov 2023 18:02:54 +0100

Source diff to previous version
2042546 Include cifs.ko in linux-modules package
1786013 Packaging resync
CVE-2023-31085 An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirec
CVE-2023-25775 Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentia
CVE-2023-45871 An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be ade
CVE-2023-5090 x86: KVM: SVM: always update the x2avic msr interception

Version: 6.2.0-36.37~22.04.1 2023-10-30 18:12:04 UTC

  linux-hwe-6.2 (6.2.0-36.37~22.04.1) jammy; urgency=medium

  * jammy/linux-hwe-6.2: 6.2.0-36.37~22.04.1 -proposed tracker (LP: #2038075)

  [ Ubuntu: 6.2.0-36.37 ]

  * lunar/linux: 6.2.0-36.37 -proposed tracker (LP: #2038076)
  * Regression for ubuntu_bpf test build caused by upstream bdeeed3498c7
    (LP: #2035181)
    - selftests/bpf: fix static assert compilation issue for test_cls_*.c
  * CVE-2023-4244
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: don't fail inserts if duplicate has expired
    - netfilter: nf_tables: fix kdoc warnings after gc rework
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending
    - netfilter: nft_dynset: disallow object maps
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
  * CVE-2023-4563
    - netfilter: nf_tables: remove busy mark and gc batch API
  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve
  * Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
    - ALSA: hda/realtek - ALC287 I2S speaker platform support
  * Lunar update: upstream stable patchset 2023-09-21 (LP: #2037005)
    - Upstream stable to v6.1.41, v6.4.6
    - io_uring: treat -EAGAIN for REQ_F_NOWAIT as final for io-wq
    - ALSA: hda/realtek - remove 3k pull low procedure
    - ALSA: hda/realtek: Add quirk for Clevo NS70AU
    - ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx
    - maple_tree: set the node limit when creating a new root node
    - maple_tree: fix node allocation testing on 32 bit
    - keys: Fix linking a duplicate key to a keyring's assoc_array
    - perf probe: Add test for regression introduced by switch to
      die_get_decl_file()
    - btrfs: fix warning when putting transaction with qgroups enabled after abort
    - fuse: revalidate: don't invalidate if interrupted
    - fuse: Apply flags2 only when userspace set the FUSE_INIT_EXT
    - btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand
    - btrfs: zoned: fix memory leak after finding block group with super blocks
    - fuse: ioctl: translate ENOSYS in outarg
    - btrfs: fix race between balance and cancel/pause
    - selftests: tc: set timeout to 15 minutes
    - selftests: tc: add 'ct' action kconfig dep
    - regmap: Drop initial version of maximum transfer length fixes
    - of: Preserve "of-display" device name for compatibility
    - regmap: Account for register length in SMBus I/O limits
    - arm64/fpsimd: Ensure SME storage is allocated after SVE VL changes
    - can: mcp251xfd: __mcp251xfd_chip_set_mode(): increase poll timeout
    - can: bcm: Fix UAF in bcm_proc_show()
    - can: gs_usb: gs_can_open(): improve error handling
    - selftests: tc: add ConnTrack procfs kconfig
    - dma-buf/dma-resv: Stop leaking on krealloc() failure
    - drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel
    - drm/amdgpu/pm: make gfxclock consistent for sienna cichlid
    - drm/amdgpu/pm: make mclk consistent for smu 13.0.7
    - drm/client: Fix memory leak in drm_client_target_cloned
    - drm/client: Fix memory leak in drm_client_modeset_probe
    - drm/amd/display: only accept async flips for fast updates
    - drm/amd/display: Disable MPC split by default on special asic
    - drm/amd/display: check TG is non-null before checking if enabled
    - drm/amd/display: Keep PHY active for DP displays on DCN31
    - ASoC: fsl_sai: Disable bit clock with transmitter
    - ASoC: fsl_sai: Revert "ASoC: fsl_sai: Enable MCTL_MCLK_EN bit for master
      mode"
    - ASoC: tegra: Fix ADX byte map
    - ASoC: rt5640: Fix sleep in atomic context
    - ASoC: cs42l51: fix driver to properly autoload with automatic module loading
    - ASoC: codecs: wcd938x: fix missing clsh ctrl error handling
    - ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove
    - ASoC: qdsp6: audioreach: fix topology probe deferral
    - ASoC: tegra: Fix AMX byte map
    - ASoC: codecs: wcd938x: fix resource leaks on component remove
    - ASoC: codecs: wcd938x: fix missing mbhc init error handling
    - ASoC: codecs: wcd934x: fix resource leaks on component remove
    - ASoC: codecs: wcd938x: fix codec initialisation race
    - ASoC: codecs: wcd938x: fix soundwire initialisation race
    - ext4: correct inline offset when handling xattrs in inode body
    - drm/radeon: Fix integer overflow in radeon_cs_parser_init
    - ALSA: emu10k1: roll up loops in DSP setup code for Audigy
    - quota: Properly disable quotas when add_dquot_ref() fails
    - quota: fix warning in dqgrab()
    - HID: add quirk for 03f0:464a HP Elite Presenter Mouse
    - ovl: check type and offset of struct vfsmount in ovl_entry
    - udf: Fix uninitialized array access for some pathnames
    - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
    - MIPS: dec: prom: Address -Warray-bounds warning
    - FS: JFS: Fix null-ptr-deref Read in txBegin
    - FS: JFS: Check for read-only mounted filesystem in txBegin
    - ACPI: video: Add backlight=native DMI quirk for Dell Studio 1569
    - rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()
    - rcu: Mark additional concurrent load from ->cpu_no_qs.b.exp
    - sched/fair: Don't balance task to its current running CPU
    - wifi: ath11k: fix registration of 6Ghz-only phy wit

Source diff to previous version
2035181 Regression for ubuntu_bpf test build on Jammy 5.15.0-85.95
2037077 Fix unstable audio at low levels on Thinkpad P1G4
2037005 Lunar update: upstream stable patchset 2023-09-21
2035313 Fix non-working I219 after system sleep
2035163 Avoid address overwrite in kernel_connect
2031537 Ethernet not stable 23.04 (RTL8168/8169)
2034479 Fix suspend hang on Lenovo workstation
2034491 Fix blank display when Thunderbolt monitor is plugged second time
2034745 [regression] Unable to initialize SGX enclaves with XFRM other than 3
2036075 Lunar update: upstream stable patchset 2023-09-14
2031352 Nouveau driver crash - Ubuntu 22.04.3 LTS stuck on power-off/reboot screen
2034469 Lunar update: upstream stable patchset 2023-09-05
2033931 Lunar update: upstream stable patchset 2023-09-01
1786013 Packaging resync
CVE-2023-4563 ** REJECT ** This was assigned as a duplicate of CVE-2023-4244.
CVE-2023-42756 A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic
CVE-2023-42755 wild pointer access in rsvp classifer in the Linux kernel
CVE-2023-42753 An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->n
CVE-2023-42752 integer overflows in kmalloc_reserve()
CVE-2023-4881 ** REJECT ** CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.
CVE-2023-31083 An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSET
CVE-2023-4132 A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano d
CVE-2023-3863 A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special
CVE-2023-3772 A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADM

Version: 6.2.0-35.35~22.04.1 2023-10-19 13:06:54 UTC

  linux-hwe-6.2 (6.2.0-35.35~22.04.1) jammy; urgency=medium

  * jammy/linux-hwe-6.2: 6.2.0-35.35~22.04.1 -proposed tracker (LP: #2038228)

  * CVE-2023-42755
    - [Config] hwe-6.2: Mark cls_rsv[p,p6] gone

  [ Ubuntu: 6.2.0-35.35 ]

  * lunar/linux: 6.2.0-35.35 -proposed tracker (LP: #2038229)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2023-4244
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: integrate pipapo into commit protocol
    - netfilter: nft_set_rbtree: fix overlap expiration walk
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: drop map element references from preparation phase
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: remove busy mark and gc batch API
    - netfilter: nf_tables: don't fail inserts if duplicate has expired
    - netfilter: nf_tables: fix kdoc warnings after gc rework
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending
    - netfilter: nft_dynset: disallow object maps
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
  * CVE-2023-5197
    - netfilter: nf_tables: skip bound chain in netns release path
    - netfilter: nf_tables: disallow rule removal from chain binding
  * CVE-2023-4921
    - net: sched: sch_qfq: Fix UAF in qfq_dequeue()
  * CVE-2023-4881
    - netfilter: nftables: exthdr: fix 4-byte stack OOB write
  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve
  * CVE-2023-4622
    - af_unix: Fix null-ptr-deref in unix_stream_sendpage().
  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
  * CVE-2023-42755
    - net/sched: Retire rsvp classifier
    - [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6
  * CVE-2023-42753
    - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
      ip_set_hash_netportnet.c
  * CVE-2023-42752
    - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
    - net: add SKB_HEAD_ALIGN() helper
    - net: remove osize variable in __alloc_skb()
    - net: factorize code in kmalloc_reserve()
    - net: deal with integer overflows in kmalloc_reserve()
  * CVE-2023-34319
    - xen/netback: Fix buffer overrun triggered by unusual packet

 -- Stefan Bader <email address hidden> Fri, 06 Oct 2023 11:29:50 +0200

Source diff to previous version
1786013 Packaging resync
CVE-2023-42755 wild pointer access in rsvp classifer in the Linux kernel
CVE-2023-4881 ** REJECT ** CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.
CVE-2023-42756 A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic
CVE-2023-42753 An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->n
CVE-2023-42752 integer overflows in kmalloc_reserve()

Version: 6.2.0-34.34~22.04.1 2023-10-03 23:08:00 UTC

  linux-hwe-6.2 (6.2.0-34.34~22.04.1) jammy; urgency=medium

  * jammy/linux-hwe-6.2: 6.2.0-34.34~22.04.1 -proposed tracker (LP: #2033778)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  [ Ubuntu: 6.2.0-34.34 ]

  * lunar/linux: 6.2.0-34.34 -proposed tracker (LP: #2033779)
  * CVE-2023-20569
    - x86/cpu, kvm: Add support for CPUID_80000021_EAX
    - tools headers x86 cpufeatures: Sync with the kernel sources
    - x86/alternative: Optimize returns patching
    - x86/retbleed: Add __x86_return_thunk alignment checks
    - x86/srso: Add a Speculative RAS Overflow mitigation
    - x86/srso: Add IBPB_BRTYPE support
    - x86/srso: Add SRSO_NO support
    - x86/srso: Add IBPB
    - x86/srso: Add IBPB on VMEXIT
    - x86/srso: Fix return thunks in generated code
    - x86/srso: Add a forgotten NOENDBR annotation
    - x86/srso: Tie SBPB bit setting to microcode patch detection
    - Documentation/hw-vuln: Unify filename specification in index
    - Documentation/srso: Document IBPB aspect and fix formatting
    - x86/srso: Fix build breakage with the LLVM linker
    - x86: Move gds_ucode_mitigated() declaration to header
    - x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()
    - x86/srso: Disable the mitigation on unaffected configurations
    - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG
    - x86/retpoline,kprobes: Skip optprobe check for indirect jumps with
      retpolines and IBT
    - x86/cpu: Fix __x86_return_thunk symbol type
    - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk()
    - objtool/x86: Fix SRSO mess
    - x86/alternative: Make custom return thunk unconditional
    - x86/cpu: Clean up SRSO return thunk mess
    - x86/cpu: Rename original retbleed methods
    - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1
    - x86/cpu: Cleanup the untrain mess
    - x86/srso: Explain the untraining sequences a bit more
    - objtool/x86: Fixup frame-pointer vs rethunk
    - x86/static_call: Fix __static_call_fixup()
    - x86/srso: Correct the mitigation status when SMT is disabled
    - Ubuntu: [Config]: enable Speculative Return Stack Overflow mitigation
  * Please enable Renesas RZ platform serial installer (LP: #2022361)
    - [Config] enable hihope RZ/G2M serial console
    - [Config] Mark sh-sci as built-in
  * dGPU cannot resume because system firmware stuck in IPCS method
    (LP: #2021572)
    - drm/i915/tc: Abort DP AUX transfer on a disconnected TC port
    - drm/i915/tc: switch to intel_de_* register accessors in display code
    - drm/i915: Enable a PIPEDMC whenever its corresponding pipe is enabled
    - drm/i915/tc: Fix TC port link ref init for DP MST during HW readout
    - drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks
    - drm/i915/tc: Wait for IOM/FW PHY initialization of legacy TC ports
    - drm/i915/tc: Factor out helpers converting HPD mask to TC mode
    - drm/i915/tc: Fix target TC mode for a disconnected legacy port
    - drm/i915/tc: Fix TC mode for a legacy port if the PHY is not ready
    - drm/i915/tc: Fix initial TC mode on disabled legacy ports
    - drm/i915/tc: Make the TC mode readout consistent in all PHY states
    - drm/i915: Add encoder hook to get the PLL type used by TC ports
    - drm/i915/tc: Assume a TC port is legacy if VBT says the port has HDMI
    - drm/i915/tc: Factor out a function querying active links on a TC port
    - drm/i915/tc: Check the PLL type used by an enabled TC port
    - drm/i915/tc: Group the TC PHY setup/query functions per platform
    - drm/i915/tc: Use the adlp prefix for ADLP TC PHY functions
    - drm/i915/tc: Rename tc_phy_status_complete() to tc_phy_is_ready()
    - drm/i915/tc: Use the tc_phy prefix for all TC PHY functions
    - drm/i915/tc: Move TC port fields to a new intel_tc_port struct
    - drm/i915/tc: Check for TC PHY explicitly in
      intel_tc_port_fia_max_lane_count()
    - drm/i915/tc: Move the intel_tc_port struct declaration to intel_tc.c
    - drm/i915/tc: Add TC PHY hook to get the PHY HPD live status
    - drm/i915/tc: Add TC PHY hooks to get the PHY ready/owned state
    - drm/i915/tc: Add TC PHY hook to read out the PHY HW state
    - drm/i915/tc: Add generic TC PHY connect/disconnect handlers
    - drm/i915/tc: Factor out tc_phy_verify_legacy_or_dp_alt_mode()
    - drm/i915/tc: Add TC PHY hooks to connect/disconnect the PHY
    - drm/i915/tc: Fix up the legacy VBT flag only in disconnected mode
    - drm/i915/tc: Check TC mode instead of the VBT legacy flag
    - drm/i915/tc: Block/unblock TC-cold in the PHY connect/disconnect hooks
    - drm/i915/tc: Remove redundant wakeref=0 check from unblock_tc_cold()
    - drm/i915/tc: Drop tc_cold_block()/unblock()'s power domain parameter
    - drm/i915/tc: Add TC PHY hook to get the TC-cold blocking power domain
    - drm/i915/tc: Add asserts in TC PHY hooks that the required power is on
    - drm/i915/tc: Add TC PHY hook to init the PHY
    - drm/i915/adlp/tc: Use the DE HPD ISR register for hotplug detection
    - drm/i915/tc: Get power ref for reading the HPD live status register
    - drm/i915/tc: Don't connect the PHY in intel_tc_port_connected()
    - drm/i915/adlp/tc: Align the connect/disconnect PHY sequence with bspec
    - drm/i915: Move shared DPLL disabling into CRTC disable hook
    - drm/i915: Disable DPLLs before disconnecting the TC PHY
    - drm/i915: Remove TC PHY disconnect workaround
    - drm/i915: Remove the encoder update_prepare()/complete() hooks
    - drm/i915/dp_mst: Fix active port PLL selection for secondary MST streams
    - drm/i915: Fix PIPEDMC disabling for a bigjoiner configuration
    - drm/i915: Add helpers to reference/unreference a DPLL for a CRTC
    - drm/i915: Make the CRTC state consistent during sanitize-disabling
    - drm/i915: Update connector atomic state before crtc sanitize-disabling
    - drm/i915: Separate intel_crtc_disable_noatomic_begin/complete()
    - drm/i915: Factor out set_encoder_for_co

1786013 Packaging resync
2022361 Please enable Renesas RZ platform serial installer
2021572 dGPU cannot resume because system firmware stuck in IPCS method
2033654 amdgpu: Fixes for S0i3 resume on Phoenix
2033007 kdump doesn't work with UEFI secure boot and kernel lockdown enabled on ARM64
2033122 Request backport of xen timekeeping performance improvements
2033452 Enable D3cold at s2idle for Intel DG2 GPU
2026322 Fix non-working MT7921e when pre-boot WiFi is enabled
2028122 Fix unreliable ethernet cable detection on I219 NIC
2030924 [SRU][Ubuntu 22.04.1] Unable to interpret the frequency values in cpuinfo_min_freq and cpuino_max_freq sysfs files.
2029808 Lunar update: upstream stable patchset 2023-08-03
CVE-2023-4569 A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to
CVE-2023-40283 An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the
CVE-2023-4194 A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized acc
CVE-2023-4155 A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in t ...
CVE-2023-1206 A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN floo
CVE-2023-4273 A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, wh
CVE-2023-4128 A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local a
CVE-2023-3212 A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tr



About   -   Send Feedback to @ubuntu_updates