Package "linux-lowlatency-hwe-6.5"

  linux-lowlatency-hwe-6.5 (6.5.0-14.14.1~22.04.1) jammy; urgency=medium

  * jammy/linux-lowlatency-hwe-6.5: 6.5.0-14.14.1~22.04.1 -proposed tracker
    (LP: #2043484)

  * disable shiftfs (LP: #2038522)
    - [Config] lowlatency-hwe-6.5: disable shiftfs

  * Packaging resync (LP: #1786013)
    - [Packaging] update variants

  [ Ubuntu: 6.5.0-14.14.1 ]

  * mantic/linux-lowlatency: 6.5.0-14.14.1 -proposed tracker (LP: #2041531)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2023.10.30)
  * disable shiftfs (LP: #2038522)
    - [Config] lowlatency: disable shiftfs
  * usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439)
    - [Packaging] lowlatency: Make linux-tools-common depend on hwdata
  * mantic/linux: 6.5.0-14.14 -proposed tracker (LP: #2042660)
  * Boot log print hang on screen, no login prompt on Aspeed 2600 rev 52 BMC
    (LP: #2042850)
    - drm/ast: Add BMC virtual connector
  * arm64 atomic issues cause disk corruption (LP: #2042573)
    - locking/atomic: scripts: fix fallback ifdeffery
  * Packaging resync (LP: #1786013)
    - [Packaging] update annotations scripts
  * mantic/linux: 6.5.0-12.12 -proposed tracker (LP: #2041536)
  * Packaging resync (LP: #1786013)
    - [Packaging] update annotations scripts
    - [Packaging] update helper scripts
    - debian/dkms-versions -- update from kernel-versions (main/2023.10.30)
  * CVE-2023-5633
    - drm/vmwgfx: Keep a gem reference to user bos in surfaces
  * CVE-2023-5345
    - fs/smb/client: Reset password pointer to NULL
  * CVE-2023-39189
    - netfilter: nfnetlink_osf: avoid OOB read
  * CVE-2023-4244
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
  * apparmor restricts read access of user namespace mediation sysctls to root
    (LP: #2040194)
    - SAUCE: apparmor: open userns related sysctl so lxc can check if restriction
      are in place
  * AppArmor spams kernel log with assert when auditing (LP: #2040192)
    - SAUCE: apparmor: fix request field from a prompt reply that denies all
      access
  * apparmor notification files verification (LP: #2040250)
    - SAUCE: apparmor: fix notification header size
  * apparmor oops when racing to retrieve a notification (LP: #2040245)
    - SAUCE: apparmor: fix oops when racing to retrieve notification
  * SMC stats: Wrong bucket calculation for payload of exactly 4096 bytes
    (LP: #2039575)
    - net/smc: Fix pos miscalculation in statistics
  * Support mipi camera on Intel Meteor Lake platform (LP: #2031412)
    - SAUCE: iommu: intel-ipu: use IOMMU passthrough mode for Intel IPUs on Meteor
      Lake
    - SAUCE: platform/x86: int3472: Add handshake GPIO function
  * CVE-2023-45898
    - ext4: fix slab-use-after-free in ext4_es_insert_extent()
  * CVE-2023-31085
    - ubi: Refuse attaching if mtd's erasesize is 0
  * CVE-2023-5717
    - perf: Disallow mis-matched inherited group reads
  * CVE-2023-5178
    - nvmet-tcp: Fix a possible UAF in queue intialization setup
  * CVE-2023-5158
    - vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
  * CVE-2023-5090
    - x86: KVM: SVM: always update the x2avic msr interception
  * [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
    (LP: #2033406)
    - [Packaging] Make WWAN driver loadable modules
  * Unable to power off the system with MTL CPU (LP: #2039405)
    - Revert "x86/smp: Put CPUs into INIT on shutdown if possible"
  * usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439)
    - [Packaging] Make linux-tools-common depend on hwdata
  * drop all references to is_rust_module.sh in kernels >= 6.5 (LP: #2038611)
    - [Packaging] drop references to is_rust_module.sh
  * disable shiftfs (LP: #2038522)
    - SAUCE: ceph: enable unsafe idmapped mounts by default
    - [Config] disable shiftfs
  * Infinite systemd loop when power off the machine with multiple MD RAIDs
    (LP: #2036184)
    - md: Put the right device in md_seq_next
  * [Mediatek] mt8195-demo: enable CONFIG_MTK_IOMMU as module for multimedia and
    PCIE peripherals (LP: #2036587)
    - [Config] Enable CONFIG_MTK_IOMMU on arm64
  * Realtek 8852CE WiFi 6E country code udpates (LP: #2037273)
    - wifi: rtw89: regd: update regulatory map to R64-R43
  * Unable to use nvme drive to install Ubuntu 23.10 (LP: #2040157)
    - misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to
      probe
  * CVE-2023-42754
    - ipv4: fix null-deref in ipv4_link_failure
  * linux-*: please enable dm-verity kconfigs to allow MoK/db verified root
    images (LP: #2019040)
    - [Config] CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y
  * Fix RCU warning on AMD laptops (LP: #2036377)
    - power: supply: core: Use blocking_notifier_call_chain to avoid RCU complaint
  * allow io_uring to be disabled in runtime (LP: #2035116)
    - io_uring: add a sysctl to disable io_uring system-wide
  * Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
    - ALSA: hda/realtek - ALC287 I2S speaker platform support

  [ Ubuntu: 6.5.0-13.13.1 ]

  * mantic/linux-lowlatency: 6.5.0-13.13.1 -proposed tracker (LP: #2041872)
  * mantic/linux: 6.5.0-13.13 -proposed tracker (LP: #2042652)
  * arm64 atomic issues cause disk corruption (LP: #2042573)
    - locking/atomic: scripts: fix fallback ifdeffery
  * mantic/linux: 6.5.0-11.11 -proposed tracker (LP: #2041879)
  * CVE-2023-31085
    - ubi: Refuse attaching if mtd's erasesize is 0
  * CVE-2023-4244
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
  * CVE-2023-5633
    - drm/vmwgfx: Keep a gem reference to user bos in surfaces
  * CVE-2023-5345
    - fs/smb/client: Reset password pointer to NULL
  * CVE-2023-5090
    - x86: KVM: SVM: always update the x2avic msr interception
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scr