UbuntuUpdates.org

Package "linux-image-unsigned-5.15.0-1071-gcp"

This package belongs to a PPA: Canonical Kernel Team

Name: linux-image-unsigned-5.15.0-1071-gcp

Description:

Linux kernel image for version 5.15.0 on 64 bit x86 SMP

Latest version: 5.15.0-1071.79~20.04.1
Release: focal (20.04)
Level: base
Repository: main
Head package: linux-gcp-5.15

Links


Download "linux-image-unsigned-5.15.0-1071-gcp"


Other versions of "linux-image-unsigned-5.15.0-1071-gcp" in Focal

Repository Area Version
proposed main 5.15.0-1071.79~20.04.1

Changelog

Version: 5.15.0-1061.69~20.04.1 2024-05-22 22:09:07 UTC

 linux-gcp-5.15 (5.15.0-1061.69~20.04.1) focal; urgency=medium
 .
   * focal/linux-gcp-5.15: 5.15.0-1061.69~20.04.1 -proposed tracker
     (LP: #2063727)
 .
   [ Ubuntu: 5.15.0-1061.69 ]
 .
   * jammy/linux-gcp: 5.15.0-1061.69 -proposed tracker (LP: #2063728)
   * jammy/linux: 5.15.0-111.121 -proposed tracker (LP: #2063763)
   * RTL8852BE fw security fail then lost WIFI function during suspend/resume
     cycle (LP: #2063096)
     - wifi: rtw89: download firmware with five times retry
   * Mount CIFS fails with Permission denied (LP: #2061986)
     - cifs: fix ntlmssp auth when there is no key exchange
   * USB stick can't be detected (LP: #2040948)
     - usb: Disable USB3 LPM at shutdown
   * Jammy update: v5.15.153 upstream stable release (LP: #2063290)
     - io_uring/unix: drop usage of io_uring socket
     - io_uring: drop any code related to SCM_RIGHTS
     - selftests: tls: use exact comparison in recv_partial
     - ASoC: rt5645: Make LattePanda board DMI match more precise
     - x86/xen: Add some null pointer checking to smp.c
     - MIPS: Clear Cause.BD in instruction_pointer_set
     - HID: multitouch: Add required quirk for Synaptics 0xcddc device
     - gen_compile_commands: fix invalid escape sequence warning
     - RDMA/mlx5: Fix fortify source warning while accessing Eth segment
     - RDMA/mlx5: Relax DEVX access upon modify commands
     - riscv: dts: sifive: add missing #interrupt-cells to pmic
     - x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h
     - x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
     - net/iucv: fix the allocation size of iucv_path_table array
     - parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check
     - block: sed-opal: handle empty atoms when parsing response
     - dm-verity, dm-crypt: align "struct bvec_iter" correctly
     - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready
     - ALSA: hda/realtek - ALC285 reduce pop noise from Headphone port
     - drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series
     - Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
     - firewire: core: use long bus reset on gap count error
     - ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet
     - Input: gpio_keys_polled - suppress deferred probe error for gpio
     - ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC
     - ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode
     - ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll
     - do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
     - s390/dasd: put block allocation in separate function
     - s390/dasd: add query PPRC function
     - s390/dasd: add copy pair setup
     - s390/dasd: add autoquiesce feature
     - s390/dasd: Use dev_*() for device log messages
     - s390/dasd: fix double module refcount decrement
     - fs/select: rework stack allocation hack for clang
     - md: Don't clear MD_CLOSING when the raid is about to stop
     - lib/cmdline: Fix an invalid format specifier in an assertion msg
     - time: test: Fix incorrect format specifier
     - rtc: test: Fix invalid format specifier.
     - aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
     - timekeeping: Fix cross-timestamp interpolation on counter wrap
     - timekeeping: Fix cross-timestamp interpolation corner case decision
     - timekeeping: Fix cross-timestamp interpolation for non-x86
     - sched/fair: Take the scheduling domain into account in select_idle_core()
     - wifi: ath10k: fix NULL pointer dereference in
       ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()
     - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
     - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled
     - wifi: b43: Stop correct queue in DMA worker when QoS is disabled
     - wifi: b43: Disable QoS for bcm4331
     - wifi: wilc1000: fix declarations ordering
     - wifi: wilc1000: fix RCU usage in connect path
     - wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
     - wifi: wilc1000: fix multi-vif management when deleting a vif
     - wifi: mwifiex: debugfs: Drop unnecessary error check for
       debugfs_create_dir()
     - cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
     - cpufreq: Explicitly include correct DT includes
     - cpufreq: mediatek-hw: Wait for CPU supplies before probing
     - sock_diag: annotate data-races around sock_diag_handlers[family]
     - inet_diag: annotate data-races around inet_diag_table[]
     - bpftool: Silence build warning about calloc()
     - af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc().
     - cpufreq: mediatek-hw: Don't error out if supply is not found
     - arm64: dts: imx8mm-kontron: Disable pullups for I2C signals on SL/BL i.MX8MM
     - arm64: dts: imx8mm-kontron: Disable pullups for onboard UART signals on BL
       board
     - arm64: dts: imx8mm-kontron: Add support for ultra high speed modes on SD
       card
     - arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch SD card IO
       voltage
     - arm64: dts: imx8mm-kontron: Disable pull resistors for SD card signals on BL
       board
     - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
     - wifi: iwlwifi: mvm: report beacon protection failures
     - wifi: iwlwifi: dbg-tlv: ensure NUL termination
     - wifi: iwlwifi: fix EWRD table validity check
     - arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS
     - pwm: atmel-hlcdc: Convert to platform remove callback returning void
     - pwm: atmel-hlcdc: Use consistent variable naming
     - pwm: atmel-hlcdc: Fix clock imbalance related to suspend support
     - net: blackhole_dev: fix build warning for ethh set but not used
     - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
     - pwm: sti: Implement .apply() callback
     - pwm: sti: Fix capture for st,pwm-num-chan <

Source diff to previous version
2063096 RTL8852BE fw security fail then lost WIFI function during suspend/resume cycle
2061986 Mount CIFS fails with Permission denied
2063290 Jammy update: v5.15.153 upstream stable release
2063276 Jammy update: v5.15.152 upstream stable release
2060422 Avoid creating non-working backlight sysfs knob from ASUS board
2058477 [Ubuntu 22.04.4/linux-image-6.5.0-26-generic] Kernel output \
2060209 Jammy update: v5.15.151 upstream stable release
2063067 Fix bluetooth connections with 3.0 device
2060142 Jammy update: v5.15.150 upstream stable release
CVE-2024-26809 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: release elements in clone only from destroy path Clo
CVE-2024-26792 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free of anonymous device after snapshot creation failure When
CVE-2023-52530 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is c
CVE-2023-52447 In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an in
CVE-2024-26782 In the Linux kernel, the following vulnerability has been resolved: mptcp: fix double-free on socket dismantle when MPTCP server accepts an incomin
CVE-2024-26733 In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write i
CVE-2024-26735 In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations
CVE-2024-26736 In the Linux kernel, the following vulnerability has been resolved: afs: Increase buffer size in afs_update_volume_status() The max length of volum
CVE-2024-26748 In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if (request->co
CVE-2023-47233 The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by
CVE-2024-26584 In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_
CVE-2024-26585 In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous
CVE-2024-26583 In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one
CVE-2024-26622 In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control(

Version: 5.15.0-1059.67~20.04.1 2024-04-18 17:08:40 UTC

 linux-gcp-5.15 (5.15.0-1059.67~20.04.1) focal; urgency=medium
 .
   * focal/linux-gcp-5.15: 5.15.0-1059.67~20.04.1 -proposed tracker
     (LP: #2061777)
 .
   [ Ubuntu: 5.15.0-1059.67 ]
 .
   * jammy/linux-gcp: 5.15.0-1059.67 -proposed tracker (LP: #2061778)
   * jammy/linux: 5.15.0-106.116 -proposed tracker (LP: #2061812)
   * CVE-2024-2201
     - x86/bugs: Use sysfs_emit()
     - KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs
     - KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace
     - KVM: x86: Use a switch statement and macros in __feature_translate()
     - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
     - x86/syscall: Don't force use of indirect calls for system calls
     - x86/bhi: Add support for clearing branch history at syscall entry
     - x86/bhi: Define SPEC_CTRL_BHI_DIS_S
     - x86/bhi: Enumerate Branch History Injection (BHI) bug
     - x86/bhi: Add BHI mitigation knob
     - x86/bhi: Mitigate KVM by default
     - KVM: x86: Add BHI_NO
     - [Config] Set CONFIG_BHI to enabled (auto)
   * Drop fips-checks script from trees (LP: #2055083)
     - [Packaging] Remove fips-checks script
   * alsa/realtek: adjust max output valume for headphone on 2 LG machines
     (LP: #2058573)
     - ALSA: hda/realtek: fix the hp playback volume issue for LG machines
   * A general-proteciton exception during guest migration to unsupported PKRU
     machine (LP: #2032164)
     - x86/fpu: Allow caller to constrain xfeatures when copying to uabi buffer
     - KVM: x86: Constrain guest-supported xfeatures only at KVM_GET_XSAVE{2}
   * [ICX] [SPR] [ipc/msg] performance: Mitigate the lock contention with percpu
     counter (LP: #2058485)
     - ipc: check checkpoint_restore_ns_capable() to modify C/R proc files
     - ipc/ipc_sysctl.c: remove fallback for !CONFIG_PROC_SYSCTL
     - ipc: Store mqueue sysctls in the ipc namespace
     - ipc: Store ipc sysctls in the ipc namespace
     - ipc: Use the same namespace to modify and validate
     - ipc: Remove extra1 field abuse to pass ipc namespace
     - ipc: Check permissions for checkpoint_restart sysctls at open time
     - percpu: add percpu_counter_add_local and percpu_counter_sub_local
     - ipc/msg: mitigate the lock contention with percpu counter
   * Jammy update: v5.15.149 upstream stable release (LP: #2059014)
     - ksmbd: free ppace array on error in parse_dacl
     - ksmbd: don't allow O_TRUNC open on read-only share
     - ksmbd: validate mech token in session setup
     - ksmbd: fix UAF issue in ksmbd_tcp_new_connection()
     - ksmbd: only v2 leases handle the directory
     - iio: adc: ad7091r: Set alert bit in config register
     - iio: adc: ad7091r: Allow users to configure device events
     - iio: adc: ad7091r: Enable internal vref if external vref is not supplied
     - dmaengine: fix NULL pointer in channel unregistration function
     - scsi: ufs: core: Simplify power management during async scan
     - scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan()
     - iio:adc:ad7091r: Move exports into IIO_AD7091R namespace.
     - ext4: allow for the last group to be marked as trimmed
     - btrfs: sysfs: validate scrub_speed_max value
     - crypto: api - Disallow identical driver names
     - PM: hibernate: Enforce ordering during image compression/decompression
     - hwrng: core - Fix page fault dead lock on mmap-ed hwrng
     - crypto: s390/aes - Fix buffer overread in CTR mode
     - media: imx355: Enable runtime PM before registering async sub-device
     - rpmsg: virtio: Free driver_override when rpmsg_remove()
     - media: ov9734: Enable runtime PM before registering async sub-device
     - mips: Fix max_mapnr being uninitialized on early stages
     - bus: mhi: host: Drop chan lock before queuing buffers
     - bus: mhi: host: Add spinlock to protect WP access when queueing TREs
     - parisc/firmware: Fix F-extend for PDC addresses
     - async: Split async_schedule_node_domain()
     - async: Introduce async_schedule_dev_nocall()
     - arm64: dts: qcom: sc7180: fix USB wakeup interrupt types
     - arm64: dts: qcom: sdm845: fix USB wakeup interrupt types
     - arm64: dts: qcom: sm8150: fix USB wakeup interrupt types
     - arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts
     - lsm: new security_file_ioctl_compat() hook
     - scripts/get_abi: fix source path leak
     - mmc: core: Use mrq.sbc in close-ended ffu
     - mmc: mmc_spi: remove custom DMA mapped buffers
     - rtc: Adjust failure return code for cmos_set_alarm()
     - nouveau/vmm: don't set addr on the fail path to avoid warning
     - ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
     - rename(): fix the locking of subdirectories
     - ksmbd: set v2 lease version on lease upgrade
     - ksmbd: fix potential circular locking issue in smb2_set_ea()
     - ksmbd: don't increment epoch if current state and request state are same
     - ksmbd: send lease break notification on FILE_RENAME_INFORMATION
     - ksmbd: Add missing set_freezable() for freezable kthread
     - net/smc: fix illegal rmb_desc access in SMC-D connection dump
     - tcp: make sure init the accept_queue's spinlocks once
     - bnxt_en: Wait for FLR to complete during probe
     - vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
     - llc: make llc_ui_sendmsg() more robust against bonding changes
     - llc: Drop support for ETH_P_TR_802_2.
     - net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
     - tracing: Ensure visibility when inserting an element into tracing_map
     - afs: Hide silly-rename files from userspace
     - tcp: Add memory barrier to tcp_push()
     - netlink: fix potential sleeping issue in mqueue_flush_file
     - ipv6: init the accept_queue's spinlocks in inet6_create
     - net/mlx5: DR, Use the right GVMI number for drop action
     - net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior
     - net/mlx5: DR

Source diff to previous version
2055083 Drop fips-checks script from trees
2058573 alsa/realtek: adjust max output valume for headphone on 2 LG machines
2032164 A general-proteciton exception during guest migration to unsupported PKRU machine
2058485 [ICX] [SPR] [ipc/msg] performance: Mitigate the lock contention with percpu counter
2059014 Jammy update: v5.15.149 upstream stable release
2056418 Fix headphone mic detection issue on ALC897
2056373 Problems with HVCS and hotplugging
2056227 KVM: arm64: softlockups in stage2_apply_range
CVE-2024-2201 Native Branch History Injection
CVE-2023-6039 A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel.

Version: 5.15.0-1057.65~20.04.1 2024-04-12 17:08:42 UTC

 linux-gcp-5.15 (5.15.0-1057.65~20.04.1) focal; urgency=medium
 .
   * focal/linux-gcp-5.15: 5.15.0-1057.65~20.04.1 -proposed tracker
     (LP: #2059462)
 .
   [ Ubuntu: 5.15.0-1057.65 ]
 .
   * jammy/linux-gcp: 5.15.0-1057.65 -proposed tracker (LP: #2059463)
   * jammy/linux: 5.15.0-104.114 -proposed tracker (LP: #2059497)
   * Drop fips-checks script from trees (LP: #2055083)
     - [Packaging] Remove fips-checks script
   * alsa/realtek: adjust max output valume for headphone on 2 LG machines
     (LP: #2058573)
     - ALSA: hda/realtek: fix the hp playback volume issue for LG machines
   * A general-proteciton exception during guest migration to unsupported PKRU
     machine (LP: #2032164)
     - x86/fpu: Allow caller to constrain xfeatures when copying to uabi buffer
     - KVM: x86: Constrain guest-supported xfeatures only at KVM_GET_XSAVE{2}
   * [ICX] [SPR] [ipc/msg] performance: Mitigate the lock contention with percpu
     counter (LP: #2058485)
     - ipc: check checkpoint_restore_ns_capable() to modify C/R proc files
     - ipc/ipc_sysctl.c: remove fallback for !CONFIG_PROC_SYSCTL
     - ipc: Store mqueue sysctls in the ipc namespace
     - ipc: Store ipc sysctls in the ipc namespace
     - ipc: Use the same namespace to modify and validate
     - ipc: Remove extra1 field abuse to pass ipc namespace
     - ipc: Check permissions for checkpoint_restart sysctls at open time
     - percpu: add percpu_counter_add_local and percpu_counter_sub_local
     - ipc/msg: mitigate the lock contention with percpu counter
   * Remove getabis scripts (LP: #2059143)
     - [Packaging] Remove getabis
   * Jammy update: v5.15.149 upstream stable release (LP: #2059014)
     - ksmbd: free ppace array on error in parse_dacl
     - ksmbd: don't allow O_TRUNC open on read-only share
     - ksmbd: validate mech token in session setup
     - ksmbd: fix UAF issue in ksmbd_tcp_new_connection()
     - ksmbd: only v2 leases handle the directory
     - iio: adc: ad7091r: Set alert bit in config register
     - iio: adc: ad7091r: Allow users to configure device events
     - iio: adc: ad7091r: Enable internal vref if external vref is not supplied
     - dmaengine: fix NULL pointer in channel unregistration function
     - scsi: ufs: core: Simplify power management during async scan
     - scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan()
     - iio:adc:ad7091r: Move exports into IIO_AD7091R namespace.
     - ext4: allow for the last group to be marked as trimmed
     - btrfs: sysfs: validate scrub_speed_max value
     - crypto: api - Disallow identical driver names
     - PM: hibernate: Enforce ordering during image compression/decompression
     - hwrng: core - Fix page fault dead lock on mmap-ed hwrng
     - crypto: s390/aes - Fix buffer overread in CTR mode
     - media: imx355: Enable runtime PM before registering async sub-device
     - rpmsg: virtio: Free driver_override when rpmsg_remove()
     - media: ov9734: Enable runtime PM before registering async sub-device
     - mips: Fix max_mapnr being uninitialized on early stages
     - bus: mhi: host: Drop chan lock before queuing buffers
     - bus: mhi: host: Add spinlock to protect WP access when queueing TREs
     - parisc/firmware: Fix F-extend for PDC addresses
     - async: Split async_schedule_node_domain()
     - async: Introduce async_schedule_dev_nocall()
     - arm64: dts: qcom: sc7180: fix USB wakeup interrupt types
     - arm64: dts: qcom: sdm845: fix USB wakeup interrupt types
     - arm64: dts: qcom: sm8150: fix USB wakeup interrupt types
     - arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts
     - lsm: new security_file_ioctl_compat() hook
     - scripts/get_abi: fix source path leak
     - mmc: core: Use mrq.sbc in close-ended ffu
     - mmc: mmc_spi: remove custom DMA mapped buffers
     - rtc: Adjust failure return code for cmos_set_alarm()
     - nouveau/vmm: don't set addr on the fail path to avoid warning
     - ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
     - rename(): fix the locking of subdirectories
     - ksmbd: set v2 lease version on lease upgrade
     - ksmbd: fix potential circular locking issue in smb2_set_ea()
     - ksmbd: don't increment epoch if current state and request state are same
     - ksmbd: send lease break notification on FILE_RENAME_INFORMATION
     - ksmbd: Add missing set_freezable() for freezable kthread
     - net/smc: fix illegal rmb_desc access in SMC-D connection dump
     - tcp: make sure init the accept_queue's spinlocks once
     - bnxt_en: Wait for FLR to complete during probe
     - vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
     - llc: make llc_ui_sendmsg() more robust against bonding changes
     - llc: Drop support for ETH_P_TR_802_2.
     - net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
     - tracing: Ensure visibility when inserting an element into tracing_map
     - afs: Hide silly-rename files from userspace
     - tcp: Add memory barrier to tcp_push()
     - netlink: fix potential sleeping issue in mqueue_flush_file
     - ipv6: init the accept_queue's spinlocks in inet6_create
     - net/mlx5: DR, Use the right GVMI number for drop action
     - net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior
     - net/mlx5: DR, Can't go to uplink vport on RX rule
     - net/mlx5e: fix a double-free in arfs_create_groups
     - net/mlx5e: fix a potential double-free in fs_any_create_groups
     - overflow: Allow mixed type arguments
     - netfilter: nft_limit: reject configurations that cause integer overflow
     - netfilter: nf_tables: restrict anonymous set and map names to 16 bytes
     - netfilter: nf_tables: validate NFPROTO_* family
     - net: stmmac: Wait a bit for the reset to take effect
     - net: mvpp2: clear BM pool before initialization
     - selftests: netdevsim: fix the udp_tunnel_nic test
     - fjes: fix memleaks in fjes_hw_setup
     - net: fec: fix the unhandled contex

Source diff to previous version
2055083 Drop fips-checks script from trees
2058573 alsa/realtek: adjust max output valume for headphone on 2 LG machines
2032164 A general-proteciton exception during guest migration to unsupported PKRU machine
2058485 [ICX] [SPR] [ipc/msg] performance: Mitigate the lock contention with percpu counter
2059143 Remove getabis scripts
2059014 Jammy update: v5.15.149 upstream stable release
2056418 Fix headphone mic detection issue on ALC897
2056373 Problems with HVCS and hotplugging
2056227 KVM: arm64: softlockups in stage2_apply_range
CVE-2023-52603 In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the followin
CVE-2023-52600 In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfs_evict_inode When the execution of diMount(ipimap) fails, th
CVE-2023-24023 Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-
CVE-2024-26581 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on
CVE-2023-6039 A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel.

Version: 5.15.0-1055.63~20.04.1 2024-03-21 01:08:53 UTC

 linux-gcp-5.15 (5.15.0-1055.63~20.04.1) focal; urgency=medium
 .
   * focal/linux-gcp-5.15: 5.15.0-1055.63~20.04.1 -proposed tracker
     (LP: #2055599)
 .
   * Packaging resync (LP: #1786013)
     - [Packaging] drop ABI data
     - debian.gcp-5.15/dkms-versions -- update from kernel-versions
       (main/2024.03.04)
 .
   [ Ubuntu: 5.15.0-1055.63 ]
 .
   * jammy/linux-gcp: 5.15.0-1055.63 -proposed tracker (LP: #2055600)
   * Packaging resync (LP: #1786013)
     - [Packaging] drop ABI data
     - debian.gcp/dkms-versions -- update from kernel-versions (main/2024.03.04)
   * linux: please move dmi-sysfs.ko (CONFIG_DMI_SYSFS for SMBIOS support) from
     linux-modules-extra to linux-modules (LP: #2045561)
     - [Packaging] gcp: Move dmi-sysfs.ko into linux-modules
   * linux: please move erofs.ko (CONFIG_EROFS for EROFS support) from linux-
     modules-extra to linux-modules (LP: #2054809)
     - UBUNTU [Packaging]: gcp: Include erofs in linux-modules instead of linux-
       modules-extra
   * jammy/linux: 5.15.0-102.112 -proposed tracker (LP: #2055632)
   * Drop ABI checks from kernel build (LP: #2055686)
     - [Packaging] Remove in-tree abi checks
     - [Packaging] Drop abi checks from final-checks
   * Packaging resync (LP: #1786013)
     - [Packaging] drop ABI data
     - [Packaging] update annotations scripts
     - debian.master/dkms-versions -- update from kernel-versions (main/2024.03.04)
   * block/loop: No longer allows to create partitions (LP: #2056143)
     - block, loop: support partitions without scanning
   * Cranky update-dkms-versions rollout (LP: #2055685)
     - [Packaging] remove update-dkms-versions
     - Move debian/dkms-versions to debian.master/dkms-versions
     - [Packaging] Replace debian/dkms-versions with $(DEBIAN)/dkms-versions
     - [Packaging] remove update-version-dkms
   * linux: please move erofs.ko (CONFIG_EROFS for EROFS support) from linux-
     modules-extra to linux-modules (LP: #2054809)
     - UBUNTU [Packaging]: Include erofs in linux-modules instead of linux-modules-
       extra
   * linux-tools-common: man page of usbip[d] is misplaced (LP: #2054094)
     - [Packaging] rules: Put usbip manpages in the correct directory
   * CVE-2024-23851
     - dm ioctl: log an error if the ioctl structure is corrupted
     - dm: limit the number of targets and parameter size area
   * CVE-2024-23850
     - btrfs: do not ASSERT() if the newly created subvolume already got read
   * x86: performance: tsc: Extend watchdog check exemption to 4-Sockets platform
     (LP: #2054699)
     - x86/tsc: Extend watchdog check exemption to 4-Sockets platform
   * linux: please move dmi-sysfs.ko (CONFIG_DMI_SYSFS for SMBIOS support) from
     linux-modules-extra to linux-modules (LP: #2045561)
     - [Packaging] Move dmi-sysfs.ko into linux-modules
   * Fix bpf selftests build failure after v5.15.139 update (LP: #2054567)
     - Revert "selftests/bpf: Test tail call counting with bpf2bpf and data on
       stack"
   * Jammy update: v5.15.148 upstream stable release (LP: #2055145)
     - f2fs: explicitly null-terminate the xattr list
     - pinctrl: lochnagar: Don't build on MIPS
     - ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro
     - mptcp: fix uninit-value in mptcp_incoming_options
     - wifi: cfg80211: lock wiphy mutex for rfkill poll
     - debugfs: fix automount d_fsdata usage
     - drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer
     - nvme-core: check for too small lba shift
     - ASoC: wm8974: Correct boost mixer inputs
     - ASoC: Intel: Skylake: Fix mem leak in few functions
     - ASoC: nau8822: Fix incorrect type in assignment and cast to restricted
       __be16
     - ASoC: Intel: Skylake: mem leak in skl register function
     - ASoC: cs43130: Fix the position of const qualifier
     - ASoC: cs43130: Fix incorrect frame delay configuration
     - ASoC: rt5650: add mutex to avoid the jack detection failure
     - nouveau/tu102: flush all pdbs on vmm flush
     - net/tg3: fix race condition in tg3_reset_task()
     - ASoC: da7219: Support low DC impedance headset
     - ASoC: ops: add correct range check for limiting volume
     - nvme: introduce helper function to get ctrl state
     - drm/amdgpu: Add NULL checks for function pointers
     - drm/exynos: fix a potential error pointer dereference
     - drm/exynos: fix a wrong error checking
     - hwmon: (corsair-psu) Fix probe when built-in
     - clk: rockchip: rk3128: Fix HCLK_OTG gate register
     - jbd2: correct the printing of write_flags in jbd2_write_superblock()
     - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc
     - neighbour: Don't let neigh_forced_gc() disable preemption for long
     - platform/x86: intel-vbtn: Fix missing tablet-mode-switch events
     - jbd2: fix soft lockup in journal_finish_inode_data_buffers()
     - tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing
     - tracing: Add size check when printing trace_marker output
     - stmmac: dwmac-loongson: drop useless check for compatible fallback
     - MIPS: dts: loongson: drop incorrect dwmac fallback compatible
     - tracing: Fix uaf issue when open the hist or hist_debug file
     - ring-buffer: Do not record in NMI if the arch does not support cmpxchg in
       NMI
     - reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning
     - Input: atkbd - skip ATKBD_CMD_GETID in translated mode
     - Input: i8042 - add nomux quirk for Acer P459-G2-M
     - s390/scm: fix virtual vs physical address confusion
     - ARC: fix spare error
     - wifi: iwlwifi: pcie: avoid a NULL pointer dereference
     - Input: xpad - add Razer Wolverine V2 support
     - ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346
     - i2c: rk3x: fix potential spinlock recursion on poll
     - net: qrtr: ns: Return 0 if server port is not present
     - ARM: sun9i: smp: fix return code check of of_property_match_string
     - drm/crtc: fi

Source diff to previous version
1786013 Packaging resync
2045561 linux: please move dmi-sysfs.ko (CONFIG_DMI_SYSFS for SMBIOS support) from linux-modules-extra to linux-modules
2054809 linux: please move erofs.ko (CONFIG_EROFS for EROFS support) from linux-modules-extra to linux-modules
2055686 Drop ABI checks from kernel build
2056143 block/loop: No longer allows to create partitions
2055685 Cranky update-dkms-versions rollout
2054094 linux-tools-common: man page of usbip[d] is misplaced
2054699 x86: performance: tsc: Extend watchdog check exemption to 4-Sockets platform
2054567 Fix bpf selftests build failure after v5.15.139 update
2055145 Jammy update: v5.15.148 upstream stable release
2053251 performance: Scheduler: ratelimit updating of load_avg
2054411 Jammy update: v5.15.147 upstream stable release
2053152 performance: mm/percpu-internal.h: Re-layout pcpu_chunk to mitigate false sharing
2053069 performance: address_space: add padding for i_map and i_mmap_rwsem to mitigate a false sharing
2052817 cpufreq: intel_pstate: Enable HWP IO boost for all servers
2052827 performance: mm/memcontrol.c: remove the redundant updating of stats_flush_threshold
2053212 Jammy update: v5.15.146 upstream stable release
1971699 disable Intel DMA remapping by default
2052005 Validate connection interval to pass Bluetooth Test Suite
2052406 Jammy update: v5.15.145 upstream stable release
2052404 Jammy update: v5.15.144 upstream stable release
CVE-2024-23851 copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missi
CVE-2024-23850 In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be
CVE-2024-24855 A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer deref
CVE-2024-1085 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_
CVE-2023-23000 In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error cas
CVE-2023-46838 Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them
CVE-2024-1086 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_
CVE-2023-32247 A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_S
CVE-2024-22705 An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_

Version: 5.15.0-1053.61~20.04.1 2024-02-26 19:08:46 UTC

 linux-gcp-5.15 (5.15.0-1053.61~20.04.1) focal; urgency=medium
 .
   * focal/linux-gcp-5.15: 5.15.0-1053.61~20.04.1 -proposed tracker
     (LP: #2052055)
 .
   [ Ubuntu: 5.15.0-1053.61 ]
 .
   * jammy/linux-gcp: 5.15.0-1053.61 -proposed tracker (LP: #2052056)
   * jammy/linux: 5.15.0-100.110 -proposed tracker (LP: #2052616)
   * i915 regression introduced with 5.5 kernel (LP: #2044131)
     - drm/i915: Skip some timing checks on BXT/GLK DSI transcoders
   * Audio balancing setting doesn't work with the cirrus codec (LP: #2051050)
     - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models
   * partproke is broken on empty loopback device (LP: #2049689)
     - block: Move checking GENHD_FL_NO_PART to bdev_add_partition()
   * CVE-2023-0340
     - vhost: use kzalloc() instead of kmalloc() followed by memset()
   * CVE-2023-51780
     - atm: Fix Use-After-Free in do_vcc_ioctl
   * CVE-2023-6915
     - ida: Fix crash in ida_free when the bitmap is empty
   * CVE-2024-0646
     - net: tls, update curr on splice as well
   * CVE-2024-0565
     - smb: client: fix OOB in receive_encrypted_standard()
   * CVE-2023-51781
     - appletalk: Fix Use-After-Free in atalk_ioctl
   * Jammy update: v5.15.143 upstream stable release (LP: #2050858)
     - vdpa/mlx5: preserve CVQ vringh index
     - hrtimers: Push pending hrtimers away from outgoing CPU earlier
     - i2c: designware: Fix corrupted memory seen in the ISR
     - netfilter: ipset: fix race condition between swap/destroy and kernel side
       add/del/test
     - tg3: Move the [rt]x_dropped counters to tg3_napi
     - tg3: Increment tx_dropped in tg3_tso_bug()
     - kconfig: fix memory leak from range properties
     - drm/amdgpu: correct chunk_ptr to a pointer to chunk.
     - platform/x86: asus-wmi: Adjust tablet/lidflip handling to use enum
     - platform/x86: asus-wmi: Add support for ROG X13 tablet mode
     - platform/x86: asus-wmi: Simplify tablet-mode-switch probing
     - platform/x86: asus-wmi: Simplify tablet-mode-switch handling
     - platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code
     - of: dynamic: Fix of_reconfig_get_state_change() return value documentation
     - platform/x86: wmi: Allow duplicate GUIDs for drivers that use struct
       wmi_driver
     - platform/x86: wmi: Skip blocks with zero instances
     - ipv6: fix potential NULL deref in fib6_add()
     - octeontx2-pf: Add missing mutex lock in otx2_get_pauseparam
     - octeontx2-af: Check return value of nix_get_nixlf before using nixlf
     - hv_netvsc: rndis_filter needs to select NLS
     - r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE
     - r8152: Add RTL8152_INACCESSIBLE checks to more loops
     - r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash()
     - r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1()
     - r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en()
     - mlxbf-bootctl: correctly identify secure boot with development keys
     - platform/mellanox: Add null pointer checks for devm_kasprintf()
     - platform/mellanox: Check devm_hwmon_device_register_with_groups() return
       value
     - arcnet: restoring support for multiple Sohard Arcnet cards
     - net: stmmac: fix FPE events losing
     - octeontx2-af: fix a use-after-free in rvu_npa_register_reporters
     - i40e: Fix unexpected MFS warning message
     - net: bnxt: fix a potential use-after-free in bnxt_init_tc
     - ionic: fix snprintf format length warning
     - ionic: Fix dim work handling in split interrupt mode
     - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit()
     - net: hns: fix fake link up on xge port
     - octeontx2-af: Update Tx link register range
     - netfilter: nf_tables: validate family when identifying table via handle
     - netfilter: xt_owner: Fix for unsafe access of sk->sk_socket
     - tcp: do not accept ACK of bytes we never sent
     - bpf: sockmap, updating the sg structure should also update curr
     - psample: Require 'CAP_NET_ADMIN' when joining "packets" group
     - net: add missing kdoc for struct genl_multicast_group::flags
     - drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group
     - tee: optee: Fix supplicant based device enumeration
     - RDMA/hns: Fix unnecessary err return when using invalid congest control
       algorithm
     - RDMA/irdma: Do not modify to SQD on error
     - RDMA/irdma: Add wait for suspend on SQD
     - arm64: dts: rockchip: Expand reg size of vdec node for RK3399
     - RDMA/rtrs-srv: Do not unconditionally enable irq
     - RDMA/rtrs-clt: Start hb after path_up
     - RDMA/rtrs-srv: Check return values while processing info request
     - RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true
     - RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight
     - RDMA/rtrs-clt: Fix the max_send_wr setting
     - RDMA/rtrs-clt: Remove the warnings for req in_use check
     - RDMA/bnxt_re: Correct module description string
     - hwmon: (acpi_power_meter) Fix 4.29 MW bug
     - hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe()
     - ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate
     - RDMA/core: Fix umem iterator when PAGE_SIZE is greater then HCA pgsz
     - RDMA/irdma: Avoid free the non-cqp_request scratch
     - arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb
     - arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3
     - ARM: dts: imx6ul-pico: Describe the Ethernet PHY clock
     - tracing: Fix a warning when allocating buffered events fails
     - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle()
     - ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init
     - ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt
     - ARM: dts: imx28-xea: Pass the 'model' property
     - riscv: fix misaligned access handling of C.SWSP and C.SDSP
     - md: introduce md_ro_state
     - md: don't leave 'MD_RECOVERY_FROZEN' in error p

2049689 partproke is broken on empty loopback device
2050858 Jammy update: v5.15.143 upstream stable release
2036239 Intel E810-XXV - NETDEV WATCHDOG: (ice): transmit queue timed out
2048404 Don't WARN_ON_ONCE() for a broken discovery table
2047634 Reject connection when malformed L2CAP signal packet is received
2050849 Jammy update: v5.15.142 upstream stable release
2050044 Jammy update: v5.15.141 upstream stable release
2050038 Jammy update: v5.15.140 upstream stable release
2049432 Jammy update: v5.15.139 upstream stable release
2049417 Jammy update: v5.15.138 upstream stable release
2049350 Jammy update: v5.15.137 upstream stable release
1786013 Packaging resync
CVE-2023-0340 The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contribu
CVE-2023-51780 An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race conditio
CVE-2023-6915 A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cau
CVE-2024-0646 An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with
CVE-2024-0565 An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Ker
CVE-2023-51781 An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race co
CVE-2023-46862 An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer
CVE-2023-51782 An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race conditi
CVE-2023-51779 bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.
CVE-2023-22995 In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and
CVE-2023-4134 Input: cyttsp4_core - change del_timer_sync() to timer_shutdown_sync()



About   -   Send Feedback to @ubuntu_updates