UbuntuUpdates.org

Package "linux-image-unsigned-6.5.0-1023-aws"

This package belongs to a PPA: Canonical Kernel Team

Name: linux-image-unsigned-6.5.0-1023-aws

Description:

Linux kernel image for version 6.5.0 on 64 bit x86 SMP

Latest version: 6.5.0-1023.23~22.04.1
Release: jammy (22.04)
Level: base
Repository: main
Head package: linux-aws-6.5

Links


Download "linux-image-unsigned-6.5.0-1023-aws"


Other versions of "linux-image-unsigned-6.5.0-1023-aws" in Jammy

Repository Area Version
security main 6.5.0-1023.23~22.04.1
updates main 6.5.0-1023.23~22.04.1

Changelog

Version: 6.5.0-1015.15~22.04.1 2024-02-20 22:09:02 UTC

 linux-aws-6.5 (6.5.0-1015.15~22.04.1) jammy; urgency=medium
 .
   * jammy/linux-aws-6.5: 6.5.0-1015.15~22.04.1 -proposed tracker (LP: #2052020)
 .
   * Packaging resync (LP: #1786013)
     - [Packaging] update Ubuntu.md
 .
   [ Ubuntu: 6.5.0-1015.15 ]
 .
   * mantic/linux-aws: 6.5.0-1015.15 -proposed tracker (LP: #2052021)
   * Packaging resync (LP: #1786013)
     - [Packaging] update Ubuntu.md
     - debian/dkms-versions -- update from kernel-versions (main/2024.02.05)
   * mantic/linux: 6.5.0-25.25 -proposed tracker (LP: #2052615)
   * Packaging resync (LP: #1786013)
     - debian/dkms-versions -- update from kernel-versions (main/2024.02.05)
   * [SRU][22.04.04]: mpi3mr driver update (LP: #2045233)
     - scsi: mpi3mr: Invoke soft reset upon TSU or event ack time out
     - scsi: mpi3mr: Update MPI Headers to version 3.00.28
     - scsi: mpi3mr: Add support for more than 1MB I/O
     - scsi: mpi3mr: WRITE SAME implementation
     - scsi: mpi3mr: Enhance handling of devices removed after controller reset
     - scsi: mpi3mr: Update driver version to 8.5.0.0.0
     - scsi: mpi3mr: Split off bus_reset function from host_reset
     - scsi: mpi3mr: Add support for SAS5116 PCI IDs
     - scsi: mpi3mr: Add PCI checks where SAS5116 diverges from SAS4116
     - scsi: mpi3mr: Increase maximum number of PHYs to 64 from 32
     - scsi: mpi3mr: Add support for status reply descriptor
     - scsi: mpi3mr: driver version upgrade to 8.5.0.0.50
     - scsi: mpi3mr: Refresh sdev queue depth after controller reset
     - scsi: mpi3mr: Clean up block devices post controller reset
     - scsi: mpi3mr: Block PEL Enable Command on Controller Reset and Unrecoverable
       State
     - scsi: mpi3mr: Fetch correct device dev handle for status reply descriptor
     - scsi: mpi3mr: Support for preallocation of SGL BSG data buffers part-1
     - scsi: mpi3mr: Support for preallocation of SGL BSG data buffers part-2
     - scsi: mpi3mr: Support for preallocation of SGL BSG data buffers part-3
     - scsi: mpi3mr: Update driver version to 8.5.1.0.0
   * The display becomes frozen after some time when a HDMI device is connected.
     (LP: #2049027)
     - drm/i915/dmc: Don't enable any pipe DMC events
   * Audio balancing setting doesn't work with the cirrus codec (LP: #2051050)
     - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models
   * partproke is broken on empty loopback device (LP: #2049689)
     - block: Move checking GENHD_FL_NO_PART to bdev_add_partition()
   * CVE-2023-51780
     - atm: Fix Use-After-Free in do_vcc_ioctl
   * CVE-2023-6915
     - ida: Fix crash in ida_free when the bitmap is empty
   * Update Ubuntu.md (LP: #2051176)
     - [Packaging] update Ubuntu.md
   * test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on K-5.19 /
     J-OEM-6.1 / J-6.2 AMD64 (LP: #1983357)
     - [Config]: set ARCH_MMAP_RND_{COMPAT_, }BITS to the maximum
   * Intel E810-XXV - NETDEV WATCHDOG: (ice): transmit queue timed out
     (LP: #2036239)
     - ice: Add driver support for firmware changes for LAG
     - ice: alter feature support check for SRIOV and LAG
   * Mantic update: upstream stable patchset 2024-01-29 (LP: #2051584)
     - Upstream stable to v6.1.67, v6.6.6
     - vdpa/mlx5: preserve CVQ vringh index
     - hrtimers: Push pending hrtimers away from outgoing CPU earlier
     - i2c: designware: Fix corrupted memory seen in the ISR
     - netfilter: ipset: fix race condition between swap/destroy and kernel side
       add/del/test
     - zstd: Fix array-index-out-of-bounds UBSAN warning
     - tg3: Move the [rt]x_dropped counters to tg3_napi
     - tg3: Increment tx_dropped in tg3_tso_bug()
     - kconfig: fix memory leak from range properties
     - drm/amdgpu: correct chunk_ptr to a pointer to chunk.
     - x86: Introduce ia32_enabled()
     - x86/coco: Disable 32-bit emulation by default on TDX and SEV
     - x86/entry: Convert INT 0x80 emulation to IDTENTRY
     - x86/entry: Do not allow external 0x80 interrupts
     - x86/tdx: Allow 32-bit emulation by default
     - dt: dt-extract-compatibles: Handle cfile arguments in generator function
     - dt: dt-extract-compatibles: Don't follow symlinks when walking tree
     - platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code
     - of: dynamic: Fix of_reconfig_get_state_change() return value documentation
     - platform/x86: wmi: Skip blocks with zero instances
     - ipv6: fix potential NULL deref in fib6_add()
     - octeontx2-pf: Add missing mutex lock in otx2_get_pauseparam
     - octeontx2-af: Check return value of nix_get_nixlf before using nixlf
     - hv_netvsc: rndis_filter needs to select NLS
     - r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE
     - r8152: Add RTL8152_INACCESSIBLE checks to more loops
     - r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash()
     - r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1()
     - r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en()
     - mlxbf-bootctl: correctly identify secure boot with development keys
     - platform/mellanox: Add null pointer checks for devm_kasprintf()
     - platform/mellanox: Check devm_hwmon_device_register_with_groups() return
       value
     - arcnet: restoring support for multiple Sohard Arcnet cards
     - octeontx2-pf: consider both Rx and Tx packet stats for adaptive interrupt
       coalescing
     - net: stmmac: fix FPE events losing
     - xsk: Skip polling event check for unbound socket
     - octeontx2-af: fix a use-after-free in rvu_npa_register_reporters
     - i40e: Fix unexpected MFS warning message
     - iavf: validate tx_coalesce_usecs even if rx_coalesce_usecs is zero
     - tcp: fix mid stream window clamp.
     - ionic: fix snprintf format length warning
     - ionic: Fix dim work handling in split interrupt mode
     - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit()
     - net: atlantic: Fix NULL dereference of skb pointer in
     - net: hns: fix wrong head when modify th

Source diff to previous version
1786013 Packaging resync
2045233 [SRU][22.04.04]: mpi3mr driver update
2049027 The display becomes frozen after some time when a HDMI device is connected.
2049689 partproke is broken on empty loopback device
2051176 Update Ubuntu.md
2036239 Intel E810-XXV - NETDEV WATCHDOG: (ice): transmit queue timed out
2051584 Mantic update: upstream stable patchset 2024-01-29
2051366 Mantic update: upstream stable patchset 2024-01-26
2051231 Mantic update: upstream stable patchset 2024-01-25
2051142 Mantic update: v6.5.13 upstream stable release
2051129 Mantic update: v6.5.12 upstream stable release
2051117 Mantic update: v6.5.11 upstream stable release
2051341 black screen when wake up from s3 with AMD W7600 gfx
2047634 Reject connection when malformed L2CAP signal packet is received
2049412 Mantic update: v6.5.10 upstream stable release
2049202 Mantic update: v6.5.9 upstream stable release
CVE-2023-51780 An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race conditio
CVE-2023-6915 A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cau
CVE-2024-0646 An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with
CVE-2024-0582 A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap(
CVE-2024-0565 An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Ker
CVE-2023-51781 An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race co
CVE-2023-6560 An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to c
CVE-2023-51782 An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race conditi
CVE-2023-51779 bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.

Version: 6.5.0-1013.13~22.04.1 2024-01-16 20:09:04 UTC

 linux-aws-6.5 (6.5.0-1013.13~22.04.1) jammy; urgency=medium
 .
   * jammy/linux-aws-6.5: 6.5.0-1013.13~22.04.1 -proposed tracker (LP: #2048353)
 .
   * Packaging resync (LP: #1786013)
     - [Packaging] update variants
 .
   [ Ubuntu: 6.5.0-1013.13 ]
 .
   * mantic/linux-aws: 6.5.0-1013.13 -proposed tracker (LP: #2048354)
   * AWS: Set ENA_INTR_INITIAL_TX_INTERVAL_USECS to 64 (LP: #2045428)
     - Revert "UBUNTU: SAUCE: net: ena: fix too long default tx interrupt
       moderation interval"
   * mantic/linux: 6.5.0-17.17 -proposed tracker (LP: #2049026)
   * [UBUNTU 23.04] Regression: Ubuntu 23.04/23.10 do not include uvdevice
     anymore (LP: #2048919)
     - [Config] Enable S390_UV_UAPI (built-in)
   * mantic/linux: 6.5.0-16.16 -proposed tracker (LP: #2048372)
   * Packaging resync (LP: #1786013)
     - [Packaging] resync git-ubuntu-log
     - [Packaging] resync update-dkms-versions helper
     - [Packaging] remove helper scripts
     - [Packaging] update annotations scripts
     - debian/dkms-versions -- update from kernel-versions (main/2024.01.08)
   * Add missing RPL P/U CPU IDs (LP: #2047398)
     - drm/i915/rpl: Update pci ids for RPL P/U
   * Fix BCM57416 lost after resume (LP: #2047518)
     - bnxt_en: Clear resource reservation during resume
   * Hotplugging SCSI disk in QEMU VM fails (LP: #2047382)
     - Revert "PCI: acpiphp: Reassign resources on bridge if necessary"
   * Update bnxt_en with bug fixes and support for Broadcom 5760X network
     adapters (LP: #2045796)
     - bnxt_en: use dev_consume_skb_any() in bnxt_tx_int
     - eth: bnxt: move and rename reset helpers
     - eth: bnxt: take the bit to set as argument of bnxt_queue_sp_work()
     - eth: bnxt: handle invalid Tx completions more gracefully
     - eth: bnxt: fix one of the W=1 warnings about fortified memcpy()
     - eth: bnxt: fix warning for define in struct_group
     - bnxt_en: Fix W=1 warning in bnxt_dcb.c from fortify memcpy()
     - bnxt_en: Fix W=stringop-overflow warning in bnxt_dcb.c
     - bnxt_en: Use the unified RX page pool buffers for XDP and non-XDP
     - bnxt_en: Let the page pool manage the DMA mapping
     - bnxt_en: Increment rx_resets counter in bnxt_disable_napi()
     - bnxt_en: Save ring error counters across reset
     - bnxt_en: Display the ring error counters under ethtool -S
     - bnxt_en: Add tx_resets ring counter
     - bnxt: use the NAPI skb allocation cache
     - bnxt_en: Update firmware interface to 1.10.2.171
     - bnxt_en: Enhance hwmon temperature reporting
     - bnxt_en: Move hwmon functions into a dedicated file
     - bnxt_en: Modify the driver to use hwmon_device_register_with_info
     - bnxt_en: Expose threshold temperatures through hwmon
     - bnxt_en: Use non-standard attribute to expose shutdown temperature
     - bnxt_en: Event handler for Thermal event
     - bnxt_en: Support QOS and TPID settings for the SRIOV VLAN
     - bnxt_en: Update VNIC resource calculation for VFs
     - Revert "bnxt_en: Support QOS and TPID settings for the SRIOV VLAN"
     - eth: bnxt: fix backward compatibility with older devices
     - bnxt_en: Do not call sleeping hwmon_notify_event() from NAPI
     - bnxt_en: Fix invoking hwmon_notify_event
     - bnxt_en: add infrastructure to lookup ethtool link mode
     - bnxt_en: support lane configuration via ethtool
     - bnxt_en: refactor speed independent ethtool modes
     - bnxt_en: Refactor NRZ/PAM4 link speed related logic
     - bnxt_en: convert to linkmode_set_bit() API
     - bnxt_en: extend media types to supported and autoneg modes
     - bnxt_en: Fix 2 stray ethtool -S counters
     - bnxt_en: Put the TX producer information in the TX BD opaque field
     - bnxt_en: Add completion ring pointer in TX and RX ring structures
     - bnxt_en: Restructure cp_ring_arr in struct bnxt_cp_ring_info
     - bnxt_en: Add completion ring pointer in TX and RX ring structures
     - bnxt_en: Remove BNXT_RX_HDL and BNXT_TX_HDL
     - bnxt_en: Refactor bnxt_tx_int()
     - bnxt_en: New encoding for the TX opaque field
     - bnxt_en: Refactor bnxt_hwrm_set_coal()
     - bnxt_en: Support up to 8 TX rings per MSIX
     - bnxt_en: Add helper to get the number of CP rings required for TX rings
     - bnxt_en: Add macros related to TC and TX rings
     - bnxt_en: Use existing MSIX vectors for all mqprio TX rings
     - bnxt_en: Optimize xmit_more TX path
     - bnxt_en: The caller of bnxt_alloc_ctx_mem() should always free bp->ctx
     - bnxt_en: Free bp->ctx inside bnxt_free_ctx_mem()
     - bnxt_en: Restructure context memory data structures
     - bnxt_en: Add page info to struct bnxt_ctx_mem_type
     - bnxt_en: Use the pg_info field in bnxt_ctx_mem_type struct
     - bnxt_en: Add bnxt_setup_ctxm_pg_tbls() helper function
     - bnxt_en: Add support for new backing store query firmware API
     - bnxt_en: Add support for HWRM_FUNC_BACKING_STORE_CFG_V2 firmware calls
     - bnxt_en: Add db_ring_mask and related macro to bnxt_db_info struct.
     - bnxt_en: Modify TX ring indexing logic.
     - bnxt_en: Modify RX ring indexing logic.
     - bnxt_en: Modify the NAPI logic for the new P7 chips
     - bnxt_en: Rename some macros for the P5 chips
     - bnxt_en: Fix backing store V2 logic
     - bnxt_en: Update firmware interface to 1.10.3.15
     - bnxt_en: Define basic P7 macros
     - bnxt_en: Consolidate DB offset calculation
     - bnxt_en: Implement the new toggle bit doorbell mechanism on P7 chips
     - bnxt_en: Refactor RSS capability fields
     - bnxt_en: Add new P7 hardware interface definitions
     - bnxt_en: Refactor RX VLAN acceleration logic.
     - bnxt_en: Refactor and refine bnxt_tpa_start() and bnxt_tpa_end().
     - bnxt_en: Add support for new RX and TPA_START completion types for P7
     - bnxt_en: Refactor ethtool speeds logic
     - bnxt_en: Support new firmware link parameters
     - bnxt_en: Support force speed using the new HWRM fields
     - bnxt_en: Report the new ethtool link modes in the new firmware inter

Source diff to previous version
1786013 Packaging resync
2045428 AWS: Set ENA_INTR_INITIAL_TX_INTERVAL_USECS to 64
2048919 [UBUNTU 23.04] Regression: Ubuntu 23.04/23.10 do not include uvdevice anymore
2047398 Add missing RPL P/U CPU IDs
2047518 Fix BCM57416 lost after resume
2047382 Hotplugging SCSI disk in QEMU VM fails
2045796 Update bnxt_en with bug fixes and support for Broadcom 5760X network adapters
2047461 drm: Update file owner during use
2044096 Support Cirrus CS35L41 codec on Dell Oasis 13/14/16 laptops
2048078 Add support of MTL audio of Lenovo
2047389 Fix AMDGPU crash on 6.5 kernel
2035971 linux tools packages for derived kernels refuse to install simultaneously due to libcpupower name collision
2045562 [Debian] autoreconstruct - Do not generate chmod -x for deleted files
2046269 Mantic update: v6.5.8 upstream stable release
2045806 Mantic update: v6.5.7 upstream stable release
2044512 Build failure if run in a console
2039151 Support speaker mute hotkey for Cirrus CS35L41 HDA codec
2043730 Update io_uring to 6.6
2041613 correct cephfs pull request for uidmap support
2043841 kernel BUG: io_uring openat triggers audit reference count underflow
2042853 [UBUNTU 23.04] Kernel config option missing for s390x PCI passthrough
2036600 Azure: Fix Azure vendor ID
2044174 Mantic update: v6.5.6 upstream stable release
2043416 Mantic update: v6.5.5 upstream stable release
2041999 Mantic update: v6.5.4 upstream stable release
CVE-2023-6622 A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue ma
CVE-2024-0193 A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is r
CVE-2023-6931 A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escala
CVE-2023-34324 linux/xen: Possible deadlock in Linux kernel event handling
CVE-2023-6932 A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition c
CVE-2023-6606 An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker
CVE-2023-6817 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The func
CVE-2023-46813 An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checki
CVE-2023-6111 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The func
CVE-2023-5972 A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to c
CVE-2023-6176 A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a

Version: 6.5.0-1011.11~22.04.1 2023-11-20 20:08:52 UTC

 linux-aws-6.5 (6.5.0-1011.11~22.04.1) jammy; urgency=medium
 .
   * jammy/linux-aws-6.5: 6.5.0-1011.11~22.04.1 -proposed tracker (LP: #2041525)
 .
   [ Ubuntu: 6.5.0-1011.11 ]
 .
   * mantic/linux-aws: 6.5.0-1011.11 -proposed tracker (LP: #2041526)
   * Packaging resync (LP: #1786013)
     - [Packaging] resync update-dkms-versions helper
     - debian/dkms-versions -- update from kernel-versions (main/2023.10.30)
   * mantic/linux: 6.5.0-14.14 -proposed tracker (LP: #2042660)
   * Boot log print hang on screen, no login prompt on Aspeed 2600 rev 52 BMC
     (LP: #2042850)
     - drm/ast: Add BMC virtual connector
   * arm64 atomic issues cause disk corruption (LP: #2042573)
     - locking/atomic: scripts: fix fallback ifdeffery
   * Packaging resync (LP: #1786013)
     - [Packaging] update annotations scripts
 .

Source diff to previous version
1786013 Packaging resync
2042850 Boot log print hang on screen, no login prompt on Aspeed 2600 rev 52 BMC
2042573 arm64 atomic issues cause disk corruption

Version: 6.5.0-1008.8~22.04.1 2023-10-13 20:08:33 UTC

 linux-aws-6.5 (6.5.0-1008.8~22.04.1) jammy; urgency=medium
 .
   * jammy/linux-aws-6.5: 6.5.0-1008.8~22.04.1 -proposed tracker (LP: #2038955)
 .
   * Packaging resync (LP: #1786013)
     - [Packaging] update variants
     - [Packaging] update Ubuntu.md
 .
   * Miscellaneous Ubuntu changes
     - [Packaging] Initial aws-6.5 packaging
     - [Packaging] Added python3-dev as build dep
 .
   * Miscellaneous upstream changes
     - Revert "UBUNTU: [Packaging] ZSTD compress modules"
     - Revert "UBUNTU: SAUCE: modpost: support arbitrary symbol length in
       modversion"
 .
   [ Ubuntu: 6.5.0-1008.8 ]
 .
   * mantic/linux-aws: 6.5.0-1008.8 -proposed tracker (LP: #2038689)
   * mantic/linux: 6.5.0-9.9 -proposed tracker (LP: #2038687)
   * update apparmor and LSM stacking patch set (LP: #2028253)
     - re-apply apparmor 4.0.0
   * Disable restricting unprivileged change_profile by default, due to LXD
     latest/stable not yet compatible with this new apparmor feature
     (LP: #2038567)
     - SAUCE: apparmor: Make apparmor_restrict_unprivileged_unconfined opt-in
   * mantic/linux: 6.5.0-8.8 -proposed tracker (LP: #2038577)
   * update apparmor and LSM stacking patch set (LP: #2028253)
     - SAUCE: apparmor3.2.0 [02/60]: rename SK_CTX() to aa_sock and make it an
       inline fn
     - SAUCE: apparmor3.2.0 [05/60]: Add sysctls for additional controls of unpriv
       userns restrictions
     - SAUCE: apparmor3.2.0 [08/60]: Stacking v38: LSM: Identify modules by more
       than name
     - SAUCE: apparmor3.2.0 [09/60]: Stacking v38: LSM: Add an LSM identifier for
       external use
     - SAUCE: apparmor3.2.0 [10/60]: Stacking v38: LSM: Identify the process
       attributes for each module
     - SAUCE: apparmor3.2.0 [11/60]: Stacking v38: LSM: Maintain a table of LSM
       attribute data
     - SAUCE: apparmor3.2.0 [12/60]: Stacking v38: proc: Use lsmids instead of lsm
       names for attrs
     - SAUCE: apparmor3.2.0 [13/60]: Stacking v38: integrity: disassociate
       ima_filter_rule from security_audit_rule
     - SAUCE: apparmor3.2.0 [14/60]: Stacking v38: LSM: Infrastructure management
       of the sock security
     - SAUCE: apparmor3.2.0 [15/60]: Stacking v38: LSM: Add the lsmblob data
       structure.
     - SAUCE: apparmor3.2.0 [16/60]: Stacking v38: LSM: provide lsm name and id
       slot mappings
     - SAUCE: apparmor3.2.0 [17/60]: Stacking v38: IMA: avoid label collisions with
       stacked LSMs
     - SAUCE: apparmor3.2.0 [18/60]: Stacking v38: LSM: Use lsmblob in
       security_audit_rule_match
     - SAUCE: apparmor3.2.0 [19/60]: Stacking v38: LSM: Use lsmblob in
       security_kernel_act_as
     - SAUCE: apparmor3.2.0 [20/60]: Stacking v38: LSM: Use lsmblob in
       security_secctx_to_secid
     - SAUCE: apparmor3.2.0 [21/60]: Stacking v38: LSM: Use lsmblob in
       security_secid_to_secctx
     - SAUCE: apparmor3.2.0 [22/60]: Stacking v38: LSM: Use lsmblob in
       security_ipc_getsecid
     - SAUCE: apparmor3.2.0 [23/60]: Stacking v38: LSM: Use lsmblob in
       security_current_getsecid
     - SAUCE: apparmor3.2.0 [24/60]: Stacking v38: LSM: Use lsmblob in
       security_inode_getsecid
     - SAUCE: apparmor3.2.0 [25/60]: Stacking v38: LSM: Use lsmblob in
       security_cred_getsecid
     - SAUCE: apparmor3.2.0 [26/60]: Stacking v38: LSM: Specify which LSM to
       display
     - SAUCE: apparmor3.2.0 [28/60]: Stacking v38: LSM: Ensure the correct LSM
       context releaser
     - SAUCE: apparmor3.2.0 [29/60]: Stacking v38: LSM: Use lsmcontext in
       security_secid_to_secctx
     - SAUCE: apparmor3.2.0 [30/60]: Stacking v38: LSM: Use lsmcontext in
       security_inode_getsecctx
     - SAUCE: apparmor3.2.0 [31/60]: Stacking v38: Use lsmcontext in
       security_dentry_init_security
     - SAUCE: apparmor3.2.0 [32/60]: Stacking v38: LSM: security_secid_to_secctx in
       netlink netfilter
     - SAUCE: apparmor3.2.0 [33/60]: Stacking v38: NET: Store LSM netlabel data in
       a lsmblob
     - SAUCE: apparmor3.2.0 [34/60]: Stacking v38: binder: Pass LSM identifier for
       confirmation
     - SAUCE: apparmor3.2.0 [35/60]: Stacking v38: LSM: security_secid_to_secctx
       module selection
     - SAUCE: apparmor3.2.0 [36/60]: Stacking v38: Audit: Keep multiple LSM data in
       audit_names
     - SAUCE: apparmor3.2.0 [37/60]: Stacking v38: Audit: Create audit_stamp
       structure
     - SAUCE: apparmor3.2.0 [38/60]: Stacking v38: LSM: Add a function to report
       multiple LSMs
     - SAUCE: apparmor3.2.0 [39/60]: Stacking v38: Audit: Allow multiple records in
       an audit_buffer
     - SAUCE: apparmor3.2.0 [40/60]: Stacking v38: Audit: Add record for multiple
       task security contexts
     - SAUCE: apparmor3.2.0 [41/60]: Stacking v38: audit: multiple subject lsm
       values for netlabel
     - SAUCE: apparmor3.2.0 [42/60]: Stacking v38: Audit: Add record for multiple
       object contexts
     - SAUCE: apparmor3.2.0 [43/60]: Stacking v38: netlabel: Use a struct lsmblob
       in audit data
     - SAUCE: apparmor3.2.0 [44/60]: Stacking v38: LSM: Removed scaffolding
       function lsmcontext_init
     - SAUCE: apparmor3.2.0 [45/60]: Stacking v38: AppArmor: Remove the exclusive
       flag
     - SAUCE: apparmor3.2.0 [46/60]: combine common_audit_data and
       apparmor_audit_data
     - SAUCE: apparmor3.2.0 [47/60]: setup slab cache for audit data
     - SAUCE: apparmor3.2.0 [48/60]: rename audit_data->label to
       audit_data->subj_label
     - SAUCE: apparmor3.2.0 [49/60]: pass cred through to audit info.
     - SAUCE: apparmor3.2.0 [50/60]: Improve debug print infrastructure
     - SAUCE: apparmor3.2.0 [51/60]: add the ability for profiles to have a
       learning cache
     - SAUCE: apparmor3.2.0 [52/60]: enable userspace upcall for mediation
     - SAUCE: apparmor3.2.0 [53/60]: cache buffers on percpu list if there is lock
       contention
     - SAUCE: apparmor3.2.0 [55/60]: advertise availability of exended perms

1786013 Packaging resync
2028253 update apparmor and LSM stacking patch set
2038567 Disable restricting unprivileged change_profile by default, due to LXD latest/stable not yet compatible with this new apparmor feature
2017903 LSM stacking and AppArmor for 6.2: additional fixes
2016908 udev fails to make prctl() syscall with apparmor=0 (as used by maas by default)
1989983 kinetic: apply new apparmor and LSM stacking patch set
2037316 SEV_SNP failure to init
2037398 kexec enable to load/kdump zstd compressed zimg
2036968 Mantic minimized/minimal cloud images do not receive IP address during provisioning; systemd regression with wait-online
2035588 Mantic update: v6.5.3 upstream stable release
2035583 Mantic update: v6.5.2 upstream stable release
2035581 Mantic update: v6.5.1 upstream stable release
2029390 [23.10 FEAT] [SEC2352] pkey: support EP11 API ordinal 6 for secure guests
2028937 [23.10 FEAT] [SEC2341] pkey: support generation of keys of type PKEY_TYPE_EP11_AES
2003674 [23.10 FEAT] KVM: Enable Secure Execution Crypto Passthrough - kernel part
2008882 Remove all other acpi_video backlight interface on Dell AIO platforms
2035163 Avoid address overwrite in kernel_connect
2035306 Include QCA WWAN 5G Qualcomm SDX62/DW5932e support
2029199 NULL pointer dereference on CS35L41 HDA AMP
2021364 Linux 6.2 fails to reboot with current u-boot-nezha
1975592 Enable Nezha board
2013232 Enable StarFive VisionFive 2 board
1967130 rcu_sched detected stalls on CPUs/tasks
1981437 RISC-V kernel config is out of sync with other archs
2034506 Audio device fails to function randomly on Intel MTL platform: No CPC match in the firmware file's manifest
1945989 Check for changes relevant for security certifications
2030525 Installation support for SMARC RZ/G2L platform
2002226 Add support for kernels compiled with CONFIG_EFI_ZBOOT
2034061 Default module signing algo should be accelerated
1993183 NEW SRU rustc linux kernel requirements
2017980 FATAL:credentials.cc(127)] Check failed: . : Permission denied (13)
2032602 [FFe] apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
2028568 Ship kernel modules Zstd compressed
2018303 move sev-guest module from linux-modules-extra to linux-modules
2007654 enable Rust support in the kernel
2028746 Fix UBSAN in Intel EDAC driver
2025265 Remove non-LPAE kernel flavor
2022361 Please enable Renesas RZ platform serial installer
2025195 HDMI output with More than one child device for port B in VBT error
2023629 enable multi-gen LRU by default
2012776 Neuter signing tarballs
2018591 Enable Tracing Configs for OSNOISE and TIMERLAT
2020531 support python \u003c 3.9 with annotations
2020356 generate linux-lib-rust only on amd64
2017444 Computer with Intel Atom CPU will not boot with Kernel 6.2.0-20
2011768 Fix NVME storage with RAID ON disappeared under Dell factory WINPE environment
2015867 Kernel 6.1 bumped the disk consumption on default images by 15%
1685291 RFC: virtio and virtio-scsi should be built in
2015498 Debian autoreconstruct Fix restoration of execute permissions
2007745 [SRU][Jammy] CONFIG_PCI_MESON is not enabled
2016877 Lunar update: v6.2.9 upstream stable release
2016876 Lunar update: v6.2.8 upstream stable release
CVE-2023-31248 Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active a
CVE-2023-35001 Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or
CVE-2023-2640 On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overl ...
CVE-2023-32629 Local privilege escalation vulnerability in Ubuntu Kernels overlayfs o ...
CVE-2023-2612 Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ub ...



About   -   Send Feedback to @ubuntu_updates