UbuntuUpdates.org

Package "linux-image-unsigned-6.5.0-1024-azure"

This package belongs to a PPA: Canonical Kernel Team

Name: linux-image-unsigned-6.5.0-1024-azure

Description:

Linux kernel image for version 6.5.0 on 64 bit x86 SMP

Latest version: 6.5.0-1024.25~22.04.1
Release: jammy (22.04)
Level: base
Repository: main
Head package: linux-azure-6.5

Links


Download "linux-image-unsigned-6.5.0-1024-azure"


Other versions of "linux-image-unsigned-6.5.0-1024-azure" in Jammy

Repository Area Version
security main 6.5.0-1024.25~22.04.1
updates main 6.5.0-1024.25~22.04.1

Changelog

Version: 6.5.0-1013.13~22.04.1 2024-02-06 22:08:49 UTC

 linux-azure-6.5 (6.5.0-1013.13~22.04.1) jammy; urgency=medium
 .
   * jammy/linux-azure-6.5: 6.5.0-1013.13~22.04.1 -proposed tracker
     (LP: #2052540)
 .
   [ Ubuntu: 6.5.0-1013.13 ]
 .
   * mantic/linux-azure: 6.5.0-1013.13 -proposed tracker (LP: #2052541)
   * Azure: Fix TDX regressions in Azure 6.5 (LP: #2052519)
     - x86/hyperv: Add sev-snp enlightened guest static key
     - x86/hyperv: Set Virtual Trust Level in VMBus init message
     - x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened
       guest
     - drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP
       enlightened guest
     - x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp
       enlightened guest
     - clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp
       enlightened guest
     - x86/hyperv: Add smp support for SEV-SNP guest
     - x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES
     - x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub
     - x86/hyperv: Fix undefined reference to isolation_type_en_snp without
       CONFIG_HYPERV
     - x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests
     - x86/hyperv: Support hypercalls for fully enlightened TDX guests
     - Drivers: hv: vmbus: Support fully enlightened TDX guests
     - x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests
     - Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM
     - x86/hyperv: Introduce a global variable hyperv_paravisor_present
     - Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the
       paravisor
     - x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor
     - x86/hyperv: Remove hv_isolation_type_en_snp
     - x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's
     - x86/hyperv: Remove duplicate include
     - x86/tdx: Retry partially-completed page conversion hypercalls
     - x86/mm: Fix memory encryption features advertisement
     - SAUCE: x86/EISA: Don't probe EISA bus for a TDX VM (with the paravisor) on
       Hyper-V
     - SAUCE: Drivers: hv: vmbus: Hardcode MMIO resources in vmbus_walk_resources()
       when necessary
     - SAUCE: x86/tdx: Support vmalloc() for tdx_enc_status_changed()
     - SAUCE: x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on
       Hyper-V
     - SAUCE: clocksource: hyper-v: Use InvariantTSC and enable TSC page for a TDX
       VM without paravisor
   * Azure: Fix regression introduced in LP: #2045069 (LP: #2052453)
     - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
     - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
   * Azure: MANA: Fix doorbell access for receives (LP: #2027615)
     - net: mana: Batch ringing RX queue doorbell on receiving packets
     - net: mana: Use the correct WQE count for ringing RQ doorbell
   * Kernel oops on 32-0bit kernels due to x86_cache_alignment initialization
     (LP: #2039191)
     - x86/boot: Move x86_cache_alignment initialization to correct spot
 .

Source diff to previous version
2052519 Azure: Fix TDX regressions in Azure 6.5
2045069 Azure: Deprecate Netvsc and implement MANA direct
2052453 Azure: Fix regression introduced in LP: #2045069
2027615 Azure: MANA: Fix doorbell access for receives
2039191 Kernel oops on 32-0bit kernels due to x86_cache_alignment initialization

Version: 6.5.0-1012.12~22.04.1 2024-01-16 23:09:12 UTC

 linux-azure-6.5 (6.5.0-1012.12~22.04.1) jammy; urgency=medium
 .
   * jammy/linux-azure-6.5: 6.5.0-1012.12~22.04.1 -proposed tracker
     (LP: #2048355)
 .
   * Packaging resync (LP: #1786013)
     - [Packaging] update variants
 .
   [ Ubuntu: 6.5.0-1012.12 ]
 .
   * mantic/linux-azure: 6.5.0-1012.12 -proposed tracker (LP: #2048356)
   * Azure: Deprecate Netvsc and implement MANA direct (LP: #2045069)
     - hv_netvsc: fix race of netvsc and VF register_netdevice
     - hv_netvsc: Fix race of register_netdevice_notifier and VF register
     - hv_netvsc: Mark VF as slave before exposing it to user-mode
   * mantic/linux: 6.5.0-17.17 -proposed tracker (LP: #2049026)
   * [UBUNTU 23.04] Regression: Ubuntu 23.04/23.10 do not include uvdevice
     anymore (LP: #2048919)
     - [Config] Enable S390_UV_UAPI (built-in)
   * mantic/linux: 6.5.0-16.16 -proposed tracker (LP: #2048372)
   * Packaging resync (LP: #1786013)
     - [Packaging] resync git-ubuntu-log
     - [Packaging] resync update-dkms-versions helper
     - [Packaging] remove helper scripts
     - [Packaging] update annotations scripts
     - debian/dkms-versions -- update from kernel-versions (main/2024.01.08)
   * Add missing RPL P/U CPU IDs (LP: #2047398)
     - drm/i915/rpl: Update pci ids for RPL P/U
   * Fix BCM57416 lost after resume (LP: #2047518)
     - bnxt_en: Clear resource reservation during resume
   * Hotplugging SCSI disk in QEMU VM fails (LP: #2047382)
     - Revert "PCI: acpiphp: Reassign resources on bridge if necessary"
   * Update bnxt_en with bug fixes and support for Broadcom 5760X network
     adapters (LP: #2045796)
     - bnxt_en: use dev_consume_skb_any() in bnxt_tx_int
     - eth: bnxt: move and rename reset helpers
     - eth: bnxt: take the bit to set as argument of bnxt_queue_sp_work()
     - eth: bnxt: handle invalid Tx completions more gracefully
     - eth: bnxt: fix one of the W=1 warnings about fortified memcpy()
     - eth: bnxt: fix warning for define in struct_group
     - bnxt_en: Fix W=1 warning in bnxt_dcb.c from fortify memcpy()
     - bnxt_en: Fix W=stringop-overflow warning in bnxt_dcb.c
     - bnxt_en: Use the unified RX page pool buffers for XDP and non-XDP
     - bnxt_en: Let the page pool manage the DMA mapping
     - bnxt_en: Increment rx_resets counter in bnxt_disable_napi()
     - bnxt_en: Save ring error counters across reset
     - bnxt_en: Display the ring error counters under ethtool -S
     - bnxt_en: Add tx_resets ring counter
     - bnxt: use the NAPI skb allocation cache
     - bnxt_en: Update firmware interface to 1.10.2.171
     - bnxt_en: Enhance hwmon temperature reporting
     - bnxt_en: Move hwmon functions into a dedicated file
     - bnxt_en: Modify the driver to use hwmon_device_register_with_info
     - bnxt_en: Expose threshold temperatures through hwmon
     - bnxt_en: Use non-standard attribute to expose shutdown temperature
     - bnxt_en: Event handler for Thermal event
     - bnxt_en: Support QOS and TPID settings for the SRIOV VLAN
     - bnxt_en: Update VNIC resource calculation for VFs
     - Revert "bnxt_en: Support QOS and TPID settings for the SRIOV VLAN"
     - eth: bnxt: fix backward compatibility with older devices
     - bnxt_en: Do not call sleeping hwmon_notify_event() from NAPI
     - bnxt_en: Fix invoking hwmon_notify_event
     - bnxt_en: add infrastructure to lookup ethtool link mode
     - bnxt_en: support lane configuration via ethtool
     - bnxt_en: refactor speed independent ethtool modes
     - bnxt_en: Refactor NRZ/PAM4 link speed related logic
     - bnxt_en: convert to linkmode_set_bit() API
     - bnxt_en: extend media types to supported and autoneg modes
     - bnxt_en: Fix 2 stray ethtool -S counters
     - bnxt_en: Put the TX producer information in the TX BD opaque field
     - bnxt_en: Add completion ring pointer in TX and RX ring structures
     - bnxt_en: Restructure cp_ring_arr in struct bnxt_cp_ring_info
     - bnxt_en: Add completion ring pointer in TX and RX ring structures
     - bnxt_en: Remove BNXT_RX_HDL and BNXT_TX_HDL
     - bnxt_en: Refactor bnxt_tx_int()
     - bnxt_en: New encoding for the TX opaque field
     - bnxt_en: Refactor bnxt_hwrm_set_coal()
     - bnxt_en: Support up to 8 TX rings per MSIX
     - bnxt_en: Add helper to get the number of CP rings required for TX rings
     - bnxt_en: Add macros related to TC and TX rings
     - bnxt_en: Use existing MSIX vectors for all mqprio TX rings
     - bnxt_en: Optimize xmit_more TX path
     - bnxt_en: The caller of bnxt_alloc_ctx_mem() should always free bp->ctx
     - bnxt_en: Free bp->ctx inside bnxt_free_ctx_mem()
     - bnxt_en: Restructure context memory data structures
     - bnxt_en: Add page info to struct bnxt_ctx_mem_type
     - bnxt_en: Use the pg_info field in bnxt_ctx_mem_type struct
     - bnxt_en: Add bnxt_setup_ctxm_pg_tbls() helper function
     - bnxt_en: Add support for new backing store query firmware API
     - bnxt_en: Add support for HWRM_FUNC_BACKING_STORE_CFG_V2 firmware calls
     - bnxt_en: Add db_ring_mask and related macro to bnxt_db_info struct.
     - bnxt_en: Modify TX ring indexing logic.
     - bnxt_en: Modify RX ring indexing logic.
     - bnxt_en: Modify the NAPI logic for the new P7 chips
     - bnxt_en: Rename some macros for the P5 chips
     - bnxt_en: Fix backing store V2 logic
     - bnxt_en: Update firmware interface to 1.10.3.15
     - bnxt_en: Define basic P7 macros
     - bnxt_en: Consolidate DB offset calculation
     - bnxt_en: Implement the new toggle bit doorbell mechanism on P7 chips
     - bnxt_en: Refactor RSS capability fields
     - bnxt_en: Add new P7 hardware interface definitions
     - bnxt_en: Refactor RX VLAN acceleration logic.
     - bnxt_en: Refactor and refine bnxt_tpa_start() and bnxt_tpa_end().
     - bnxt_en: Add support for new RX and TPA_START completion types for P7
     - bnxt_en: Refactor ethtool speeds logic
     - bnxt_en: Support new firmware link parameters
     - bnxt_en: Support

Source diff to previous version
1786013 Packaging resync
2045069 Azure: Deprecate Netvsc and implement MANA direct
2048919 [UBUNTU 23.04] Regression: Ubuntu 23.04/23.10 do not include uvdevice anymore
2047398 Add missing RPL P/U CPU IDs
2047518 Fix BCM57416 lost after resume
2047382 Hotplugging SCSI disk in QEMU VM fails
2045796 Update bnxt_en with bug fixes and support for Broadcom 5760X network adapters
2047461 drm: Update file owner during use
2044096 Support Cirrus CS35L41 codec on Dell Oasis 13/14/16 laptops
2048078 Add support of MTL audio of Lenovo
2047389 Fix AMDGPU crash on 6.5 kernel
2035971 linux tools packages for derived kernels refuse to install simultaneously due to libcpupower name collision
2045562 [Debian] autoreconstruct - Do not generate chmod -x for deleted files
2046269 Mantic update: v6.5.8 upstream stable release
2045806 Mantic update: v6.5.7 upstream stable release
2044512 Build failure if run in a console
2039151 Support speaker mute hotkey for Cirrus CS35L41 HDA codec
2043730 Update io_uring to 6.6
2041613 correct cephfs pull request for uidmap support
2043841 kernel BUG: io_uring openat triggers audit reference count underflow
2042853 [UBUNTU 23.04] Kernel config option missing for s390x PCI passthrough
2036600 Azure: Fix Azure vendor ID
2044174 Mantic update: v6.5.6 upstream stable release
2043416 Mantic update: v6.5.5 upstream stable release
2041999 Mantic update: v6.5.4 upstream stable release
CVE-2023-6622 A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue ma
CVE-2024-0193 A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is r
CVE-2023-6931 A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escala
CVE-2023-34324 linux/xen: Possible deadlock in Linux kernel event handling
CVE-2023-6932 A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition c
CVE-2023-6606 An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker
CVE-2023-6817 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The func
CVE-2023-46813 An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checki
CVE-2023-6111 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The func
CVE-2023-5972 A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to c
CVE-2023-6176 A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a

Version: 6.5.0-1010.10~22.04.1 2023-11-21 23:08:43 UTC

 linux-azure-6.5 (6.5.0-1010.10~22.04.1) jammy; urgency=medium
 .
   * jammy/linux-azure-6.5: 6.5.0-1010.10~22.04.1 -proposed tracker
     (LP: #2041527)
 .
   [ Ubuntu: 6.5.0-1010.10 ]
 .
   * mantic/linux-azure: 6.5.0-1010.10 -proposed tracker (LP: #2041528)
   * Packaging resync (LP: #1786013)
     - [Packaging] resync update-dkms-versions helper
     - debian/dkms-versions -- update from kernel-versions (main/2023.10.30)
   * Azure: Improve SQL DB latency (LP: #2040300)
     - tcp: Set pingpong threshold via sysctl
   * mana: Fix some TX processing bugs (CQE Errors , TS0 Bytes, SGe0 GS0 Packet)
     (LP: #2038675)
     - net: mana: Fix TX CQE error handling
     - net: mana: Fix the tso_bytes calculation
     - net: mana: Fix oversized sge0 for GSO packets
   * mantic/linux: 6.5.0-14.14 -proposed tracker (LP: #2042660)
   * Boot log print hang on screen, no login prompt on Aspeed 2600 rev 52 BMC
     (LP: #2042850)
     - drm/ast: Add BMC virtual connector
   * arm64 atomic issues cause disk corruption (LP: #2042573)
     - locking/atomic: scripts: fix fallback ifdeffery
   * Packaging resync (LP: #1786013)
     - [Packaging] update annotations scripts
   * mantic/linux: 6.5.0-12.12 -proposed tracker (LP: #2041536)
   * Packaging resync (LP: #1786013)
     - [Packaging] update annotations scripts
     - [Packaging] update helper scripts
     - debian/dkms-versions -- update from kernel-versions (main/2023.10.30)
   * CVE-2023-5633
     - drm/vmwgfx: Keep a gem reference to user bos in surfaces
   * CVE-2023-5345
     - fs/smb/client: Reset password pointer to NULL
   * CVE-2023-39189
     - netfilter: nfnetlink_osf: avoid OOB read
   * CVE-2023-4244
     - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
   * apparmor restricts read access of user namespace mediation sysctls to root
     (LP: #2040194)
     - SAUCE: apparmor: open userns related sysctl so lxc can check if restriction
       are in place
   * AppArmor spams kernel log with assert when auditing (LP: #2040192)
     - SAUCE: apparmor: fix request field from a prompt reply that denies all
       access
   * apparmor notification files verification (LP: #2040250)
     - SAUCE: apparmor: fix notification header size
   * apparmor oops when racing to retrieve a notification (LP: #2040245)
     - SAUCE: apparmor: fix oops when racing to retrieve notification
   * SMC stats: Wrong bucket calculation for payload of exactly 4096 bytes
     (LP: #2039575)
     - net/smc: Fix pos miscalculation in statistics
   * Support mipi camera on Intel Meteor Lake platform (LP: #2031412)
     - SAUCE: iommu: intel-ipu: use IOMMU passthrough mode for Intel IPUs on Meteor
       Lake
     - SAUCE: platform/x86: int3472: Add handshake GPIO function
   * CVE-2023-45898
     - ext4: fix slab-use-after-free in ext4_es_insert_extent()
   * CVE-2023-31085
     - ubi: Refuse attaching if mtd's erasesize is 0
   * CVE-2023-5717
     - perf: Disallow mis-matched inherited group reads
   * CVE-2023-5178
     - nvmet-tcp: Fix a possible UAF in queue intialization setup
   * CVE-2023-5158
     - vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
   * CVE-2023-5090
     - x86: KVM: SVM: always update the x2avic msr interception
   * [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
     (LP: #2033406)
     - [Packaging] Make WWAN driver loadable modules
   * Unable to power off the system with MTL CPU (LP: #2039405)
     - Revert "x86/smp: Put CPUs into INIT on shutdown if possible"
   * usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439)
     - [Packaging] Make linux-tools-common depend on hwdata
   * drop all references to is_rust_module.sh in kernels >= 6.5 (LP: #2038611)
     - [Packaging] drop references to is_rust_module.sh
   * disable shiftfs (LP: #2038522)
     - SAUCE: ceph: enable unsafe idmapped mounts by default
     - [Config] disable shiftfs
   * Infinite systemd loop when power off the machine with multiple MD RAIDs
     (LP: #2036184)
     - md: Put the right device in md_seq_next
   * [Mediatek] mt8195-demo: enable CONFIG_MTK_IOMMU as module for multimedia and
     PCIE peripherals (LP: #2036587)
     - [Config] Enable CONFIG_MTK_IOMMU on arm64
   * Realtek 8852CE WiFi 6E country code udpates (LP: #2037273)
     - wifi: rtw89: regd: update regulatory map to R64-R43
   * Unable to use nvme drive to install Ubuntu 23.10 (LP: #2040157)
     - misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to
       probe
   * CVE-2023-42754
     - ipv4: fix null-deref in ipv4_link_failure
   * linux-*: please enable dm-verity kconfigs to allow MoK/db verified root
     images (LP: #2019040)
     - [Config] CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y
   * Fix RCU warning on AMD laptops (LP: #2036377)
     - power: supply: core: Use blocking_notifier_call_chain to avoid RCU complaint
   * allow io_uring to be disabled in runtime (LP: #2035116)
     - io_uring: add a sysctl to disable io_uring system-wide
   * Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
     - ALSA: hda/realtek - ALC287 I2S speaker platform support
 .

Source diff to previous version
1786013 Packaging resync
2040300 Azure: Improve SQL DB latency
2038675 mana: Fix some TX processing bugs (CQE Errors , TS0 Bytes, SGe0 GS0 Packet)
2042850 Boot log print hang on screen, no login prompt on Aspeed 2600 rev 52 BMC
2042573 arm64 atomic issues cause disk corruption
2040194 apparmor restricts read access of user namespace mediation sysctls to root
2040192 AppArmor spams kernel log with assert when auditing
2040250 apparmor notification files verification
2040245 apparmor oops when racing to retrieve a notification
2039575 SMC stats: Wrong bucket calculation for payload of exactly 4096 bytes
2033406 [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
2039405 Unable to power off the system with MTL CPU
2039439 usbip: error: failed to open /usr/share/hwdata//usb.ids
2038611 drop all references to is_rust_module.sh in kernels \u003e= 6.5
2038522 disable shiftfs
2036184 Infiniate systemd loop when power off the machine with multiple MD RAIDs
2036587 [Mediatek] mt8195-demo: enable CONFIG_MTK_IOMMU as module for multimedia and PCIE peripherals
2037273 Realtek 8852CE WiFi 6E country code udpates
2040157 Unable to use nvme drive to install Ubuntu 23.10
2037077 Fix unstable audio at low levels on Thinkpad P1G4
CVE-2023-5633 The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were
CVE-2023-39189 A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num
CVE-2023-45898 The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.
CVE-2023-31085 An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirec
CVE-2023-5178 A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` ...
CVE-2023-5158 A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a d
CVE-2023-5090 x86: KVM: SVM: always update the x2avic msr interception
CVE-2023-42754 A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before c

Version: 6.5.0-1007.7~22.04.1 2023-10-13 17:15:23 UTC

 linux-azure-6.5 (6.5.0-1007.7~22.04.1) jammy; urgency=medium
 .
   * jammy/linux-azure-6.5: 6.5.0-1007.7~22.04.1 -proposed tracker (LP: #2038954)
 .
   * Packaging resync (LP: #1786013)
     - [Packaging] update variants
     - [Packaging] update Ubuntu.md
 .
   * Miscellaneous Ubuntu changes
     - [Packaging] Initial 6.5 packaging
     - [Packaging] Added python3-dev as build dep
 .
   * Miscellaneous upstream changes
     - Revert "UBUNTU: [Packaging] ZSTD compress modules"
     - Revert "UBUNTU: SAUCE: modpost: support arbitrary symbol length in
       modversion"
 .
   [ Ubuntu: 6.5.0-1007.7 ]
 .
   * mantic/linux-azure: 6.5.0-1007.7 -proposed tracker (LP: #2038690)
   * Azure: net: mana: Configure hwc timeout from hardware (LP: #2036627)
     - net: mana: Configure hwc timeout from hardware
   * mantic/linux: 6.5.0-9.9 -proposed tracker (LP: #2038687)
   * update apparmor and LSM stacking patch set (LP: #2028253)
     - re-apply apparmor 4.0.0
   * Disable restricting unprivileged change_profile by default, due to LXD
     latest/stable not yet compatible with this new apparmor feature
     (LP: #2038567)
     - SAUCE: apparmor: Make apparmor_restrict_unprivileged_unconfined opt-in
   * mantic/linux: 6.5.0-8.8 -proposed tracker (LP: #2038577)
   * update apparmor and LSM stacking patch set (LP: #2028253)
     - SAUCE: apparmor3.2.0 [02/60]: rename SK_CTX() to aa_sock and make it an
       inline fn
     - SAUCE: apparmor3.2.0 [05/60]: Add sysctls for additional controls of unpriv
       userns restrictions
     - SAUCE: apparmor3.2.0 [08/60]: Stacking v38: LSM: Identify modules by more
       than name
     - SAUCE: apparmor3.2.0 [09/60]: Stacking v38: LSM: Add an LSM identifier for
       external use
     - SAUCE: apparmor3.2.0 [10/60]: Stacking v38: LSM: Identify the process
       attributes for each module
     - SAUCE: apparmor3.2.0 [11/60]: Stacking v38: LSM: Maintain a table of LSM
       attribute data
     - SAUCE: apparmor3.2.0 [12/60]: Stacking v38: proc: Use lsmids instead of lsm
       names for attrs
     - SAUCE: apparmor3.2.0 [13/60]: Stacking v38: integrity: disassociate
       ima_filter_rule from security_audit_rule
     - SAUCE: apparmor3.2.0 [14/60]: Stacking v38: LSM: Infrastructure management
       of the sock security
     - SAUCE: apparmor3.2.0 [15/60]: Stacking v38: LSM: Add the lsmblob data
       structure.
     - SAUCE: apparmor3.2.0 [16/60]: Stacking v38: LSM: provide lsm name and id
       slot mappings
     - SAUCE: apparmor3.2.0 [17/60]: Stacking v38: IMA: avoid label collisions with
       stacked LSMs
     - SAUCE: apparmor3.2.0 [18/60]: Stacking v38: LSM: Use lsmblob in
       security_audit_rule_match
     - SAUCE: apparmor3.2.0 [19/60]: Stacking v38: LSM: Use lsmblob in
       security_kernel_act_as
     - SAUCE: apparmor3.2.0 [20/60]: Stacking v38: LSM: Use lsmblob in
       security_secctx_to_secid
     - SAUCE: apparmor3.2.0 [21/60]: Stacking v38: LSM: Use lsmblob in
       security_secid_to_secctx
     - SAUCE: apparmor3.2.0 [22/60]: Stacking v38: LSM: Use lsmblob in
       security_ipc_getsecid
     - SAUCE: apparmor3.2.0 [23/60]: Stacking v38: LSM: Use lsmblob in
       security_current_getsecid
     - SAUCE: apparmor3.2.0 [24/60]: Stacking v38: LSM: Use lsmblob in
       security_inode_getsecid
     - SAUCE: apparmor3.2.0 [25/60]: Stacking v38: LSM: Use lsmblob in
       security_cred_getsecid
     - SAUCE: apparmor3.2.0 [26/60]: Stacking v38: LSM: Specify which LSM to
       display
     - SAUCE: apparmor3.2.0 [28/60]: Stacking v38: LSM: Ensure the correct LSM
       context releaser
     - SAUCE: apparmor3.2.0 [29/60]: Stacking v38: LSM: Use lsmcontext in
       security_secid_to_secctx
     - SAUCE: apparmor3.2.0 [30/60]: Stacking v38: LSM: Use lsmcontext in
       security_inode_getsecctx
     - SAUCE: apparmor3.2.0 [31/60]: Stacking v38: Use lsmcontext in
       security_dentry_init_security
     - SAUCE: apparmor3.2.0 [32/60]: Stacking v38: LSM: security_secid_to_secctx in
       netlink netfilter
     - SAUCE: apparmor3.2.0 [33/60]: Stacking v38: NET: Store LSM netlabel data in
       a lsmblob
     - SAUCE: apparmor3.2.0 [34/60]: Stacking v38: binder: Pass LSM identifier for
       confirmation
     - SAUCE: apparmor3.2.0 [35/60]: Stacking v38: LSM: security_secid_to_secctx
       module selection
     - SAUCE: apparmor3.2.0 [36/60]: Stacking v38: Audit: Keep multiple LSM data in
       audit_names
     - SAUCE: apparmor3.2.0 [37/60]: Stacking v38: Audit: Create audit_stamp
       structure
     - SAUCE: apparmor3.2.0 [38/60]: Stacking v38: LSM: Add a function to report
       multiple LSMs
     - SAUCE: apparmor3.2.0 [39/60]: Stacking v38: Audit: Allow multiple records in
       an audit_buffer
     - SAUCE: apparmor3.2.0 [40/60]: Stacking v38: Audit: Add record for multiple
       task security contexts
     - SAUCE: apparmor3.2.0 [41/60]: Stacking v38: audit: multiple subject lsm
       values for netlabel
     - SAUCE: apparmor3.2.0 [42/60]: Stacking v38: Audit: Add record for multiple
       object contexts
     - SAUCE: apparmor3.2.0 [43/60]: Stacking v38: netlabel: Use a struct lsmblob
       in audit data
     - SAUCE: apparmor3.2.0 [44/60]: Stacking v38: LSM: Removed scaffolding
       function lsmcontext_init
     - SAUCE: apparmor3.2.0 [45/60]: Stacking v38: AppArmor: Remove the exclusive
       flag
     - SAUCE: apparmor3.2.0 [46/60]: combine common_audit_data and
       apparmor_audit_data
     - SAUCE: apparmor3.2.0 [47/60]: setup slab cache for audit data
     - SAUCE: apparmor3.2.0 [48/60]: rename audit_data->label to
       audit_data->subj_label
     - SAUCE: apparmor3.2.0 [49/60]: pass cred through to audit info.
     - SAUCE: apparmor3.2.0 [50/60]: Improve debug print infrastructure
     - SAUCE: apparmor3.2.0 [51/60]: add the ability for profiles to have a
       learning cache
     - SAUCE: apparmor3.2.0 [52/60]: enable userspace upcall for mediation
     - SAUCE: apparmor3.2.0 [53/60]: cache buffe

1786013 Packaging resync
2036627 Azure: net: mana: Configure hwc timeout from hardware
2028253 update apparmor and LSM stacking patch set
2038567 Disable restricting unprivileged change_profile by default, due to LXD latest/stable not yet compatible with this new apparmor feature
2017903 LSM stacking and AppArmor for 6.2: additional fixes
2016908 udev fails to make prctl() syscall with apparmor=0 (as used by maas by default)
1989983 kinetic: apply new apparmor and LSM stacking patch set
2037398 kexec enable to load/kdump zstd compressed zimg
2036968 Mantic minimized/minimal cloud images do not receive IP address during provisioning; systemd regression with wait-online
2035588 Mantic update: v6.5.3 upstream stable release
2035583 Mantic update: v6.5.2 upstream stable release
2035581 Mantic update: v6.5.1 upstream stable release
2029390 [23.10 FEAT] [SEC2352] pkey: support EP11 API ordinal 6 for secure guests
2028937 [23.10 FEAT] [SEC2341] pkey: support generation of keys of type PKEY_TYPE_EP11_AES
2003674 [23.10 FEAT] KVM: Enable Secure Execution Crypto Passthrough - kernel part
2008882 Remove all other acpi_video backlight interface on Dell AIO platforms
2035163 Avoid address overwrite in kernel_connect
2035306 Include QCA WWAN 5G Qualcomm SDX62/DW5932e support
2029199 NULL pointer dereference on CS35L41 HDA AMP
2021364 Linux 6.2 fails to reboot with current u-boot-nezha
1975592 Enable Nezha board
2013232 Enable StarFive VisionFive 2 board
1967130 rcu_sched detected stalls on CPUs/tasks
1981437 RISC-V kernel config is out of sync with other archs
2034506 Audio device fails to function randomly on Intel MTL platform: No CPC match in the firmware file's manifest
1945989 Check for changes relevant for security certifications
2030525 Installation support for SMARC RZ/G2L platform
2002226 Add support for kernels compiled with CONFIG_EFI_ZBOOT
2034061 Default module signing algo should be accelerated
1993183 NEW SRU rustc linux kernel requirements
2017980 FATAL:credentials.cc(127)] Check failed: . : Permission denied (13)
2032602 [FFe] apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
2034277 Azure: net: mana: Add page pool for RX buffers
2028568 Ship kernel modules Zstd compressed
2016995 Azure: Build-in TDX guest driver
2007654 enable Rust support in the kernel
2028746 Fix UBSAN in Intel EDAC driver
2025265 Remove non-LPAE kernel flavor
2022361 Please enable Renesas RZ platform serial installer
2025195 HDMI output with More than one child device for port B in VBT error
2023629 enable multi-gen LRU by default
2012776 Neuter signing tarballs
2018591 Enable Tracing Configs for OSNOISE and TIMERLAT
2020531 support python \u003c 3.9 with annotations
2020356 generate linux-lib-rust only on amd64
2017444 Computer with Intel Atom CPU will not boot with Kernel 6.2.0-20
2011768 Fix NVME storage with RAID ON disappeared under Dell factory WINPE environment
2015867 Kernel 6.1 bumped the disk consumption on default images by 15%
1685291 RFC: virtio and virtio-scsi should be built in
2015498 Debian autoreconstruct Fix restoration of execute permissions
2007745 [SRU][Jammy] CONFIG_PCI_MESON is not enabled
2016877 Lunar update: v6.2.9 upstream stable release
2016876 Lunar update: v6.2.8 upstream stable release
CVE-2023-31248 Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active a
CVE-2023-35001 Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or
CVE-2023-2640 On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overl ...
CVE-2023-32629 Local privilege escalation vulnerability in Ubuntu Kernels overlayfs o ...
CVE-2023-2612 Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ub ...



About   -   Send Feedback to @ubuntu_updates