UbuntuUpdates.org

Package "linux-aws-5.15"

Name: linux-aws-5.15

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Header files related to Linux kernel version 5.15.0
  • Header files related to Linux kernel version 5.15.0
  • Header files related to Linux kernel version 5.15.0
  • Header files related to Linux kernel version 5.15.0

Latest version: 5.15.0-1053.58~20.04.1
Release: focal (20.04)
Level: proposed
Repository: main

Links



Other versions of "linux-aws-5.15" in Focal

Repository Area Version
security main 5.15.0-1055.60~20.04.1
updates main 5.15.0-1055.60~20.04.1
PPA: Canonical Kernel Team 5.15.0-1053.58~20.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.15.0-1053.58~20.04.1 2024-01-23 15:11:51 UTC

  linux-aws-5.15 (5.15.0-1053.58~20.04.1) focal; urgency=medium

  * focal/linux-aws-5.15: 5.15.0-1053.58~20.04.1 -proposed tracker
    (LP: #2048286)

  [ Ubuntu: 5.15.0-1053.58 ]

  * jammy/linux-aws: 5.15.0-1053.58 -proposed tracker (LP: #2048287)
  * jammy/linux: 5.15.0-94.104 -proposed tracker (LP: #2048777)
  * [SRU] Duplicate Device_dax ids Created and hence Probing is Failing.
    (LP: #2028158)
    - device-dax: Fix duplicate 'hmem' device registration
  * Add ODM driver f81604 usb-can (LP: #2045387)
    - can: usb: f81604: add Fintek F81604 support
    - [Config] updateconfigs for ODM drivers CONFIG_CAN_F81604
  * Add ODM driver gpio-m058ssan (LP: #2045386)
    - SAUCE: ODM: gpio: add M058SSAN gpio driver
    - [Config] updateconfigs for ODM drivers CONFIG_GPIO_M058SSAN
  * Add ODM driver rtc-pcf85263 (LP: #2045385)
    - SAUCE: ODM: rtc: add PCF85263 RTC driver
    - [Config] updateconfigs for ODM drivers CONFIG_RTC_DRV_PCF85263
  * AppArmor patch for mq-posix interface is missing in jammy (LP: #2045384)
    - SAUCE: (no-up) apparmor: reserve mediation classes
    - SAUCE: (no-up) apparmor: Add fine grained mediation of posix mqueues
  * Packaging resync (LP: #1786013)
    - [Packaging] update annotations scripts
  * jammy/linux: 5.15.0-93.103 -proposed tracker (LP: #2048330)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] remove helper scripts
    - [Packaging] update annotations scripts
    - debian/dkms-versions -- update from kernel-versions (main/2024.01.08)
  * Hotplugging SCSI disk in QEMU VM fails (LP: #2047382)
    - Revert "PCI: acpiphp: Reassign resources on bridge if necessary"
  * CVE-2023-6622
    - netfilter: nf_tables: bail out on mismatching dynset and set expressions
  * CVE-2024-0193
    - netfilter: nf_tables: skip set commit for deleted/destroyed sets
  * CVE-2023-6040
    - netfilter: nf_tables: Reject tables of unsupported family
  * Patches needed for AmpereOne (arm64) (LP: #2044192)
    - clocksource/arm_arch_timer: Add build-time guards for unhandled register
      accesses
    - clocksource/drivers/arm_arch_timer: Drop CNT*_TVAL read accessors
    - clocksource/drivers/arm_arch_timer: Extend write side of timer register
      accessors to u64
    - clocksource/drivers/arm_arch_timer: Move system register timer programming
      over to CVAL
    - clocksource/drivers/arm_arch_timer: Move drop _tval from erratum function
      names
    - clocksource/drivers/arm_arch_timer: Fix MMIO base address vs callback
      ordering issue
    - clocksource/drivers/arm_arch_timer: Move MMIO timer programming over to CVAL
    - clocksource/drivers/arm_arch_timer: Advertise 56bit timer to the core code
    - clocksource/drivers/arm_arch_timer: Work around broken CVAL implementations
    - clocksource/drivers/arm_arch_timer: Remove any trace of the TVAL programming
      interface
    - clocksource/drivers/arm_arch_timer: Drop unnecessary ISB on CVAL programming
    - clocksource/drivers/arm_arch_timer: Fix masking for high freq counters
    - clocksource/drivers/arch_arm_timer: Move workaround synchronisation around
  * Add quirk to disable i915 fastboot on B&R PC (LP: #2047630)
    - SAUCE: i915: force disable fastboot quirk
  * Some machines can't pass the pm-graph test (LP: #2046217)
    - wifi: iwlwifi: pcie: rescan bus if no parent
  * Sound: Add rtl quirk of M90-Gen5 (LP: #2046105)
    - ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5
  * linux tools packages for derived kernels refuse to install simultaneously
    due to libcpupower name collision (LP: #2035971)
    - [Packaging] Statically link libcpupower into cpupower tool
  * [Debian] autoreconstruct - Do not generate chmod -x for deleted files
    (LP: #2045562)
    - [Debian] autoreconstruct - Do not generate chmod -x for deleted files
  * CVE-2023-6931
    - perf/core: Add a new read format to get a number of lost samples
    - perf: Fix perf_event_validate_size()
    - perf: Fix perf_event_validate_size() lockdep splat
  * CVE-2023-6932
    - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
  * CVE-2023-6606
    - smb: client: fix OOB in smbCalcSize()
  * CVE-2023-6817
    - netfilter: nft_set_pipapo: skip inactive elements during set walk
  * Jammy update: v5.15.136 upstream stable release (LP: #2046008)
    - iommu/vt-d: Avoid memory allocation in iommu_suspend()
    - scsi: core: Use a structure member to track the SCSI command submitter
    - scsi: core: Rename scsi_mq_done() into scsi_done() and export it
    - scsi: ib_srp: Call scsi_done() directly
    - RDMA/srp: Do not call scsi_done() from srp_abort()
    - RDMA/cxgb4: Check skb value for failure to allocate
    - perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7
    - of: overlay: Reorder struct fragment fields kerneldoc
    - platform/x86: think-lmi: Fix reference leak
    - platform/x86: hp-wmi:: Mark driver struct with __refdata to prevent section
      mismatch warning
    - lib/test_meminit: fix off-by-one error in test_pages()
    - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
    - quota: Fix slow quotaoff
    - net: prevent address rewrite in kernel_bind()
    - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset
    - KEYS: trusted: allow use of kernel RNG for key material
    - KEYS: trusted: Remove redundant static calls usage
    - drm/msm/dp: do not reinitialize phy unless retry during link training
    - drm/msm/dsi: skip the wait for video mode done if not applicable
    - drm/msm/dsi: fix irq_of_parse_and_map() error checking
    - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow
    - ravb: Fix up dma_free_coherent() call in ravb_remove()
    - ravb: Fix use-after-free issue in ravb_tx_timeout_work()
    - ieee802154: ca8210: Fix a potential UAF in ca8210_probe
    - mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type
    - eth: re

Source diff to previous version
2028158 [SRU] Duplicate Device_dax ids Created and hence Probing is Failing.
2045387 Add ODM driver f81604 usb-can
2045386 Add ODM driver gpio-m058ssan
2045385 Add ODM driver rtc-pcf85263
2045384 AppArmor patch for mq-posix interface is missing in jammy
1786013 Packaging resync
2047382 Hotplugging SCSI disk in QEMU VM fails
2044192 Patches needed for AmpereOne (arm64)
2047630 Add quirk to disable i915 fastboot on B\u0026R PC
2035971 linux tools packages for derived kernels refuse to install simultaneously due to libcpupower name collision
2045562 [Debian] autoreconstruct - Do not generate chmod -x for deleted files
2046008 Jammy update: v5.15.136 upstream stable release
2045809 Jammy update: v5.15.135 upstream stable release
2029405 Change in trace file leads to test timeout in ftrace tests on 5.15 ARM64
2041842 Kernel doesn't compile with CONFIG_IMA
2044023 Jammy update: v5.15.134 upstream stable release
2043422 Jammy update: v5.15.133 upstream stable release
2041702 Jammy update: v5.15.132 upstream stable release
CVE-2023-6622 A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue ma
CVE-2024-0193 A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is r
CVE-2023-6040 An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported
CVE-2023-6931 A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escala
CVE-2023-6932 A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition c
CVE-2023-6606 An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker
CVE-2023-6817 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The func
CVE-2023-46813 An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checki
CVE-2023-6111 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The func
CVE-2023-32252 A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF co
CVE-2023-6176 A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a
CVE-2023-6039 A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel.

Version: 5.15.0-1051.56~20.04.1 2023-11-29 14:06:53 UTC

  linux-aws-5.15 (5.15.0-1051.56~20.04.1) focal; urgency=medium

  * focal/linux-aws-5.15: 5.15.0-1051.56~20.04.1 -proposed tracker
    (LP: #2041560)

  [ Ubuntu: 5.15.0-1051.56 ]

  * jammy/linux-aws: 5.15.0-1051.56 -proposed tracker (LP: #2041561)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync update-dkms-versions helper
  * jammy/linux: 5.15.0-91.101 -proposed tracker (LP: #2043452)
  * USB bus error after upgrading to proposed kernel on lunar and jammy
    (LP: #2043197)
    - USB: core: Fix oversight in SuperSpeed initialization
  * jammy/linux: 5.15.0-90.100 -proposed tracker (LP: #2041603)
  * CVE-2023-25775
    - RDMA/irdma: Remove irdma_uk_mw_bind()
    - RDMA/irdma: Remove irdma_sc_send_lsmm_nostag()
    - RDMA/irdma: Remove irdma_cqp_up_map_cmd()
    - RDMA/irdma: Remove irdma_get_hw_addr()
    - RDMA/irdma: Make irdma_uk_cq_init() return a void
    - RDMA/irdma: optimize rx path by removing unnecessary copy
    - RDMA/irdma: Remove enum irdma_status_code
    - RDMA/irdma: Remove excess error variables
    - RDMA/irdma: Prevent zero-length STAG registration
  * CVE-2023-39189
    - netfilter: nfnetlink_osf: avoid OOB read
  * SMC stats: Wrong bucket calculation for payload of exactly 4096 bytes
    (LP: #2039575)
    - net/smc: Fix pos miscalculation in statistics
  * CVE-2023-45871
    - igb: set max size RX buffer when store bad packet is enabled
  * CVE-2023-39193
    - netfilter: xt_sctp: validate the flag_info count
  * CVE-2023-39192
    - netfilter: xt_u32: validate user space input
  * CVE-2023-31085
    - ubi: Refuse attaching if mtd's erasesize is 0
  * CVE-2023-5717
    - perf: Disallow mis-matched inherited group reads
  * CVE-2023-5178
    - nvmet-tcp: Fix a possible UAF in queue intialization setup
  * CVE-2023-5158
    - vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
  * [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
    (LP: #2033406)
    - [Packaging] Make WWAN driver loadable modules
  * HP ProBook 450 G8 Notebook fail to wifi test (LP: #2037513)
    - iwlwifi: mvm: Don't fail if PPAG isn't supported
    - wifi: iwlwifi: fw: skip PPAG for JF
  * usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439)
    - [Packaging] Make linux-tools-common depend on hwdata
  * scripts/pahole-flags.sh change return to exit 0 (LP: #2035123)
    - SAUCE: scripts/pahole-flags.sh change return to exit 0
  * Unable to use nvme drive to install Ubuntu 23.10 (LP: #2040157)
    - misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to
      probe
  * Jammy update: v5.15.131 upstream stable release (LP: #2039610)
    - erofs: ensure that the post-EOF tails are all zeroed
    - ksmbd: fix wrong DataOffset validation of create context
    - ksmbd: replace one-element array with flex-array member in struct
      smb2_ea_info
    - ARM: pxa: remove use of symbol_get()
    - mmc: au1xmmc: force non-modular build and remove symbol_get usage
    - net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index
    - rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff
    - modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
    - USB: serial: option: add Quectel EM05G variant (0x030e)
    - USB: serial: option: add FOXCONN T99W368/T99W373 product
    - ALSA: usb-audio: Fix init call orders for UAC1
    - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption
    - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0
    - HID: wacom: remove the battery when the EKR is off
    - staging: rtl8712: fix race condition
    - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race
      condition
    - wifi: mt76: mt7921: do not support one stream on secondary antenna only
    - serial: qcom-geni: fix opp vote on shutdown
    - serial: sc16is7xx: fix broken port 0 uart init
    - serial: sc16is7xx: fix bug when first setting GPIO direction
    - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
    - fsi: master-ast-cf: Add MODULE_FIRMWARE macro
    - tcpm: Avoid soft reset when partner does not support get_status
    - nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
    - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
    - pinctrl: amd: Don't show `Invalid config param` errors
    - usb: typec: tcpci: move tcpci.h to include/linux/usb/
    - usb: typec: tcpci: clear the fault status bit
    - Linux 5.15.131
  * Jammy update: v5.15.130 upstream stable release (LP: #2039608)
    - ACPI: thermal: Drop nocrt parameter
    - module: Expose module_init_layout_section()
    - arm64: module-plts: inline linux/moduleloader.h
    - arm64: module: Use module_init_layout_section() to spot init sections
    - ARM: module: Use module_init_layout_section() to spot init sections
    - rcu: Prevent expedited GP from enabling tick on offline CPU
    - rcu-tasks: Fix IPI failure handling in trc_wait_for_one_reader
    - rcu-tasks: Wait for trc_read_check_handler() IPIs
    - rcu-tasks: Add trc_inspect_reader() checks for exiting critical section
    - Linux 5.15.130
  * CVE-2023-42754
    - ipv4: fix null-deref in ipv4_link_failure
  * Jammy update: v5.15.129 upstream stable release (LP: #2039227)
    - NFSv4.2: fix error handling in nfs42_proc_getxattr
    - NFSv4: fix out path in __nfs4_get_acl_uncached
    - xprtrdma: Remap Receive buffers after a reconnect
    - PCI: acpiphp: Reassign resources on bridge if necessary
    - dlm: improve plock logging if interrupted
    - dlm: replace usage of found with dedicated list iterator variable
    - fs: dlm: add pid to debug log
    - fs: dlm: change plock interrupted message to debug again
    - fs: dlm: use dlm_plock_info for do_unlock_close
    - fs: dlm: fix mismatch of plock results from userspace
    - MIPS: cpu-features: Enable octeon_cache by cpu_type
    - MIPS: cpu-features: Use boot_cpu_type for CPU type based features
    

Source diff to previous version
1786013 Packaging resync
2043197 USB bus error after upgrading to proposed kernel on lunar and jammy
2039575 SMC stats: Wrong bucket calculation for payload of exactly 4096 bytes
2033406 [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
2037513 HP ProBook 450 G8 Notebook fail to wifi test
2039439 usbip: error: failed to open /usr/share/hwdata//usb.ids
2035123 scripts/pahole-flags.sh change return to exit 0
2040157 Unable to use nvme drive to install Ubuntu 23.10
2039610 Jammy update: v5.15.131 upstream stable release
2039608 Jammy update: v5.15.130 upstream stable release
2039227 Jammy update: v5.15.129 upstream stable release
2038486 Jammy update: v5.15.128 upstream stable release
2038382 Jammy update: v5.15.127 upstream stable release
CVE-2023-25775 Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentia
CVE-2023-39189 A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num
CVE-2023-45871 An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be ade
CVE-2023-39193 A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local pr
CVE-2023-39192 A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw all
CVE-2023-31085 An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirec
CVE-2023-5178 A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` ...
CVE-2023-5158 A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a d
CVE-2023-42754 A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before c
CVE-2023-37453 An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/us

Version: 5.15.0-1049.54~20.04.1 2023-10-09 14:08:37 UTC

  linux-aws-5.15 (5.15.0-1049.54~20.04.1) focal; urgency=medium

  * focal/linux-aws-5.15: 5.15.0-1049.54~20.04.1 -proposed tracker
    (LP: #2038013)

  [ Ubuntu: 5.15.0-1049.54 ]

  * jammy/linux-aws: 5.15.0-1049.54 -proposed tracker (LP: #2038014)
  * jammy/linux: 5.15.0-88.98 -proposed tracker (LP: #2038055)
  * CVE-2023-4244
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: remove busy mark and gc batch API
    - netfilter: nf_tables: don't fail inserts if duplicate has expired
    - netfilter: nf_tables: fix kdoc warnings after gc rework
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending
    - netfilter: nft_dynset: disallow object maps
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve
  * PCI BARs larger than 128GB are disabled (LP: #2037403)
    - PCI: Support BAR sizes up to 8TB
  * Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
    - ALSA: hda/realtek - ALC287 I2S speaker platform support
  * Check for changes relevant for security certifications (LP: #1945989)
    - [Packaging] Add a new fips-checks script
  * Jammy update: v5.15.126 upstream stable release (LP: #2037593)
    - io_uring: gate iowait schedule on having pending requests
    - perf: Fix function pointer case
    - net/mlx5: Free irqs only on shutdown callback
    - arm64: errata: Add workaround for TSB flush failures
    - arm64: errata: Add detection for TRBE write to out-of-range
    - [Config] updateconfigs for ARM64_ERRATUM_ and
      ARM64_WORKAROUND_TSB_FLUSH_FAILURE
    - iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
    - iommu/arm-smmu-v3: Document MMU-700 erratum 2812531
    - iommu/arm-smmu-v3: Add explicit feature for nesting
    - iommu/arm-smmu-v3: Document nesting-related errata
    - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux
    - word-at-a-time: use the same return type for has_zero regardless of
      endianness
    - KVM: s390: fix sthyi error handling
    - wifi: cfg80211: Fix return value in scan logic
    - net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
    - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
    - bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing
    - rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length
    - net: dsa: fix value check in bcm_sf2_sw_probe()
    - perf test uprobe_from_different_cu: Skip if there is no gcc
    - net: sched: cls_u32: Fix match key mis-addressing
    - mISDN: hfcpci: Fix potential deadlock on &hc->lock
    - qed: Fix kernel-doc warnings
    - qed: Fix scheduling in a tasklet while getting stats
    - net: annotate data-races around sk->sk_max_pacing_rate
    - net: add missing READ_ONCE(sk->sk_rcvlowat) annotation
    - net: add missing READ_ONCE(sk->sk_sndbuf) annotation
    - net: add missing READ_ONCE(sk->sk_rcvbuf) annotation
    - net: add missing data-race annotations around sk->sk_peek_off
    - net: add missing data-race annotation for sk_ll_usec
    - net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX.
    - bpf, cpumap: Handle skb as well when clean up ptr_ring
    - bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire
    - net: ll_temac: Switch to use dev_err_probe() helper
    - net: ll_temac: fix error checking of irq_of_parse_and_map()
    - net: korina: handle clk prepare error in korina_probe()
    - net: netsec: Ignore 'phy-mode' on SynQuacer in DT mode
    - net: dcb: choose correct policy to parse DCB_ATTR_BCN
    - s390/qeth: Don't call dev_close/dev_open (DOWN/UP)
    - ip6mr: Fix skb_under_panic in ip6mr_cache_report()
    - vxlan: Fix nexthop hash size
    - net/mlx5: fs_core: Make find_closest_ft more generic
    - net/mlx5: fs_core: Skip the FTs in the same FS_TYPE_PRIO_CHAINS fs_prio
    - prestera: fix fallback to previous version on same major version
    - tcp_metrics: fix addr_same() helper
    - tcp_metrics: annotate data-races around tm->tcpm_stamp
    - tcp_metrics: annotate data-races around tm->tcpm_lock
    - tcp_metrics: annotate data-races around tm->tcpm_vals[]
    - tcp_metrics: annotate data-races around tm->tcpm_net
    - tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
    - scsi: zfcp: Defer fc_rport blocking until after ADISC response
    - scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices
    - libceph: fix potential hang in ceph_osdc_notify()
    - USB: zaurus: Add ID for A-300/B-500/C-700
    - ceph: defer stopping mdsc delayed_work
    - firmware: arm_scmi: Drop OF node reference in the transport channel setup
    - exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree
    - exfat: release s_lock before calling dir_emit()
    - mtd: spinand: toshiba: Fix ecc_get_status
    - mtd: rawnand: meson: fix OOB available bytes for ECC
    - arm64: dts: stratix10: fix incorrect I2C property for SCL signal
    - wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC)
    - rbd: prevent busy loop when requesting exclusive lock
    - bpf: Disable preemption in bpf_event_output
    - open: make RESOLVE_CACHED correctly test for O_TMPFILE
    - drm/ttm: check null pointer

Source diff to previous version
2037403 PCI BARs larger than 128GB are disabled
2037077 Fix unstable audio at low levels on Thinkpad P1G4
1945989 Check for changes relevant for security certifications
2037593 Jammy update: v5.15.126 upstream stable release
2036843 Jammy update: v5.15.125 upstream stable release
2035163 Avoid address overwrite in kernel_connect
2035166 NULL Pointer Dereference During KVM MMU Page Invalidation
2034479 Fix suspend hang on Lenovo workstation
2034745 [regression] Unable to initialize SGX enclaves with XFRM other than 3
2035400 Jammy update: v5.15.124 upstream stable release
2034612 Jammy update: v5.15.123 upstream stable release
1786013 Packaging resync
CVE-2023-42756 A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic
CVE-2023-42755 wild pointer access in rsvp classifer in the Linux kernel
CVE-2023-42753 An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->n
CVE-2023-42752 integer overflows in kmalloc_reserve()
CVE-2023-4881 ** REJECT ** CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.
CVE-2023-31083 An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSET
CVE-2023-3772 A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADM

Version: 5.15.0-1047.52~20.04.1 2023-09-23 02:06:53 UTC

  linux-aws-5.15 (5.15.0-1047.52~20.04.1) focal; urgency=medium

  * focal/linux-aws-5.15: 5.15.0-1047.52~20.04.1 -proposed tracker
    (LP: #2036532)

  [ Ubuntu: 5.15.0-1047.52 ]

  * jammy/linux-aws: 5.15.0-1047.52 -proposed tracker (LP: #2036533)
  * jammy/linux: 5.15.0-86.96 -proposed tracker (LP: #2036575)
  * 5.15.0-85 live migration regression (LP: #2036675)
    - Revert "KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES"
    - Revert "x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0"
  * Regression for ubuntu_bpf test build on Jammy 5.15.0-85.95 (LP: #2035181)
    - selftests/bpf: fix static assert compilation issue for test_cls_*.c
  * `refcount_t: underflow; use-after-free.` on hidon w/ 5.15.0-85-generic
    (LP: #2034447)
    - crypto: rsa-pkcs1pad - Use helper to set reqsize

Source diff to previous version
2036675 5.15.0-85 live migration regression
2035181 Regression for ubuntu_bpf test build on Jammy 5.15.0-85.95
2034447 `refcount_t: underflow; use-after-free.` on hidon w/ 5.15.0-85-generic

Version: 5.15.0-1046.51~20.04.1 2023-09-09 14:06:59 UTC

  linux-aws-5.15 (5.15.0-1046.51~20.04.1) focal; urgency=medium

  * focal/linux-aws-5.15: 5.15.0-1046.51~20.04.1 -proposed tracker
    (LP: #2033781)

  [ Ubuntu: 5.15.0-1046.51 ]

  * jammy/linux-aws: 5.15.0-1046.51 -proposed tracker (LP: #2033782)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * jammy/linux: 5.15.0-85.95 -proposed tracker (LP: #2033821)
  * Please enable Renesas RZ platform serial installer (LP: #2022361)
    - [Config] enable hihope RZ/G2M serial console
    - [Config] Mark sh-sci as built-in
  * Request backport of xen timekeeping performance improvements (LP: #2033122)
    - x86/xen/time: prefer tsc as clocksource when it is invariant
  * kdump doesn't work with UEFI secure boot and kernel lockdown enabled on
    ARM64 (LP: #2033007)
    - [Config]: Enable CONFIG_KEXEC_IMAGE_VERIFY_SIG
    - kexec, KEYS: make the code in bzImage64_verify_sig generic
    - arm64: kexec_file: use more system keyrings to verify kernel image signature
  * ubuntu_kernel_selftests:net:vrf-xfrm-tests.sh: 8 failed test cases on
    jammy/fips (LP: #2019880)
    - selftests: net: vrf-xfrm-tests: change authentication and encryption algos
  * ubuntu_kernel_selftests:net:tls: 88 failed test cases on jammy/fips
    (LP: #2019868)
    - selftests/harness: allow tests to be skipped during setup
    - selftests: net: tls: check if FIPS mode is enabled
  * A general-proteciton exception during guest migration to unsupported PKRU
    machine (LP: #2032164)
    - x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0
    - KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES
  * CVE-2023-4569
    - netfilter: nf_tables: deactivate catchall elements in next generation
  * CVE-2023-20569
    - x86/cpu, kvm: Add support for CPUID_80000021_EAX
    - x86/srso: Add a Speculative RAS Overflow mitigation
    - x86/srso: Add IBPB_BRTYPE support
    - x86/srso: Add SRSO_NO support
    - x86/srso: Add IBPB
    - x86/srso: Add IBPB on VMEXIT
    - x86/srso: Fix return thunks in generated code
    - x86/srso: Tie SBPB bit setting to microcode patch detection
    - x86: fix backwards merge of GDS/SRSO bit
    - x86/srso: Fix build breakage with the LLVM linker
    - x86/cpu: Fix __x86_return_thunk symbol type
    - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk()
    - x86/alternative: Make custom return thunk unconditional
    - objtool: Add frame-pointer-specific function ignore
    - x86/ibt: Add ANNOTATE_NOENDBR
    - x86/cpu: Clean up SRSO return thunk mess
    - x86/cpu: Rename original retbleed methods
    - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1
    - x86/cpu: Cleanup the untrain mess
    - x86/srso: Explain the untraining sequences a bit more
    - x86/static_call: Fix __static_call_fixup()
    - x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()
    - x86/srso: Disable the mitigation on unaffected configurations
    - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG
    - objtool/x86: Fixup frame-pointer vs rethunk
    - x86/srso: Correct the mitigation status when SMT is disabled
    - objtool/x86: Fix SRSO mess
    - Ubuntu: [Config]: enable Speculative Return Stack Overflow mitigation
  * Fix unreliable ethernet cable detection on I219 NIC (LP: #2028122)
    - e1000e: Use PME poll to circumvent unreliable ACPI wake
  * Need to get fine-grained control for FAN(TFN) Participant. (LP: #2031333)
    - ACPI: fan: Separate file for attributes creation
    - ACPI: fan: Optimize struct acpi_fan_fif
    - ACPI: fan: Properly handle fine grain control
    - ACPI: fan: Add additional attributes for fine grain control
  * [SRU][Ubuntu 22.04.1] Unable to interpret the frequency values in
    cpuinfo_min_freq and cpuino_max_freq sysfs files. (LP: #2030924)
    - cpufreq: intel_pstate: Fix scaling for hybrid-capable
  * CVE-2023-40283
    - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
  * CVE-2023-20588
    - x86/bugs: Increase the x86 bugs vector size to two u32s
    - x86/CPU/AMD: Do not leak quotient data after a division by 0
    - x86/CPU/AMD: Fix the DIV(0) initial fix attempt
  * CVE-2023-4194
    - net: tun_chr_open(): set sk_uid from current_fsuid()
    - net: tap_open(): set sk_uid from current_fsuid()
  * CVE-2023-4155
    - KVM: SEV: Refactor out sev_es_state struct
    - KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary
    - KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure
    - KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors
    - KVM: SEV: snapshot the GHCB before accessing it
    - KVM: SEV: only access GHCB fields once
  * CVE-2023-1206
    - tcp: Reduce chance of collisions in inet6_hashfn().
  * Crashing with CPU soft lock on GA kernel 5.15.0.79.76 and HWE kernel
    5.19.0-46.47-22.04.1 (LP: #2032176)
    - Revert "KVM: x86: enable TDP MMU by default"
  * Jammy update: v5.15.122 upstream stable release (LP: #2032690)
    - Linux 5.15.122
    - Upstream stable to v5.15.122
  * Jammy update: v5.15.121 upstream stable release (LP: #2032689)
    - netfilter: nf_tables: drop map element references from preparation phase
    - fs: pipe: reveal missing function protoypes
    - x86/resctrl: Only show tasks' pid in current pid namespace
    - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
    - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
    - md/raid10: fix overflow of md/safe_mode_delay
    - md/raid10: fix wrong setting of max_corr_read_errors
    - md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
    - md/raid10: fix io loss while replacement replace rdev
    - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
    - svcrdma: Prevent page release when nothing was received
    - posix-timers: Prevent RT livelock in itimer_delete()
    - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode().
    - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
  

1786013 Packaging resync
2022361 Please enable Renesas RZ platform serial installer
2033122 Request backport of xen timekeeping performance improvements
2033007 kdump doesn't work with UEFI secure boot and kernel lockdown enabled on ARM64
2019880 ubuntu_kernel_selftests:net:vrf-xfrm-tests.sh: 8 failed test cases on jammy/fips
2019868 ubuntu_kernel_selftests:net:tls: 88 failed test cases on jammy/fips
2032164 A general-proteciton exception during guest migration to unsupported PKRU machine
2028122 Fix unreliable ethernet cable detection on I219 NIC
2031333 Need to get fine-grained control for FAN(TFN) Participant.
2030924 [SRU][Ubuntu 22.04.1] Unable to interpret the frequency values in cpuinfo_min_freq and cpuino_max_freq sysfs files.
2032176 Crashing with CPU soft lock on GA kernel 5.15.0.79.76 and HWE kernel 5.19.0-46.47-22.04.1
2032690 Jammy update: v5.15.122 upstream stable release
2032689 Jammy update: v5.15.121 upstream stable release
2032688 Jammy update: v5.15.120 upstream stable release
2032683 Jammy update: v5.15.119 upstream stable release
2030239 Jammy update: v5.15.118 upstream stable release
2030107 Jammy update: v5.15.117 upstream stable release
CVE-2023-4569 A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to
CVE-2023-40283 An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the
CVE-2023-4194 A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized acc
CVE-2023-1206 A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN floo
CVE-2023-4273 A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, wh
CVE-2023-4128 A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local a
CVE-2023-3863 A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special



About   -   Send Feedback to @ubuntu_updates