UbuntuUpdates.org

Package "linux-hwe-6.8-cloud-tools-6.8.0-51"

Name: linux-hwe-6.8-cloud-tools-6.8.0-51

Description:

Linux kernel version specific cloud tools for version 6.8.0-51

Latest version: 6.8.0-51.52~22.04.1
Release: jammy (22.04)
Level: security
Repository: main
Head package: linux-hwe-6.8

Links


Download "linux-hwe-6.8-cloud-tools-6.8.0-51"


Other versions of "linux-hwe-6.8-cloud-tools-6.8.0-51" in Jammy

Repository Area Version
updates main 6.8.0-51.52~22.04.1

Changelog

Version: 6.8.0-45.45~22.04.1 2024-09-23 13:07:03 UTC

  linux-hwe-6.8 (6.8.0-45.45~22.04.1) jammy; urgency=medium

  * jammy/linux-hwe-6.8: 6.8.0-45.45~22.04.1 -proposed tracker (LP: #2078099)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.hwe-6.8/dkms-versions -- update from kernel-versions
      (main/s2024.08.05)

  [ Ubuntu: 6.8.0-45.45 ]

  * noble/linux: 6.8.0-45.45 -proposed tracker (LP: #2078100)
  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/s2024.08.05)
  * Noble update: upstream stable patchset 2024-08-09 (LP: #2076435) //
    CVE-2024-41009
    - bpf: Fix overrunning reservations in ringbuf
  * CVE-2024-42160
    - f2fs: check validation of fault attrs in f2fs_build_fault_attr()
    - f2fs: Add inline to f2fs_build_fault_attr() stub
  * Noble update: upstream stable patchset 2024-08-22 (LP: #2077600) //
    CVE-2024-42224
    - net: dsa: mv88e6xxx: Correct check for empty list
  * Noble update: upstream stable patchset 2024-08-22 (LP: #2077600) //
    CVE-2024-42154
    - tcp_metrics: validate source addr length
  * CVE-2024-42228
    - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc
  * CVE-2024-42159
    - scsi: mpi3mr: Sanitise num_phys

 -- Stefan Bader <email address hidden> Wed, 11 Sep 2024 15:33:32 +0200

Source diff to previous version
1786013 Packaging resync
2076435 Noble update: upstream stable patchset 2024-08-09
2077600 Noble update: upstream stable patchset 2024-08-22
CVE-2024-41009 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is
CVE-2024-42160 In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fs_build_fault_attr() - It missed to
CVE-2024-42224 In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 ("n
CVE-2024-42154 In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP
CVE-2024-42228 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc In
CVE-2024-42159 In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitise num_phys Information is stored in mr_sas_port->phy_mask,

Version: 6.8.0-40.40~22.04.3 2024-08-14 11:07:05 UTC

  linux-hwe-6.8 (6.8.0-40.40~22.04.3) jammy; urgency=medium

  * jammy/linux-hwe-6.8: 6.8.0-40.40~22.04.3 -proposed tracker (LP: #2075181)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.hwe-6.8/dkms-versions -- update from kernel-versions
      (main/2024.07.08)

  * Linux 6.8 fails to boot on ARM64 if any param is more than 146 chars
    (LP: #2069534)
    - SAUCE: arm64: v6.8: cmdline param >= 146 chars kills kernel

  * revert support for arbitrary symbol length in modversion in hwe kernels
    (LP: #2039010)
    - Revert "UBUNTU: SAUCE: modpost: Replace 0-length array with flex-array
      member"
    - Revert "UBUNTU: SAUCE: allows to enable Rust with modversions"
    - Revert "UBUNTU: SAUCE: modpost: support arbitrary symbol length in
      modversion"

Source diff to previous version
1786013 Packaging resync
2069534 Linux 6.8 fails to boot on ARM64 if any param is more than 146 chars
2039010 revert support for arbitrary symbol length in modversion in hwe kernels

Version: 6.8.0-39.39~22.04.1 2024-07-29 23:07:07 UTC

  linux-hwe-6.8 (6.8.0-39.39~22.04.1) jammy; urgency=medium

  * jammy/linux-hwe-6.8: 6.8.0-39.39~22.04.1 -proposed tracker (LP: #2071982)

  [ Ubuntu: 6.8.0-39.39 ]

  * noble/linux: 6.8.0-39.39 -proposed tracker (LP: #2071983)
  * CVE-2024-25742
    - x86/sev: Harden #VC instruction emulation somewhat
    - x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler
  * Noble update: v6.8.9 upstream stable release (LP: #2070337) //
    CVE-2024-35984
    - i2c: smbus: fix NULL function pointer dereference
  * Noble update: v6.8.9 upstream stable release (LP: #2070337) //
    CVE-2024-35990
    - dma: xilinx_dpdma: Fix locking
  * Noble update: v6.8.9 upstream stable release (LP: #2070337) //
    CVE-2024-35997
    - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
  * CVE-2024-36016
    - tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
  * CVE-2024-36008
    - ipv4: check for NULL idev in ip_route_use_hint()
  * CVE-2024-35992
    - phy: marvell: a3700-comphy: Fix out of bounds read

 -- Stefan Bader <email address hidden> Wed, 10 Jul 2024 15:42:33 +0200

Source diff to previous version
2070337 Noble update: v6.8.9 upstream stable release
CVE-2024-25742 In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This
CVE-2024-35984 In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when
CVE-2024-35990 In the Linux kernel, the following vulnerability has been resolved: dma: xilinx_dpdma: Fix locking There are several places where either chan->lock
CVE-2024-35997 In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_
CVE-2024-36016 In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following
CVE-2024-36008 In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a N
CVE-2024-35992 In the Linux kernel, the following vulnerability has been resolved: phy: marvell: a3700-comphy: Fix out of bounds read There is an out of bounds re

Version: 6.8.0-38.38~22.04.1 2024-07-19 00:07:15 UTC

  linux-hwe-6.8 (6.8.0-38.38~22.04.1) jammy; urgency=medium

  * jammy/linux-hwe-6.8: 6.8.0-38.38~22.04.1 -proposed tracker (LP: #2068734)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.hwe-6.8/dkms-versions -- update from kernel-versions
      (main/2024.06.10)

  * Noble update: v6.8.7 upstream stable release (LP: #2065912)
    - [Config] hwe-6.8: Change BHI mitigation to always enabled

  [ Ubuntu: 6.8.0-38.38 ]

  * noble/linux: 6.8.0-38.38 -proposed tracker (LP: #2068318)
  * race_sched in ubuntu_stress_smoke_test will cause kernel panic on 6.8 with
    Azure Standard_A2_v2 instance (LP: #2068024)
    - sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()
  * Noble: btrfs: re-introduce 'norecovery' mount option (LP: #2068591)
    - btrfs: re-introduce 'norecovery' mount option
  * Fix system hang while entering suspend with AMD Navi3x graphics
    (LP: #2063417)
    - drm/amdgpu/mes: fix use-after-free issue
  * Noble update: v6.8.8 upstream stable release (LP: #2068087)
    - io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64()
      failure
    - drm/i915/cdclk: Fix voltage_level programming edge case
    - Revert "vmgenid: emit uevent when VMGENID updates"
    - SUNRPC: Fix rpcgss_context trace event acceptor field
    - selftests/ftrace: Limit length in subsystem-enable tests
    - random: handle creditable entropy from atomic process context
    - scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING
    - net: usb: ax88179_178a: avoid writing the mac address before first reading
    - btrfs: do not wait for short bulk allocation
    - btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer
    - r8169: fix LED-related deadlock on module removal
    - r8169: add missing conditional compiling for call to r8169_remove_leds
    - scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5
    - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
    - netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
    - netfilter: br_netfilter: skip conntrack input hook for promisc packets
    - netfilter: nft_set_pipapo: constify lookup fn args where possible
    - netfilter: nft_set_pipapo: walk over current view on netlink dump
    - netfilter: flowtable: validate pppoe header
    - netfilter: flowtable: incorrect pppoe tuple
    - af_unix: Call manage_oob() for every skb in unix_stream_read_generic().
    - af_unix: Don't peek OOB data without MSG_OOB.
    - net: sparx5: flower: fix fragment flags handling
    - net/mlx5: Lag, restore buckets number to default after hash LAG deactivation
    - net/mlx5: Restore mistakenly dropped parts in register devlink flow
    - net/mlx5e: Prevent deadlock while disabling aRFS
    - net: change maximum number of UDP segments to 128
    - octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation
    - selftests/tcp_ao: Make RST tests less flaky
    - selftests/tcp_ao: Zero-init tcp_ao_info_opt
    - selftests/tcp_ao: Fix fscanf() call for format-security
    - selftests/tcp_ao: Printing fixes to confirm with format-security
    - net: stmmac: Apply half-duplex-less constraint for DW QoS Eth only
    - net: stmmac: Fix max-speed being ignored on queue re-init
    - net: stmmac: Fix IP-cores specific MAC capabilities
    - ice: tc: check src_vsi in case of traffic from VF
    - ice: tc: allow zero flags in parsing tc flower
    - ice: Fix checking for unsupported keys on non-tunnel device
    - tun: limit printing rate when illegal packet received by tun dev
    - net: dsa: mt7530: fix mirroring frames received on local port
    - net: dsa: mt7530: fix port mirroring for MT7988 SoC switch
    - s390/ism: Properly fix receive message buffer allocation
    - netfilter: nf_tables: missing iterator type in lookup walk
    - netfilter: nf_tables: restore set elements when delete set fails
    - gpiolib: swnode: Remove wrong header inclusion
    - netfilter: nf_tables: fix memleak in map from abort path
    - net/sched: Fix mirred deadlock on device recursion
    - net: ethernet: mtk_eth_soc: fix WED + wifi reset
    - ravb: Group descriptor types used in Rx ring
    - net: ravb: Count packets instead of descriptors in R-Car RX path
    - net: ravb: Allow RX loop to move past DMA mapping errors
    - net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them
    - NFSD: fix endianness issue in nfsd4_encode_fattr4
    - RDMA/rxe: Fix the problem "mutex_destroy missing"
    - RDMA/cm: Print the old state when cm_destroy_id gets timeout
    - RDMA/mlx5: Fix port number for counter query in multi-port configuration
    - perf annotate: Make sure to call symbol__annotate2() in TUI
    - perf lock contention: Add a missing NULL check
    - s390/qdio: handle deferred cc1
    - s390/cio: fix race condition during online processing
    - iommufd: Add missing IOMMUFD_DRIVER kconfig for the selftest
    - iommufd: Add config needed for iommufd_fail_nth
    - drm: nv04: Fix out of bounds access
    - drm/v3d: Don't increment `enabled_ns` twice
    - userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE
    - thunderbolt: Introduce tb_port_reset()
    - thunderbolt: Introduce tb_path_deactivate_hop()
    - thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4
      routers
    - thunderbolt: Reset topology created by the boot firmware
    - drm/panel: visionox-rm69299: don't unregister DSI device
    - drm/radeon: make -fstrict-flex-arrays=3 happy
    - ALSA: hda/realtek: Fix volumn control of ThinkBook 16P Gen4
    - thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up()
    - platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes
    - interconnect: qcom: x1e80100: Remove inexistent ACV_PERF BCM
    - interconnect: Don't access req_list while it's being manipulated
    - clk: Remove prepare_lock hold assertion in __clk_release()
    - clk: Initialize struct clk_core kref earlier
    - clk: Get ru

1786013 Packaging resync
2065912 Noble update: v6.8.7 upstream stable release
2068024 race_sched in ubuntu_stress_smoke_test will cause kernel panic on 6.8 with Azure Standard_A2_v2 instance
2068591 Noble: btrfs: re-introduce 'norecovery' mount option
2068087 Noble update: v6.8.8 upstream stable release
2064689 Fix inaudible HDMI/DP audio on USB-C MST dock
2066332 net:fib_rule_tests.sh in ubuntu_kselftests_net fails on Noble
2037688 Pull-request to address TPM bypass issue
2064508 re-enable Ubuntu FAN in the Noble kernel
1470091 update for V3 kernel bits and improved multiple fan slice support
2045560 TCP memory leak, slow network (arm64)
2046315 oem-6.5: disable psr2 for some panels according to edid
2061040 I2C HID device sometimes fails to initialize causing touchpad to not work
2065376 [X13s] Fingerprint reader is not working
2065899 Noble update: v6.8.6 upstream stable release
2065400 Noble update: v6.8.5 upstream stable release
CVE-2024-26926 In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("bin
CVE-2024-26922 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verif
CVE-2024-26924 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with



About   -   Send Feedback to @ubuntu_updates