Package "linux-modules-6.2.0-1021-gcp"
Name: |
linux-modules-6.2.0-1021-gcp
|
Description: |
Linux kernel extra modules for version 6.2.0 on 64 bit x86 SMP
|
Latest version: |
6.2.0-1021.23~22.04.1 |
Release: |
jammy (22.04) |
Level: |
security |
Repository: |
main |
Head package: |
linux-gcp-6.2 |
Links
Download "linux-modules-6.2.0-1021-gcp"
Other versions of "linux-modules-6.2.0-1021-gcp" in Jammy
Changelog
linux-gcp-6.2 (6.2.0-1014.14~22.04.1) jammy; urgency=medium
* jammy/linux-gcp-6.2: 6.2.0-1014.14~22.04.1 -proposed tracker (LP: #2034145)
[ Ubuntu: 6.2.0-1014.14 ]
* lunar/linux-gcp: 6.2.0-1014.14 -proposed tracker (LP: #2034146)
* lunar/linux: 6.2.0-33.33 -proposed tracker (LP: #2034158)
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
* CVE-2023-21264
- KVM: arm64: Prevent unconditional donation of unmapped regions from the host
* CVE-2023-4569
- netfilter: nf_tables: deactivate catchall elements in next generation
* CVE-2023-40283
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
* CVE-2023-20588
- x86/bugs: Increase the x86 bugs vector size to two u32s
- x86/CPU/AMD: Do not leak quotient data after a division by 0
- x86/CPU/AMD: Fix the DIV(0) initial fix attempt
* CVE-2023-4128
- net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-
free
- net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-
free
- net/sched: cls_route: No longer copy tcf_result on update to avoid use-
after-free
-- Khalid Elmously <email address hidden> Sun, 10 Sep 2023 23:35:32 -0400
|
Source diff to previous version |
1786013 |
Packaging resync |
CVE-2023-4569 |
A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to |
CVE-2023-40283 |
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the |
CVE-2023-4128 |
A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local a |
|
linux-gcp-6.2 (6.2.0-1013.13~22.04.1) jammy; urgency=medium
* jammy/linux-gcp-6.2: 6.2.0-1013.13~22.04.1 -proposed tracker (LP: #2030369)
[ Ubuntu: 6.2.0-1013.13 ]
* lunar/linux-gcp: 6.2.0-1013.13 -proposed tracker (LP: #2030370)
* lunar/linux: 6.2.0-32.32 -proposed tracker (LP: #2031134)
* libgnutls report "trap invalid opcode" when trying to install packages over
https (LP: #2031093)
- [Config]: disable CONFIG_GDS_FORCE_MITIGATION
* lunar/linux: 6.2.0-30.30 -proposed tracker (LP: #2030381)
* CVE-2022-40982
- init: Provide arch_cpu_finalize_init()
- x86/cpu: Switch to arch_cpu_finalize_init()
- ARM: cpu: Switch to arch_cpu_finalize_init()
- ia64/cpu: Switch to arch_cpu_finalize_init()
- m68k/cpu: Switch to arch_cpu_finalize_init()
- mips/cpu: Switch to arch_cpu_finalize_init()
- sh/cpu: Switch to arch_cpu_finalize_init()
- sparc/cpu: Switch to arch_cpu_finalize_init()
- um/cpu: Switch to arch_cpu_finalize_init()
- init: Remove check_bugs() leftovers
- init: Invoke arch_cpu_finalize_init() earlier
- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
- x86/init: Initialize signal frame size late
- x86/fpu: Remove cpuinfo argument from init functions
- x86/fpu: Mark init functions __init
- x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build
- x86/xen: Fix secondary processors' FPU initialization
- x86/speculation: Add Gather Data Sampling mitigation
- x86/speculation: Add force option to GDS mitigation
- x86/speculation: Add Kconfig option for GDS
- KVM: Add GDS_NO support to KVM
- Documentation/x86: Fix backwards on/off logic about YMM support
- [Config]: Enable CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and
CONFIG_GDS_FORCE_MITIGATION
* CVE-2023-4015
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
set/chain
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails
- netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
* CVE-2023-3995
- netfilter: nf_tables: disallow rule addition to bound chain via
NFTA_RULE_CHAIN_ID
* CVE-2023-3777
- netfilter: nf_tables: skip bound chain on rule flush
* CVE-2023-3609
- net/sched: cls_u32: Fix reference counter leak leading to overflow
* NULL pointer dereference on CS35L41 HDA AMP (LP: #2029199)
- ASoC: cs35l41: Refactor error release code
- ALSA: cs35l41: Add shared boost feature
- ASoC: dt-bindings: cirrus, cs35l41: Document CS35l41 shared boost
- ALSA: hda: cs35l41: Ensure firmware/tuning pairs are always loaded
- ALSA: hda: cs35l41: Enable Amp High Pass Filter
- ALSA: cs35l41: Use mbox command to enable speaker output for external boost
- ALSA: cs35l41: Poll for Power Up/Down rather than waiting a fixed delay
- ALSA: hda: cs35l41: Check mailbox status of pause command after firmware
load
- ALSA: hda: cs35l41: Ensure we correctly re-sync regmap before system
suspending.
- ALSA: hda: cs35l41: Ensure we pass up any errors during system suspend.
- ALSA: hda: cs35l41: Move Play and Pause into separate functions
- ALSA: hda: hda_component: Add pre and post playback hooks to hda_component
- ALSA: hda: cs35l41: Use pre and post playback hooks
- ALSA: hda: cs35l41: Rework System Suspend to ensure correct call separation
- ALSA: hda: cs35l41: Add device_link between HDA and cs35l41_hda
- ALSA: hda: cs35l41: Ensure amp is only unmuted during playback
* Reboot command powers off the system (LP: #2029332)
- x86/smp: Make stop_other_cpus() more robust
- x86/smp: Dont access non-existing CPUID leaf
* losetup with mknod fails on jammy with kernel 5.15.0-69-generic
(LP: #2015400)
- loop: deprecate autoloading callback loop_probe()
- loop: do not enforce max_loop hard limit by (new) default
* Fix UBSAN in Intel EDAC driver (LP: #2028746)
- EDAC/skx_common: Enable EDAC support for the "near" memory
- EDAC/skx_common: Delete duplicated and unreachable code
- EDAC/i10nm: Add Intel Emerald Rapids server support
- EDAC/i10nm: Make more configurations CPU model specific
- EDAC/i10nm: Add Intel Granite Rapids server support
- EDAC/i10nm: Skip the absent memory controllers
* Make TTY switching possible for NVIDIA when it's boot VGA (LP: #2028749)
- drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers
- video/aperture: use generic code to figure out the vga default device
- drm/aperture: Remove primary argument
- video/aperture: Only kick vgacon when the pdev is decoding vga
- video/aperture: Move vga handling to pci function
- video/aperture: Drop primary argument
- video/aperture: Only remove sysfb on the default vga pci device
- fbdev: Simplify fb_is_primary_device for x86
- video/aperture: Provide a VGA helper for gma500 and internal use
* Fix AMD gpu hang when screen off/on (LP: #2028740)
- drm/amd/display: Keep PHY active for dp config
* Various backlight issues with the 6.0/6.1 kernel (LP: #2023638)
- ACPI: video: Stop trying to use vendor backlight control on laptops from
after ~2012
* FM350(mtk_t7xx) failed to suspend, or early wake while suspending
(LP: #2020743)
- net: wwan: t7xx: Ensure init is completed before system sleep
* Include the MAC address pass through function on RTL8153DD-CG (LP: #2020295)
- r8152: add USB device driver for config selection
* CVE-2023-20593
- x86/cpu/amd: Move the errata checking functionality up
- x86/cpu/amd: Add a Zenbleed fix
* CVE-2023-4004
- netfilter: nft_set_pipapo: fix improper element removal
* CVE-2023-3611
- net/sched: sch_qfq: refactor parsing of netlink parameters
- net/sched: sch_qfq: account for stab overhead in qfq_enqueue
* CVE-2023-3610
- netfilter: nf_tables: fix chain binding transac
|
Source diff to previous version |
2031093 |
libgnutls report \ |
2029199 |
NULL pointer dereference on CS35L41 HDA AMP |
2029332 |
Reboot command powers off the system |
2015400 |
losetup with mknod fails on jammy with kernel 5.15.0-69-generic |
2028746 |
Fix UBSAN in Intel EDAC driver |
2028749 |
Make TTY switching possible for NVIDIA when it's boot VGA |
2028740 |
Fix AMD gpu hang when screen off/on |
2023197 |
Fix speaker volume too low on HP G10 laptops |
2016398 |
stacked overlay file system mounts that have chroot() called against them appear to be getting locked (by the kernel most likely?) |
2026776 |
arm64+ast2600: No Output from BMC's VGA port |
2024273 |
Fix eDP only displays 3/4 area after switching to mirror mode with external HDMI 4K monitor |
2029138 |
cifs: fix mid leak during reconnection after timeout threshold |
2028979 |
Lunar update: upstream stable patchset 2023-07-28 |
2022354 |
sysfs msi_irqs directory empty with kernel-5.19 when being a xen guest |
2028808 |
Lunar update: upstream stable patchset 2023-07-26 |
2028580 |
Lunar update: v6.2.16 upstream stable release |
1786013 |
Packaging resync |
CVE-2022-40982 |
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may al |
CVE-2023-4015 |
netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR |
CVE-2023-3995 |
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2023-4147. |
CVE-2023-3777 |
netfilter: nf_tables: skip bound chain on rule flush |
CVE-2023-20593 |
An issue in \u201cZen 2\u201d CPUs, under specific microarchitectural ... |
CVE-2023-4004 |
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a |
CVE-2023-2898 |
There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user t |
CVE-2023-31084 |
An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNI |
|
linux-gcp-6.2 (6.2.0-1012.12~22.04.1) jammy; urgency=medium
* jammy/linux-gcp-6.2: 6.2.0-1012.12~22.04.1 -proposed tracker (LP: #2030535)
[ Ubuntu: 6.2.0-1012.12 ]
* lunar/linux-gcp: 6.2.0-1012.12 -proposed tracker (LP: #2030536)
* Packaging resync (LP: #1786013)
- [Packaging] resync update-dkms-versions helper
* Miscellaneous Ubuntu changes
- [packaging] Split annotations for GCP into separate file
- [packaging] update configs for updated chroot
* lunar/linux: 6.2.0-31.31 -proposed tracker (LP: #2031146)
* libgnutls report "trap invalid opcode" when trying to install packages over
https (LP: #2031093)
- [Config]: disable CONFIG_GDS_FORCE_MITIGATION
* lunar/linux: 6.2.0-28.29 -proposed tracker (LP: #2030547)
* CVE-2022-40982
- init: Provide arch_cpu_finalize_init()
- x86/cpu: Switch to arch_cpu_finalize_init()
- ARM: cpu: Switch to arch_cpu_finalize_init()
- ia64/cpu: Switch to arch_cpu_finalize_init()
- m68k/cpu: Switch to arch_cpu_finalize_init()
- mips/cpu: Switch to arch_cpu_finalize_init()
- sh/cpu: Switch to arch_cpu_finalize_init()
- sparc/cpu: Switch to arch_cpu_finalize_init()
- um/cpu: Switch to arch_cpu_finalize_init()
- init: Remove check_bugs() leftovers
- init: Invoke arch_cpu_finalize_init() earlier
- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
- x86/init: Initialize signal frame size late
- x86/fpu: Remove cpuinfo argument from init functions
- x86/fpu: Mark init functions __init
- x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build
- x86/xen: Fix secondary processors' FPU initialization
- x86/speculation: Add Gather Data Sampling mitigation
- x86/speculation: Add force option to GDS mitigation
- x86/speculation: Add Kconfig option for GDS
- KVM: Add GDS_NO support to KVM
- Documentation/x86: Fix backwards on/off logic about YMM support
- [Config]: Enable CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and
CONFIG_GDS_FORCE_MITIGATION
* CVE-2023-4015
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
set/chain
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails
- netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
* CVE-2023-3777
- netfilter: nf_tables: skip bound chain on rule flush
* CVE-2023-3995
- netfilter: nf_tables: disallow rule addition to bound chain via
NFTA_RULE_CHAIN_ID
* CVE-2023-20593
- x86/cpu/amd: Move the errata checking functionality up
- x86/cpu/amd: Add a Zenbleed fix
* CVE-2023-3776
- net/sched: cls_fw: Fix improper refcount update leads to use-after-free
* CVE-2023-4004
- netfilter: nft_set_pipapo: fix improper element removal
* CVE-2023-3611
- net/sched: sch_qfq: refactor parsing of netlink parameters
- net/sched: sch_qfq: account for stab overhead in qfq_enqueue
* CVE-2023-3610
- netfilter: nf_tables: fix chain binding transaction logic
* CVE-2023-3609
- net/sched: cls_u32: Fix reference counter leak leading to overflow
-- Khalid Elmously <email address hidden> Mon, 21 Aug 2023 02:54:15 -0400
|
Source diff to previous version |
1786013 |
Packaging resync |
2031093 |
libgnutls report \ |
CVE-2022-40982 |
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may al |
CVE-2023-20593 |
An issue in \u201cZen 2\u201d CPUs, under specific microarchitectural ... |
CVE-2023-4004 |
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a |
|
linux-gcp-6.2 (6.2.0-1011.11~22.04.3) jammy; urgency=medium
* jammy/linux-gcp-6.2: 6.2.0-1011.11~22.04.3 -proposed tracker (LP: #2031901)
* Miscellaneous Ubuntu changes
- [config] Keep sev-guest as built-in by defaults
-- Khalid Elmously <email address hidden> Fri, 18 Aug 2023 07:23:08 -0400
|
Source diff to previous version |
linux-gcp-6.2 (6.2.0-1010.10~22.04.1) jammy; urgency=medium
* jammy/linux-gcp-6.2: 6.2.0-1010.10~22.04.1 -proposed tracker (LP: #2026742)
[ Ubuntu: 6.2.0-1010.10 ]
* lunar/linux-gcp: 6.2.0-1010.10 -proposed tracker (LP: #2026743)
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/s2023.06.12)
* lunar/linux: 6.2.0-26.26 -proposed tracker (LP: #2026753)
* CVE-2023-2640 // CVE-2023-32629
- Revert "UBUNTU: SAUCE: overlayfs: handle idmapped mounts in
ovl_do_(set|remove)xattr"
- Revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for
trusted.overlayfs.* xattrs"
- SAUCE: overlayfs: default to userxattr when mounted from non initial user
namespace
* CVE-2023-35001
- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
* CVE-2023-31248
- netfilter: nf_tables: do not ignore genmask when looking up chain by id
* CVE-2023-3389
- io_uring/poll: serialize poll linked timer start with poll removal
* CVE-2023-3390
- netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
* CVE-2023-3090
- ipvlan:Fix out-of-bounds caused by unclear skb->cb
* CVE-2023-3269
- mm: introduce new 'lock_mm_and_find_vma()' page fault helper
- mm: make the page fault mmap locking killable
- arm64/mm: Convert to using lock_mm_and_find_vma()
- powerpc/mm: Convert to using lock_mm_and_find_vma()
- mips/mm: Convert to using lock_mm_and_find_vma()
- riscv/mm: Convert to using lock_mm_and_find_vma()
- arm/mm: Convert to using lock_mm_and_find_vma()
- mm/fault: convert remaining simple cases to lock_mm_and_find_vma()
- powerpc/mm: convert coprocessor fault to lock_mm_and_find_vma()
- mm: make find_extend_vma() fail if write lock not held
- execve: expand new process stack manually ahead of time
- mm: always expand the stack with the mmap write lock held
- [CONFIG]: Set CONFIG_LOCK_MM_AND_FIND_VMA
-- Khalid Elmously <email address hidden> Tue, 18 Jul 2023 04:04:50 -0400
|
1786013 |
Packaging resync |
CVE-2023-35001 |
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or |
CVE-2023-31248 |
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active a |
CVE-2023-3269 |
A vulnerability exists in the memory management subsystem of the Linux ... |
|
About
-
Send Feedback to @ubuntu_updates