UbuntuUpdates.org

Package "linux-oem-5.17-tools-host"

Name: linux-oem-5.17-tools-host

Description:

Linux kernel VM host tools

Latest version: 5.17.0-1035.36
Release: jammy (22.04)
Level: security
Repository: main
Head package: linux-oem-5.17

Links


Download "linux-oem-5.17-tools-host"


Other versions of "linux-oem-5.17-tools-host" in Jammy

Repository Area Version
updates main 5.17.0-1035.36
PPA: Canonical Kernel Team 5.17.0-1033.34

Changelog

Version: 5.17.0-1035.36 2023-07-24 22:07:32 UTC

  linux-oem-5.17 (5.17.0-1035.36) jammy; urgency=medium

  * jammy/linux-oem-5.17: 5.17.0-1035.36 -proposed tracker (LP: #2026457)

  * CVE-2023-2860
    - ipv6: sr: fix out-of-bounds read when setting HMAC data.

  * CVE-2023-35001
    - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

  * CVE-2023-31248
    - netfilter: nf_tables: do not ignore genmask when looking up chain by id

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] update annotations scripts

  * CVE-2022-2663
    - netfilter: nf_conntrack_irc: Fix forged IP logic
    - netfilter: nf_conntrack_irc: Tighten matching on DCC message

  * CVE-2022-47929
    - net: sched: disallow noqueue for qdisc classes

  * CVE-2022-3635
    - atm: idt77252: fix use-after-free bugs caused by tst_timer

 -- Manuel Diewald <email address hidden> Wed, 12 Jul 2023 11:30:23 +0200

Source diff to previous version
1786013 Packaging resync
CVE-2023-2860 ipv6: sr: fix out-of-bounds read when setting HMAC data.
CVE-2023-35001 Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or
CVE-2023-31248 Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active a
CVE-2022-2663 An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall
CVE-2022-47929 In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of
CVE-2022-3635 A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drive

Version: 5.17.0-1034.35 2023-07-06 15:07:07 UTC

  linux-oem-5.17 (5.17.0-1034.35) jammy; urgency=medium

  * jammy/linux-oem-5.17: 5.17.0-1034.35 -proposed tracker (LP: #2023906)

  * CVE-2022-4842
    - fs/ntfs3: Fix attr_punch_hole() null pointer derenference

  * CVE-2023-0597
    - x86/kasan: Map shadow for percpu pages on demand
    - x86/mm: Randomize per-cpu entry area
    - x86/mm: Recompute physical address for every page of per-CPU CEA mapping
    - x86/mm: Populate KASAN shadow for entire per-CPU range of CPU entry area
    - x86/mm: Do not shuffle CPU entry areas without KASLR

  * CVE-2023-2124
    - xfs: verify buffer contents when we skip log replay

  * Some INVLPG implementations can leave Global translations unflushed when
    PCIDs are enabled (LP: #2023220)
    - x86/mm: Avoid incomplete Global INVLPG flushes

  * cls_flower: off-by-one in fl_set_geneve_opt (LP: #2023577)
    - net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

 -- Timo Aaltonen <email address hidden> Wed, 21 Jun 2023 17:37:58 +0300

Source diff to previous version
2023577 cls_flower: off-by-one in fl_set_geneve_opt
CVE-2022-4842 A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the
CVE-2023-0597 A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location o
CVE-2023-2124 An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty l

Version: 5.17.0-1033.34 2023-06-16 09:07:41 UTC

  linux-oem-5.17 (5.17.0-1033.34) jammy; urgency=medium

  * jammy/linux-oem-5.17: 5.17.0-1033.34 -proposed tracker (LP: #2019421)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync getabis
    - [Packaging] update helper scripts

  * CVE-2023-1073
    - HID: check empty report_list in hid_validate_values()

  * CVE-2023-0459
    - uaccess: Add speculation barrier to copy_from_user()

  * CVE-2023-26606
    - fs/ntfs3: Fix slab-out-of-bounds read in ntfs_trim_fs

  * selftest: fib_tests: Always cleanup before exit (LP: #2015956)
    - selftest: fib_tests: Always cleanup before exit

 -- Timo Aaltonen <email address hidden> Fri, 02 Jun 2023 10:25:10 +0300

Source diff to previous version
1786013 Packaging resync
CVE-2023-1073 A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This fl
CVE-2023-0459 Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check a
CVE-2023-26606 In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c.

Version: 5.17.0-1032.33 2023-05-27 23:07:03 UTC

  linux-oem-5.17 (5.17.0-1032.33) jammy; urgency=medium

  * jammy/linux-oem-5.17: 5.17.0-1032.33 -proposed tracker (LP: #2019648)

  * CVE-2023-32233
    - netfilter: nf_tables: deactivate anonymous set from preparation phase

  * CVE-2023-2612
    - SAUCE: shiftfs: prevent lock unbalance in shiftfs_create_object()

  * CVE-2023-1670
    - xirc2ps_cs: Fix use after free bug in xirc2ps_detach

  * CVE-2023-30456
    - KVM: nVMX: add missing consistency checks for CR0 and CR4

  * CVE-2022-4139
    - drm/i915/gt: Serialize TLB invalidates with GT resets
    - drm/i915: fix TLB invalidation for Gen12 video and compute engines

  * net: sched: Fix use after free in red_enqueue() (LP: #2017013)
    - net: sched: Fix use after free in red_enqueue()

  * CVE-2022-3586
    - sch_sfb: Also store skb len before calling child enqueue

 -- Timo Aaltonen <email address hidden> Thu, 18 May 2023 15:53:22 +0300

Source diff to previous version
2017013 net: sched: Fix use after free in red_enqueue()
CVE-2023-32233 In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and
CVE-2023-1670 A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the syst
CVE-2023-30456 An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.
CVE-2022-4139 An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. T
CVE-2022-3586 A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SK

Version: 5.17.0-1031.32 2023-05-10 14:07:26 UTC

  linux-oem-5.17 (5.17.0-1031.32) jammy; urgency=medium

  * jammy/linux-oem-5.17: 5.17.0-1031.32 -proposed tracker (LP: #2016821)

  * CVE-2022-2590
    - SAUCE: Revert "mm/shmem: unconditionally set pte dirty in
      mfill_atomic_install_pte"

  * CVE-2023-23455
    - net: sched: atm: dont intepret cls results when asked to drop

  * CVE-2023-26545
    - net: mpls: fix stale pointer if allocation fails during device rename

  * CVE-2023-1829
    - net/sched: Retire tcindex classifier
    - [Config]: Make sure CONFIG_NET_CLS_TCINDEX is not available

  * CVE-2023-1859
    - 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race
      condition

  * CVE-2022-3303
    - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC

  * CVE-2022-4095
    - staging: rtl8712: fix use after free bugs

  * CVE-2022-4662
    - USB: core: Prevent nested device-reset calls

  * CVE-2022-3586
    - sch_sfb: Don't assume the skb is still around after enqueueing to child

  * CVE-2022-40307
    - efi: capsule-loader: Fix use-after-free in efi_capsule_write

  * CVE-2023-0468
    - io_uring: update res mask in io_poll_check_events
    - io_uring: fix tw losing poll events
    - io_uring: cmpxchg for poll arm refs release
    - io_uring: make poll refs more robust
    - io_uring/poll: fix poll_refs race with cancelation

  * CVE-2023-0386
    - ovl: fail on invalid uid/gid mapping at copy up

  * Miscellaneous Ubuntu changes
    - [Config] Update gcc version

 -- Timo Aaltonen <email address hidden> Tue, 18 Apr 2023 15:16:33 +0300

CVE-2022-2590 A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory
CVE-2023-23455 atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-
CVE-2023-26545 In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a
CVE-2022-3303 A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handli
CVE-2022-4095 A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing
CVE-2022-4662 A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this fla
CVE-2022-3586 A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SK
CVE-2022-40307 An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-fre
CVE-2023-0468 A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition o
CVE-2023-0386 A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s



About   -   Send Feedback to @ubuntu_updates