UbuntuUpdates.org

Package "linux-image-unsigned-6.8.0-49-generic"

Name: linux-image-unsigned-6.8.0-49-generic

Description:

Linux kernel image for version 6.8.0 on 64 bit x86 SMP

Latest version: 6.8.0-49.49
Release: noble (24.04)
Level: security
Repository: main
Head package: linux

Links


Download "linux-image-unsigned-6.8.0-49-generic"


Other versions of "linux-image-unsigned-6.8.0-49-generic" in Noble

Repository Area Version
updates main 6.8.0-49.49

Changelog

Version: 6.8.0-41.41 2024-08-21 14:08:52 UTC

  linux (6.8.0-41.41) noble; urgency=medium

  * noble/linux: 6.8.0-41.41 -proposed tracker (LP: #2075611)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/s2024.07.08)

  * md: nvme over tcp with a striped underlying md raid device leads to data
    corruption (LP: #2075110)
    - md/md-bitmap: fix writing non bitmap pages

  * Linux 6.8 fails to boot on ARM64 if any param is more than 146 chars
    (LP: #2069534)
    - SAUCE: arm64: v6.8: cmdline param >= 146 chars kills kernel

  * CVE-2024-39484
    - mmc: davinci: Don't strip remove function when driver is builtin

  * CVE-2024-39292
    - um: Add winch to winch_handlers before registering winch IRQ

 -- Manuel Diewald <email address hidden> Fri, 02 Aug 2024 16:15:19 +0200

Source diff to previous version
1786013 Packaging resync
2075110 md: nvme over tcp with a striped underlying md raid device leads to data corruption
2069534 Linux 6.8 fails to boot on ARM64 if any param is more than 146 chars
CVE-2024-39484 In the Linux kernel, the following vulnerability has been resolved: mmc: davinci: Don't strip remove function when driver is builtin Using __exit f
CVE-2024-39292 In the Linux kernel, the following vulnerability has been resolved: um: Add winch to winch_handlers before registering winch IRQ Registering a winc

Version: 6.8.0-40.40 2024-08-08 17:07:26 UTC

  linux (6.8.0-40.40) noble; urgency=medium

  * noble/linux: 6.8.0-40.40 -proposed tracker (LP: #2072201)

  * FPS of glxgear with fullscreen is too low on MTL platform (LP: #2069380)
    - drm/i915: Bypass LMEMBAR/GTTMMADR for MTL stolen memory access

  * a critical typo in the code managing the ASPM settings for PCI Express
    devices (LP: #2071889)
    - PCI/ASPM: Restore parent state to parent, child state to child

  * [UBUNTU 24.04] IOMMU DMA mode changed in kernel config causes massive
    throughput degradation for PCI-related network workloads (LP: #2071471)
    - [Config] Set IOMMU_DEFAULT_DMA_STRICT=n and IOMMU_DEFAULT_DMA_LAZY=yes for
      s390x

  * UBSAN: array-index-out-of-bounds in
    /build/linux-D15vQj/linux-6.5.0/drivers/md/bcache/bset.c:1098:3
    (LP: #2039368)
    - bcache: fix variable length array abuse in btree_iter

  * Mute/mic LEDs and speaker no function on EliteBook 645/665 G11
    (LP: #2071296)
    - ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook 645/665
      G11.

  * failed to enable IPU6 camera sensor on kernel >= 6.8: ivsc_ace
    intel_vsc-5db76cf6-0a68-4ed6-9b78-0361635e2447: switch camera to host
    failed: -110 (LP: #2067364)
    - mei: vsc: Don't stop/restart mei device during system suspend/resume
    - SAUCE: media: ivsc: csi: don't count privacy on as error
    - SAUCE: media: ivsc: csi: add separate lock for v4l2 control handler
    - SAUCE: media: ivsc: csi: remove privacy status in struct mei_csi
    - SAUCE: mei: vsc: Enhance IVSC chipset stability during warm reboot
    - SAUCE: mei: vsc: Enhance SPI transfer of IVSC rom
    - SAUCE: mei: vsc: Utilize the appropriate byte order swap function
    - SAUCE: mei: vsc: Prevent timeout error with added delay post-firmware
      download

  * failed to probe camera sensor on Dell XPS 9315: ov01a10 i2c-OVTI01A0:00:
    failed to check hwcfg: -22 (LP: #2070251)
    - ACPI: utils: Make acpi_handle_path() not static
    - ACPI: property: Ignore bad graph port nodes on Dell XPS 9315
    - ACPI: property: Polish ignoring bad data nodes
    - ACPI: scan: Ignore camera graph port nodes on all Dell Tiger, Alder and
      Raptor Lake models

  * Update amd_sfh for AMD strix series (LP: #2058331)
    - HID: amd_sfh: Increase sensor command timeout
    - HID: amd_sfh: Improve boot time when SFH is available
    - HID: amd_sfh: Extend MP2 register access to SFH
    - HID: amd_sfh: Set the AMD SFH driver to depend on x86

  * RFIM and SAGV Linux Support for G10 models (LP: #2070158)
    - drm/i915/display: Add meaningful traces for QGV point info error handling
    - drm/i915/display: Extract code required to calculate max qgv/psf gv point
    - drm/i915/display: extract code to prepare qgv points mask
    - drm/i915/display: Disable SAGV on bw init, to force QGV point recalculation
    - drm/i915/display: handle systems with duplicate psf gv points
    - drm/i915/display: force qgv check after the hw state readout

  * Update amd-pmf for AMD strix series (LP: #2058330)
    - platform/x86/amd/pmf: Differentiate PMF ACPI versions
    - platform/x86/amd/pmf: Disable debugfs support for querying power thermals
    - platform/x86/amd/pmf: Add support to get sbios requests in PMF driver
    - platform/x86/amd/pmf: Add support to notify sbios heart beat event
    - platform/x86/amd/pmf: Add support to get APTS index numbers for static
      slider
    - platform/x86/amd/pmf: Add support to get sps default APTS index values
    - platform/x86/amd/pmf: Update sps power thermals according to the platform-
      profiles

  * noble:linux: ADT ubuntu-regression-suite misses fakeroot dependency
    (LP: #2070042)
    - [DEP-8] Add missing fakeroot dependency

  * Noble update: v6.8.12 upstream stable release (LP: #2071621)
    - sunrpc: use the struct net as the svc proc private
    - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
    - selftests/ftrace: Fix BTFARG testcase to check fprobe is enabled correctly
    - ftrace: Fix possible use-after-free issue in ftrace_location()
    - Revert "arm64: fpsimd: Implement lazy restore for kernel mode FPSIMD"
    - arm64/fpsimd: Avoid erroneous elide of user state reload
    - Reapply "arm64: fpsimd: Implement lazy restore for kernel mode FPSIMD"
    - tty: n_gsm: fix missing receive state reset after mode switch
    - speakup: Fix sizeof() vs ARRAY_SIZE() bug
    - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler
    - serial: 8250_bcm7271: use default_mux_rate if possible
    - serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup
    - Input: try trimming too long modalias strings
    - io_uring: fail NOP if non-zero op flags is passed in
    - Revert "r8169: don't try to disable interrupts if NAPI is, scheduled
      already"
    - r8169: Fix possible ring buffer corruption on fragmented Tx packets.
    - ring-buffer: Fix a race between readers and resize checks
    - net: mana: Fix the extra HZ in mana_hwc_send_request
    - tools/latency-collector: Fix -Wformat-security compile warns
    - tools/nolibc/stdlib: fix memory error in realloc()
    - net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe()
    - net: lan966x: remove debugfs directory in probe() error path
    - net: smc91x: Fix m68k kernel compilation for ColdFire CPU
    - nilfs2: fix use-after-free of timer for log writer thread
    - nilfs2: fix unexpected freezing of nilfs_segctor_sync()
    - nilfs2: fix potential hang in nilfs_detach_log_writer()
    - fs/ntfs3: Remove max link count info display during driver init
    - fs/ntfs3: Taking DOS names into account during link counting
    - fs/ntfs3: Fix case when index is reused during tree transformation
    - fs/ntfs3: Break dir enumeration if directory contents error
    - ksmbd: avoid to send duplicate oplock break notifications
    - ksmbd: ignore trailing slashes in share paths
    - ALSA: core: Fix NULL module pointer assignment at card init
    - ALSA: Fix deadloc

Source diff to previous version
2069380 FPS of glxgear with fullscreen is too low on MTL platform
2071889 a critical typo in the code managing the ASPM settings for PCI Express devices
2071471 [UBUNTU 24.04] IOMMU DMA mode changed in kernel config causes massive throughput degradation for PCI-related network workloads
2039368 UBSAN: array-index-out-of-bounds in /build/linux-D15vQj/linux-6.5.0/drivers/md/bcache/bset.c:1098:3
2071296 Mute/mic LEDs and speaker no function on EliteBook 645/665 G11
2058331 Update amd_sfh for AMD strix series
2070158 RFIM and SAGV Linux Support for G10 models
2058330 Update amd-pmf for AMD strix series
2070042 noble:linux: ADT ubuntu-regression-suite misses fakeroot dependency
2071621 Noble update: v6.8.12 upstream stable release
2070355 Noble update: v6.8.11 upstream stable release
2070349 Noble update: v6.8.10 upstream stable release
2070337 Noble update: v6.8.9 upstream stable release
2066233 amdgpu hangs on DCN 3.5 at bootup: RIP: 0010:dcn35_clk_mgr_construct+0x183/0x2210 [amdgpu]
2069231 [MTL] ACPI: PM: s2idle: Backport Linux ACPI s2idle patches to fix suspend/resume issue
2067862 Removing legacy virtio-pci devices causes kernel panic
2069664 Mute/mic LEDs no function on ProBook 445/465 G11
2067669 Mute/mic LEDs no function on ProBook 440/460 G11
2065128 rtw89_8852ce - Lost WIFI connection after suspend
CVE-2024-25742 In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This
CVE-2024-35984 In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when
CVE-2024-35990 In the Linux kernel, the following vulnerability has been resolved: dma: xilinx_dpdma: Fix locking There are several places where either chan->lock
CVE-2024-35997 In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_
CVE-2024-36016 In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following
CVE-2024-36008 In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a N
CVE-2024-35992 In the Linux kernel, the following vulnerability has been resolved: phy: marvell: a3700-comphy: Fix out of bounds read There is an out of bounds re

Version: 6.8.0-39.39 2024-07-25 02:07:38 UTC

  linux (6.8.0-39.39) noble; urgency=medium

  * noble/linux: 6.8.0-39.39 -proposed tracker (LP: #2071983)

  * CVE-2024-25742
    - x86/sev: Harden #VC instruction emulation somewhat
    - x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler

  * Noble update: v6.8.9 upstream stable release (LP: #2070337) //
    CVE-2024-35984
    - i2c: smbus: fix NULL function pointer dereference

  * Noble update: v6.8.9 upstream stable release (LP: #2070337) //
    CVE-2024-35990
    - dma: xilinx_dpdma: Fix locking

  * Noble update: v6.8.9 upstream stable release (LP: #2070337) //
    CVE-2024-35997
    - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up

  * CVE-2024-36016
    - tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

  * CVE-2024-36008
    - ipv4: check for NULL idev in ip_route_use_hint()

  * CVE-2024-35992
    - phy: marvell: a3700-comphy: Fix out of bounds read

 -- Manuel Diewald <email address hidden> Fri, 05 Jul 2024 17:04:37 +0200

Source diff to previous version
2070337 Noble update: v6.8.9 upstream stable release
CVE-2024-25742 In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This
CVE-2024-35984 In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when
CVE-2024-35990 In the Linux kernel, the following vulnerability has been resolved: dma: xilinx_dpdma: Fix locking There are several places where either chan->lock
CVE-2024-35997 In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_
CVE-2024-36016 In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following
CVE-2024-36008 In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a N
CVE-2024-35992 In the Linux kernel, the following vulnerability has been resolved: phy: marvell: a3700-comphy: Fix out of bounds read There is an out of bounds re

Version: 6.8.0-38.38 2024-07-11 01:07:33 UTC

  linux (6.8.0-38.38) noble; urgency=medium

  * noble/linux: 6.8.0-38.38 -proposed tracker (LP: #2068318)

  * race_sched in ubuntu_stress_smoke_test will cause kernel panic on 6.8 with
    Azure Standard_A2_v2 instance (LP: #2068024)
    - sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()

  * Noble: btrfs: re-introduce 'norecovery' mount option (LP: #2068591)
    - btrfs: re-introduce 'norecovery' mount option

  * Fix system hang while entering suspend with AMD Navi3x graphics
    (LP: #2063417)
    - drm/amdgpu/mes: fix use-after-free issue

  * Noble update: v6.8.8 upstream stable release (LP: #2068087)
    - io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64()
      failure
    - drm/i915/cdclk: Fix voltage_level programming edge case
    - Revert "vmgenid: emit uevent when VMGENID updates"
    - SUNRPC: Fix rpcgss_context trace event acceptor field
    - selftests/ftrace: Limit length in subsystem-enable tests
    - random: handle creditable entropy from atomic process context
    - scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING
    - net: usb: ax88179_178a: avoid writing the mac address before first reading
    - btrfs: do not wait for short bulk allocation
    - btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer
    - r8169: fix LED-related deadlock on module removal
    - r8169: add missing conditional compiling for call to r8169_remove_leds
    - scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5
    - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
    - netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
    - netfilter: br_netfilter: skip conntrack input hook for promisc packets
    - netfilter: nft_set_pipapo: constify lookup fn args where possible
    - netfilter: nft_set_pipapo: walk over current view on netlink dump
    - netfilter: flowtable: validate pppoe header
    - netfilter: flowtable: incorrect pppoe tuple
    - af_unix: Call manage_oob() for every skb in unix_stream_read_generic().
    - af_unix: Don't peek OOB data without MSG_OOB.
    - net: sparx5: flower: fix fragment flags handling
    - net/mlx5: Lag, restore buckets number to default after hash LAG deactivation
    - net/mlx5: Restore mistakenly dropped parts in register devlink flow
    - net/mlx5e: Prevent deadlock while disabling aRFS
    - net: change maximum number of UDP segments to 128
    - octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation
    - selftests/tcp_ao: Make RST tests less flaky
    - selftests/tcp_ao: Zero-init tcp_ao_info_opt
    - selftests/tcp_ao: Fix fscanf() call for format-security
    - selftests/tcp_ao: Printing fixes to confirm with format-security
    - net: stmmac: Apply half-duplex-less constraint for DW QoS Eth only
    - net: stmmac: Fix max-speed being ignored on queue re-init
    - net: stmmac: Fix IP-cores specific MAC capabilities
    - ice: tc: check src_vsi in case of traffic from VF
    - ice: tc: allow zero flags in parsing tc flower
    - ice: Fix checking for unsupported keys on non-tunnel device
    - tun: limit printing rate when illegal packet received by tun dev
    - net: dsa: mt7530: fix mirroring frames received on local port
    - net: dsa: mt7530: fix port mirroring for MT7988 SoC switch
    - s390/ism: Properly fix receive message buffer allocation
    - netfilter: nf_tables: missing iterator type in lookup walk
    - netfilter: nf_tables: restore set elements when delete set fails
    - gpiolib: swnode: Remove wrong header inclusion
    - netfilter: nf_tables: fix memleak in map from abort path
    - net/sched: Fix mirred deadlock on device recursion
    - net: ethernet: mtk_eth_soc: fix WED + wifi reset
    - ravb: Group descriptor types used in Rx ring
    - net: ravb: Count packets instead of descriptors in R-Car RX path
    - net: ravb: Allow RX loop to move past DMA mapping errors
    - net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them
    - NFSD: fix endianness issue in nfsd4_encode_fattr4
    - RDMA/rxe: Fix the problem "mutex_destroy missing"
    - RDMA/cm: Print the old state when cm_destroy_id gets timeout
    - RDMA/mlx5: Fix port number for counter query in multi-port configuration
    - perf annotate: Make sure to call symbol__annotate2() in TUI
    - perf lock contention: Add a missing NULL check
    - s390/qdio: handle deferred cc1
    - s390/cio: fix race condition during online processing
    - iommufd: Add missing IOMMUFD_DRIVER kconfig for the selftest
    - iommufd: Add config needed for iommufd_fail_nth
    - drm: nv04: Fix out of bounds access
    - drm/v3d: Don't increment `enabled_ns` twice
    - userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE
    - thunderbolt: Introduce tb_port_reset()
    - thunderbolt: Introduce tb_path_deactivate_hop()
    - thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4
      routers
    - thunderbolt: Reset topology created by the boot firmware
    - drm/panel: visionox-rm69299: don't unregister DSI device
    - drm/radeon: make -fstrict-flex-arrays=3 happy
    - ALSA: hda/realtek: Fix volumn control of ThinkBook 16P Gen4
    - thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up()
    - platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes
    - interconnect: qcom: x1e80100: Remove inexistent ACV_PERF BCM
    - interconnect: Don't access req_list while it's being manipulated
    - clk: Remove prepare_lock hold assertion in __clk_release()
    - clk: Initialize struct clk_core kref earlier
    - clk: Get runtime PM before walking tree during disable_unused
    - clk: Get runtime PM before walking tree for clk_summary
    - clk: mediatek: Do a runtime PM get on controllers during probe
    - clk: mediatek: mt7988-infracfg: fix clocks for 2nd PCIe port
    - selftests/powerpc/papr-vpd: Fix missing variable initialization
    - x86/bugs: Fix BHI retpoline check
    - x86/cpufeatures: Fix

Source diff to previous version
2068024 race_sched in ubuntu_stress_smoke_test will cause kernel panic on 6.8 with Azure Standard_A2_v2 instance
2068591 Noble: btrfs: re-introduce 'norecovery' mount option
2068087 Noble update: v6.8.8 upstream stable release
2064689 Fix inaudible HDMI/DP audio on USB-C MST dock
2066332 net:fib_rule_tests.sh in ubuntu_kselftests_net fails on Noble
2037688 Pull-request to address TPM bypass issue
2064508 re-enable Ubuntu FAN in the Noble kernel
1470091 update for V3 kernel bits and improved multiple fan slice support
2045560 TCP memory leak, slow network (arm64)
2046315 oem-6.5: disable psr2 for some panels according to edid
2061040 I2C HID device sometimes fails to initialize causing touchpad to not work
2065376 [X13s] Fingerprint reader is not working
2065912 Noble update: v6.8.7 upstream stable release
2065899 Noble update: v6.8.6 upstream stable release
2065400 Noble update: v6.8.5 upstream stable release
CVE-2024-26926 In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("bin
CVE-2024-26922 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verif
CVE-2024-26924 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with

Version: 6.8.0-36.36 2024-06-26 21:07:50 UTC

  linux (6.8.0-36.36) noble; urgency=medium

  * noble/linux: 6.8.0-36.36 -proposed tracker (LP: #2068150)

  * CVE-2024-26924
    - netfilter: nft_set_pipapo: do not free live element

 -- Roxana Nicolescu <email address hidden> Mon, 10 Jun 2024 11:26:41 +0200

CVE-2024-26924 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with



About   -   Send Feedback to @ubuntu_updates