Publishing details
Changelog
linux-oem-6.0 (6.0.0-1021.21) jammy; urgency=medium
* jammy/linux-oem-6.0: 6.0.0-1021.21 -proposed tracker (LP: #2034204)
* Packaging resync (LP: #1786013)
- [Packaging] resync update-dkms-versions helper
* CVE-2023-3090
- ipvlan:Fix out-of-bounds caused by unclear skb->cb
* CVE-2023-1611
- btrfs: fix race between quota disable and quota assign ioctls
* CVE-2023-4194
- net: tun_chr_open(): set sk_uid from current_fsuid()
- net: tap_open(): set sk_uid from current_fsuid()
* CVE-2023-1076
- net: add sock_init_data_uid()
- tun: tun_chr_open(): correctly initialize socket uid
- tap: tap_open(): correctly initialize socket uid
* CVE-2023-40283
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
* CVE-2023-4569
- netfilter: nf_tables: deactivate catchall elements in next generation
* CVE-2023-4128
- net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-
free
- net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-
free
- net/sched: cls_route: No longer copy tcf_result on update to avoid use-
after-free
* CVE-2023-4273
- exfat: check if filename entries exceeds max filename length
* CVE-2023-1206
- tcp: Reduce chance of collisions in inet6_hashfn().
* CVE-2023-3863
- net: nfc: Fix use-after-free caused by nfc_llcp_find_local
* CVE-2022-27672
- x86/speculation: Identify processors vulnerable to SMT RSB predictions
- KVM: x86: Mitigate the cross-thread return address predictions bug
- Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions
* CVE-2023-3141
- memstick: r592: Fix UAF bug in r592_remove due to race condition
* CVE-2023-3220
- drm/msm/dpu: Add check for pstates
* CVE-2022-4269
- net/sched: act_mirred: better wording on protection against excessive stack
growth
- act_mirred: use the backlog for nested calls to mirred ingress
* CVE-2023-28466
- net: tls: fix possible race condition between do_tls_getsockopt_conf() and
do_tls_setsockopt_conf()
* CVE-2023-2235
- perf: Fix check before add_event_to_groups() in perf_group_detach()
* CVE-2023-2163
- bpf: Fix incorrect verifier pruning due to missing register precision taints
* CVE-2023-2002
- bluetooth: Perform careful capability checks in hci_sock_ioctl()
* CVE-2023-4015
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
set/chain
- netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails
* CVE-2023-3995
- netfilter: nf_tables: disallow rule addition to bound chain via
NFTA_RULE_CHAIN_ID
* CVE-2023-3777
- netfilter: nf_tables: skip bound chain on rule flush
* CVE-2023-3390
- netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
* CVE-2023-3609
- net/sched: cls_u32: Fix reference counter leak leading to overflow
* CVE-2023-20593
- x86/cpu/amd: Move the errata checking functionality up
- x86/cpu/amd: Add a Zenbleed fix
* CVE-2023-4004
- netfilter: nft_set_pipapo: fix improper element removal
* CVE-2023-3611
- net/sched: sch_qfq: refactor parsing of netlink parameters
- net/sched: sch_qfq: account for stab overhead in qfq_enqueue
* CVE-2023-3610
- netfilter: nf_tables: fix chain binding transaction logic
* CVE-2023-2162
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
* CVE-2023-31436
- net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
* CVE-2023-32269
- netrom: Fix use-after-free caused by accept on already connected socket
* CVE-2023-2898
- f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()
* CVE-2023-28328
- media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
* CVE-2023-0458
- prlimit: do_prlimit needs to have a speculation check
* CVE-2023-3776
- net/sched: cls_fw: Fix improper refcount update leads to use-after-free
* CVE-2023-2269
- dm ioctl: fix nested locking in table_clear() to remove deadlock concern
* CVE-2023-1380
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
* CVE-2023-1075
- net/tls: tls_is_tx_ready() checked list_entry
* Miscellaneous Ubuntu changes
- [Config] Update gcc version
-- Timo Aaltonen <email address hidden> Thu, 07 Sep 2023 16:59:43 +0300
Builds
Built packages
-
linux-buildinfo-6.0.0-1021-oem
Linux kernel buildinfo for version 6.0.0 on 64 bit x86 SMP
-
linux-headers-6.0.0-1021-oem
Linux kernel headers for version 6.0.0 on 64 bit x86 SMP
-
linux-image-unsigned-6.0.0-1021-oem
Linux kernel image for version 6.0.0 on 64 bit x86 SMP
-
linux-image-unsigned-6.0.0-1021-oem-dbgsym
Linux kernel debug image for version 6.0.0 on 64 bit x86 SMP
-
linux-modules-6.0.0-1021-oem
Linux kernel extra modules for version 6.0.0 on 64 bit x86 SMP
-
linux-modules-ipu6-6.0.0-1021-oem
Linux kernel ipu6 modules for version 6.0.0-1021
-
linux-modules-ivsc-6.0.0-1021-oem
Linux kernel ivsc modules for version 6.0.0-1021
-
linux-modules-iwlwifi-6.0.0-1021-oem
Linux kernel iwlwifi modules for version 6.0.0-1021
-
linux-oem-6.0-headers-6.0.0-1021
Header files related to Linux kernel version 6.0.0
-
linux-oem-6.0-tools-6.0.0-1021
Linux kernel version specific tools for version 6.0.0-1021
-
linux-oem-6.0-tools-host
Linux kernel VM host tools
-
linux-tools-6.0.0-1021-oem
Linux kernel version specific tools for version 6.0.0-1021
Package files