canonical-hw-cert team mailing list archive

[Launchpad Bug Tracker <2034204@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package linux-oem-6.0 - 6.0.0-1021.21

---------------
linux-oem-6.0 (6.0.0-1021.21) jammy; urgency=medium

  * jammy/linux-oem-6.0: 6.0.0-1021.21 -proposed tracker (LP: #2034204)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper

  * CVE-2023-3090
    - ipvlan:Fix out-of-bounds caused by unclear skb->cb

  * CVE-2023-1611
    - btrfs: fix race between quota disable and quota assign ioctls

  * CVE-2023-4194
    - net: tun_chr_open(): set sk_uid from current_fsuid()
    - net: tap_open(): set sk_uid from current_fsuid()

  * CVE-2023-1076
    - net: add sock_init_data_uid()
    - tun: tun_chr_open(): correctly initialize socket uid
    - tap: tap_open(): correctly initialize socket uid

  * CVE-2023-40283
    - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

  * CVE-2023-4569
    - netfilter: nf_tables: deactivate catchall elements in next generation

  * CVE-2023-4128
    - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_route: No longer copy tcf_result on update to avoid use-
      after-free

  * CVE-2023-4273
    - exfat: check if filename entries exceeds max filename length

  * CVE-2023-1206
    - tcp: Reduce chance of collisions in inet6_hashfn().

  * CVE-2023-3863
    - net: nfc: Fix use-after-free caused by nfc_llcp_find_local

  * CVE-2022-27672
    - x86/speculation: Identify processors vulnerable to SMT RSB predictions
    - KVM: x86: Mitigate the cross-thread return address predictions bug
    - Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions

  * CVE-2023-3141
    - memstick: r592: Fix UAF bug in r592_remove due to race condition

  * CVE-2023-3220
    - drm/msm/dpu: Add check for pstates

  * CVE-2022-4269
    - net/sched: act_mirred: better wording on protection against excessive stack
      growth
    - act_mirred: use the backlog for nested calls to mirred ingress

  * CVE-2023-28466
    - net: tls: fix possible race condition between do_tls_getsockopt_conf() and
      do_tls_setsockopt_conf()

  * CVE-2023-2235
    - perf: Fix check before add_event_to_groups() in perf_group_detach()

  * CVE-2023-2163
    - bpf: Fix incorrect verifier pruning due to missing register precision taints

  * CVE-2023-2002
    - bluetooth: Perform careful capability checks in hci_sock_ioctl()

  * CVE-2023-4015
    - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
      set/chain
    - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
    - netfilter: nf_tables: unbind non-anonymous set if rule construction fails

  * CVE-2023-3995
    - netfilter: nf_tables: disallow rule addition to bound chain via
      NFTA_RULE_CHAIN_ID

  * CVE-2023-3777
    - netfilter: nf_tables: skip bound chain on rule flush

  * CVE-2023-3390
    - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

  * CVE-2023-3609
    - net/sched: cls_u32: Fix reference counter leak leading to overflow

  * CVE-2023-20593
    - x86/cpu/amd: Move the errata checking functionality up
    - x86/cpu/amd: Add a Zenbleed fix

  * CVE-2023-4004
    - netfilter: nft_set_pipapo: fix improper element removal

  * CVE-2023-3611
    - net/sched: sch_qfq: refactor parsing of netlink parameters
    - net/sched: sch_qfq: account for stab overhead in qfq_enqueue

  * CVE-2023-3610
    - netfilter: nf_tables: fix chain binding transaction logic

  * CVE-2023-2162
    - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

  * CVE-2023-31436
    - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

  * CVE-2023-32269
    - netrom: Fix use-after-free caused by accept on already connected socket

  * CVE-2023-2898
    - f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()

  * CVE-2023-28328
    - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()

  * CVE-2023-0458
    - prlimit: do_prlimit needs to have a speculation check

  * CVE-2023-3776
    - net/sched: cls_fw: Fix improper refcount update leads to use-after-free

  * CVE-2023-2269
    - dm ioctl: fix nested locking in table_clear() to remove deadlock concern

  * CVE-2023-1380
    - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()

  * CVE-2023-1075
    - net/tls: tls_is_tx_ready() checked list_entry

  * Miscellaneous Ubuntu changes
    - [Config] Update gcc version

 -- Timo Aaltonen <timo.aaltonen@xxxxxxxxxxxxx>  Thu, 07 Sep 2023
16:59:43 +0300

** Changed in: linux-oem-6.0 (Ubuntu Jammy)
       Status: Confirmed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-27672

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-4269

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0458

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1075

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1076

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1206

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1380

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1611

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-2002

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-20593

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-2162

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-2163

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-2235

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-2269

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-28328

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-28466

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-2898

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-3090

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-3141

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-31436

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-3220

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-32269

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-3390

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-3609

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-3610

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-3611

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-3776

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-3777

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-3863

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-3995

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-4004

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-4015

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-40283

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-4128

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-4194

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-4273

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-4569

-- 
You received this bug notification because you are a member of hardware-
certification-users, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2034204

Title:
  jammy/linux-oem-6.0: 6.0.0-1021.21 -proposed tracker

Status in canonical-signing-jobs task00 series:
  Fix Released
Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Invalid
Status in Kernel SRU Workflow boot-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow kernel-signoff series:
  Fix Released
Status in Kernel SRU Workflow new-review series:
  Fix Released
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-generate series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrg series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrm series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrs series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-signing-to-proposed series:
  Invalid
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  Fix Released
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow sru-review series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-oem-6.0 source package in Jammy:
  Fix Released

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
    https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  built:
    from: b62da1db52fa962e
    route-entry: 2
  delta:
    promote-to-proposed: [lrm, lrs, main, meta, signed, lrg, generate]
    promote-to-updates: [lrm, lrs, main, meta, signed]
  flag:
    boot-testing-requested: true
    proposed-announcement-sent: true
    proposed-testing-requested: true
  issue: KSRU-9713
  packages:
    generate: linux-generate-oem-6.0
    lrg: linux-restricted-generate-oem-6.0
    lrm: linux-restricted-modules-oem-6.0
    lrs: linux-restricted-signatures-oem-6.0
    main: linux-oem-6.0
    meta: linux-meta-oem-6.0
    signed: linux-signed-oem-6.0
  phase: Holding before Promote to Security
  phase-changed: Monday, 18. September 2023 19:27 UTC
  reason:
    promote-to-security: Holding -- not ready for security (replication
      dwell)
  synthetic:
    :promote-to-as-proposed: Invalid
  variant: debs
  versions:
    lrm: 6.0.0-1021.21
    main: 6.0.0-1021.21
    meta: 6.0.0.1021.21
    signed: 6.0.0-1021.21
  ~~:
    announce:
      swm-transition-crankable: 2023-09-07 12:31:29.712407
    clamps:
      new-review: b62da1db52fa962e
      promote-to-proposed: b62da1db52fa962e
      self: 6.0.0-1021.21
      sru-review: b62da1db52fa962e

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-signing-jobs/task00/+bug/2034204/+subscriptions