Kernel SRU Workflow

Comment 3 for bug 2024151

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-07-14:

This bug was fixed in the package linux-oem-6.0 - 6.0.0-1019.19

---------------
linux-oem-6.0 (6.0.0-1019.19) jammy; urgency=medium

* jammy/linux-oem-6.0: 6.0.0-1019.19 -proposed tracker (LP: #2024151)

  * CVE-2023-2430
    - io_uring: get rid of double locking
    - io_uring: extract a io_msg_install_complete helper
    - io_uring/msg_ring: move double lock/unlock helpers higher up
    - io_uring/msg_ring: fix missing lock on overflow for IOPOLL

  * Various backlight issues with the 6.0 kernel (LP: #2023638)
    - ACPI: video: Add auto_detect arg to __acpi_video_get_backlight_type()
    - ACPI: video: Make acpi_backlight=video work independent from GPU driver
    - SAUCE: ACPI: video: Stop trying to use vendor backlight control on laptops
      from after ~2012

* CVE-2022-4842
- fs/ntfs3: Fix attr_punch_hole() null pointer derenference

* CVE-2023-2124
- xfs: verify buffer contents when we skip log replay

  * CVE-2023-0597
    - x86/kasan: Map shadow for percpu pages on demand
    - x86/mm: Randomize per-cpu entry area
    - x86/mm: Recompute physical address for every page of per-CPU CEA mapping
    - x86/mm: Populate KASAN shadow for entire per-CPU range of CPU entry area
    - x86/mm: Do not shuffle CPU entry areas without KASLR

* cls_flower: off-by-one in fl_set_geneve_opt (LP: #2023577)
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

  * Some INVLPG implementations can leave Global translations unflushed when
    PCIDs are enabled (LP: #2023220)
    - x86/mm: Avoid incomplete Global INVLPG flushes

* CVE-2023-2176
- RDMA/core: Refactor rdma_bind_addr

  * Fix Monitor lost after replug WD19TBS to SUT port with VGA/DVI to type-C
    dongle (LP: #2021949)
    - thunderbolt: Increase timeout of DP OUT adapter handshake
    - thunderbolt: Do not touch CL state configuration during discovery
    - thunderbolt: Increase DisplayPort Connection Manager handshake timeout

* CVE-2023-1073
- HID: check empty report_list in hid_validate_values()

* CVE-2023-0459
- uaccess: Add speculation barrier to copy_from_user()

* selftest: fib_tests: Always cleanup before exit (LP: #2015956)
- selftest: fib_tests: Always cleanup before exit

-- Timo Aaltonen <email address hidden> Tue, 20 Jun 2023 12:57:07 +0300

This bug was fixed in the package linux-oem-6.0 - 6.0.0-1019.19

---------------
linux-oem-6.0 (6.0.0-1019.19) jammy; urgency=medium

* jammy/linux-oem-6.0: 6.0.0-1019.19 -proposed tracker (LP: #2024151)

* CVE-2022-4842
    - fs/ntfs3: Fix attr_punch_hole() null pointer derenference

* CVE-2023-2124
    - xfs: verify buffer contents when we skip log replay

* cls_flower: off-by-one in fl_set_geneve_opt (LP: #2023577)
    - net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

* Some INVLPG implementations can leave Global translations unflushed when
    PCIDs are enabled (LP: #2023220)
    - x86/mm: Avoid incomplete Global INVLPG flushes

* CVE-2023-2176
    - RDMA/core: Refactor rdma_bind_addr

* CVE-2023-1073
    - HID: check empty report_list in hid_validate_values()

* CVE-2023-0459
    - uaccess: Add speculation barrier to copy_from_user()

*  selftest: fib_tests: Always cleanup before exit  (LP: #2015956)
    - selftest: fib_tests: Always cleanup before exit

-- Timo Aaltonen <timo.aaltonen@canonical.com>  Tue, 20 Jun 2023 12:57:07 +0300