[ubuntu/jammy-security] linux-oem-5.17 5.17.0-1034.35 (Accepted)

Andy Whitcroft apw at canonical.com
Thu Jul 6 13:04:25 UTC 2023

linux-oem-5.17 (5.17.0-1034.35) jammy; urgency=medium

  * jammy/linux-oem-5.17: 5.17.0-1034.35 -proposed tracker (LP: #2023906)

  * CVE-2022-4842
    - fs/ntfs3: Fix attr_punch_hole() null pointer derenference

  * CVE-2023-0597
    - x86/kasan: Map shadow for percpu pages on demand
    - x86/mm: Randomize per-cpu entry area
    - x86/mm: Recompute physical address for every page of per-CPU CEA mapping
    - x86/mm: Populate KASAN shadow for entire per-CPU range of CPU entry area
    - x86/mm: Do not shuffle CPU entry areas without KASLR

  * CVE-2023-2124
    - xfs: verify buffer contents when we skip log replay

  * Some INVLPG implementations can leave Global translations unflushed when
    PCIDs are enabled (LP: #2023220)
    - x86/mm: Avoid incomplete Global INVLPG flushes

  * cls_flower: off-by-one in fl_set_geneve_opt (LP: #2023577)
    - net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

Date: 2023-06-21 14:44:08.339722+00:00
Changed-By: Timo Aaltonen <tjaalton at ubuntu.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the jammy-changes mailing list