[ubuntu/jammy-security] linux-oem-6.0 6.0.0-1021.21 (Accepted)

Andy Whitcroft apw at canonical.com
Tue Sep 19 11:20:15 UTC 2023 

linux-oem-6.0 (6.0.0-1021.21) jammy; urgency=medium

  * jammy/linux-oem-6.0: 6.0.0-1021.21 -proposed tracker (LP: #2034204)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper

  * CVE-2023-3090
    - ipvlan:Fix out-of-bounds caused by unclear skb->cb

  * CVE-2023-1611
    - btrfs: fix race between quota disable and quota assign ioctls

  * CVE-2023-4194
    - net: tun_chr_open(): set sk_uid from current_fsuid()
    - net: tap_open(): set sk_uid from current_fsuid()

  * CVE-2023-1076
    - net: add sock_init_data_uid()
    - tun: tun_chr_open(): correctly initialize socket uid
    - tap: tap_open(): correctly initialize socket uid

  * CVE-2023-40283
    - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

  * CVE-2023-4569
    - netfilter: nf_tables: deactivate catchall elements in next generation

  * CVE-2023-4128
    - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_route: No longer copy tcf_result on update to avoid use-
      after-free

  * CVE-2023-4273
    - exfat: check if filename entries exceeds max filename length

  * CVE-2023-1206
    - tcp: Reduce chance of collisions in inet6_hashfn().

  * CVE-2023-3863
    - net: nfc: Fix use-after-free caused by nfc_llcp_find_local

  * CVE-2022-27672
    - x86/speculation: Identify processors vulnerable to SMT RSB predictions
    - KVM: x86: Mitigate the cross-thread return address predictions bug
    - Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions

  * CVE-2023-3141
    - memstick: r592: Fix UAF bug in r592_remove due to race condition

  * CVE-2023-3220
    - drm/msm/dpu: Add check for pstates

  * CVE-2022-4269
    - net/sched: act_mirred: better wording on protection against excessive stack
      growth
    - act_mirred: use the backlog for nested calls to mirred ingress

  * CVE-2023-28466
    - net: tls: fix possible race condition between do_tls_getsockopt_conf() and
      do_tls_setsockopt_conf()

  * CVE-2023-2235
    - perf: Fix check before add_event_to_groups() in perf_group_detach()

  * CVE-2023-2163
    - bpf: Fix incorrect verifier pruning due to missing register precision taints

  * CVE-2023-2002
    - bluetooth: Perform careful capability checks in hci_sock_ioctl()

  * CVE-2023-4015
    - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
      set/chain
    - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
    - netfilter: nf_tables: unbind non-anonymous set if rule construction fails

  * CVE-2023-3995
    - netfilter: nf_tables: disallow rule addition to bound chain via
      NFTA_RULE_CHAIN_ID

  * CVE-2023-3777
    - netfilter: nf_tables: skip bound chain on rule flush

  * CVE-2023-3390
    - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

  * CVE-2023-3609
    - net/sched: cls_u32: Fix reference counter leak leading to overflow

  * CVE-2023-20593
    - x86/cpu/amd: Move the errata checking functionality up
    - x86/cpu/amd: Add a Zenbleed fix

  * CVE-2023-4004
    - netfilter: nft_set_pipapo: fix improper element removal

  * CVE-2023-3611
    - net/sched: sch_qfq: refactor parsing of netlink parameters
    - net/sched: sch_qfq: account for stab overhead in qfq_enqueue

  * CVE-2023-3610
    - netfilter: nf_tables: fix chain binding transaction logic

  * CVE-2023-2162
    - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

  * CVE-2023-31436
    - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

  * CVE-2023-32269
    - netrom: Fix use-after-free caused by accept on already connected socket

  * CVE-2023-2898
    - f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()

  * CVE-2023-28328
    - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()

  * CVE-2023-0458
    - prlimit: do_prlimit needs to have a speculation check

  * CVE-2023-3776
    - net/sched: cls_fw: Fix improper refcount update leads to use-after-free

  * CVE-2023-2269
    - dm ioctl: fix nested locking in table_clear() to remove deadlock concern

  * CVE-2023-1380
    - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()

  * CVE-2023-1075
    - net/tls: tls_is_tx_ready() checked list_entry

  * Miscellaneous Ubuntu changes
    - [Config] Update gcc version

Date: 2023-09-07 14:22:09.214744+00:00
Changed-By: Timo Aaltonen <tjaalton at ubuntu.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-oem-6.0/6.0.0-1021.21
-------------- next part --------------
Sorry, changesfile not available.

More information about the jammy-changes mailing list