This bug was fixed in the package linux-oem-6.0 - 6.0.0-1021.21 --------------- linux-oem-6.0 (6.0.0-1021.21) jammy; urgency=medium * jammy/linux-oem-6.0: 6.0.0-1021.21 -proposed tracker (LP: #2034204) * Packaging resync (LP: #1786013) - [Packaging] resync update-dkms-versions helper * CVE-2023-3090 - ipvlan:Fix out-of-bounds caused by unclear skb->cb * CVE-2023-1611 - btrfs: fix race between quota disable and quota assign ioctls * CVE-2023-4194 - net: tun_chr_open(): set sk_uid from current_fsuid() - net: tap_open(): set sk_uid from current_fsuid() * CVE-2023-1076 - net: add sock_init_data_uid() - tun: tun_chr_open(): correctly initialize socket uid - tap: tap_open(): correctly initialize socket uid * CVE-2023-40283 - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb * CVE-2023-4569 - netfilter: nf_tables: deactivate catchall elements in next generation * CVE-2023-4128 - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after- free - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after- free - net/sched: cls_route: No longer copy tcf_result on update to avoid use- after-free * CVE-2023-4273 - exfat: check if filename entries exceeds max filename length * CVE-2023-1206 - tcp: Reduce chance of collisions in inet6_hashfn(). * CVE-2023-3863 - net: nfc: Fix use-after-free caused by nfc_llcp_find_local * CVE-2022-27672 - x86/speculation: Identify processors vulnerable to SMT RSB predictions - KVM: x86: Mitigate the cross-thread return address predictions bug - Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions * CVE-2023-3141 - memstick: r592: Fix UAF bug in r592_remove due to race condition * CVE-2023-3220 - drm/msm/dpu: Add check for pstates * CVE-2022-4269 - net/sched: act_mirred: better wording on protection against excessive stack growth - act_mirred: use the backlog for nested calls to mirred ingress * CVE-2023-28466 - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() * CVE-2023-2235 - perf: Fix check before add_event_to_groups() in perf_group_detach() * CVE-2023-2163 - bpf: Fix incorrect verifier pruning due to missing register precision taints * CVE-2023-2002 - bluetooth: Perform careful capability checks in hci_sock_ioctl() * CVE-2023-4015 - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR - netfilter: nf_tables: unbind non-anonymous set if rule construction fails * CVE-2023-3995 - netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID * CVE-2023-3777 - netfilter: nf_tables: skip bound chain on rule flush * CVE-2023-3390 - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE * CVE-2023-3609 - net/sched: cls_u32: Fix reference counter leak leading to overflow * CVE-2023-20593 - x86/cpu/amd: Move the errata checking functionality up - x86/cpu/amd: Add a Zenbleed fix * CVE-2023-4004 - netfilter: nft_set_pipapo: fix improper element removal * CVE-2023-3611 - net/sched: sch_qfq: refactor parsing of netlink parameters - net/sched: sch_qfq: account for stab overhead in qfq_enqueue * CVE-2023-3610 - netfilter: nf_tables: fix chain binding transaction logic * CVE-2023-2162 - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress * CVE-2023-31436 - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg * CVE-2023-32269 - netrom: Fix use-after-free caused by accept on already connected socket * CVE-2023-2898 - f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io() * CVE-2023-28328 - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() * CVE-2023-0458 - prlimit: do_prlimit needs to have a speculation check * CVE-2023-3776 - net/sched: cls_fw: Fix improper refcount update leads to use-after-free * CVE-2023-2269 - dm ioctl: fix nested locking in table_clear() to remove deadlock concern * CVE-2023-1380 - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() * CVE-2023-1075 - net/tls: tls_is_tx_ready() checked list_entry * Miscellaneous Ubuntu changes - [Config] Update gcc version -- Timo Aaltonen