* focal/linux: 5.4.0-187.207 -proposed tracker (LP: #2068291)
* CVE-2024-26925
- netfilter: Cleanup nft_net->module_list from nf_tables_exit_net()
- netfilter: nf_tables: release batch on table validation from abort path
- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
* CVE-2024-26643
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with
timeout
* CVE-2024-2201
- x86/cpufeatures: Add new word for scattered features
- x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
- x86/bhi: Add support for clearing branch history at syscall entry
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S
- x86/bhi: Enumerate Branch History Injection (BHI) bug
- x86/bhi: Add BHI mitigation knob
- x86/bhi: Mitigate KVM by default
- [Config] updateconfigs for CONFIG_BHI_{AUTO|ON|OFF}
- x86/bugs: Fix BHI documentation
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES
- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr'
- x86/bugs: Fix BHI handling of RRSBA
- x86/bugs: Clarify that syscall hardening isn't a BHI mitigation
- x86/bugs: Fix BHI retpoline check
-- Tim Gardner <email address hidden> Wed, 12 Jun 2024 11:27:53 -0700
This bug was fixed in the package linux-azure - 5.4.0-1132.139
---------------
linux-azure (5.4.0-1132.139) focal; urgency=medium
* focal/linux-azure: 5.4.0-1132.139 -proposed tracker (LP: #2068249)
[ Ubuntu: 5.4.0-187.207 ]
* focal/linux: 5.4.0-187.207 -proposed tracker (LP: #2068291) >module_ list from nf_tables_ exit_net( ) BHI_{AUTO| ON|OFF} ARCH_CAPABILITI ES
* CVE-2024-26925
- netfilter: Cleanup nft_net-
- netfilter: nf_tables: release batch on table validation from abort path
- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
* CVE-2024-26643
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with
timeout
* CVE-2024-2201
- x86/cpufeatures: Add new word for scattered features
- x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
- x86/bhi: Add support for clearing branch history at syscall entry
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S
- x86/bhi: Enumerate Branch History Injection (BHI) bug
- x86/bhi: Add BHI mitigation knob
- x86/bhi: Mitigate KVM by default
- [Config] updateconfigs for CONFIG_
- x86/bugs: Fix BHI documentation
- x86/bugs: Cache the value of MSR_IA32_
- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr'
- x86/bugs: Fix BHI handling of RRSBA
- x86/bugs: Clarify that syscall hardening isn't a BHI mitigation
- x86/bugs: Fix BHI retpoline check
-- Tim Gardner <email address hidden> Wed, 12 Jun 2024 11:27:53 -0700