* CVE-2023-0597
- x86/kasan: Map shadow for percpu pages on demand
- x86/mm: Randomize per-cpu entry area
- x86/mm: Recompute physical address for every page of per-CPU CEA mapping
- x86/mm: Populate KASAN shadow for entire per-CPU range of CPU entry area
- x86/mm: Do not shuffle CPU entry areas without KASLR
* CVE-2023-2124
- xfs: verify buffer contents when we skip log replay
* Some INVLPG implementations can leave Global translations unflushed when
PCIDs are enabled (LP: #2023220)
- x86/mm: Avoid incomplete Global INVLPG flushes
* cls_flower: off-by-one in fl_set_geneve_opt (LP: #2023577)
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
-- Timo Aaltonen <email address hidden> Wed, 21 Jun 2023 17:37:58 +0300
This bug was fixed in the package linux-oem-5.17 - 5.17.0-1034.35
---------------
linux-oem-5.17 (5.17.0-1034.35) jammy; urgency=medium
* jammy/linux- oem-5.17: 5.17.0-1034.35 -proposed tracker (LP: #2023906)
* CVE-2022-4842
- fs/ntfs3: Fix attr_punch_hole() null pointer derenference
* CVE-2023-0597
- x86/kasan: Map shadow for percpu pages on demand
- x86/mm: Randomize per-cpu entry area
- x86/mm: Recompute physical address for every page of per-CPU CEA mapping
- x86/mm: Populate KASAN shadow for entire per-CPU range of CPU entry area
- x86/mm: Do not shuffle CPU entry areas without KASLR
* CVE-2023-2124
- xfs: verify buffer contents when we skip log replay
* Some INVLPG implementations can leave Global translations unflushed when
PCIDs are enabled (LP: #2023220)
- x86/mm: Avoid incomplete Global INVLPG flushes
* cls_flower: off-by-one in fl_set_geneve_opt (LP: #2023577)
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
-- Timo Aaltonen <email address hidden> Wed, 21 Jun 2023 17:37:58 +0300