Ubuntu
linux-oem-6.0 package

linux-oem-6.0 6.0.0-1021.21 source package in Ubuntu

Changelog

linux-oem-6.0 (6.0.0-1021.21) jammy; urgency=medium

  * jammy/linux-oem-6.0: 6.0.0-1021.21 -proposed tracker (LP: #2034204)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper

  * CVE-2023-3090
    - ipvlan:Fix out-of-bounds caused by unclear skb->cb

  * CVE-2023-1611
    - btrfs: fix race between quota disable and quota assign ioctls

  * CVE-2023-4194
    - net: tun_chr_open(): set sk_uid from current_fsuid()
    - net: tap_open(): set sk_uid from current_fsuid()

  * CVE-2023-1076
    - net: add sock_init_data_uid()
    - tun: tun_chr_open(): correctly initialize socket uid
    - tap: tap_open(): correctly initialize socket uid

  * CVE-2023-40283
    - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

  * CVE-2023-4569
    - netfilter: nf_tables: deactivate catchall elements in next generation

  * CVE-2023-4128
    - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_route: No longer copy tcf_result on update to avoid use-
      after-free

  * CVE-2023-4273
    - exfat: check if filename entries exceeds max filename length

  * CVE-2023-1206
    - tcp: Reduce chance of collisions in inet6_hashfn().

  * CVE-2023-3863
    - net: nfc: Fix use-after-free caused by nfc_llcp_find_local

  * CVE-2022-27672
    - x86/speculation: Identify processors vulnerable to SMT RSB predictions
    - KVM: x86: Mitigate the cross-thread return address predictions bug
    - Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions

  * CVE-2023-3141
    - memstick: r592: Fix UAF bug in r592_remove due to race condition

  * CVE-2023-3220
    - drm/msm/dpu: Add check for pstates

  * CVE-2022-4269
    - net/sched: act_mirred: better wording on protection against excessive stack
      growth
    - act_mirred: use the backlog for nested calls to mirred ingress

  * CVE-2023-28466
    - net: tls: fix possible race condition between do_tls_getsockopt_conf() and
      do_tls_setsockopt_conf()

  * CVE-2023-2235
    - perf: Fix check before add_event_to_groups() in perf_group_detach()

  * CVE-2023-2163
    - bpf: Fix incorrect verifier pruning due to missing register precision taints

  * CVE-2023-2002
    - bluetooth: Perform careful capability checks in hci_sock_ioctl()

  * CVE-2023-4015
    - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
      set/chain
    - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
    - netfilter: nf_tables: unbind non-anonymous set if rule construction fails

  * CVE-2023-3995
    - netfilter: nf_tables: disallow rule addition to bound chain via
      NFTA_RULE_CHAIN_ID

  * CVE-2023-3777
    - netfilter: nf_tables: skip bound chain on rule flush

  * CVE-2023-3390
    - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

  * CVE-2023-3609
    - net/sched: cls_u32: Fix reference counter leak leading to overflow

  * CVE-2023-20593
    - x86/cpu/amd: Move the errata checking functionality up
    - x86/cpu/amd: Add a Zenbleed fix

  * CVE-2023-4004
    - netfilter: nft_set_pipapo: fix improper element removal

  * CVE-2023-3611
    - net/sched: sch_qfq: refactor parsing of netlink parameters
    - net/sched: sch_qfq: account for stab overhead in qfq_enqueue

  * CVE-2023-3610
    - netfilter: nf_tables: fix chain binding transaction logic

  * CVE-2023-2162
    - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

  * CVE-2023-31436
    - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

  * CVE-2023-32269
    - netrom: Fix use-after-free caused by accept on already connected socket

  * CVE-2023-2898
    - f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()

  * CVE-2023-28328
    - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()

  * CVE-2023-0458
    - prlimit: do_prlimit needs to have a speculation check

  * CVE-2023-3776
    - net/sched: cls_fw: Fix improper refcount update leads to use-after-free

  * CVE-2023-2269
    - dm ioctl: fix nested locking in table_clear() to remove deadlock concern

  * CVE-2023-1380
    - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()

  * CVE-2023-1075
    - net/tls: tls_is_tx_ready() checked list_entry

  * Miscellaneous Ubuntu changes
    - [Config] Update gcc version

 -- Timo Aaltonen <email address hidden>  Thu, 07 Sep 2023 16:59:43 +0300

Upload details

Uploaded by:
Timo Aaltonen
Uploaded to:
Jammy
Original maintainer:
Ubuntu Kernel Team
Architectures:
all amd64
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Jammy security main devel
Jammy updates main devel

Builds

Jammy: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
linux-oem-6.0_6.0.0.orig.tar.gz 204.1 MiB 3e7557f0de28c0e8cd2c858c6ff3726aeb778db91b9da14bfc79e6df4169f8bd
linux-oem-6.0_6.0.0-1021.21.diff.gz 5.0 MiB 9824d407d52593d91fe9f41564cebbc1cbfdb6e236402b4c9becfa161e5e1c92
linux-oem-6.0_6.0.0-1021.21.dsc 4.9 KiB 38885e77f3f7c92361222253314df0fa207ca853133e580fd57efe5dec6af9e0

Available diffs

View changes file

Binary packages built by this source

linux-buildinfo-6.0.0-1021-oem: Linux kernel buildinfo for version 6.0.0 on 64 bit x86 SMP

 This package contains the Linux kernel buildinfo for version 6.0.0 on
 64 bit x86 SMP.
 .
 You likely do not want to install this package.

linux-headers-6.0.0-1021-oem: Linux kernel headers for version 6.0.0 on 64 bit x86 SMP

 This package provides kernel header files for version 6.0.0 on
 64 bit x86 SMP.
 .
 This is for sites that want the latest kernel headers. Please read
 /usr/share/doc/linux-headers-6.0.0-1021/debian.README.gz for details.

linux-image-unsigned-6.0.0-1021-oem: Linux kernel image for version 6.0.0 on 64 bit x86 SMP

 This package contains the unsigned Linux kernel image for version 6.0.0 on
 64 bit x86 SMP.
 .
 Supports OEM processors.
 .
 Geared toward desktops and laptops.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-oem meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-image-unsigned-6.0.0-1021-oem-dbgsym: Linux kernel debug image for version 6.0.0 on 64 bit x86 SMP

 This package provides the unsigned kernel debug image for version 6.0.0 on
 64 bit x86 SMP.
 .
 This is for sites that wish to debug the kernel.
 .
 The kernel image contained in this package is NOT meant to boot from. It
 is uncompressed, and unstripped. This package also includes the
 unstripped modules.

linux-modules-6.0.0-1021-oem: Linux kernel extra modules for version 6.0.0 on 64 bit x86 SMP

 Contains the corresponding System.map file, the modules built by the
 packager, and scripts that try to ensure that the system is not left in an
 unbootable state after an update.
 .
 Supports OEM processors.
 .
 Geared toward desktops and laptops.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-oem meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-modules-ipu6-6.0.0-1021-oem: Linux kernel ipu6 modules for version 6.0.0-1021

 This package provides the Linux kernel ipu6 modules for version
 6.0.0-1021.
 .
 You likely do not want to install this package directly. Instead, install the
 one of the linux-modules-ipu6-oem* meta-packages,
 which will ensure that upgrades work correctly, and that supporting packages are
 also installed.

linux-modules-ivsc-6.0.0-1021-oem: Linux kernel ivsc modules for version 6.0.0-1021

 This package provides the Linux kernel ivsc modules for version
 6.0.0-1021.
 .
 You likely do not want to install this package directly. Instead, install the
 one of the linux-modules-ivsc-oem* meta-packages,
 which will ensure that upgrades work correctly, and that supporting packages are
 also installed.

linux-modules-iwlwifi-6.0.0-1021-oem: Linux kernel iwlwifi modules for version 6.0.0-1021

 This package provides the Linux kernel iwlwifi modules for version
 6.0.0-1021.
 .
 You likely do not want to install this package directly. Instead, install the
 one of the linux-modules-iwlwifi-oem* meta-packages,
 which will ensure that upgrades work correctly, and that supporting packages are
 also installed.

linux-oem-6.0-headers-6.0.0-1021: Header files related to Linux kernel version 6.0.0

 This package provides kernel header files for version 6.0.0, for sites
 that want the latest kernel headers. Please read
 /usr/share/doc/linux-oem-6.0-headers-6.0.0-1021/debian.README.gz for details

linux-oem-6.0-tools-6.0.0-1021: Linux kernel version specific tools for version 6.0.0-1021

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 6.0.0-1021 on
 64 bit x86.
 You probably want to install linux-tools-6.0.0-1021-<flavour>.

linux-oem-6.0-tools-host: Linux kernel VM host tools

 This package provides kernel tools useful for VM hosts.

linux-tools-6.0.0-1021-oem: Linux kernel version specific tools for version 6.0.0-1021

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 6.0.0-1021 on
 64 bit x86.