[Kernel-packages] [Bug 2059014] Re: Jammy update: v5.15.149 upstream stable release
This bug was fixed in the package linux - 5.15.0-105.115 --- linux (5.15.0-105.115) jammy; urgency=medium * jammy/linux: 5.15.0-105.115 -proposed tracker (LP: #2061372) * Jammy update: v5.15.149 upstream stable release (LP: #2059014) // CIFS stopped working/is unstable with kernel update to 5.15.0-102.112 (LP: #2060780) - smb3: Replace smb2pdu 1-element arrays with flex-arrays linux (5.15.0-103.113) jammy; urgency=medium * jammy/linux: 5.15.0-103.113 -proposed tracker (LP: #2059683) * Packaging resync (LP: #1786013) - [Packaging] drop getabis data * Remove getabis scripts (LP: #2059143) - [Packaging] Remove getabis * CVE-2023-24023 - Bluetooth: Add more enc key size check * CVE-2023-52600 - jfs: fix uaf in jfs_evict_inode * Jammy update: v5.15.149 upstream stable release (LP: #2059014) // CVE-2023-52603 - UBSAN: array-index-out-of-bounds in dtSplitRoot * CVE-2024-26581 - netfilter: nft_set_rbtree: skip end interval element from gc -- Roxana Nicolescu Mon, 15 Apr 2024 10:38:15 +0200 ** Changed in: linux (Ubuntu Jammy) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-24023 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52603 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-26581 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2059014 Title: Jammy update: v5.15.149 upstream stable release Status in linux package in Ubuntu: Invalid Status in linux source package in Jammy: Fix Released Bug description: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The following upstream stable patches should be included in the Ubuntu kernel: v5.15.149 upstream stable release from git://git.kernel.org/ ksmbd: free ppace array on error in parse_dacl ksmbd: don't allow O_TRUNC open on read-only share ksmbd: validate mech token in session setup ksmbd: fix UAF issue in ksmbd_tcp_new_connection() ksmbd: only v2 leases handle the directory iio: adc: ad7091r: Set alert bit in config register iio: adc: ad7091r: Allow users to configure device events iio: adc: ad7091r: Enable internal vref if external vref is not supplied dmaengine: fix NULL pointer in channel unregistration function scsi: ufs: core: Simplify power management during async scan scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan() iio:adc:ad7091r: Move exports into IIO_AD7091R namespace. ext4: allow for the last group to be marked as trimmed btrfs: sysfs: validate scrub_speed_max value crypto: api - Disallow identical driver names PM: hibernate: Enforce ordering during image compression/decompression hwrng: core - Fix page fault dead lock on mmap-ed hwrng crypto: s390/aes - Fix buffer overread in CTR mode media: imx355: Enable runtime PM before registering async sub-device rpmsg: virtio: Free driver_override when rpmsg_remove() media: ov9734: Enable runtime PM before registering async sub-device mips: Fix max_mapnr being uninitialized on early stages bus: mhi: host: Drop chan lock before queuing buffers bus: mhi: host: Add spinlock to protect WP access when queueing TREs parisc/firmware: Fix F-extend for PDC addresses async: Split async_schedule_node_domain() async: Introduce async_schedule_dev_nocall() arm64: dts: qcom: sc7180: fix USB wakeup interrupt types arm64: dts: qcom: sdm845: fix USB wakeup interrupt types arm64: dts: qcom: sm8150: fix USB wakeup interrupt types arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts lsm: new security_file_ioctl_compat() hook scripts/get_abi: fix source path leak mmc: core: Use mrq.sbc in close-ended ffu mmc: mmc_spi: remove custom DMA mapped buffers rtc: Adjust failure return code for cmos_set_alarm() nouveau/vmm: don't set addr on the fail path to avoid warning ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path rename(): fix the locking of subdirectories ksmbd: set v2 lease version on lease upgrade ksmbd: fix potential circular locking issue in smb2_set_ea() ksmbd: don't increment epoch if current state and request state are same ksmbd: send lease break notification on FILE_RENAME_INFORMATION ksmbd: Add missing set_freezable() for freezable kthread net/smc: fix illegal rmb_desc access in SMC-D connection dump tcp: make sure init the accept_queue's spinlocks once bnxt_en: Wait for FLR to complete during probe vlan: skip nested type that is n
[Kernel-packages] [Bug 2059014] Re: Jammy update: v5.15.149 upstream stable release
Skipped "jfs: fix uaf in jfs_evict_inode" since this was already applied as CVE-2023-52600. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52600 ** Changed in: linux (Ubuntu Jammy) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2059014 Title: Jammy update: v5.15.149 upstream stable release Status in linux package in Ubuntu: Invalid Status in linux source package in Jammy: Fix Committed Bug description: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The following upstream stable patches should be included in the Ubuntu kernel: v5.15.149 upstream stable release from git://git.kernel.org/ ksmbd: free ppace array on error in parse_dacl ksmbd: don't allow O_TRUNC open on read-only share ksmbd: validate mech token in session setup ksmbd: fix UAF issue in ksmbd_tcp_new_connection() ksmbd: only v2 leases handle the directory iio: adc: ad7091r: Set alert bit in config register iio: adc: ad7091r: Allow users to configure device events iio: adc: ad7091r: Enable internal vref if external vref is not supplied dmaengine: fix NULL pointer in channel unregistration function scsi: ufs: core: Simplify power management during async scan scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan() iio:adc:ad7091r: Move exports into IIO_AD7091R namespace. ext4: allow for the last group to be marked as trimmed btrfs: sysfs: validate scrub_speed_max value crypto: api - Disallow identical driver names PM: hibernate: Enforce ordering during image compression/decompression hwrng: core - Fix page fault dead lock on mmap-ed hwrng crypto: s390/aes - Fix buffer overread in CTR mode media: imx355: Enable runtime PM before registering async sub-device rpmsg: virtio: Free driver_override when rpmsg_remove() media: ov9734: Enable runtime PM before registering async sub-device mips: Fix max_mapnr being uninitialized on early stages bus: mhi: host: Drop chan lock before queuing buffers bus: mhi: host: Add spinlock to protect WP access when queueing TREs parisc/firmware: Fix F-extend for PDC addresses async: Split async_schedule_node_domain() async: Introduce async_schedule_dev_nocall() arm64: dts: qcom: sc7180: fix USB wakeup interrupt types arm64: dts: qcom: sdm845: fix USB wakeup interrupt types arm64: dts: qcom: sm8150: fix USB wakeup interrupt types arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts lsm: new security_file_ioctl_compat() hook scripts/get_abi: fix source path leak mmc: core: Use mrq.sbc in close-ended ffu mmc: mmc_spi: remove custom DMA mapped buffers rtc: Adjust failure return code for cmos_set_alarm() nouveau/vmm: don't set addr on the fail path to avoid warning ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path rename(): fix the locking of subdirectories ksmbd: set v2 lease version on lease upgrade ksmbd: fix potential circular locking issue in smb2_set_ea() ksmbd: don't increment epoch if current state and request state are same ksmbd: send lease break notification on FILE_RENAME_INFORMATION ksmbd: Add missing set_freezable() for freezable kthread net/smc: fix illegal rmb_desc access in SMC-D connection dump tcp: make sure init the accept_queue's spinlocks once bnxt_en: Wait for FLR to complete during probe vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING llc: make llc_ui_sendmsg() more robust against bonding changes llc: Drop support for ETH_P_TR_802_2. net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv tracing: Ensure visibility when inserting an element into tracing_map afs: Hide silly-rename files from userspace tcp: Add memory barrier to tcp_push() netlink: fix potential sleeping issue in mqueue_flush_file ipv6: init the accept_queue's spinlocks in inet6_create net/mlx5: DR, Use the right GVMI number for drop action net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior net/mlx5: DR, Can't go to uplink vport on RX rule net/mlx5e: fix a double-free in arfs_create_groups net/mlx5e: fix a potential double-free in fs_any_create_groups overflow: Allow mixed type arguments netfilter: nft_limit: reject configurations that cause integer overflow netfilter: nf_tables: restrict anonymous set and map names to 16 bytes netfilter: nf_tables: validate NFPROTO_* family net: stmmac: Wait a bit for the reset to take effect net: mvpp2: clear BM pool before initialization selftests: netdevsim: fix t
[Kernel-packages] [Bug 2059014] Re: Jammy update: v5.15.149 upstream stable release
** Changed in: linux (Ubuntu) Status: Confirmed => Invalid ** Changed in: linux (Ubuntu Jammy) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Jammy) Status: New => In Progress ** Changed in: linux (Ubuntu Jammy) Assignee: (unassigned) => Manuel Diewald (diewald) ** Description changed: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The following upstream stable patches should be included in the Ubuntu kernel: v5.15.149 upstream stable release from git://git.kernel.org/ - + ksmbd: free ppace array on error in parse_dacl + ksmbd: don't allow O_TRUNC open on read-only share + ksmbd: validate mech token in session setup + ksmbd: fix UAF issue in ksmbd_tcp_new_connection() + ksmbd: only v2 leases handle the directory + iio: adc: ad7091r: Set alert bit in config register + iio: adc: ad7091r: Allow users to configure device events + iio: adc: ad7091r: Enable internal vref if external vref is not supplied + dmaengine: fix NULL pointer in channel unregistration function + scsi: ufs: core: Simplify power management during async scan + scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan() + iio:adc:ad7091r: Move exports into IIO_AD7091R namespace. + ext4: allow for the last group to be marked as trimmed + btrfs: sysfs: validate scrub_speed_max value + crypto: api - Disallow identical driver names + PM: hibernate: Enforce ordering during image compression/decompression + hwrng: core - Fix page fault dead lock on mmap-ed hwrng + crypto: s390/aes - Fix buffer overread in CTR mode + media: imx355: Enable runtime PM before registering async sub-device + rpmsg: virtio: Free driver_override when rpmsg_remove() + media: ov9734: Enable runtime PM before registering async sub-device + mips: Fix max_mapnr being uninitialized on early stages + bus: mhi: host: Drop chan lock before queuing buffers + bus: mhi: host: Add spinlock to protect WP access when queueing TREs + parisc/firmware: Fix F-extend for PDC addresses + async: Split async_schedule_node_domain() + async: Introduce async_schedule_dev_nocall() + arm64: dts: qcom: sc7180: fix USB wakeup interrupt types + arm64: dts: qcom: sdm845: fix USB wakeup interrupt types + arm64: dts: qcom: sm8150: fix USB wakeup interrupt types + arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts + lsm: new security_file_ioctl_compat() hook + scripts/get_abi: fix source path leak + mmc: core: Use mrq.sbc in close-ended ffu + mmc: mmc_spi: remove custom DMA mapped buffers + rtc: Adjust failure return code for cmos_set_alarm() + nouveau/vmm: don't set addr on the fail path to avoid warning + ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path + rename(): fix the locking of subdirectories + ksmbd: set v2 lease version on lease upgrade + ksmbd: fix potential circular locking issue in smb2_set_ea() + ksmbd: don't increment epoch if current state and request state are same + ksmbd: send lease break notification on FILE_RENAME_INFORMATION + ksmbd: Add missing set_freezable() for freezable kthread + net/smc: fix illegal rmb_desc access in SMC-D connection dump + tcp: make sure init the accept_queue's spinlocks once + bnxt_en: Wait for FLR to complete during probe + vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING + llc: make llc_ui_sendmsg() more robust against bonding changes + llc: Drop support for ETH_P_TR_802_2. + net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv + tracing: Ensure visibility when inserting an element into tracing_map + afs: Hide silly-rename files from userspace + tcp: Add memory barrier to tcp_push() + netlink: fix potential sleeping issue in mqueue_flush_file + ipv6: init the accept_queue's spinlocks in inet6_create + net/mlx5: DR, Use the right GVMI number for drop action + net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior + net/mlx5: DR, Can't go to uplink vport on RX rule + net/mlx5e: fix a double-free in arfs_create_groups + net/mlx5e: fix a potential double-free in fs_any_create_groups + overflow: Allow mixed type arguments + netfilter: nft_limit: reject configurations that cause integer overflow + netfilter: nf_tables: restrict anonymous set and map names to 16 bytes + netfilter: nf_tables: validate NFPROTO_* family + net: stmmac: Wait a bit for the reset to take effect + net: mvpp2: clear BM pool before initialization + selftests: netdevsim: fix the udp_tunnel_nic test + fjes: fix memleaks in fjes_hw_setup + net: fec: fix the unhandled context fault from smmu + btrfs: fix infinite directory reads + btrfs: set last dir index to the current last index when opening dir + btrfs: refresh