{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-headers-5.15.0-1059-kvm", "linux-image-5.15.0-1059-kvm", "linux-kvm-headers-5.15.0-1059", "linux-modules-5.15.0-1059-kvm" ], "removed": [ "linux-headers-5.15.0-1058-kvm", "linux-image-5.15.0-1058-kvm", "linux-kvm-headers-5.15.0-1058", "linux-modules-5.15.0-1058-kvm" ], "diff": [ "libglib2.0-0", "libglib2.0-data", "linux-headers-kvm", "linux-image-kvm", "linux-kvm", "snapd" ] } }, "diff": { "deb": [ { "name": "libglib2.0-0", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.72.4-0ubuntu2.2", "version": "2.72.4-0ubuntu2.2" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.72.4-0ubuntu2.3", "version": "2.72.4-0ubuntu2.3" }, "cves": [ { "cve": "CVE-2024-34397", "url": "https://ubuntu.com/security/CVE-2024-34397", "cve_description": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.", "cve_priority": "medium", "cve_public_date": "2024-05-07 18:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-34397", "url": "https://ubuntu.com/security/CVE-2024-34397", "cve_description": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.", "cve_priority": "medium", "cve_public_date": "2024-05-07 18:15:00 UTC" } ], "log": [ "", " [ Marco Trevisan (Treviño) ]", " * debian/patches: Backport patches to handle CVE-2024-34397", "", " [ Marc Deslauriers ]", " * debian/patches/gdbusconnection-regression.patch: fix ibus regression.", " * debian/control*: added Breaks for gnome-shell without regression fix.", "" ], "package": "glib2.0", "version": "2.72.4-0ubuntu2.3", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 08 May 2024 13:22:46 -0400" } ], "notes": null }, { "name": "libglib2.0-data", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.72.4-0ubuntu2.2", "version": "2.72.4-0ubuntu2.2" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.72.4-0ubuntu2.3", "version": "2.72.4-0ubuntu2.3" }, "cves": [ { "cve": "CVE-2024-34397", "url": "https://ubuntu.com/security/CVE-2024-34397", "cve_description": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.", "cve_priority": "medium", "cve_public_date": "2024-05-07 18:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-34397", "url": "https://ubuntu.com/security/CVE-2024-34397", "cve_description": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.", "cve_priority": "medium", "cve_public_date": "2024-05-07 18:15:00 UTC" } ], "log": [ "", " [ Marco Trevisan (Treviño) ]", " * debian/patches: Backport patches to handle CVE-2024-34397", "", " [ Marc Deslauriers ]", " * debian/patches/gdbusconnection-regression.patch: fix ibus regression.", " * debian/control*: added Breaks for gnome-shell without regression fix.", "" ], "package": "glib2.0", "version": "2.72.4-0ubuntu2.3", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 08 May 2024 13:22:46 -0400" } ], "notes": null }, { "name": "linux-headers-kvm", "from_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1058.54", "version": "5.15.0.1058.54" }, "to_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1059.55", "version": "5.15.0.1059.55" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-1059", "" ], "package": "linux-meta-kvm", "version": "5.15.0.1059.55", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Thibault Ferrante ", "date": "Wed, 01 May 2024 17:18:38 +0200" } ], "notes": null }, { "name": "linux-image-kvm", "from_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1058.54", "version": "5.15.0.1058.54" }, "to_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1059.55", "version": "5.15.0.1059.55" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-1059", "" ], "package": "linux-meta-kvm", "version": "5.15.0.1059.55", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Thibault Ferrante ", "date": "Wed, 01 May 2024 17:18:38 +0200" } ], "notes": null }, { "name": "linux-kvm", "from_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1058.54", "version": "5.15.0.1058.54" }, "to_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1059.55", "version": "5.15.0.1059.55" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-1059", "" ], "package": "linux-meta-kvm", "version": "5.15.0.1059.55", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Thibault Ferrante ", "date": "Wed, 01 May 2024 17:18:38 +0200" } ], "notes": null }, { "name": "snapd", "from_version": { "source_package_name": "snapd", "source_package_version": "2.61.3+22.04", "version": "2.61.3+22.04" }, "to_version": { "source_package_name": "snapd", "source_package_version": "2.62+22.04", "version": "2.62+22.04" }, "cves": [], "launchpad_bugs_fixed": [ 2058277, 2039017 ], "changes": [ { "cves": [], "log": [ "", " * New upstream release, LP: #2058277", " - Aspects based configuration schema support (experimental)", " - Refresh app awareness support for UI (experimental)", " - Support for user daemons by introducing new control switches", " --user/--system/--users for service start/stop/restart", " (experimental)", " - Add AppArmor prompting experimental flag (feature currently", " unsupported)", " - Installation of local snap components of type test", " - Packaging of components with snap pack", " - Expose experimental features supported/enabled in snapd REST API", " endpoint /v2/system-info", " - Support creating and removing recovery systems for use by factory", " reset", " - Enable API route for creating and removing recovery systems using", " /v2/systems with action create and /v2/systems/{label} with action", " remove", " - Lift requirements for fde-setup hook for single boot install", " - Enable single reboot gadget update for UC20+", " - Allow core to be removed on classic systems", " - Support for remodeling on hybrid systems", " - Install desktop files on Ubuntu Core and update after snapd", " upgrade", " - Upgrade sandbox features to account for cgroup v2 device filtering", " - Support snaps to manage their own cgroups", " - Add support for AppArmor 4.0 unconfined profile mode", " - Add AppArmor based read access to /etc/default/keyboard", " - Upgrade to squashfuse 0.5.0", " - Support useradd utility to enable removing Perl dependency for", " UC24+", " - Support for recovery-chooser to use console-conf snap", " - Add support for --uid/--gid using strace-static", " - Add support for notices (from pebble) and expose via the snapd", " REST API endpoints /v2/notices and /v2/notice", " - Add polkit authentication for snapd REST API endpoints", " /v2/snaps/{snap}/conf and /v2/apps", " - Add refresh-inhibit field to snapd REST API endpoint /v2/snaps", " - Add refresh-inhibited select query to REST API endpoint /v2/snaps", " - Take into account validation sets during remodeling", " - Improve offline remodeling to use installed revisions of snaps to", " fulfill the remodel revision requirement", " - Add rpi configuration option sdtv_mode", " - When snapd snap is not installed, pin policy ABI to 4.0 or 3.0 if", " present on host", " - Fix gadget zero-sized disk mapping caused by not ignoring zero", " sized storage traits", " - Fix gadget install case where size of existing partition was not", " correctly taken into account", " - Fix trying to unmount early kernel mount if it does not exist", " - Fix restarting mount units on snapd start", " - Fix call to udev in preseed mode", " - Fix to ensure always setting up the device cgroup for base bare", " and core24+", " - Fix not copying data from newly set homedirs on revision change", " - Fix leaving behind empty snap home directories after snap is", " removed (resulting in broken symlink)", " - Fix to avoid using libzstd from host by adding to snapd snap", " - Fix autorefresh to correctly handle forever refresh hold", " - Fix username regex allowed for system-user assertion to not allow", " '+'", " - Fix incorrect application icon for notification after autorefresh", " completion", " - Fix to restart mount units when changed", " - Fix to support AppArmor running under incus", " - Fix case of snap-update-ns dropping synthetic mounts due to", " failure to match desired mount dependencies", " - Fix parsing of base snap version to enable pre-seeding of Ubuntu", " Core Desktop", " - Fix packaging and tests for various distributions", " - Add remoteproc interface to allow developers to interact with", " Remote Processor Framework which enables snaps to load firmware to", " ARM Cortex microcontrollers", " - Add kernel-control interface to enable controlling the kernel", " firmware search path", " - Add nfs-mount interface to allow mounting of NFS shares", " - Add ros-opt-data interface to allow snaps to access the host", " /opt/ros/ paths", " - Add snap-refresh-observe interface that provides refresh-app-", " awareness clients access to relevant snapd API endpoints", " - steam-support interface: generalize Pressure Vessel root paths and", " allow access to driver information, features and container", " versions", " - steam-support interface: make implicit on Ubuntu Core Desktop", " - desktop interface: improved support for Ubuntu Core Desktop and", " limit autoconnection to implicit slots", " - cups-control interface: make autoconnect depend on presence of", " cupsd on host to ensure it works on classic systems", " - opengl interface: allow read access to /usr/share/nvidia", " - personal-files interface: extend to support automatic creation of", " missing parent directories in write paths", " - network-control interface: allow creating /run/resolveconf", " - network-setup-control and network-setup-observe interfaces: allow", " busctl bind as required for systemd 254+", " - libvirt interface: allow r/w access to /run/libvirt/libvirt-sock-", " ro and read access to /var/lib/libvirt/dnsmasq/**", " - fwupd interface: allow access to IMPI devices (including locking", " of device nodes), sysfs attributes needed by amdgpu and the COD", " capsule update directory", " - uio interface: allow configuring UIO drivers from userspace", " libraries", " - serial-port interface: add support for NXP Layerscape SoC", " - lxd-support interface: add attribute enable-unconfined-mode to", " require LXD to opt-in to run unconfined", " - block-devices interface: add support for ZFS volumes", " - system-packages-doc interface: add support for reading jquery and", " sphinx documentation", " - system-packages-doc interface: workaround to prevent autoconnect", " failure for snaps using base bare", " - microceph-support interface: allow more types of block devices to", " be added as an OSD", " - mount-observe interface: allow read access to", " /proc/{pid}/task/{tid}/mounts and proc/{pid}/task/{tid}/mountinfo", " - polkit interface: changed to not be implicit on core because", " installing policy files is not possible", " - upower-observe interface: allow stats refresh", " - gpg-public-keys interface: allow creating lock file for certain", " gpg operations", " - shutdown interface: allow access to SetRebootParameter method", " - media-control interface: allow device file locking", " - u2f-devices interface: support for Trustkey G310H, JaCarta U2F,", " Kensington VeriMark Guard, RSA DS100, Google Titan v2", "" ], "package": "snapd", "version": "2.62+22.04", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2058277 ], "author": "Ernest Lotter ", "date": "Thu, 21 Mar 2024 22:06:09 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2039017", " - Install systemd files in correct location for 24.04", "" ], "package": "snapd", "version": "2.61.3", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2039017 ], "author": "Ernest Lotter ", "date": "Wed, 06 Mar 2024 23:18:11 +0200" } ], "notes": null } ], "snap": [] }, "added": { "deb": [ { "name": "linux-headers-5.15.0-1059-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1058.63", "version": null }, "to_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1059.64", "version": "5.15.0-1059.64" }, "cves": [ { "cve": "CVE-2023-52530", "url": "https://ubuntu.com/security/CVE-2023-52530", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 due to KRACK protection (identical key reinstall), ieee80211_gtk_rekey_add() will still return a pointer into the key, in a potential use-after-free. This normally doesn't happen since it's only called by iwlwifi in case of WoWLAN rekey offload which has its own KRACK protection, but still better to fix, do that by returning an error code and converting that to success on the cfg80211 boundary only, leaving the error for bad callers of ieee80211_gtk_rekey_add().", "cve_priority": "medium", "cve_public_date": "2024-03-02 22:15:00 UTC" }, { "cve": "CVE-2024-26622", "url": "https://ubuntu.com/security/CVE-2024-26622", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems.", "cve_priority": "medium", "cve_public_date": "2024-03-04 07:15:00 UTC" }, { "cve": "CVE-2023-47233", "url": "https://ubuntu.com/security/CVE-2023-47233", "cve_description": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.", "cve_priority": "low", "cve_public_date": "2023-11-03 21:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2063621, 2063635 ], "changes": [ { "cves": [ { "cve": "CVE-2023-52530", "url": "https://ubuntu.com/security/CVE-2023-52530", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 due to KRACK protection (identical key reinstall), ieee80211_gtk_rekey_add() will still return a pointer into the key, in a potential use-after-free. This normally doesn't happen since it's only called by iwlwifi in case of WoWLAN rekey offload which has its own KRACK protection, but still better to fix, do that by returning an error code and converting that to success on the cfg80211 boundary only, leaving the error for bad callers of ieee80211_gtk_rekey_add().", "cve_priority": "medium", "cve_public_date": "2024-03-02 22:15:00 UTC" }, { "cve": "CVE-2024-26622", "url": "https://ubuntu.com/security/CVE-2024-26622", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems.", "cve_priority": "medium", "cve_public_date": "2024-03-04 07:15:00 UTC" }, { "cve": "CVE-2023-47233", "url": "https://ubuntu.com/security/CVE-2023-47233", "cve_description": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.", "cve_priority": "low", "cve_public_date": "2023-11-03 21:15:00 UTC" } ], "log": [ "", " * jammy/linux-kvm: 5.15.0-1059.64 -proposed tracker (LP: #2063621)", "", " [ Ubuntu: 5.15.0-107.117 ]", "", " * jammy/linux: 5.15.0-107.117 -proposed tracker (LP: #2063635)", " * CVE-2023-52530", " - wifi: mac80211: fix potential key use-after-free", " * CVE-2024-26622", " - tomoyo: fix UAF write bug in tomoyo_write_control()", " * CVE-2023-47233", " - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach", "" ], "package": "linux-kvm", "version": "5.15.0-1059.64", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2063621, 2063635 ], "author": "Thibault Ferrante ", "date": "Wed, 01 May 2024 16:51:27 +0200" } ], "notes": "linux-headers-5.15.0-1059-kvm version '5.15.0-1059.64' (source package linux-kvm version '5.15.0-1059.64') was added. linux-headers-5.15.0-1059-kvm version '5.15.0-1059.64' has the same source package name, linux-kvm, as removed package linux-headers-5.15.0-1058-kvm. As such we can use the source package version of the removed package, '5.15.0-1058.63', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-image-5.15.0-1059-kvm", "from_version": { "source_package_name": "linux-signed-kvm", "source_package_version": "5.15.0-1058.63", "version": null }, "to_version": { "source_package_name": "linux-signed-kvm", "source_package_version": "5.15.0-1059.64", "version": "5.15.0-1059.64" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 5.15.0-1059.64", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed-kvm", "version": "5.15.0-1059.64", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 1786013 ], "author": "Thibault Ferrante ", "date": "Wed, 01 May 2024 17:18:47 +0200" } ], "notes": "linux-image-5.15.0-1059-kvm version '5.15.0-1059.64' (source package linux-signed-kvm version '5.15.0-1059.64') was added. linux-image-5.15.0-1059-kvm version '5.15.0-1059.64' has the same source package name, linux-signed-kvm, as removed package linux-image-5.15.0-1058-kvm. As such we can use the source package version of the removed package, '5.15.0-1058.63', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-kvm-headers-5.15.0-1059", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1058.63", "version": null }, "to_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1059.64", "version": "5.15.0-1059.64" }, "cves": [ { "cve": "CVE-2023-52530", "url": "https://ubuntu.com/security/CVE-2023-52530", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 due to KRACK protection (identical key reinstall), ieee80211_gtk_rekey_add() will still return a pointer into the key, in a potential use-after-free. This normally doesn't happen since it's only called by iwlwifi in case of WoWLAN rekey offload which has its own KRACK protection, but still better to fix, do that by returning an error code and converting that to success on the cfg80211 boundary only, leaving the error for bad callers of ieee80211_gtk_rekey_add().", "cve_priority": "medium", "cve_public_date": "2024-03-02 22:15:00 UTC" }, { "cve": "CVE-2024-26622", "url": "https://ubuntu.com/security/CVE-2024-26622", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems.", "cve_priority": "medium", "cve_public_date": "2024-03-04 07:15:00 UTC" }, { "cve": "CVE-2023-47233", "url": "https://ubuntu.com/security/CVE-2023-47233", "cve_description": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.", "cve_priority": "low", "cve_public_date": "2023-11-03 21:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2063621, 2063635 ], "changes": [ { "cves": [ { "cve": "CVE-2023-52530", "url": "https://ubuntu.com/security/CVE-2023-52530", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 due to KRACK protection (identical key reinstall), ieee80211_gtk_rekey_add() will still return a pointer into the key, in a potential use-after-free. This normally doesn't happen since it's only called by iwlwifi in case of WoWLAN rekey offload which has its own KRACK protection, but still better to fix, do that by returning an error code and converting that to success on the cfg80211 boundary only, leaving the error for bad callers of ieee80211_gtk_rekey_add().", "cve_priority": "medium", "cve_public_date": "2024-03-02 22:15:00 UTC" }, { "cve": "CVE-2024-26622", "url": "https://ubuntu.com/security/CVE-2024-26622", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems.", "cve_priority": "medium", "cve_public_date": "2024-03-04 07:15:00 UTC" }, { "cve": "CVE-2023-47233", "url": "https://ubuntu.com/security/CVE-2023-47233", "cve_description": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.", "cve_priority": "low", "cve_public_date": "2023-11-03 21:15:00 UTC" } ], "log": [ "", " * jammy/linux-kvm: 5.15.0-1059.64 -proposed tracker (LP: #2063621)", "", " [ Ubuntu: 5.15.0-107.117 ]", "", " * jammy/linux: 5.15.0-107.117 -proposed tracker (LP: #2063635)", " * CVE-2023-52530", " - wifi: mac80211: fix potential key use-after-free", " * CVE-2024-26622", " - tomoyo: fix UAF write bug in tomoyo_write_control()", " * CVE-2023-47233", " - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach", "" ], "package": "linux-kvm", "version": "5.15.0-1059.64", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2063621, 2063635 ], "author": "Thibault Ferrante ", "date": "Wed, 01 May 2024 16:51:27 +0200" } ], "notes": "linux-kvm-headers-5.15.0-1059 version '5.15.0-1059.64' (source package linux-kvm version '5.15.0-1059.64') was added. linux-kvm-headers-5.15.0-1059 version '5.15.0-1059.64' has the same source package name, linux-kvm, as removed package linux-headers-5.15.0-1058-kvm. As such we can use the source package version of the removed package, '5.15.0-1058.63', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-modules-5.15.0-1059-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1058.63", "version": null }, "to_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1059.64", "version": "5.15.0-1059.64" }, "cves": [ { "cve": "CVE-2023-52530", "url": "https://ubuntu.com/security/CVE-2023-52530", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 due to KRACK protection (identical key reinstall), ieee80211_gtk_rekey_add() will still return a pointer into the key, in a potential use-after-free. This normally doesn't happen since it's only called by iwlwifi in case of WoWLAN rekey offload which has its own KRACK protection, but still better to fix, do that by returning an error code and converting that to success on the cfg80211 boundary only, leaving the error for bad callers of ieee80211_gtk_rekey_add().", "cve_priority": "medium", "cve_public_date": "2024-03-02 22:15:00 UTC" }, { "cve": "CVE-2024-26622", "url": "https://ubuntu.com/security/CVE-2024-26622", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems.", "cve_priority": "medium", "cve_public_date": "2024-03-04 07:15:00 UTC" }, { "cve": "CVE-2023-47233", "url": "https://ubuntu.com/security/CVE-2023-47233", "cve_description": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.", "cve_priority": "low", "cve_public_date": "2023-11-03 21:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2063621, 2063635 ], "changes": [ { "cves": [ { "cve": "CVE-2023-52530", "url": "https://ubuntu.com/security/CVE-2023-52530", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 due to KRACK protection (identical key reinstall), ieee80211_gtk_rekey_add() will still return a pointer into the key, in a potential use-after-free. This normally doesn't happen since it's only called by iwlwifi in case of WoWLAN rekey offload which has its own KRACK protection, but still better to fix, do that by returning an error code and converting that to success on the cfg80211 boundary only, leaving the error for bad callers of ieee80211_gtk_rekey_add().", "cve_priority": "medium", "cve_public_date": "2024-03-02 22:15:00 UTC" }, { "cve": "CVE-2024-26622", "url": "https://ubuntu.com/security/CVE-2024-26622", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems.", "cve_priority": "medium", "cve_public_date": "2024-03-04 07:15:00 UTC" }, { "cve": "CVE-2023-47233", "url": "https://ubuntu.com/security/CVE-2023-47233", "cve_description": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.", "cve_priority": "low", "cve_public_date": "2023-11-03 21:15:00 UTC" } ], "log": [ "", " * jammy/linux-kvm: 5.15.0-1059.64 -proposed tracker (LP: #2063621)", "", " [ Ubuntu: 5.15.0-107.117 ]", "", " * jammy/linux: 5.15.0-107.117 -proposed tracker (LP: #2063635)", " * CVE-2023-52530", " - wifi: mac80211: fix potential key use-after-free", " * CVE-2024-26622", " - tomoyo: fix UAF write bug in tomoyo_write_control()", " * CVE-2023-47233", " - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach", "" ], "package": "linux-kvm", "version": "5.15.0-1059.64", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2063621, 2063635 ], "author": "Thibault Ferrante ", "date": "Wed, 01 May 2024 16:51:27 +0200" } ], "notes": "linux-modules-5.15.0-1059-kvm version '5.15.0-1059.64' (source package linux-kvm version '5.15.0-1059.64') was added. linux-modules-5.15.0-1059-kvm version '5.15.0-1059.64' has the same source package name, linux-kvm, as removed package linux-headers-5.15.0-1058-kvm. As such we can use the source package version of the removed package, '5.15.0-1058.63', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-headers-5.15.0-1058-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1058.63", "version": "5.15.0-1058.63" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-image-5.15.0-1058-kvm", "from_version": { "source_package_name": "linux-signed-kvm", "source_package_version": "5.15.0-1058.63", "version": "5.15.0-1058.63" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-kvm-headers-5.15.0-1058", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1058.63", "version": "5.15.0-1058.63" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-modules-5.15.0-1058-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1058.63", "version": "5.15.0-1058.63" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from release image serial 20240507 to 20240513.1", "from_series": "jammy", "to_series": "jammy", "from_serial": "20240507", "to_serial": "20240513.1", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }