{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-headers-6.8.0-63", "linux-headers-6.8.0-63-generic", "linux-image-6.8.0-63-generic", "linux-modules-6.8.0-63-generic", "linux-tools-6.8.0-63", "linux-tools-6.8.0-63-generic" ], "removed": [ "linux-headers-6.8.0-62", "linux-headers-6.8.0-62-generic", "linux-image-6.8.0-62-generic", "linux-modules-6.8.0-62-generic", "linux-tools-6.8.0-62", "linux-tools-6.8.0-62-generic" ], "diff": [ "fwupd", "gzip", "libfwupd2", "libopeniscsiusr", "linux-headers-generic", "linux-headers-virtual", "linux-image-virtual", "linux-libc-dev", "linux-tools-common", "linux-virtual", "open-iscsi", "sudo" ] } }, "diff": { "deb": [ { "name": "fwupd", "from_version": { "source_package_name": "fwupd", "source_package_version": "1.9.29-0ubuntu1~24.04.1ubuntu1", "version": "1.9.29-0ubuntu1~24.04.1ubuntu1" }, "to_version": { "source_package_name": "fwupd", "source_package_version": "1.9.30-0ubuntu1~24.04.1", "version": "1.9.30-0ubuntu1~24.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2110209 ], "changes": [ { "cves": [], "log": [ "", " * New upstream version (1.9.30)", " - Fix dell dock RMM FW info missing on some devices (LP: #2110209)", "" ], "package": "fwupd", "version": "1.9.30-0ubuntu1~24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2110209 ], "author": "Mario Limonciello ", "date": "Thu, 08 May 2025 10:43:11 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "gzip", "from_version": { "source_package_name": "gzip", "source_package_version": "1.12-1ubuntu3", "version": "1.12-1ubuntu3" }, "to_version": { "source_package_name": "gzip", "source_package_version": "1.12-1ubuntu3.1", "version": "1.12-1ubuntu3.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083700 ], "changes": [ { "cves": [], "log": [ "", " * d/p/0001-maint-fix-s390-buffer-flushes.patch: align the behavior of", " dfltcc_inflate to do the same as gzip_inflate when it hits a premature EOF", " (LP: #2083700)", "" ], "package": "gzip", "version": "1.12-1ubuntu3.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083700 ], "author": "Andreas Hasenack ", "date": "Mon, 27 Jan 2025 13:56:44 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libfwupd2", "from_version": { "source_package_name": "fwupd", "source_package_version": "1.9.29-0ubuntu1~24.04.1ubuntu1", "version": "1.9.29-0ubuntu1~24.04.1ubuntu1" }, "to_version": { "source_package_name": "fwupd", "source_package_version": "1.9.30-0ubuntu1~24.04.1", "version": "1.9.30-0ubuntu1~24.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2110209 ], "changes": [ { "cves": [], "log": [ "", " * New upstream version (1.9.30)", " - Fix dell dock RMM FW info missing on some devices (LP: #2110209)", "" ], "package": "fwupd", "version": "1.9.30-0ubuntu1~24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2110209 ], "author": "Mario Limonciello ", "date": "Thu, 08 May 2025 10:43:11 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libopeniscsiusr", "from_version": { "source_package_name": "open-iscsi", "source_package_version": "2.1.9-3ubuntu5.3", "version": "2.1.9-3ubuntu5.3" }, "to_version": { "source_package_name": "open-iscsi", "source_package_version": "2.1.9-3ubuntu5.4", "version": "2.1.9-3ubuntu5.4" }, "cves": [], "launchpad_bugs_fixed": [ 2098515 ], "changes": [ { "cves": [], "log": [ "", " * d/extra/initramfs/local-top/iscsi: add a flag to skip network", " configuration when iscsi is set to 'auto' but no iBFT data is present.", " Thanks to Alec Warren . (LP: #2098515)", "" ], "package": "open-iscsi", "version": "2.1.9-3ubuntu5.4", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2098515 ], "author": "Renan Rodrigo ", "date": "Wed, 04 Jun 2025 09:20:05 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-generic", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.8.0-62.65", "version": "6.8.0-62.65" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.8.0-63.66", "version": "6.8.0-63.66" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.8.0-63.66", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "" ], "package": "linux-meta", "version": "6.8.0-63.66", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 1786013 ], "author": "Manuel Diewald ", "date": "Fri, 13 Jun 2025 17:21:48 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.8.0-62.65", "version": "6.8.0-62.65" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.8.0-63.66", "version": "6.8.0-63.66" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.8.0-63.66", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "" ], "package": "linux-meta", "version": "6.8.0-63.66", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 1786013 ], "author": "Manuel Diewald ", "date": "Fri, 13 Jun 2025 17:21:48 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.8.0-62.65", "version": "6.8.0-62.65" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.8.0-63.66", "version": "6.8.0-63.66" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.8.0-63.66", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "" ], "package": "linux-meta", "version": "6.8.0-63.66", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 1786013 ], "author": "Manuel Diewald ", "date": "Fri, 13 Jun 2025 17:21:48 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-libc-dev", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-62.65", "version": "6.8.0-62.65" }, "to_version": { "source_package_name": "linux", "source_package_version": "6.8.0-63.66", "version": "6.8.0-63.66" }, "cves": [ { "cve": "CVE-2025-37798", "url": "https://ubuntu.com/security/CVE-2025-37798", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue().", "cve_priority": "medium", "cve_public_date": "2025-05-02 15:15:00 UTC" }, { "cve": "CVE-2025-37997", "url": "https://ubuntu.com/security/CVE-2025-37997", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.", "cve_priority": "medium", "cve_public_date": "2025-05-29 14:15:00 UTC" }, { "cve": "CVE-2025-22088", "url": "https://ubuntu.com/security/CVE-2025-22088", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem. Fix this issue.", "cve_priority": "high", "cve_public_date": "2025-04-16 15:16:00 UTC" }, { "cve": "CVE-2025-37890", "url": "https://ubuntu.com/security/CVE-2025-37890", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "cve_priority": "medium", "cve_public_date": "2025-05-16 13:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2114341, 1786013, 2112519 ], "changes": [ { "cves": [ { "cve": "CVE-2025-37798", "url": "https://ubuntu.com/security/CVE-2025-37798", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue().", "cve_priority": "medium", "cve_public_date": "2025-05-02 15:15:00 UTC" }, { "cve": "CVE-2025-37997", "url": "https://ubuntu.com/security/CVE-2025-37997", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.", "cve_priority": "medium", "cve_public_date": "2025-05-29 14:15:00 UTC" }, { "cve": "CVE-2025-22088", "url": "https://ubuntu.com/security/CVE-2025-22088", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem. Fix this issue.", "cve_priority": "high", "cve_public_date": "2025-04-16 15:16:00 UTC" }, { "cve": "CVE-2025-37890", "url": "https://ubuntu.com/security/CVE-2025-37890", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "cve_priority": "medium", "cve_public_date": "2025-05-16 13:15:00 UTC" } ], "log": [ "", " * noble/linux: 6.8.0-63.66 -proposed tracker (LP: #2114341)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", " - [Packaging] update annotations scripts", "", " * CVE-2025-37798", " - sch_htb: make htb_qlen_notify() idempotent", " - sch_htb: make htb_deactivate() idempotent", " - sch_drr: make drr_qlen_notify() idempotent", " - sch_hfsc: make hfsc_qlen_notify() idempotent", " - sch_qfq: make qfq_qlen_notify() idempotent", " - sch_ets: make est_qlen_notify() idempotent", " - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()", "", " * CVE-2025-37997", " - netfilter: ipset: fix region locking in hash types", "", " * CVE-2025-22088", " - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()", "", " * CVE-2025-37890", " - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child", " qdisc", " - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()", " - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice", "", " * raid1: Fix NULL pointer dereference in process_checks() (LP: #2112519)", " - md/raid1: Add check for missing source disk in process_checks()", "" ], "package": "linux", "version": "6.8.0-63.66", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2114341, 1786013, 2112519 ], "author": "Manuel Diewald ", "date": "Fri, 13 Jun 2025 16:50:07 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-tools-common", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-62.65", "version": "6.8.0-62.65" }, "to_version": { "source_package_name": "linux", "source_package_version": "6.8.0-63.66", "version": "6.8.0-63.66" }, "cves": [ { "cve": "CVE-2025-37798", "url": "https://ubuntu.com/security/CVE-2025-37798", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue().", "cve_priority": "medium", "cve_public_date": "2025-05-02 15:15:00 UTC" }, { "cve": "CVE-2025-37997", "url": "https://ubuntu.com/security/CVE-2025-37997", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.", "cve_priority": "medium", "cve_public_date": "2025-05-29 14:15:00 UTC" }, { "cve": "CVE-2025-22088", "url": "https://ubuntu.com/security/CVE-2025-22088", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem. Fix this issue.", "cve_priority": "high", "cve_public_date": "2025-04-16 15:16:00 UTC" }, { "cve": "CVE-2025-37890", "url": "https://ubuntu.com/security/CVE-2025-37890", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "cve_priority": "medium", "cve_public_date": "2025-05-16 13:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2114341, 1786013, 2112519 ], "changes": [ { "cves": [ { "cve": "CVE-2025-37798", "url": "https://ubuntu.com/security/CVE-2025-37798", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue().", "cve_priority": "medium", "cve_public_date": "2025-05-02 15:15:00 UTC" }, { "cve": "CVE-2025-37997", "url": "https://ubuntu.com/security/CVE-2025-37997", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.", "cve_priority": "medium", "cve_public_date": "2025-05-29 14:15:00 UTC" }, { "cve": "CVE-2025-22088", "url": "https://ubuntu.com/security/CVE-2025-22088", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem. Fix this issue.", "cve_priority": "high", "cve_public_date": "2025-04-16 15:16:00 UTC" }, { "cve": "CVE-2025-37890", "url": "https://ubuntu.com/security/CVE-2025-37890", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "cve_priority": "medium", "cve_public_date": "2025-05-16 13:15:00 UTC" } ], "log": [ "", " * noble/linux: 6.8.0-63.66 -proposed tracker (LP: #2114341)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", " - [Packaging] update annotations scripts", "", " * CVE-2025-37798", " - sch_htb: make htb_qlen_notify() idempotent", " - sch_htb: make htb_deactivate() idempotent", " - sch_drr: make drr_qlen_notify() idempotent", " - sch_hfsc: make hfsc_qlen_notify() idempotent", " - sch_qfq: make qfq_qlen_notify() idempotent", " - sch_ets: make est_qlen_notify() idempotent", " - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()", "", " * CVE-2025-37997", " - netfilter: ipset: fix region locking in hash types", "", " * CVE-2025-22088", " - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()", "", " * CVE-2025-37890", " - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child", " qdisc", " - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()", " - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice", "", " * raid1: Fix NULL pointer dereference in process_checks() (LP: #2112519)", " - md/raid1: Add check for missing source disk in process_checks()", "" ], "package": "linux", "version": "6.8.0-63.66", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2114341, 1786013, 2112519 ], "author": "Manuel Diewald ", "date": "Fri, 13 Jun 2025 16:50:07 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.8.0-62.65", "version": "6.8.0-62.65" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.8.0-63.66", "version": "6.8.0-63.66" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.8.0-63.66", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "" ], "package": "linux-meta", "version": "6.8.0-63.66", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 1786013 ], "author": "Manuel Diewald ", "date": "Fri, 13 Jun 2025 17:21:48 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "open-iscsi", "from_version": { "source_package_name": "open-iscsi", "source_package_version": "2.1.9-3ubuntu5.3", "version": "2.1.9-3ubuntu5.3" }, "to_version": { "source_package_name": "open-iscsi", "source_package_version": "2.1.9-3ubuntu5.4", "version": "2.1.9-3ubuntu5.4" }, "cves": [], "launchpad_bugs_fixed": [ 2098515 ], "changes": [ { "cves": [], "log": [ "", " * d/extra/initramfs/local-top/iscsi: add a flag to skip network", " configuration when iscsi is set to 'auto' but no iBFT data is present.", " Thanks to Alec Warren . (LP: #2098515)", "" ], "package": "open-iscsi", "version": "2.1.9-3ubuntu5.4", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2098515 ], "author": "Renan Rodrigo ", "date": "Wed, 04 Jun 2025 09:20:05 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "sudo", "from_version": { "source_package_name": "sudo", "source_package_version": "1.9.15p5-3ubuntu5", "version": "1.9.15p5-3ubuntu5" }, "to_version": { "source_package_name": "sudo", "source_package_version": "1.9.15p5-3ubuntu5.24.04.1", "version": "1.9.15p5-3ubuntu5.24.04.1" }, "cves": [ { "cve": "CVE-2025-32462", "url": "https://ubuntu.com/security/CVE-2025-32462", "cve_description": "Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.", "cve_priority": "high", "cve_public_date": "2025-06-30 21:15:00 UTC" }, { "cve": "CVE-2025-32463", "url": "https://ubuntu.com/security/CVE-2025-32463", "cve_description": "Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.", "cve_priority": "high", "cve_public_date": "2025-06-30 21:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-32462", "url": "https://ubuntu.com/security/CVE-2025-32462", "cve_description": "Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.", "cve_priority": "high", "cve_public_date": "2025-06-30 21:15:00 UTC" }, { "cve": "CVE-2025-32463", "url": "https://ubuntu.com/security/CVE-2025-32463", "cve_description": "Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.", "cve_priority": "high", "cve_public_date": "2025-06-30 21:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local Privilege Escalation via host option", " - debian/patches/CVE-2025-32462.patch: only allow specifying a host", " when listing privileges.", " - CVE-2025-32462", " * SECURITY UPDATE: Local Privilege Escalation via chroot option", " - debian/patches/CVE-2025-32463.patch: remove user-selected root", " directory chroot option.", " - CVE-2025-32463", "" ], "package": "sudo", "version": "1.9.15p5-3ubuntu5.24.04.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 25 Jun 2025 08:42:53 -0400" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [ { "name": "linux-headers-6.8.0-63", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-62.65", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.8.0-63.66", "version": "6.8.0-63.66" }, "cves": [ { "cve": "CVE-2025-37798", "url": "https://ubuntu.com/security/CVE-2025-37798", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue().", "cve_priority": "medium", "cve_public_date": "2025-05-02 15:15:00 UTC" }, { "cve": "CVE-2025-37997", "url": "https://ubuntu.com/security/CVE-2025-37997", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.", "cve_priority": "medium", "cve_public_date": "2025-05-29 14:15:00 UTC" }, { "cve": "CVE-2025-22088", "url": "https://ubuntu.com/security/CVE-2025-22088", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem. Fix this issue.", "cve_priority": "high", "cve_public_date": "2025-04-16 15:16:00 UTC" }, { "cve": "CVE-2025-37890", "url": "https://ubuntu.com/security/CVE-2025-37890", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "cve_priority": "medium", "cve_public_date": "2025-05-16 13:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2114341, 1786013, 2112519 ], "changes": [ { "cves": [ { "cve": "CVE-2025-37798", "url": "https://ubuntu.com/security/CVE-2025-37798", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue().", "cve_priority": "medium", "cve_public_date": "2025-05-02 15:15:00 UTC" }, { "cve": "CVE-2025-37997", "url": "https://ubuntu.com/security/CVE-2025-37997", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.", "cve_priority": "medium", "cve_public_date": "2025-05-29 14:15:00 UTC" }, { "cve": "CVE-2025-22088", "url": "https://ubuntu.com/security/CVE-2025-22088", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem. Fix this issue.", "cve_priority": "high", "cve_public_date": "2025-04-16 15:16:00 UTC" }, { "cve": "CVE-2025-37890", "url": "https://ubuntu.com/security/CVE-2025-37890", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "cve_priority": "medium", "cve_public_date": "2025-05-16 13:15:00 UTC" } ], "log": [ "", " * noble/linux: 6.8.0-63.66 -proposed tracker (LP: #2114341)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", " - [Packaging] update annotations scripts", "", " * CVE-2025-37798", " - sch_htb: make htb_qlen_notify() idempotent", " - sch_htb: make htb_deactivate() idempotent", " - sch_drr: make drr_qlen_notify() idempotent", " - sch_hfsc: make hfsc_qlen_notify() idempotent", " - sch_qfq: make qfq_qlen_notify() idempotent", " - sch_ets: make est_qlen_notify() idempotent", " - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()", "", " * CVE-2025-37997", " - netfilter: ipset: fix region locking in hash types", "", " * CVE-2025-22088", " - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()", "", " * CVE-2025-37890", " - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child", " qdisc", " - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()", " - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice", "", " * raid1: Fix NULL pointer dereference in process_checks() (LP: #2112519)", " - md/raid1: Add check for missing source disk in process_checks()", "" ], "package": "linux", "version": "6.8.0-63.66", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2114341, 1786013, 2112519 ], "author": "Manuel Diewald ", "date": "Fri, 13 Jun 2025 16:50:07 +0200" } ], "notes": "linux-headers-6.8.0-63 version '6.8.0-63.66' (source package linux version '6.8.0-63.66') was added. linux-headers-6.8.0-63 version '6.8.0-63.66' has the same source package name, linux, as removed package linux-headers-6.8.0-62. As such we can use the source package version of the removed package, '6.8.0-62.65', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-headers-6.8.0-63-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-62.65", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.8.0-63.66", "version": "6.8.0-63.66" }, "cves": [ { "cve": "CVE-2025-37798", "url": "https://ubuntu.com/security/CVE-2025-37798", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue().", "cve_priority": "medium", "cve_public_date": "2025-05-02 15:15:00 UTC" }, { "cve": "CVE-2025-37997", "url": "https://ubuntu.com/security/CVE-2025-37997", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.", "cve_priority": "medium", "cve_public_date": "2025-05-29 14:15:00 UTC" }, { "cve": "CVE-2025-22088", "url": "https://ubuntu.com/security/CVE-2025-22088", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem. Fix this issue.", "cve_priority": "high", "cve_public_date": "2025-04-16 15:16:00 UTC" }, { "cve": "CVE-2025-37890", "url": "https://ubuntu.com/security/CVE-2025-37890", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "cve_priority": "medium", "cve_public_date": "2025-05-16 13:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2114341, 1786013, 2112519 ], "changes": [ { "cves": [ { "cve": "CVE-2025-37798", "url": "https://ubuntu.com/security/CVE-2025-37798", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue().", "cve_priority": "medium", "cve_public_date": "2025-05-02 15:15:00 UTC" }, { "cve": "CVE-2025-37997", "url": "https://ubuntu.com/security/CVE-2025-37997", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.", "cve_priority": "medium", "cve_public_date": "2025-05-29 14:15:00 UTC" }, { "cve": "CVE-2025-22088", "url": "https://ubuntu.com/security/CVE-2025-22088", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem. Fix this issue.", "cve_priority": "high", "cve_public_date": "2025-04-16 15:16:00 UTC" }, { "cve": "CVE-2025-37890", "url": "https://ubuntu.com/security/CVE-2025-37890", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "cve_priority": "medium", "cve_public_date": "2025-05-16 13:15:00 UTC" } ], "log": [ "", " * noble/linux: 6.8.0-63.66 -proposed tracker (LP: #2114341)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", " - [Packaging] update annotations scripts", "", " * CVE-2025-37798", " - sch_htb: make htb_qlen_notify() idempotent", " - sch_htb: make htb_deactivate() idempotent", " - sch_drr: make drr_qlen_notify() idempotent", " - sch_hfsc: make hfsc_qlen_notify() idempotent", " - sch_qfq: make qfq_qlen_notify() idempotent", " - sch_ets: make est_qlen_notify() idempotent", " - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()", "", " * CVE-2025-37997", " - netfilter: ipset: fix region locking in hash types", "", " * CVE-2025-22088", " - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()", "", " * CVE-2025-37890", " - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child", " qdisc", " - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()", " - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice", "", " * raid1: Fix NULL pointer dereference in process_checks() (LP: #2112519)", " - md/raid1: Add check for missing source disk in process_checks()", "" ], "package": "linux", "version": "6.8.0-63.66", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2114341, 1786013, 2112519 ], "author": "Manuel Diewald ", "date": "Fri, 13 Jun 2025 16:50:07 +0200" } ], "notes": "linux-headers-6.8.0-63-generic version '6.8.0-63.66' (source package linux version '6.8.0-63.66') was added. linux-headers-6.8.0-63-generic version '6.8.0-63.66' has the same source package name, linux, as removed package linux-headers-6.8.0-62. As such we can use the source package version of the removed package, '6.8.0-62.65', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-image-6.8.0-63-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "6.8.0-62.65", "version": null }, "to_version": { "source_package_name": "linux-signed", "source_package_version": "6.8.0-63.66", "version": "6.8.0-63.66" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.8.0-63.66", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "6.8.0-63.66", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 1786013 ], "author": "Manuel Diewald ", "date": "Fri, 13 Jun 2025 17:21:57 +0200" } ], "notes": "linux-image-6.8.0-63-generic version '6.8.0-63.66' (source package linux-signed version '6.8.0-63.66') was added. linux-image-6.8.0-63-generic version '6.8.0-63.66' has the same source package name, linux-signed, as removed package linux-image-6.8.0-62-generic. As such we can use the source package version of the removed package, '6.8.0-62.65', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-modules-6.8.0-63-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-62.65", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.8.0-63.66", "version": "6.8.0-63.66" }, "cves": [ { "cve": "CVE-2025-37798", "url": "https://ubuntu.com/security/CVE-2025-37798", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue().", "cve_priority": "medium", "cve_public_date": "2025-05-02 15:15:00 UTC" }, { "cve": "CVE-2025-37997", "url": "https://ubuntu.com/security/CVE-2025-37997", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.", "cve_priority": "medium", "cve_public_date": "2025-05-29 14:15:00 UTC" }, { "cve": "CVE-2025-22088", "url": "https://ubuntu.com/security/CVE-2025-22088", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem. Fix this issue.", "cve_priority": "high", "cve_public_date": "2025-04-16 15:16:00 UTC" }, { "cve": "CVE-2025-37890", "url": "https://ubuntu.com/security/CVE-2025-37890", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "cve_priority": "medium", "cve_public_date": "2025-05-16 13:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2114341, 1786013, 2112519 ], "changes": [ { "cves": [ { "cve": "CVE-2025-37798", "url": "https://ubuntu.com/security/CVE-2025-37798", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue().", "cve_priority": "medium", "cve_public_date": "2025-05-02 15:15:00 UTC" }, { "cve": "CVE-2025-37997", "url": "https://ubuntu.com/security/CVE-2025-37997", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.", "cve_priority": "medium", "cve_public_date": "2025-05-29 14:15:00 UTC" }, { "cve": "CVE-2025-22088", "url": "https://ubuntu.com/security/CVE-2025-22088", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem. Fix this issue.", "cve_priority": "high", "cve_public_date": "2025-04-16 15:16:00 UTC" }, { "cve": "CVE-2025-37890", "url": "https://ubuntu.com/security/CVE-2025-37890", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "cve_priority": "medium", "cve_public_date": "2025-05-16 13:15:00 UTC" } ], "log": [ "", " * noble/linux: 6.8.0-63.66 -proposed tracker (LP: #2114341)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", " - [Packaging] update annotations scripts", "", " * CVE-2025-37798", " - sch_htb: make htb_qlen_notify() idempotent", " - sch_htb: make htb_deactivate() idempotent", " - sch_drr: make drr_qlen_notify() idempotent", " - sch_hfsc: make hfsc_qlen_notify() idempotent", " - sch_qfq: make qfq_qlen_notify() idempotent", " - sch_ets: make est_qlen_notify() idempotent", " - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()", "", " * CVE-2025-37997", " - netfilter: ipset: fix region locking in hash types", "", " * CVE-2025-22088", " - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()", "", " * CVE-2025-37890", " - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child", " qdisc", " - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()", " - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice", "", " * raid1: Fix NULL pointer dereference in process_checks() (LP: #2112519)", " - md/raid1: Add check for missing source disk in process_checks()", "" ], "package": "linux", "version": "6.8.0-63.66", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2114341, 1786013, 2112519 ], "author": "Manuel Diewald ", "date": "Fri, 13 Jun 2025 16:50:07 +0200" } ], "notes": "linux-modules-6.8.0-63-generic version '6.8.0-63.66' (source package linux version '6.8.0-63.66') was added. linux-modules-6.8.0-63-generic version '6.8.0-63.66' has the same source package name, linux, as removed package linux-headers-6.8.0-62. As such we can use the source package version of the removed package, '6.8.0-62.65', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-tools-6.8.0-63", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-62.65", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.8.0-63.66", "version": "6.8.0-63.66" }, "cves": [ { "cve": "CVE-2025-37798", "url": "https://ubuntu.com/security/CVE-2025-37798", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue().", "cve_priority": "medium", "cve_public_date": "2025-05-02 15:15:00 UTC" }, { "cve": "CVE-2025-37997", "url": "https://ubuntu.com/security/CVE-2025-37997", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.", "cve_priority": "medium", "cve_public_date": "2025-05-29 14:15:00 UTC" }, { "cve": "CVE-2025-22088", "url": "https://ubuntu.com/security/CVE-2025-22088", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem. Fix this issue.", "cve_priority": "high", "cve_public_date": "2025-04-16 15:16:00 UTC" }, { "cve": "CVE-2025-37890", "url": "https://ubuntu.com/security/CVE-2025-37890", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "cve_priority": "medium", "cve_public_date": "2025-05-16 13:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2114341, 1786013, 2112519 ], "changes": [ { "cves": [ { "cve": "CVE-2025-37798", "url": "https://ubuntu.com/security/CVE-2025-37798", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue().", "cve_priority": "medium", "cve_public_date": "2025-05-02 15:15:00 UTC" }, { "cve": "CVE-2025-37997", "url": "https://ubuntu.com/security/CVE-2025-37997", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.", "cve_priority": "medium", "cve_public_date": "2025-05-29 14:15:00 UTC" }, { "cve": "CVE-2025-22088", "url": "https://ubuntu.com/security/CVE-2025-22088", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem. Fix this issue.", "cve_priority": "high", "cve_public_date": "2025-04-16 15:16:00 UTC" }, { "cve": "CVE-2025-37890", "url": "https://ubuntu.com/security/CVE-2025-37890", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "cve_priority": "medium", "cve_public_date": "2025-05-16 13:15:00 UTC" } ], "log": [ "", " * noble/linux: 6.8.0-63.66 -proposed tracker (LP: #2114341)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", " - [Packaging] update annotations scripts", "", " * CVE-2025-37798", " - sch_htb: make htb_qlen_notify() idempotent", " - sch_htb: make htb_deactivate() idempotent", " - sch_drr: make drr_qlen_notify() idempotent", " - sch_hfsc: make hfsc_qlen_notify() idempotent", " - sch_qfq: make qfq_qlen_notify() idempotent", " - sch_ets: make est_qlen_notify() idempotent", " - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()", "", " * CVE-2025-37997", " - netfilter: ipset: fix region locking in hash types", "", " * CVE-2025-22088", " - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()", "", " * CVE-2025-37890", " - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child", " qdisc", " - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()", " - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice", "", " * raid1: Fix NULL pointer dereference in process_checks() (LP: #2112519)", " - md/raid1: Add check for missing source disk in process_checks()", "" ], "package": "linux", "version": "6.8.0-63.66", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2114341, 1786013, 2112519 ], "author": "Manuel Diewald ", "date": "Fri, 13 Jun 2025 16:50:07 +0200" } ], "notes": "linux-tools-6.8.0-63 version '6.8.0-63.66' (source package linux version '6.8.0-63.66') was added. linux-tools-6.8.0-63 version '6.8.0-63.66' has the same source package name, linux, as removed package linux-headers-6.8.0-62. As such we can use the source package version of the removed package, '6.8.0-62.65', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-tools-6.8.0-63-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-62.65", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.8.0-63.66", "version": "6.8.0-63.66" }, "cves": [ { "cve": "CVE-2025-37798", "url": "https://ubuntu.com/security/CVE-2025-37798", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue().", "cve_priority": "medium", "cve_public_date": "2025-05-02 15:15:00 UTC" }, { "cve": "CVE-2025-37997", "url": "https://ubuntu.com/security/CVE-2025-37997", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.", "cve_priority": "medium", "cve_public_date": "2025-05-29 14:15:00 UTC" }, { "cve": "CVE-2025-22088", "url": "https://ubuntu.com/security/CVE-2025-22088", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem. Fix this issue.", "cve_priority": "high", "cve_public_date": "2025-04-16 15:16:00 UTC" }, { "cve": "CVE-2025-37890", "url": "https://ubuntu.com/security/CVE-2025-37890", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "cve_priority": "medium", "cve_public_date": "2025-05-16 13:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2114341, 1786013, 2112519 ], "changes": [ { "cves": [ { "cve": "CVE-2025-37798", "url": "https://ubuntu.com/security/CVE-2025-37798", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue().", "cve_priority": "medium", "cve_public_date": "2025-05-02 15:15:00 UTC" }, { "cve": "CVE-2025-37997", "url": "https://ubuntu.com/security/CVE-2025-37997", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.", "cve_priority": "medium", "cve_public_date": "2025-05-29 14:15:00 UTC" }, { "cve": "CVE-2025-22088", "url": "https://ubuntu.com/security/CVE-2025-22088", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem. Fix this issue.", "cve_priority": "high", "cve_public_date": "2025-04-16 15:16:00 UTC" }, { "cve": "CVE-2025-37890", "url": "https://ubuntu.com/security/CVE-2025-37890", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "cve_priority": "medium", "cve_public_date": "2025-05-16 13:15:00 UTC" } ], "log": [ "", " * noble/linux: 6.8.0-63.66 -proposed tracker (LP: #2114341)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", " - [Packaging] update annotations scripts", "", " * CVE-2025-37798", " - sch_htb: make htb_qlen_notify() idempotent", " - sch_htb: make htb_deactivate() idempotent", " - sch_drr: make drr_qlen_notify() idempotent", " - sch_hfsc: make hfsc_qlen_notify() idempotent", " - sch_qfq: make qfq_qlen_notify() idempotent", " - sch_ets: make est_qlen_notify() idempotent", " - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()", "", " * CVE-2025-37997", " - netfilter: ipset: fix region locking in hash types", "", " * CVE-2025-22088", " - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()", "", " * CVE-2025-37890", " - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child", " qdisc", " - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()", " - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice", "", " * raid1: Fix NULL pointer dereference in process_checks() (LP: #2112519)", " - md/raid1: Add check for missing source disk in process_checks()", "" ], "package": "linux", "version": "6.8.0-63.66", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2114341, 1786013, 2112519 ], "author": "Manuel Diewald ", "date": "Fri, 13 Jun 2025 16:50:07 +0200" } ], "notes": "linux-tools-6.8.0-63-generic version '6.8.0-63.66' (source package linux version '6.8.0-63.66') was added. linux-tools-6.8.0-63-generic version '6.8.0-63.66' has the same source package name, linux, as removed package linux-headers-6.8.0-62. As such we can use the source package version of the removed package, '6.8.0-62.65', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-headers-6.8.0-62", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-62.65", "version": "6.8.0-62.65" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-6.8.0-62-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-62.65", "version": "6.8.0-62.65" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-6.8.0-62-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "6.8.0-62.65", "version": "6.8.0-62.65" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-modules-6.8.0-62-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-62.65", "version": "6.8.0-62.65" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-tools-6.8.0-62", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-62.65", "version": "6.8.0-62.65" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-tools-6.8.0-62-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-62.65", "version": "6.8.0-62.65" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 24.04 noble image from release image serial 20250626 to 20250704", "from_series": "noble", "to_series": "noble", "from_serial": "20250626", "to_serial": "20250704", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }