{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-headers-6.11.0-13-generic", "linux-image-6.11.0-13-generic", "linux-modules-6.11.0-13-generic", "linux-riscv-headers-6.11.0-13", "linux-riscv-tools-6.11.0-13", "linux-tools-6.11.0-13-generic" ], "removed": [ "linux-headers-6.11.0-12-generic", "linux-image-6.11.0-12-generic", "linux-modules-6.11.0-12-generic", "linux-riscv-headers-6.11.0-12", "linux-riscv-tools-6.11.0-12", "linux-tools-6.11.0-12-generic" ], "diff": [ "cloud-init", "curl", "fwupd", "libcurl3t64-gnutls:riscv64", "libcurl4t64:riscv64", "libfwupd2:riscv64", "libgstreamer1.0-0:riscv64", "linux-headers-generic", "linux-headers-virtual", "linux-image-virtual", "linux-libc-dev:riscv64", "linux-tools-common", "linux-virtual" ] } }, "diff": { "deb": [ { "name": "cloud-init", "from_version": { "source_package_name": "cloud-init", "source_package_version": "24.4~3+really24.3.1-0ubuntu4", "version": "24.4~3+really24.3.1-0ubuntu4" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "24.4-0ubuntu1~24.10.1", "version": "24.4-0ubuntu1~24.10.1" }, "cves": [], "launchpad_bugs_fixed": [ 2089577 ], "changes": [ { "cves": [], "log": [ "", " * drop all d/p/cpick-* files as they are included in upstream snapshot", " * add d/p/deprecation-version-boundary.patch:", " - Pin deprecation version to 24.3", " * add d/p/grub-dpkg-support.patch", " - Revert the removal of grub-dpkg from default modules", " * Upstream snapshot based on 24.4. (LP: #2089577).", " List of changes from upstream can be found at", " https://raw.githubusercontent.com/canonical/cloud-init/24.4/ChangeLog", "" ], "package": "cloud-init", "version": "24.4-0ubuntu1~24.10.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2089577 ], "author": "James Falcon ", "date": "Mon, 25 Nov 2024 11:49:48 -0600" } ], "notes": null }, { "name": "curl", "from_version": { "source_package_name": "curl", "source_package_version": "8.9.1-2ubuntu2.1", "version": "8.9.1-2ubuntu2.1" }, "to_version": { "source_package_name": "curl", "source_package_version": "8.9.1-2ubuntu2.2", "version": "8.9.1-2ubuntu2.2" }, "cves": [ { "cve": "CVE-2024-11053", "url": "https://ubuntu.com/security/CVE-2024-11053", "cve_description": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.", "cve_priority": "low", "cve_public_date": "2024-12-11 08:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-11053", "url": "https://ubuntu.com/security/CVE-2024-11053", "cve_description": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.", "cve_priority": "low", "cve_public_date": "2024-12-11 08:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: netrc and redirect credential leak", " - debian/patches/CVE-2024-11053-pre1.patch: use same credentials on", " redirect in lib/transfer.c, lib/url.c, lib/urldata.h,", " tests/data/Makefile.inc, tests/data/test998, tests/data/test999.", " - debian/patches/CVE-2024-11053.patch: address several netrc parser", " flaws in lib/netrc.c, lib/url.c, tests/data/Makefile.inc,", " tests/data/test478, tests/data/test479, tests/data/test480,", " tests/unit/unit1304.c.", " - CVE-2024-11053", "" ], "package": "curl", "version": "8.9.1-2ubuntu2.2", "urgency": "medium", "distributions": "oracular-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 11 Dec 2024 11:03:27 -0500" } ], "notes": null }, { "name": "fwupd", "from_version": { "source_package_name": "fwupd", "source_package_version": "1.9.24-1", "version": "1.9.24-1" }, "to_version": { "source_package_name": "fwupd", "source_package_version": "1.9.27-0ubuntu1~24.10.1", "version": "1.9.27-0ubuntu1~24.10.1" }, "cves": [], "launchpad_bugs_fixed": [ 2085433, 2083801 ], "changes": [ { "cves": [], "log": [ "", " * New upstream version (1.9.27)", " - Support for newer Dell docks (LP: #2085433)", " - Support for mediatek scalar (LP: #2083801)", "" ], "package": "fwupd", "version": "1.9.27-0ubuntu1~24.10.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2085433, 2083801 ], "author": "Mario Limonciello ", "date": "Thu, 05 Dec 2024 09:53:25 -0600" } ], "notes": null }, { "name": "libcurl3t64-gnutls:riscv64", "from_version": { "source_package_name": "curl", "source_package_version": "8.9.1-2ubuntu2.1", "version": "8.9.1-2ubuntu2.1" }, "to_version": { "source_package_name": "curl", "source_package_version": "8.9.1-2ubuntu2.2", "version": "8.9.1-2ubuntu2.2" }, "cves": [ { "cve": "CVE-2024-11053", "url": "https://ubuntu.com/security/CVE-2024-11053", "cve_description": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.", "cve_priority": "low", "cve_public_date": "2024-12-11 08:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-11053", "url": "https://ubuntu.com/security/CVE-2024-11053", "cve_description": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.", "cve_priority": "low", "cve_public_date": "2024-12-11 08:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: netrc and redirect credential leak", " - debian/patches/CVE-2024-11053-pre1.patch: use same credentials on", " redirect in lib/transfer.c, lib/url.c, lib/urldata.h,", " tests/data/Makefile.inc, tests/data/test998, tests/data/test999.", " - debian/patches/CVE-2024-11053.patch: address several netrc parser", " flaws in lib/netrc.c, lib/url.c, tests/data/Makefile.inc,", " tests/data/test478, tests/data/test479, tests/data/test480,", " tests/unit/unit1304.c.", " - CVE-2024-11053", "" ], "package": "curl", "version": "8.9.1-2ubuntu2.2", "urgency": "medium", "distributions": "oracular-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 11 Dec 2024 11:03:27 -0500" } ], "notes": null }, { "name": "libcurl4t64:riscv64", "from_version": { "source_package_name": "curl", "source_package_version": "8.9.1-2ubuntu2.1", "version": "8.9.1-2ubuntu2.1" }, "to_version": { "source_package_name": "curl", "source_package_version": "8.9.1-2ubuntu2.2", "version": "8.9.1-2ubuntu2.2" }, "cves": [ { "cve": "CVE-2024-11053", "url": "https://ubuntu.com/security/CVE-2024-11053", "cve_description": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.", "cve_priority": "low", "cve_public_date": "2024-12-11 08:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-11053", "url": "https://ubuntu.com/security/CVE-2024-11053", "cve_description": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.", "cve_priority": "low", "cve_public_date": "2024-12-11 08:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: netrc and redirect credential leak", " - debian/patches/CVE-2024-11053-pre1.patch: use same credentials on", " redirect in lib/transfer.c, lib/url.c, lib/urldata.h,", " tests/data/Makefile.inc, tests/data/test998, tests/data/test999.", " - debian/patches/CVE-2024-11053.patch: address several netrc parser", " flaws in lib/netrc.c, lib/url.c, tests/data/Makefile.inc,", " tests/data/test478, tests/data/test479, tests/data/test480,", " tests/unit/unit1304.c.", " - CVE-2024-11053", "" ], "package": "curl", "version": "8.9.1-2ubuntu2.2", "urgency": "medium", "distributions": "oracular-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 11 Dec 2024 11:03:27 -0500" } ], "notes": null }, { "name": "libfwupd2:riscv64", "from_version": { "source_package_name": "fwupd", "source_package_version": "1.9.24-1", "version": "1.9.24-1" }, "to_version": { "source_package_name": "fwupd", "source_package_version": "1.9.27-0ubuntu1~24.10.1", "version": "1.9.27-0ubuntu1~24.10.1" }, "cves": [], "launchpad_bugs_fixed": [ 2085433, 2083801 ], "changes": [ { "cves": [], "log": [ "", " * New upstream version (1.9.27)", " - Support for newer Dell docks (LP: #2085433)", " - Support for mediatek scalar (LP: #2083801)", "" ], "package": "fwupd", "version": "1.9.27-0ubuntu1~24.10.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2085433, 2083801 ], "author": "Mario Limonciello ", "date": "Thu, 05 Dec 2024 09:53:25 -0600" } ], "notes": null }, { "name": "libgstreamer1.0-0:riscv64", "from_version": { "source_package_name": "gstreamer1.0", "source_package_version": "1.24.8-1", "version": "1.24.8-1" }, "to_version": { "source_package_name": "gstreamer1.0", "source_package_version": "1.24.8-1ubuntu0.1", "version": "1.24.8-1ubuntu0.1" }, "cves": [ { "cve": "CVE-2024-47606", "url": "https://ubuntu.com/security/CVE-2024-47606", "cve_description": "GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10.", "cve_priority": "medium", "cve_public_date": "2024-12-12 02:03:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-47606", "url": "https://ubuntu.com/security/CVE-2024-47606", "cve_description": "GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10.", "cve_priority": "medium", "cve_public_date": "2024-12-12 02:03:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: code exec via integer overflow", " - debian/patches/CVE-2024-47606.patch: avoid integer overflow when", " allocating sysmem in gst/gstallocator.c.", " - CVE-2024-47606", "" ], "package": "gstreamer1.0", "version": "1.24.8-1ubuntu0.1", "urgency": "medium", "distributions": "oracular-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 17 Dec 2024 07:52:02 -0500" } ], "notes": null }, { "name": "linux-headers-generic", "from_version": { "source_package_name": "linux-meta-riscv", "source_package_version": "6.11.0-12.13.1", "version": "6.11.0-12.13.1" }, "to_version": { "source_package_name": "linux-meta-riscv", "source_package_version": "6.11.0-13.14.1", "version": "6.11.0-13.14.1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.11.0-13.14.1", "" ], "package": "linux-meta-riscv", "version": "6.11.0-13.14.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [], "author": "Emil Renner Berthing ", "date": "Wed, 04 Dec 2024 09:28:12 +0100" } ], "notes": null }, { "name": "linux-headers-virtual", "from_version": { "source_package_name": "linux-meta-riscv", "source_package_version": "6.11.0-12.13.1", "version": "6.11.0-12.13.1" }, "to_version": { "source_package_name": "linux-meta-riscv", "source_package_version": "6.11.0-13.14.1", "version": "6.11.0-13.14.1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.11.0-13.14.1", "" ], "package": "linux-meta-riscv", "version": "6.11.0-13.14.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [], "author": "Emil Renner Berthing ", "date": "Wed, 04 Dec 2024 09:28:12 +0100" } ], "notes": null }, { "name": "linux-image-virtual", "from_version": { "source_package_name": "linux-meta-riscv", "source_package_version": "6.11.0-12.13.1", "version": "6.11.0-12.13.1" }, "to_version": { "source_package_name": "linux-meta-riscv", "source_package_version": "6.11.0-13.14.1", "version": "6.11.0-13.14.1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.11.0-13.14.1", "" ], "package": "linux-meta-riscv", "version": "6.11.0-13.14.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [], "author": "Emil Renner Berthing ", "date": "Wed, 04 Dec 2024 09:28:12 +0100" } ], "notes": null }, { "name": "linux-libc-dev:riscv64", "from_version": { "source_package_name": "linux", "source_package_version": "6.11.0-12.13", "version": "6.11.0-12.13" }, "to_version": { "source_package_name": "linux", "source_package_version": "6.11.0-13.14", "version": "6.11.0-13.14" }, "cves": [ { "cve": "CVE-2024-50264", "url": "https://ubuntu.com/security/CVE-2024-50264", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-11-19 02:16:00 UTC" }, { "cve": "CVE-2024-53057", "url": "https://ubuntu.com/security/CVE-2024-53057", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)", "cve_priority": "medium", "cve_public_date": "2024-11-19 18:15:00 UTC" }, { "cve": "CVE-2024-49967", "url": "https://ubuntu.com/security/CVE-2024-49967", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1", "cve_priority": "medium", "cve_public_date": "2024-10-21 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2090463, 1786013, 2087886 ], "changes": [ { "cves": [ { "cve": "CVE-2024-50264", "url": "https://ubuntu.com/security/CVE-2024-50264", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-11-19 02:16:00 UTC" }, { "cve": "CVE-2024-53057", "url": "https://ubuntu.com/security/CVE-2024-53057", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)", "cve_priority": "medium", "cve_public_date": "2024-11-19 18:15:00 UTC" }, { "cve": "CVE-2024-49967", "url": "https://ubuntu.com/security/CVE-2024-49967", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1", "cve_priority": "medium", "cve_public_date": "2024-10-21 18:15:00 UTC" } ], "log": [ "", " * oracular/linux: 6.11.0-13.14 -proposed tracker (LP: #2090463)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] resync git-ubuntu-log", "", " * MGLRU: kswapd uses 100% CPU when MGLRU is enabled and under memory pressure", " (LP: #2087886)", " - mm/mglru: only clear kswapd_failures if reclaimable", "", " * CVE-2024-50264", " - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans", "", " * CVE-2024-53057", " - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT", "", " * CVE-2024-49967", " - ext4: no need to continue when the number of entries is 1", "" ], "package": "linux", "version": "6.11.0-13.14", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2090463, 1786013, 2087886 ], "author": "Manuel Diewald ", "date": "Sat, 30 Nov 2024 23:09:01 +0100" } ], "notes": null }, { "name": "linux-tools-common", "from_version": { "source_package_name": "linux", "source_package_version": "6.11.0-12.13", "version": "6.11.0-12.13" }, "to_version": { "source_package_name": "linux", "source_package_version": "6.11.0-13.14", "version": "6.11.0-13.14" }, "cves": [ { "cve": "CVE-2024-50264", "url": "https://ubuntu.com/security/CVE-2024-50264", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-11-19 02:16:00 UTC" }, { "cve": "CVE-2024-53057", "url": "https://ubuntu.com/security/CVE-2024-53057", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)", "cve_priority": "medium", "cve_public_date": "2024-11-19 18:15:00 UTC" }, { "cve": "CVE-2024-49967", "url": "https://ubuntu.com/security/CVE-2024-49967", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1", "cve_priority": "medium", "cve_public_date": "2024-10-21 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2090463, 1786013, 2087886 ], "changes": [ { "cves": [ { "cve": "CVE-2024-50264", "url": "https://ubuntu.com/security/CVE-2024-50264", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-11-19 02:16:00 UTC" }, { "cve": "CVE-2024-53057", "url": "https://ubuntu.com/security/CVE-2024-53057", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)", "cve_priority": "medium", "cve_public_date": "2024-11-19 18:15:00 UTC" }, { "cve": "CVE-2024-49967", "url": "https://ubuntu.com/security/CVE-2024-49967", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1", "cve_priority": "medium", "cve_public_date": "2024-10-21 18:15:00 UTC" } ], "log": [ "", " * oracular/linux: 6.11.0-13.14 -proposed tracker (LP: #2090463)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] resync git-ubuntu-log", "", " * MGLRU: kswapd uses 100% CPU when MGLRU is enabled and under memory pressure", " (LP: #2087886)", " - mm/mglru: only clear kswapd_failures if reclaimable", "", " * CVE-2024-50264", " - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans", "", " * CVE-2024-53057", " - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT", "", " * CVE-2024-49967", " - ext4: no need to continue when the number of entries is 1", "" ], "package": "linux", "version": "6.11.0-13.14", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2090463, 1786013, 2087886 ], "author": "Manuel Diewald ", "date": "Sat, 30 Nov 2024 23:09:01 +0100" } ], "notes": null }, { "name": "linux-virtual", "from_version": { "source_package_name": "linux-meta-riscv", "source_package_version": "6.11.0-12.13.1", "version": "6.11.0-12.13.1" }, "to_version": { "source_package_name": "linux-meta-riscv", "source_package_version": "6.11.0-13.14.1", "version": "6.11.0-13.14.1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.11.0-13.14.1", "" ], "package": "linux-meta-riscv", "version": "6.11.0-13.14.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [], "author": "Emil Renner Berthing ", "date": "Wed, 04 Dec 2024 09:28:12 +0100" } ], "notes": null } ], "snap": [] }, "added": { "deb": [ { "name": "linux-headers-6.11.0-13-generic", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.11.0-12.13.1", "version": null }, "to_version": { "source_package_name": "linux-riscv", "source_package_version": "6.11.0-13.14.1", "version": "6.11.0-13.14.1" }, "cves": [ { "cve": "CVE-2024-50264", "url": "https://ubuntu.com/security/CVE-2024-50264", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-11-19 02:16:00 UTC" }, { "cve": "CVE-2024-53057", "url": "https://ubuntu.com/security/CVE-2024-53057", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)", "cve_priority": "medium", "cve_public_date": "2024-11-19 18:15:00 UTC" }, { "cve": "CVE-2024-49967", "url": "https://ubuntu.com/security/CVE-2024-49967", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1", "cve_priority": "medium", "cve_public_date": "2024-10-21 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2090457, 2090463, 1786013, 2087886 ], "changes": [ { "cves": [ { "cve": "CVE-2024-50264", "url": "https://ubuntu.com/security/CVE-2024-50264", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-11-19 02:16:00 UTC" }, { "cve": "CVE-2024-53057", "url": "https://ubuntu.com/security/CVE-2024-53057", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)", "cve_priority": "medium", "cve_public_date": "2024-11-19 18:15:00 UTC" }, { "cve": "CVE-2024-49967", "url": "https://ubuntu.com/security/CVE-2024-49967", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1", "cve_priority": "medium", "cve_public_date": "2024-10-21 18:15:00 UTC" } ], "log": [ "", " * oracular/linux-riscv: 6.11.0-13.14.1 -proposed tracker (LP: #2090457)", "", " [ Ubuntu: 6.11.0-13.14 ]", "", " * oracular/linux: 6.11.0-13.14 -proposed tracker (LP: #2090463)", " * Packaging resync (LP: #1786013)", " - [Packaging] resync git-ubuntu-log", " * MGLRU: kswapd uses 100% CPU when MGLRU is enabled and under memory pressure", " (LP: #2087886)", " - mm/mglru: only clear kswapd_failures if reclaimable", " * CVE-2024-50264", " - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans", " * CVE-2024-53057", " - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT", " * CVE-2024-49967", " - ext4: no need to continue when the number of entries is 1", "" ], "package": "linux-riscv", "version": "6.11.0-13.14.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2090457, 2090463, 1786013, 2087886 ], "author": "Emil Renner Berthing ", "date": "Wed, 04 Dec 2024 09:27:15 +0100" } ], "notes": "linux-headers-6.11.0-13-generic version '6.11.0-13.14.1' (source package linux-riscv version '6.11.0-13.14.1') was added. linux-headers-6.11.0-13-generic version '6.11.0-13.14.1' has the same source package name, linux-riscv, as removed package linux-headers-6.11.0-12-generic. As such we can use the source package version of the removed package, '6.11.0-12.13.1', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-image-6.11.0-13-generic", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.11.0-12.13.1", "version": null }, "to_version": { "source_package_name": "linux-riscv", "source_package_version": "6.11.0-13.14.1", "version": "6.11.0-13.14.1" }, "cves": [ { "cve": "CVE-2024-50264", "url": "https://ubuntu.com/security/CVE-2024-50264", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-11-19 02:16:00 UTC" }, { "cve": "CVE-2024-53057", "url": "https://ubuntu.com/security/CVE-2024-53057", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)", "cve_priority": "medium", "cve_public_date": "2024-11-19 18:15:00 UTC" }, { "cve": "CVE-2024-49967", "url": "https://ubuntu.com/security/CVE-2024-49967", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1", "cve_priority": "medium", "cve_public_date": "2024-10-21 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2090457, 2090463, 1786013, 2087886 ], "changes": [ { "cves": [ { "cve": "CVE-2024-50264", "url": "https://ubuntu.com/security/CVE-2024-50264", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-11-19 02:16:00 UTC" }, { "cve": "CVE-2024-53057", "url": "https://ubuntu.com/security/CVE-2024-53057", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)", "cve_priority": "medium", "cve_public_date": "2024-11-19 18:15:00 UTC" }, { "cve": "CVE-2024-49967", "url": "https://ubuntu.com/security/CVE-2024-49967", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1", "cve_priority": "medium", "cve_public_date": "2024-10-21 18:15:00 UTC" } ], "log": [ "", " * oracular/linux-riscv: 6.11.0-13.14.1 -proposed tracker (LP: #2090457)", "", " [ Ubuntu: 6.11.0-13.14 ]", "", " * oracular/linux: 6.11.0-13.14 -proposed tracker (LP: #2090463)", " * Packaging resync (LP: #1786013)", " - [Packaging] resync git-ubuntu-log", " * MGLRU: kswapd uses 100% CPU when MGLRU is enabled and under memory pressure", " (LP: #2087886)", " - mm/mglru: only clear kswapd_failures if reclaimable", " * CVE-2024-50264", " - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans", " * CVE-2024-53057", " - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT", " * CVE-2024-49967", " - ext4: no need to continue when the number of entries is 1", "" ], "package": "linux-riscv", "version": "6.11.0-13.14.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2090457, 2090463, 1786013, 2087886 ], "author": "Emil Renner Berthing ", "date": "Wed, 04 Dec 2024 09:27:15 +0100" } ], "notes": "linux-image-6.11.0-13-generic version '6.11.0-13.14.1' (source package linux-riscv version '6.11.0-13.14.1') was added. linux-image-6.11.0-13-generic version '6.11.0-13.14.1' has the same source package name, linux-riscv, as removed package linux-headers-6.11.0-12-generic. As such we can use the source package version of the removed package, '6.11.0-12.13.1', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-modules-6.11.0-13-generic", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.11.0-12.13.1", "version": null }, "to_version": { "source_package_name": "linux-riscv", "source_package_version": "6.11.0-13.14.1", "version": "6.11.0-13.14.1" }, "cves": [ { "cve": "CVE-2024-50264", "url": "https://ubuntu.com/security/CVE-2024-50264", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-11-19 02:16:00 UTC" }, { "cve": "CVE-2024-53057", "url": "https://ubuntu.com/security/CVE-2024-53057", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)", "cve_priority": "medium", "cve_public_date": "2024-11-19 18:15:00 UTC" }, { "cve": "CVE-2024-49967", "url": "https://ubuntu.com/security/CVE-2024-49967", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1", "cve_priority": "medium", "cve_public_date": "2024-10-21 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2090457, 2090463, 1786013, 2087886 ], "changes": [ { "cves": [ { "cve": "CVE-2024-50264", "url": "https://ubuntu.com/security/CVE-2024-50264", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-11-19 02:16:00 UTC" }, { "cve": "CVE-2024-53057", "url": "https://ubuntu.com/security/CVE-2024-53057", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)", "cve_priority": "medium", "cve_public_date": "2024-11-19 18:15:00 UTC" }, { "cve": "CVE-2024-49967", "url": "https://ubuntu.com/security/CVE-2024-49967", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1", "cve_priority": "medium", "cve_public_date": "2024-10-21 18:15:00 UTC" } ], "log": [ "", " * oracular/linux-riscv: 6.11.0-13.14.1 -proposed tracker (LP: #2090457)", "", " [ Ubuntu: 6.11.0-13.14 ]", "", " * oracular/linux: 6.11.0-13.14 -proposed tracker (LP: #2090463)", " * Packaging resync (LP: #1786013)", " - [Packaging] resync git-ubuntu-log", " * MGLRU: kswapd uses 100% CPU when MGLRU is enabled and under memory pressure", " (LP: #2087886)", " - mm/mglru: only clear kswapd_failures if reclaimable", " * CVE-2024-50264", " - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans", " * CVE-2024-53057", " - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT", " * CVE-2024-49967", " - ext4: no need to continue when the number of entries is 1", "" ], "package": "linux-riscv", "version": "6.11.0-13.14.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2090457, 2090463, 1786013, 2087886 ], "author": "Emil Renner Berthing ", "date": "Wed, 04 Dec 2024 09:27:15 +0100" } ], "notes": "linux-modules-6.11.0-13-generic version '6.11.0-13.14.1' (source package linux-riscv version '6.11.0-13.14.1') was added. linux-modules-6.11.0-13-generic version '6.11.0-13.14.1' has the same source package name, linux-riscv, as removed package linux-headers-6.11.0-12-generic. As such we can use the source package version of the removed package, '6.11.0-12.13.1', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-riscv-headers-6.11.0-13", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.11.0-12.13.1", "version": null }, "to_version": { "source_package_name": "linux-riscv", "source_package_version": "6.11.0-13.14.1", "version": "6.11.0-13.14.1" }, "cves": [ { "cve": "CVE-2024-50264", "url": "https://ubuntu.com/security/CVE-2024-50264", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-11-19 02:16:00 UTC" }, { "cve": "CVE-2024-53057", "url": "https://ubuntu.com/security/CVE-2024-53057", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)", "cve_priority": "medium", "cve_public_date": "2024-11-19 18:15:00 UTC" }, { "cve": "CVE-2024-49967", "url": "https://ubuntu.com/security/CVE-2024-49967", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1", "cve_priority": "medium", "cve_public_date": "2024-10-21 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2090457, 2090463, 1786013, 2087886 ], "changes": [ { "cves": [ { "cve": "CVE-2024-50264", "url": "https://ubuntu.com/security/CVE-2024-50264", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-11-19 02:16:00 UTC" }, { "cve": "CVE-2024-53057", "url": "https://ubuntu.com/security/CVE-2024-53057", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)", "cve_priority": "medium", "cve_public_date": "2024-11-19 18:15:00 UTC" }, { "cve": "CVE-2024-49967", "url": "https://ubuntu.com/security/CVE-2024-49967", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1", "cve_priority": "medium", "cve_public_date": "2024-10-21 18:15:00 UTC" } ], "log": [ "", " * oracular/linux-riscv: 6.11.0-13.14.1 -proposed tracker (LP: #2090457)", "", " [ Ubuntu: 6.11.0-13.14 ]", "", " * oracular/linux: 6.11.0-13.14 -proposed tracker (LP: #2090463)", " * Packaging resync (LP: #1786013)", " - [Packaging] resync git-ubuntu-log", " * MGLRU: kswapd uses 100% CPU when MGLRU is enabled and under memory pressure", " (LP: #2087886)", " - mm/mglru: only clear kswapd_failures if reclaimable", " * CVE-2024-50264", " - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans", " * CVE-2024-53057", " - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT", " * CVE-2024-49967", " - ext4: no need to continue when the number of entries is 1", "" ], "package": "linux-riscv", "version": "6.11.0-13.14.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2090457, 2090463, 1786013, 2087886 ], "author": "Emil Renner Berthing ", "date": "Wed, 04 Dec 2024 09:27:15 +0100" } ], "notes": "linux-riscv-headers-6.11.0-13 version '6.11.0-13.14.1' (source package linux-riscv version '6.11.0-13.14.1') was added. linux-riscv-headers-6.11.0-13 version '6.11.0-13.14.1' has the same source package name, linux-riscv, as removed package linux-headers-6.11.0-12-generic. As such we can use the source package version of the removed package, '6.11.0-12.13.1', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-riscv-tools-6.11.0-13", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.11.0-12.13.1", "version": null }, "to_version": { "source_package_name": "linux-riscv", "source_package_version": "6.11.0-13.14.1", "version": "6.11.0-13.14.1" }, "cves": [ { "cve": "CVE-2024-50264", "url": "https://ubuntu.com/security/CVE-2024-50264", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-11-19 02:16:00 UTC" }, { "cve": "CVE-2024-53057", "url": "https://ubuntu.com/security/CVE-2024-53057", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)", "cve_priority": "medium", "cve_public_date": "2024-11-19 18:15:00 UTC" }, { "cve": "CVE-2024-49967", "url": "https://ubuntu.com/security/CVE-2024-49967", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1", "cve_priority": "medium", "cve_public_date": "2024-10-21 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2090457, 2090463, 1786013, 2087886 ], "changes": [ { "cves": [ { "cve": "CVE-2024-50264", "url": "https://ubuntu.com/security/CVE-2024-50264", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-11-19 02:16:00 UTC" }, { "cve": "CVE-2024-53057", "url": "https://ubuntu.com/security/CVE-2024-53057", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)", "cve_priority": "medium", "cve_public_date": "2024-11-19 18:15:00 UTC" }, { "cve": "CVE-2024-49967", "url": "https://ubuntu.com/security/CVE-2024-49967", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1", "cve_priority": "medium", "cve_public_date": "2024-10-21 18:15:00 UTC" } ], "log": [ "", " * oracular/linux-riscv: 6.11.0-13.14.1 -proposed tracker (LP: #2090457)", "", " [ Ubuntu: 6.11.0-13.14 ]", "", " * oracular/linux: 6.11.0-13.14 -proposed tracker (LP: #2090463)", " * Packaging resync (LP: #1786013)", " - [Packaging] resync git-ubuntu-log", " * MGLRU: kswapd uses 100% CPU when MGLRU is enabled and under memory pressure", " (LP: #2087886)", " - mm/mglru: only clear kswapd_failures if reclaimable", " * CVE-2024-50264", " - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans", " * CVE-2024-53057", " - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT", " * CVE-2024-49967", " - ext4: no need to continue when the number of entries is 1", "" ], "package": "linux-riscv", "version": "6.11.0-13.14.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2090457, 2090463, 1786013, 2087886 ], "author": "Emil Renner Berthing ", "date": "Wed, 04 Dec 2024 09:27:15 +0100" } ], "notes": "linux-riscv-tools-6.11.0-13 version '6.11.0-13.14.1' (source package linux-riscv version '6.11.0-13.14.1') was added. linux-riscv-tools-6.11.0-13 version '6.11.0-13.14.1' has the same source package name, linux-riscv, as removed package linux-headers-6.11.0-12-generic. As such we can use the source package version of the removed package, '6.11.0-12.13.1', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-tools-6.11.0-13-generic", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.11.0-12.13.1", "version": null }, "to_version": { "source_package_name": "linux-riscv", "source_package_version": "6.11.0-13.14.1", "version": "6.11.0-13.14.1" }, "cves": [ { "cve": "CVE-2024-50264", "url": "https://ubuntu.com/security/CVE-2024-50264", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-11-19 02:16:00 UTC" }, { "cve": "CVE-2024-53057", "url": "https://ubuntu.com/security/CVE-2024-53057", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)", "cve_priority": "medium", "cve_public_date": "2024-11-19 18:15:00 UTC" }, { "cve": "CVE-2024-49967", "url": "https://ubuntu.com/security/CVE-2024-49967", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1", "cve_priority": "medium", "cve_public_date": "2024-10-21 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2090457, 2090463, 1786013, 2087886 ], "changes": [ { "cves": [ { "cve": "CVE-2024-50264", "url": "https://ubuntu.com/security/CVE-2024-50264", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-11-19 02:16:00 UTC" }, { "cve": "CVE-2024-53057", "url": "https://ubuntu.com/security/CVE-2024-53057", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)", "cve_priority": "medium", "cve_public_date": "2024-11-19 18:15:00 UTC" }, { "cve": "CVE-2024-49967", "url": "https://ubuntu.com/security/CVE-2024-49967", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1", "cve_priority": "medium", "cve_public_date": "2024-10-21 18:15:00 UTC" } ], "log": [ "", " * oracular/linux-riscv: 6.11.0-13.14.1 -proposed tracker (LP: #2090457)", "", " [ Ubuntu: 6.11.0-13.14 ]", "", " * oracular/linux: 6.11.0-13.14 -proposed tracker (LP: #2090463)", " * Packaging resync (LP: #1786013)", " - [Packaging] resync git-ubuntu-log", " * MGLRU: kswapd uses 100% CPU when MGLRU is enabled and under memory pressure", " (LP: #2087886)", " - mm/mglru: only clear kswapd_failures if reclaimable", " * CVE-2024-50264", " - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans", " * CVE-2024-53057", " - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT", " * CVE-2024-49967", " - ext4: no need to continue when the number of entries is 1", "" ], "package": "linux-riscv", "version": "6.11.0-13.14.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2090457, 2090463, 1786013, 2087886 ], "author": "Emil Renner Berthing ", "date": "Wed, 04 Dec 2024 09:27:15 +0100" } ], "notes": "linux-tools-6.11.0-13-generic version '6.11.0-13.14.1' (source package linux-riscv version '6.11.0-13.14.1') was added. linux-tools-6.11.0-13-generic version '6.11.0-13.14.1' has the same source package name, linux-riscv, as removed package linux-headers-6.11.0-12-generic. As such we can use the source package version of the removed package, '6.11.0-12.13.1', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-headers-6.11.0-12-generic", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.11.0-12.13.1", "version": "6.11.0-12.13.1" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-image-6.11.0-12-generic", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.11.0-12.13.1", "version": "6.11.0-12.13.1" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-modules-6.11.0-12-generic", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.11.0-12.13.1", "version": "6.11.0-12.13.1" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-riscv-headers-6.11.0-12", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.11.0-12.13.1", "version": "6.11.0-12.13.1" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-riscv-tools-6.11.0-12", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.11.0-12.13.1", "version": "6.11.0-12.13.1" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-tools-6.11.0-12-generic", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.11.0-12.13.1", "version": "6.11.0-12.13.1" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 24.10 oracular image from release image serial 20241212 to 20250107", "from_series": "oracular", "to_series": "oracular", "from_serial": "20241212", "to_serial": "20250107", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }