Bug #2030556 “focal/linux-gcp-5.15: 5.15.0-1040.48~20.04.1 -prop...” : Bugs : Kernel SRU Workflow

Thadeu Lima de Souza Cascardo (cascardo) on 2023-08-07

tags:	added: kernel-release-tracking-bug-live
description:	updated
tags:	added: kernel-sru-cycle-s2023.07.10-1
description:	updated
description:	updated
tags:	added: kernel-sru-backport-of-2030557

Thadeu Lima de Souza Cascardo (cascardo) on 2023-08-07

Changed in kernel-sru-workflow:
status:	New → Confirmed
importance:	Undecided → Medium

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-07

Changed in linux-gcp-5.15 (Ubuntu Focal):
importance:	Undecided → Medium
Changed in kernel-sru-workflow:
status:	Confirmed → Triaged

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-07

description:	updated
Changed in kernel-sru-workflow:
status:	Triaged → In Progress

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-07

tags:	added: kernel-jira-issue-ksru-8973
description:	updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-16

description:

updated

Khaled El Mously (kmously) on 2023-08-23

summary:

- focal/linux-gcp-5.15: <version to be filled> -proposed tracker
+ focal/linux-gcp-5.15: 5.15.0-1040.48~20.04.1 -proposed tracker

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-23

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Revision history for this message

Stefan Bader (smb) wrote on 2023-08-25:

#1

Changes contains entries for 5.15.0-1039.47~20.04.1 which is already in updates.

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:	updated
description:	updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:	updated
description:	updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-25

description:

updated

Revision history for this message

Stefan Bader (smb) wrote on 2023-08-28:

#2

Re-opening review. Might have done the review against the wrong pocket.

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-28

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-28

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-28

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-29

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-29

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-29

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-29

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-29

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-29

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-29

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-29

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-29

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-29

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-29

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-29

description:

updated

Khaled El Mously (kmously) on 2023-08-30

tags:

added: regression-testing-passed

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-30

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-30

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-31

description:

updated

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-08-31:

#3

Download full text (3.2 KiB)

This bug was fixed in the package linux-gcp-5.15 - 5.15.0-1040.48~20.04.1

---------------
linux-gcp-5.15 (5.15.0-1040.48~20.04.1) focal; urgency=medium

* focal/linux-gcp-5.15: 5.15.0-1040.48~20.04.1 -proposed tracker
(LP: #2030556)

[ Ubuntu: 5.15.0-1040.48 ]

  * jammy/linux-gcp: 5.15.0-1040.48 -proposed tracker (LP: #2030557)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] resync getabis
  * jammy/linux: 5.15.0-82.91 -proposed tracker (LP: #2031147)
  * libgnutls report "trap invalid opcode" when trying to install packages over
    https (LP: #2031093)
    - [Config]: disable CONFIG_GDS_FORCE_MITIGATION
  * jammy/linux: 5.15.0-80.87 -proposed tracker (LP: #2030588)
  * CVE-2022-40982
    - x86/mm: Initialize text poking earlier
    - x86/mm: fix poking_init() for Xen PV guests
    - x86/mm: Use mm_alloc() in poking_init()
    - mm: Move mm_cachep initialization to mm_init()
    - init: Provide arch_cpu_finalize_init()
    - x86/cpu: Switch to arch_cpu_finalize_init()
    - ARM: cpu: Switch to arch_cpu_finalize_init()
    - sparc/cpu: Switch to arch_cpu_finalize_init()
    - um/cpu: Switch to arch_cpu_finalize_init()
    - init: Remove check_bugs() leftovers
    - init: Invoke arch_cpu_finalize_init() earlier
    - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
    - x86/init: Initialize signal frame size late
    - x86/fpu: Remove cpuinfo argument from init functions
    - x86/fpu: Mark init functions __init
    - x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
    - x86/xen: Fix secondary processors' FPU initialization
    - x86/speculation: Add Gather Data Sampling mitigation
    - x86/speculation: Add force option to GDS mitigation
    - x86/speculation: Add Kconfig option for GDS
    - KVM: Add GDS_NO support to KVM
    - Documentation/x86: Fix backwards on/off logic about YMM support
    - [Config]: Enable CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and
      CONFIG_GDS_FORCE_MITIGATION
  * CVE-2023-21400
    - io_uring: ensure IOPOLL locks around deferred work
  * CVE-2023-4015
    - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
      set/chain
    - netfilter: nf_tables: unbind non-anonymous set if rule construction fails
    - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
  * CVE-2023-3777
    - netfilter: nf_tables: skip bound chain on rule flush
  * CVE-2023-3995
    - netfilter: nf_tables: disallow rule addition to bound chain via
      NFTA_RULE_CHAIN_ID
  * CVE-2023-20593
    - x86/cpu/amd: Move the errata checking functionality up
    - x86/cpu/amd: Add a Zenbleed fix
  * CVE-2023-3776
    - net/sched: cls_fw: Fix improper refcount update leads to use-after-free
  * CVE-2023-4004
    - netfilter: nft_set_pipapo: fix improper element removal
  * CVE-2023-3611
    - net/sched: sch_qfq: refactor parsing of netlink parameters
    - net/sched: sch_qfq: account for stab overhead in qfq_enqueue
  * CVE-2023-3610
    - netfilter: nf_tables: fix chain binding transaction logic
  * CVE-2023-3609
    - net/sched: cls_u32: Fix reference counter leak leading to overflow

-- Khalid Elmously <khalid.elmously...

This bug was fixed in the package linux-gcp-5.15 - 5.15.0-1040.48~20.04.1

---------------
linux-gcp-5.15 (5.15.0-1040.48~20.04.1) focal; urgency=medium

* focal/linux-gcp-5.15: 5.15.0-1040.48~20.04.1 -proposed tracker
    (LP: #2030556)

[ Ubuntu: 5.15.0-1040.48 ]

* jammy/linux-gcp: 5.15.0-1040.48 -proposed tracker (LP: #2030557)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] resync getabis
  * jammy/linux: 5.15.0-82.91 -proposed tracker (LP: #2031147)
  * libgnutls report "trap invalid opcode" when trying to install packages over
    https (LP: #2031093)
    - [Config]: disable CONFIG_GDS_FORCE_MITIGATION
  * jammy/linux: 5.15.0-80.87 -proposed tracker (LP: #2030588)
  * CVE-2022-40982
    - x86/mm: Initialize text poking earlier
    - x86/mm: fix poking_init() for Xen PV guests
    - x86/mm: Use mm_alloc() in poking_init()
    - mm: Move mm_cachep initialization to mm_init()
    - init: Provide arch_cpu_finalize_init()
    - x86/cpu: Switch to arch_cpu_finalize_init()
    - ARM: cpu: Switch to arch_cpu_finalize_init()
    - sparc/cpu: Switch to arch_cpu_finalize_init()
    - um/cpu: Switch to arch_cpu_finalize_init()
    - init: Remove check_bugs() leftovers
    - init: Invoke arch_cpu_finalize_init() earlier
    - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
    - x86/init: Initialize signal frame size late
    - x86/fpu: Remove cpuinfo argument from init functions
    - x86/fpu: Mark init functions __init
    - x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
    - x86/xen: Fix secondary processors' FPU initialization
    - x86/speculation: Add Gather Data Sampling mitigation
    - x86/speculation: Add force option to GDS mitigation
    - x86/speculation: Add Kconfig option for GDS
    - KVM: Add GDS_NO support to KVM
    - Documentation/x86: Fix backwards on/off logic about YMM support
    - [Config]: Enable CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and
      CONFIG_GDS_FORCE_MITIGATION
  * CVE-2023-21400
    - io_uring: ensure IOPOLL locks around deferred work
  * CVE-2023-4015
    - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
      set/chain
    - netfilter: nf_tables: unbind non-anonymous set if rule construction fails
    - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
  * CVE-2023-3777
    - netfilter: nf_tables: skip bound chain on rule flush
  * CVE-2023-3995
    - netfilter: nf_tables: disallow rule addition to bound chain via
      NFTA_RULE_CHAIN_ID
  * CVE-2023-20593
    - x86/cpu/amd: Move the errata checking functionality up
    - x86/cpu/amd: Add a Zenbleed fix
  * CVE-2023-3776
    - net/sched: cls_fw: Fix improper refcount update leads to use-after-free
  * CVE-2023-4004
    - netfilter: nft_set_pipapo: fix improper element removal
  * CVE-2023-3611
    - net/sched: sch_qfq: refactor parsing of netlink parameters
    - net/sched: sch_qfq: account for stab overhead in qfq_enqueue
  * CVE-2023-3610
    - netfilter: nf_tables: fix chain binding transaction logic
  * CVE-2023-3609
    - net/sched: cls_u32: Fix reference counter leak leading to overflow

-- Khalid Elmously <khalid.elmously@canonical.com>  Thu, 24 Aug 2023 23:20:41 -0400

Changed in linux-gcp-5.15 (Ubuntu Focal):
status:	New → Fix Released

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-31

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-31

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-31

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-08-31

description:

updated

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-08-31: Workflow done!

#4

All tasks have been completed and the bug is being closed

Changed in kernel-sru-workflow:
status:	In Progress → Fix Committed

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-10-09

Changed in kernel-sru-workflow:
status:	Fix Committed → Fix Released

Kernel SRU Workflow

focal/linux-gcp-5.15: 5.15.0-1040.48~20.04.1 -proposed tracker

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
Kernel SRU Workflow	Fix Released	Medium	Unassigned
Automated-testing	Invalid	Medium	Canonical Kernel Team
Boot-testing	Fix Released	Medium	Unassigned
Certification-testing	Invalid	Medium	Unassigned
New-review	Fix Released	Medium	Andy Whitcroft
Prepare-package	Fix Released	Medium	Khaled El Mously
Prepare-package-generate	Fix Released	Medium	Khaled El Mously
Prepare-package-lrg	Fix Released	Medium	Khaled El Mously
Prepare-package-lrm	Fix Released	Medium	Khaled El Mously
Prepare-package-lrs	Fix Released	Medium	Khaled El Mously
Prepare-package-meta	Fix Released	Medium	Khaled El Mously
Prepare-package-signed	Fix Released	Medium	Khaled El Mously
Promote-signing-to-proposed	Invalid	Medium	Unassigned
Promote-to-proposed	Fix Released	Medium	Ubuntu Stable Release Updates Team
Promote-to-security	Fix Released	Medium	Andy Whitcroft
Promote-to-updates	Fix Released	Medium	Andy Whitcroft
Regression-testing	Fix Released	Medium	Canonical Kernel Team
Security-signoff	Fix Released	Medium	Canonical Security Team
Sru-review	Fix Released	Medium	Stefan Bader
Verification-testing	Fix Released	Medium	Canonical Kernel Team
canonical-signing-jobs
Task00	Fix Released	Medium	Andy Whitcroft
linux-gcp-5.15 (Ubuntu)
Focal	Fix Released	Medium	Unassigned