Comment 2 for bug 2026753

This bug was fixed in the package linux - 6.2.0-26.26

---------------
linux (6.2.0-26.26) lunar; urgency=medium

  * lunar/linux: 6.2.0-26.26 -proposed tracker (LP: #2026753)

  * CVE-2023-2640 // CVE-2023-32629
    - Revert "UBUNTU: SAUCE: overlayfs: handle idmapped mounts in
      ovl_do_(set|remove)xattr"
    - Revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for
      trusted.overlayfs.* xattrs"
    - SAUCE: overlayfs: default to userxattr when mounted from non initial user
      namespace

  * CVE-2023-35001
    - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

  * CVE-2023-31248
    - netfilter: nf_tables: do not ignore genmask when looking up chain by id

  * CVE-2023-3389
    - io_uring/poll: serialize poll linked timer start with poll removal

  * CVE-2023-3390
    - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

  * CVE-2023-3090
    - ipvlan:Fix out-of-bounds caused by unclear skb->cb

  * CVE-2023-3269
    - mm: introduce new 'lock_mm_and_find_vma()' page fault helper
    - mm: make the page fault mmap locking killable
    - arm64/mm: Convert to using lock_mm_and_find_vma()
    - powerpc/mm: Convert to using lock_mm_and_find_vma()
    - mips/mm: Convert to using lock_mm_and_find_vma()
    - riscv/mm: Convert to using lock_mm_and_find_vma()
    - arm/mm: Convert to using lock_mm_and_find_vma()
    - mm/fault: convert remaining simple cases to lock_mm_and_find_vma()
    - powerpc/mm: convert coprocessor fault to lock_mm_and_find_vma()
    - mm: make find_extend_vma() fail if write lock not held
    - execve: expand new process stack manually ahead of time
    - mm: always expand the stack with the mmap write lock held
    - [CONFIG]: Set CONFIG_LOCK_MM_AND_FIND_VMA

 -- Thadeu Lima de Souza Cascardo <email address hidden> Mon, 10 Jul 2023 17:25:47 -0300