~awe/ubuntu/+source/linux/+git/jammy:hwe-5.17-next

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

97e1be6... by mudongliang on 2022-09-19

UBUNTU: SAUCE: fs: fix UAF/GPF bug in nilfs_mdt_destroy

In alloc_inode, inode_init_always() could return -ENOMEM if
security_inode_alloc() fails, which causes inode->i_private
uninitialized. Then nilfs_is_metadata_file_inode() returns
true and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(),
which frees the uninitialized inode->i_private
and leads to crashes(e.g., UAF/GPF).

Fix this by moving security_inode_alloc just prior to
this_cpu_inc(nr_inodes)

Link: https://lkml.<email address hidden>
Reported-by: butt3rflyh4ck <email address hidden>
Reported-by: Hao Sun <email address hidden>
Reported-by: Jiacheng Xu <email address hidden>
Reviewed-by: Christian Brauner (Microsoft) <email address hidden>
Signed-off-by: Dongliang Mu <email address hidden>
Cc: Al Viro <email address hidden>
Cc: <email address hidden>
Signed-off-by: Al Viro <email address hidden>
(cherry picked from commit dcd684c9aafe2ba01264c9f9d7480e16c89a3a4b linux-next.git)
CVE-2022-2978
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Signed-off-by: Paolo Pisati <email address hidden>

c1b587e... by Paolo Pisati on 2022-08-31

UBUNTU: Ubuntu-hwe-5.17-5.17.0-9.9~22.04.8

Signed-off-by: Paolo Pisati <email address hidden>

b9b1b92... by Paolo Pisati on 2022-08-31

UBUNTU: link-to-tracker: update tracking bug

BugLink: https://bugs.launchpad.net/bugs/1987779
Properties: no-test-build
Signed-off-by: Paolo Pisati <email address hidden>

cf20b8d... by Paolo Pisati on 2022-08-31

UBUNTU: Start new release

Ignore: yes
Signed-off-by: Paolo Pisati <email address hidden>

a549c44... by Florian Westphal <email address hidden> on 2022-08-16

netfilter: nf_queue: do not allow packet truncation below transport header offset

Domingo Dirutigliano and Nicola Guerrera report kernel panic when
sending nf_queue verdict with 1-byte nfta_payload attribute.

The IP/IPv6 stack pulls the IP(v6) header from the packet after the
input hook.

If user truncates the packet below the header size, this skb_pull() will
result in a malformed skb (skb->len < 0).

Fixes: 7af4cc3fa158 ("[NETFILTER]: Add "nfnetlink_queue" netfilter queue handler over nfnetlink")
Reported-by: Domingo Dirutigliano <email address hidden>
Signed-off-by: Florian Westphal <email address hidden>
Reviewed-by: Pablo Neira Ayuso <email address hidden>

CVE-2022-36946
(cherry picked from commit 99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164)
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

58ee78d... by Helge Deller on 2022-08-05

fbmem: Check virtual screen sizes in fb_set_var()

Verify that the fbdev or drm driver correctly adjusted the virtual
screen sizes. On failure report the failing driver and reject the screen
size change.

Signed-off-by: Helge Deller <email address hidden>
Reviewed-by: Geert Uytterhoeven <email address hidden>
Cc: <email address hidden> # v5.4+

CVE-2021-33655
(cherry picked from commit 6c11df58fd1ac0aefcb3b227f72769272b939e56)
Signed-off-by: Cengiz Can <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

13f7ce6... by Helge Deller on 2022-08-05

fbcon: Prevent that screen size is smaller than font size

We need to prevent that users configure a screen size which is smaller than the
currently selected font size. Otherwise rendering chars on the screen will
access memory outside the graphics memory region.

This patch adds a new function fbcon_modechange_possible() which
implements this check and which later may be extended with other checks
if necessary. The new function is called from the FBIOPUT_VSCREENINFO
ioctl handler in fbmem.c, which will return -EINVAL if userspace asked
for a too small screen size.

Signed-off-by: Helge Deller <email address hidden>
Reviewed-by: Geert Uytterhoeven <email address hidden>
Cc: <email address hidden> # v5.4+

CVE-2021-33655
(cherry picked from commit e64242caef18b4a5840b0e7a9bff37abd4f4f933)
Signed-off-by: Cengiz Can <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

a869846... by Helge Deller on 2022-08-05

fbcon: Disallow setting font bigger than screen size

Prevent that users set a font size which is bigger than the physical screen.
It's unlikely this may happen (because screens are usually much larger than the
fonts and each font char is limited to 32x32 pixels), but it may happen on
smaller screens/LCD displays.

Signed-off-by: Helge Deller <email address hidden>
Reviewed-by: Daniel Vetter <email address hidden>
Reviewed-by: Geert Uytterhoeven <email address hidden>
Cc: <email address hidden> # v4.14+

CVE-2021-33655
(cherry picked from commit 65a01e601dbba8b7a51a2677811f70f783766682)
Signed-off-by: Cengiz Can <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

c638b3d... by Kleber Sacilotto de Souza on 2022-08-17

UBUNTU: Ubuntu-hwe-5.17-5.17.0-8.8~22.04.8

Signed-off-by: Kleber Sacilotto de Souza <email address hidden>

62237fa... by Kleber Sacilotto de Souza on 2022-08-17

UBUNTU: debian/dkms-versions -- update from kernel-versions (main/2022.08.08)

BugLink: https://bugs.launchpad.net/bugs/1786013
Signed-off-by: Kleber Sacilotto de Souza <email address hidden>