~kees/ubuntu-cve-tracker:linux-sha-fixes

Branch merges

Propose for merging

Merged into ubuntu-cve-tracker:master at revision e16f7cc525a3f8c6c974de4739843a0d40f5f826

Marc Deslauriers: Approve on 2024-02-22

Diff: 82 lines (+8/-8)

6 files modified

active/CVE-2022-21499 (+1/-1)
active/CVE-2022-3564 (+2/-2)
active/CVE-2022-39188 (+1/-1)
active/CVE-2022-43945 (+1/-1)
active/CVE-2023-40283 (+1/-1)
retired/CVE-2018-5390 (+2/-2)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

e16f7cc... by Kees Cook on 2024-02-22

CVE-2023-40283: Update flaw introduction SHA

The flaw comes from LE reuse, which was introduced in commit 9f0caeb1deaf
("Bluetooth: Add support for reusing the same hci_conn for LE links").

Signed-off-by: Kees Cook <email address hidden>

	unit-tests:0 (build)
	check-cves:0 (build)

1 → 2 of 2 results

First • Previous • Next • Last

562bc85... by Kees Cook on 2024-02-22

CVE-2022-43945: Update flaw introduction SHA

NFSd reply size helpers were introduced in commit 58e7b33a58d0 ("nfsd41:
try to check reply size before operation").

Signed-off-by: Kees Cook <email address hidden>

650fef3... by Kees Cook on 2024-02-22

CVE-2022-39188: Update flaw introduction SHA

The flaw was in the generic tlb_flush(), which was introduced in commit
5f307be18b32 ("asm-generic/tlb, arch: Provide generic tlb_flush() based
on flush_tlb_range()").

Signed-off-by: Kees Cook <email address hidden>

0463b36... by Kees Cook on 2024-02-22

CVE-2022-3564: Update flaw introduction SHA

Commit 89f9f3cb86b1c63badaf392a83dd661d56cc50b1 was only valid outside
of Linus's tree. Remove the reference to it.

Signed-off-by: Kees Cook <email address hidden>

6346ed3... by Kees Cook on 2024-02-22

CVE-2022-21499: Update flaw introduction SHA

This isn't a bypass against lockdown until lockdown itself existed,
which is commit 9e47d31d6a57 ("security: Add a "locked down" LSM hook").

Signed-off-by: Kees Cook <email address hidden>

6489dc3... by Kees Cook on 2019-08-19

CVE-2018-5390: Update flaw introduction SHA

The fixes all address the same base flaw.

Signed-off-by: Kees Cook <email address hidden>

370b85f... by Marc Deslauriers on 2024-02-21

active_edit: disable check that can result in false positives

0fff3aa... by Rodrigo Figueiredo Zaiden on 2024-02-21

kernel/CVE-2023-6040: move it back to released

Signed-off-by: Rodrigo Figueiredo Zaiden <email address hidden>

31a7377... by Rodrigo Figueiredo Zaiden on 2024-02-21

merge cve updates from kernel team

Signed-off-by: Rodrigo Figueiredo Zaiden <email address hidden>

a7da35e... by Marc Deslauriers on 2024-02-21

researched and assigned postgresql CVE