This bug was fixed in the package linux - 5.19.0-18.18
---------------
linux (5.19.0-18.18) kinetic; urgency=medium
* kinetic/linux: 5.19.0-18.18 -proposed tracker (LP: #1990366)
* 5.19.0-17.17: kernel NULL pointer dereference, address: 0000000000000084
(LP: #1990236)
- Revert "UBUNTU: SAUCE: apparmor: Fix regression in stacking due to label
flags"
- Revert "UBUNTU: [Config] disable SECURITY_APPARMOR_RESTRICT_USERNS"
- Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - add an internal buffer""
- Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - don't wait on cleanup""
- Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - don't waste entropy""
- Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - always add a pending
request""
- Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - unregister device before
reset""
- Revert "UBUNTU: SAUCE: Revert "virtio-rng: make device ready before making
request""
- Revert "UBUNTU: [Config] update configs after apply new apparmor patch
set"
- Revert "UBUNTU: SAUCE: apparmor: add user namespace creation mediation"
- Revert "UBUNTU: SAUCE: selinux: Implement userns_create hook"
- Revert "UBUNTU: SAUCE: bpf-lsm: Make bpf_lsm_userns_create() sleepable"
- Revert "UBUNTU: SAUCE: security, lsm: Introduce security_create_user_ns()"
- Revert "UBUNTU: SAUCE: lsm stacking v37: AppArmor: Remove the exclusive
flag"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Add /proc attr entry for
full
LSM context"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Removed scaffolding function
lsmcontext_init"
- Revert "UBUNTU: SAUCE: lsm stacking v37: netlabel: Use a struct lsmblob in
audit data"
- Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Add record for multiple
object contexts"
- Revert "UBUNTU: SAUCE: lsm stacking v37: audit: multiple subject lsm
values
for netlabel"
- Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Add record for multiple
task
security contexts"
- Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Allow multiple records in
an
audit_buffer"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Add a function to report
multiple LSMs"
- Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Create audit_stamp
structure"
- Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Keep multiple LSM data in
audit_names"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: security_secid_to_secctx
module selection"
- Revert "UBUNTU: SAUCE: lsm stacking v37: binder: Pass LSM identifier for
confirmation"
- Revert "UBUNTU: SAUCE: lsm stacking v37: NET: Store LSM netlabel data in a
lsmblob"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: security_secid_to_secctx in
netlink netfilter"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmcontext in
security_dentry_init_security"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmcontext in
security_inode_getsecctx"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmcontext in
security_secid_to_secctx"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Ensure the correct LSM
context
releaser"
- Revert "UBUNTU: SAUCE: fixup lsm stacking v37: LSM: Specify which LSM to
display"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Specify which LSM to
display"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in
security_cred_getsecid"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in
security_inode_getsecid"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in
security_current_getsecid"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in
security_ipc_getsecid"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in
security_secid_to_secctx"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in
security_secctx_to_secid"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in
security_kernel_act_as"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in
security_audit_rule_match"
- Revert "UBUNTU: SAUCE: lsm stacking v37: IMA: avoid label collisions with
stacked LSMs"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: provide lsm name and id slot
mappings"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Add the lsmblob data
structure."
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Infrastructure management of
the sock security"
- Revert "UBUNTU: SAUCE: lsm stacking v37: integrity: disassociate
ima_filter_rule from security_audit_rule"
- Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from SK_CTX() to
aa_sock()"
- Revert "UBUNTU: SAUCE: apparmor: Add fine grained mediation of posix
mqueues"
- Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()"
- Revert "UBUNTU: SAUCE: fix shutdown unix socket owner conditional check"
- Revert "UBUNTU: SAUCE: apparmor: af_unix mediation"
- Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x
net rules"
- Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex
value"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: fix aa_class_names[]
to
match reserved classes"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: rework profile->rules
to
be a list"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: refactor profile rules
and attachments"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: verify loaded
permission
bits masks don't overlap"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: cleanup: move perm
accumulation into perms.h"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: make sure perm indexes
are accumulated"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: verify permission
table
indexes"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: add the ability for
policy to specify a permission table"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: make unpack_array
return
a trianary value"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: group dfa policydb
unpacking"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: make transition table
unpack generic so it can be reused"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: add user mode flag"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: add mediation class
information to auditing"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: extend permissions to
support a label and tag string"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: isolate policy
backwards
compatibility to its own file"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: extend xindex size"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: move dfa perm macros
into policy_unpack"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: extend policydb
permission set by making use of the xbits"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: fix apparmor mediating
locking non-fs unix sockets"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: Fix abi check to
include
v8 abi"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: preparse for state
being
more than just an integer"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: convert policy lookup
to
use accept as an index"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: cleanup shared
permission struct"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: convert xmatch lookup
to
use accept as an index"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: convert fperm lookup
to
use accept as an index"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: convert xmatch to
using
the new shared policydb struct"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: combine file_rules and
aa_policydb into a single shared struct"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: compute policydb
permission on profile load"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: convert xmatch to use
aa_perms structure"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: rework and cleanup
fperm
computation"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: move fperm computation
into policy_unpack"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: compute xmatch
permissions on profile load"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: compute file
permissions
on profile load"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: expose compression
level
limits in sysfs"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: use zstd compression
for
profile data"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: reserve mediation
classes"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: fix lockdep warning
when
removing a namespace"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: fix a memleak in
multi_transaction_new()"
- Revert "UBUNTU: SAUCE: upstream v6.0: Smack: Provide read control for
io_uring_cmd"
- Revert "UBUNTU: SAUCE: upstream v6.0: selinux: implement the
security_uring_cmd() LSM hook"
- Revert "UBUNTU: SAUCE: upstream v6.0: lsm,io_uring: add LSM hooks for the
new uring_cmd file op"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: correct config reference
to
intended one"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: move ptrace mediation to
more logical task.{h,c}"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: extend policydb permission
set by making use of the xbits"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: allow label to carry debug
flags"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix some kernel-doc
comments"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Mark alloc_unconfined() as
static"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: disable showing the mode
as
part of a secid to secctx"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Convert secid mapping to
XArrays instead of IDR"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: add a kernel label to use
on
kernel objects"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: test: Remove some casts
which are no-longer required"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix some kernel-doc
comments"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix undefined reference to
`zlib_deflate_workspacesize'"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix some kernel-doc
comments"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix some kernel-doc
comments"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix match_mnt_path_str()
and
match_mnt() kernel-doc comment"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Use struct_size() helper
in
kmalloc()"
- Revert "UBUNTU: SAUCE: upstream v6.0: security/apparmor: remove redundant
ret variable"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: resolve uninitialized
symbol
warnings in policy_unpack_test.c"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: don't create raw_sha1
symlink if sha1 hashing is disabled"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Enable tuning of policy
paranoid load for embedded systems"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: make export of raw binary
profile to userspace optional"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Update help description of
policy hash for introspection"
- Revert "UBUNTU: SAUCE: upstream v6.0: lsm: Fix kernel-doc"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix kernel-doc"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: fix absroot causing
audited
secids to begin with ="
- Revert "Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string
hex value""
- Revert "Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility
with
v2.x net rules""
- Revert "Revert "UBUNTU: SAUCE: apparmor: af_unix mediation""
- Revert "Revert "UBUNTU: SAUCE: apparmor: fix use after free in
sk_peer_label""
- Revert "Revert "UBUNTU SAUCE: apparmor: fix apparmor mediating locking
non-
fs, unix sockets""
- Revert "Revert "apparmor: fix absroot causing audited secids to begin with
=""
- Revert "Revert "UBUNTU: SAUCE: apparmor: disable showing the mode as part
of
a secid to secctx""
- Revert "Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to
aa_unix_sk()""
- Revert "Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from
SK_CTX()
to aa_sock()""
- Revert "Revert "UBUNTU: SAUCE: LSM: Infrastructure management of the sock
security""
- Revert "Revert "UBUNTU: SAUCE: LSM: Create and manage the lsmblob data
structure.""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
security_audit_rule_match""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
security_kernel_act_as""
- Revert "Revert "UBUNTU: SAUCE: net: Prepare UDS for security module
stacking""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
security_secctx_to_secid""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
security_secid_to_secctx""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
security_task_getsecid""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
security_inode_getsecid""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
security_cred_getsecid""
- Revert "Revert "UBUNTU: SAUCE: IMA: Change internal interfaces to use
lsmblobs""
- Revert "Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display""
- Revert "Revert "UBUNTU: SAUCE: LSM: Ensure the correct LSM context
releaser""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in
security_secid_to_secctx""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in
security_inode_getsecctx""
- Revert "Revert "UBUNTU: SAUCE: LSM: security_secid_to_secctx in netlink
netfilter""
- Revert "Revert "UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob""
- Revert "Revert "UBUNTU: SAUCE: Audit: Add new record for multiple process
LSM attributes""
- Revert "Revert "UBUNTU: SAUCE: Audit: Fix incorrect static inline function
declration.""
- Revert "Revert "UBUNTU: SAUCE: Audit: Add a new record for multiple object
LSM attributes""
- Revert "Revert "UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM
context""
- Revert "Revert "UBUNTU: SAUCE: AppArmor: Remove the exclusive flag""
- Revert "Revert "UBUNTU: SAUCE: Audit: Fix for missing NULL check""
- Revert "Revert "UBUNTU: SAUCE: apparmor: rename kzfree() to
kfree_sensitive()""
- Revert "Revert "UBUNTU: SAUCE: LSM: change ima_read_file() to use
lsmblob""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in smk_netlbl_mls()""
- Revert "Revert "UBUNTU: SAUCE: apparmor: Fix build error, make sk
parameter
const""
- Revert "Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display (using
struct cred as input)""
* [22.04 FEAT] Enhanced Interpretation for PCI Functions on s390x - kernel
part (LP: #1853306)
- s390/sclp: detect the zPCI load/store interpretation facility
- s390/sclp: detect the AISII facility
- s390/sclp: detect the AENI facility
- s390/sclp: detect the AISI facility
- s390/airq: pass more TPI info to airq handlers
- s390/airq: allow for airq structure that uses an input vector
- s390/pci: externalize the SIC operation controls and routine
- s390/pci: stash associated GISA designation
- s390/pci: stash dtsm and maxstbl
- vfio/pci: introduce CONFIG_VFIO_PCI_ZDEV_KVM
- KVM: s390: pci: add basic kvm_zdev structure
- KVM: s390: pci: do initial setup for AEN interpretation
- KVM: s390: pci: enable host forwarding of Adapter Event Notifications
- KVM: s390: mechanism to enable guest zPCI Interpretation
- KVM: s390: pci: provide routines for enabling/disabling interrupt
forwarding
- KVM: s390: pci: add routines to start/stop interpretive execution
- vfio-pci/zdev: add open/close device hooks
- vfio-pci/zdev: add function handle to clp base capability
- vfio-pci/zdev: different maxstbl for interpreted devices
- KVM: s390: add KVM_S390_ZPCI_OP to manage guest zPCI devices
- MAINTAINERS: additional files related kvm s390 pci passthrough
- Documentation: kvm: extend KVM_S390_ZPCI_OP subheading underline
- KVM: s390: pci: Hook to access KVM lowlevel from VFIO
* [22.10 FEAT] [IO2201] Independent Usage of Secondary Physical Function
(LP: #1959542)
- PCI: Clean up pci_scan_slot()
- PCI: Split out next_ari_fn() from next_fn()
- PCI: Move jailhouse's isolated function handling to pci_scan_slot()
- PCI: Extend isolated function probing to s390
- s390/pci: allow zPCI zbus without a function zero
* AMD ACP 6.2 DMIC support (LP: #1989518)
- ASoC: amd: add Pink Sardine platform ACP IP register header
- ASoC: amd: add Pink Sardine ACP PCI driver
- ASoC: amd: add acp6.2 init/de-init functions
- ASoC: amd: add platform devices for acp6.2 pdm driver and dmic driver
- ASoC: amd: add acp6.2 pdm platform driver
- ASoC: amd: add acp6.2 irq handler
- ASoC: amd: add acp6.2 pdm driver dma ops
- ASoC: amd: add acp6.2 pci driver pm ops
- ASoC: amd: add acp6.2 pdm driver pm ops
- ASoC: amd: enable Pink Sardine acp6.2 drivers build
- ASoC: amd: create platform device for acp6.2 machine driver
- ASoC: amd: add Pink Sardine machine driver using dmic
- ASoC: amd: enable Pink sardine platform machine driver build.
- [Config] Enable audio for AMD PinkSardine
* support independent clock and LED GPIOs for Intel IPU6 platforms
(LP: #1989046)
- SAUCE: platform/x86: int3472: support independent clock and LED GPIOs
* CVE-2022-2978
- SAUCE: fs: fix UAF/GPF bug in nilfs_mdt_destroy
* Miscellaneous Ubuntu changes
- [Config] disable SECURITY_APPARMOR_RESTRICT_USERNS
- SAUCE: Add mdev_set_iommu_device() kABI.
- SAUCE: apparmor: Fix regression in stacking due to label flags
- [Config] update toolchain version
* Miscellaneous upstream changes
- Revert "drm/i915/opregion: check port number bounds for SWSCI display
power
state"
-- Andrea Righi <[email protected]> Wed, 21 Sep 2022 16:28:46
+0200
** Changed in: linux (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2978
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1959940
Title:
[22.10 FEAT] KVM: Secure Execution guest dump encryption with customer
keys - kernel part
Status in Ubuntu on IBM z Systems:
Fix Committed
Status in linux package in Ubuntu:
Fix Released
Bug description:
KVM: Secure Execution guest dump encryption with customer keys -
kernel part
Description:
Hypervisor-initiated dumps for Secure Execution guests are not helpful
because memory and CPU state is encrypted by a transient key only available to
the Ultravisor. Workload owners can still configure kdump in order to obtain
kernel crash infomation, but there are situation where kdump doesn't work. In
such situations problem determination is severely impeded. This feature will
implement dumps created in a way that can only be decrypted by the owner of the
guest image and be used for problem determination.
Request Type: Kernel - Enhancement from IBM
Upstream Acceptance: In Progress
Code Contribution: IBM code
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1959940/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
