{
"summary": {
"snap": {
"added": [],
"removed": [],
"diff": []
},
"deb": {
"added": [
"linux-headers-5.4.0-205",
"linux-headers-5.4.0-205-generic-lpae",
"linux-image-5.4.0-205-generic-lpae",
"linux-modules-5.4.0-205-generic-lpae"
],
"removed": [
"linux-headers-5.4.0-204",
"linux-headers-5.4.0-204-generic-lpae",
"linux-image-5.4.0-204-generic-lpae",
"linux-modules-5.4.0-204-generic-lpae"
],
"diff": [
"linux-generic-lpae",
"linux-headers-generic-lpae",
"linux-image-generic-lpae"
]
}
},
"diff": {
"deb": [
{
"name": "linux-generic-lpae",
"from_version": {
"source_package_name": "linux-meta",
"source_package_version": "5.4.0.204.200",
"version": "5.4.0.204.200"
},
"to_version": {
"source_package_name": "linux-meta",
"source_package_version": "5.4.0.205.201",
"version": "5.4.0.205.201"
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [],
"log": [
"",
" * Bump ABI 5.4.0-205",
""
],
"package": "linux-meta",
"version": "5.4.0.205.201",
"urgency": "medium",
"distributions": "focal",
"launchpad_bugs_fixed": [],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Fri, 10 Jan 2025 22:40:35 +0100"
}
],
"notes": null
},
{
"name": "linux-headers-generic-lpae",
"from_version": {
"source_package_name": "linux-meta",
"source_package_version": "5.4.0.204.200",
"version": "5.4.0.204.200"
},
"to_version": {
"source_package_name": "linux-meta",
"source_package_version": "5.4.0.205.201",
"version": "5.4.0.205.201"
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [],
"log": [
"",
" * Bump ABI 5.4.0-205",
""
],
"package": "linux-meta",
"version": "5.4.0.205.201",
"urgency": "medium",
"distributions": "focal",
"launchpad_bugs_fixed": [],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Fri, 10 Jan 2025 22:40:35 +0100"
}
],
"notes": null
},
{
"name": "linux-image-generic-lpae",
"from_version": {
"source_package_name": "linux-meta",
"source_package_version": "5.4.0.204.200",
"version": "5.4.0.204.200"
},
"to_version": {
"source_package_name": "linux-meta",
"source_package_version": "5.4.0.205.201",
"version": "5.4.0.205.201"
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [],
"log": [
"",
" * Bump ABI 5.4.0-205",
""
],
"package": "linux-meta",
"version": "5.4.0.205.201",
"urgency": "medium",
"distributions": "focal",
"launchpad_bugs_fixed": [],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Fri, 10 Jan 2025 22:40:35 +0100"
}
],
"notes": null
}
],
"snap": []
},
"added": {
"deb": [
{
"name": "linux-headers-5.4.0-205",
"from_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-204.224",
"version": null
},
"to_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-205.225",
"version": "5.4.0-205.225"
},
"cves": [
{
"cve": "CVE-2023-21400",
"url": "https://ubuntu.com/security/CVE-2023-21400",
"cve_description": "In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.",
"cve_priority": "high",
"cve_public_date": "2023-07-13 00:15:00 UTC"
},
{
"cve": "CVE-2024-40967",
"url": "https://ubuntu.com/security/CVE-2024-40967",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue.",
"cve_priority": "medium",
"cve_public_date": "2024-07-12 13:15:00 UTC"
},
{
"cve": "CVE-2024-53164",
"url": "https://ubuntu.com/security/CVE-2024-53164",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.",
"cve_priority": "medium",
"cve_public_date": "2024-12-27 14:15:00 UTC"
},
{
"cve": "CVE-2024-53141",
"url": "https://ubuntu.com/security/CVE-2024-53141",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.",
"cve_priority": "medium",
"cve_public_date": "2024-12-06 10:15:00 UTC"
},
{
"cve": "CVE-2024-53103",
"url": "https://ubuntu.com/security/CVE-2024-53103",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"launchpad_bugs_fixed": [
2093621,
2078659
],
"changes": [
{
"cves": [
{
"cve": "CVE-2023-21400",
"url": "https://ubuntu.com/security/CVE-2023-21400",
"cve_description": "In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.",
"cve_priority": "high",
"cve_public_date": "2023-07-13 00:15:00 UTC"
},
{
"cve": "CVE-2024-40967",
"url": "https://ubuntu.com/security/CVE-2024-40967",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue.",
"cve_priority": "medium",
"cve_public_date": "2024-07-12 13:15:00 UTC"
},
{
"cve": "CVE-2024-53164",
"url": "https://ubuntu.com/security/CVE-2024-53164",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.",
"cve_priority": "medium",
"cve_public_date": "2024-12-27 14:15:00 UTC"
},
{
"cve": "CVE-2024-53141",
"url": "https://ubuntu.com/security/CVE-2024-53141",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.",
"cve_priority": "medium",
"cve_public_date": "2024-12-06 10:15:00 UTC"
},
{
"cve": "CVE-2024-53103",
"url": "https://ubuntu.com/security/CVE-2024-53103",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"log": [
"",
" * focal/linux: 5.4.0-205.225 -proposed tracker (LP: #2093621)",
"",
" * Hold IOPOLL locks when triggering io_uring's deferred work (LP: #2078659) //",
" CVE-2023-21400",
" - io_uring: remove extra check in __io_commit_cqring",
" - io_uring: dont kill fasync under completion_lock",
" - io_uring: ensure IOPOLL locks around deferred work",
"",
" * CVE-2024-40967",
" - iopoll: introduce read_poll_timeout macro",
" - iopoll: Introduce read_poll_timeout_atomic macro",
" - serial: imx: Introduce timeout when waiting on transmitter empty",
"",
" * CVE-2024-53164",
" - net: sched: fix ordering of qlen adjustment",
"",
" * CVE-2024-53141",
" - netfilter: ipset: add missing range check in bitmap_ip_uadt",
"",
" * CVE-2024-53103",
" - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer",
""
],
"package": "linux",
"version": "5.4.0-205.225",
"urgency": "medium",
"distributions": "focal",
"launchpad_bugs_fixed": [
2093621,
2078659
],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Fri, 10 Jan 2025 22:28:21 +0100"
}
],
"notes": "linux-headers-5.4.0-205 version '5.4.0-205.225' (source package linux version '5.4.0-205.225') was added. linux-headers-5.4.0-205 version '5.4.0-205.225' has the same source package name, linux, as removed package linux-headers-5.4.0-204. As such we can use the source package version of the removed package, '5.4.0-204.224', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package."
},
{
"name": "linux-headers-5.4.0-205-generic-lpae",
"from_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-204.224",
"version": null
},
"to_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-205.225",
"version": "5.4.0-205.225"
},
"cves": [
{
"cve": "CVE-2023-21400",
"url": "https://ubuntu.com/security/CVE-2023-21400",
"cve_description": "In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.",
"cve_priority": "high",
"cve_public_date": "2023-07-13 00:15:00 UTC"
},
{
"cve": "CVE-2024-40967",
"url": "https://ubuntu.com/security/CVE-2024-40967",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue.",
"cve_priority": "medium",
"cve_public_date": "2024-07-12 13:15:00 UTC"
},
{
"cve": "CVE-2024-53164",
"url": "https://ubuntu.com/security/CVE-2024-53164",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.",
"cve_priority": "medium",
"cve_public_date": "2024-12-27 14:15:00 UTC"
},
{
"cve": "CVE-2024-53141",
"url": "https://ubuntu.com/security/CVE-2024-53141",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.",
"cve_priority": "medium",
"cve_public_date": "2024-12-06 10:15:00 UTC"
},
{
"cve": "CVE-2024-53103",
"url": "https://ubuntu.com/security/CVE-2024-53103",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"launchpad_bugs_fixed": [
2093621,
2078659
],
"changes": [
{
"cves": [
{
"cve": "CVE-2023-21400",
"url": "https://ubuntu.com/security/CVE-2023-21400",
"cve_description": "In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.",
"cve_priority": "high",
"cve_public_date": "2023-07-13 00:15:00 UTC"
},
{
"cve": "CVE-2024-40967",
"url": "https://ubuntu.com/security/CVE-2024-40967",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue.",
"cve_priority": "medium",
"cve_public_date": "2024-07-12 13:15:00 UTC"
},
{
"cve": "CVE-2024-53164",
"url": "https://ubuntu.com/security/CVE-2024-53164",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.",
"cve_priority": "medium",
"cve_public_date": "2024-12-27 14:15:00 UTC"
},
{
"cve": "CVE-2024-53141",
"url": "https://ubuntu.com/security/CVE-2024-53141",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.",
"cve_priority": "medium",
"cve_public_date": "2024-12-06 10:15:00 UTC"
},
{
"cve": "CVE-2024-53103",
"url": "https://ubuntu.com/security/CVE-2024-53103",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"log": [
"",
" * focal/linux: 5.4.0-205.225 -proposed tracker (LP: #2093621)",
"",
" * Hold IOPOLL locks when triggering io_uring's deferred work (LP: #2078659) //",
" CVE-2023-21400",
" - io_uring: remove extra check in __io_commit_cqring",
" - io_uring: dont kill fasync under completion_lock",
" - io_uring: ensure IOPOLL locks around deferred work",
"",
" * CVE-2024-40967",
" - iopoll: introduce read_poll_timeout macro",
" - iopoll: Introduce read_poll_timeout_atomic macro",
" - serial: imx: Introduce timeout when waiting on transmitter empty",
"",
" * CVE-2024-53164",
" - net: sched: fix ordering of qlen adjustment",
"",
" * CVE-2024-53141",
" - netfilter: ipset: add missing range check in bitmap_ip_uadt",
"",
" * CVE-2024-53103",
" - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer",
""
],
"package": "linux",
"version": "5.4.0-205.225",
"urgency": "medium",
"distributions": "focal",
"launchpad_bugs_fixed": [
2093621,
2078659
],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Fri, 10 Jan 2025 22:28:21 +0100"
}
],
"notes": "linux-headers-5.4.0-205-generic-lpae version '5.4.0-205.225' (source package linux version '5.4.0-205.225') was added. linux-headers-5.4.0-205-generic-lpae version '5.4.0-205.225' has the same source package name, linux, as removed package linux-headers-5.4.0-204. As such we can use the source package version of the removed package, '5.4.0-204.224', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package."
},
{
"name": "linux-image-5.4.0-205-generic-lpae",
"from_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-204.224",
"version": null
},
"to_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-205.225",
"version": "5.4.0-205.225"
},
"cves": [
{
"cve": "CVE-2023-21400",
"url": "https://ubuntu.com/security/CVE-2023-21400",
"cve_description": "In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.",
"cve_priority": "high",
"cve_public_date": "2023-07-13 00:15:00 UTC"
},
{
"cve": "CVE-2024-40967",
"url": "https://ubuntu.com/security/CVE-2024-40967",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue.",
"cve_priority": "medium",
"cve_public_date": "2024-07-12 13:15:00 UTC"
},
{
"cve": "CVE-2024-53164",
"url": "https://ubuntu.com/security/CVE-2024-53164",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.",
"cve_priority": "medium",
"cve_public_date": "2024-12-27 14:15:00 UTC"
},
{
"cve": "CVE-2024-53141",
"url": "https://ubuntu.com/security/CVE-2024-53141",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.",
"cve_priority": "medium",
"cve_public_date": "2024-12-06 10:15:00 UTC"
},
{
"cve": "CVE-2024-53103",
"url": "https://ubuntu.com/security/CVE-2024-53103",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"launchpad_bugs_fixed": [
2093621,
2078659
],
"changes": [
{
"cves": [
{
"cve": "CVE-2023-21400",
"url": "https://ubuntu.com/security/CVE-2023-21400",
"cve_description": "In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.",
"cve_priority": "high",
"cve_public_date": "2023-07-13 00:15:00 UTC"
},
{
"cve": "CVE-2024-40967",
"url": "https://ubuntu.com/security/CVE-2024-40967",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue.",
"cve_priority": "medium",
"cve_public_date": "2024-07-12 13:15:00 UTC"
},
{
"cve": "CVE-2024-53164",
"url": "https://ubuntu.com/security/CVE-2024-53164",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.",
"cve_priority": "medium",
"cve_public_date": "2024-12-27 14:15:00 UTC"
},
{
"cve": "CVE-2024-53141",
"url": "https://ubuntu.com/security/CVE-2024-53141",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.",
"cve_priority": "medium",
"cve_public_date": "2024-12-06 10:15:00 UTC"
},
{
"cve": "CVE-2024-53103",
"url": "https://ubuntu.com/security/CVE-2024-53103",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"log": [
"",
" * focal/linux: 5.4.0-205.225 -proposed tracker (LP: #2093621)",
"",
" * Hold IOPOLL locks when triggering io_uring's deferred work (LP: #2078659) //",
" CVE-2023-21400",
" - io_uring: remove extra check in __io_commit_cqring",
" - io_uring: dont kill fasync under completion_lock",
" - io_uring: ensure IOPOLL locks around deferred work",
"",
" * CVE-2024-40967",
" - iopoll: introduce read_poll_timeout macro",
" - iopoll: Introduce read_poll_timeout_atomic macro",
" - serial: imx: Introduce timeout when waiting on transmitter empty",
"",
" * CVE-2024-53164",
" - net: sched: fix ordering of qlen adjustment",
"",
" * CVE-2024-53141",
" - netfilter: ipset: add missing range check in bitmap_ip_uadt",
"",
" * CVE-2024-53103",
" - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer",
""
],
"package": "linux",
"version": "5.4.0-205.225",
"urgency": "medium",
"distributions": "focal",
"launchpad_bugs_fixed": [
2093621,
2078659
],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Fri, 10 Jan 2025 22:28:21 +0100"
}
],
"notes": "linux-image-5.4.0-205-generic-lpae version '5.4.0-205.225' (source package linux version '5.4.0-205.225') was added. linux-image-5.4.0-205-generic-lpae version '5.4.0-205.225' has the same source package name, linux, as removed package linux-headers-5.4.0-204. As such we can use the source package version of the removed package, '5.4.0-204.224', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package."
},
{
"name": "linux-modules-5.4.0-205-generic-lpae",
"from_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-204.224",
"version": null
},
"to_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-205.225",
"version": "5.4.0-205.225"
},
"cves": [
{
"cve": "CVE-2023-21400",
"url": "https://ubuntu.com/security/CVE-2023-21400",
"cve_description": "In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.",
"cve_priority": "high",
"cve_public_date": "2023-07-13 00:15:00 UTC"
},
{
"cve": "CVE-2024-40967",
"url": "https://ubuntu.com/security/CVE-2024-40967",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue.",
"cve_priority": "medium",
"cve_public_date": "2024-07-12 13:15:00 UTC"
},
{
"cve": "CVE-2024-53164",
"url": "https://ubuntu.com/security/CVE-2024-53164",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.",
"cve_priority": "medium",
"cve_public_date": "2024-12-27 14:15:00 UTC"
},
{
"cve": "CVE-2024-53141",
"url": "https://ubuntu.com/security/CVE-2024-53141",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.",
"cve_priority": "medium",
"cve_public_date": "2024-12-06 10:15:00 UTC"
},
{
"cve": "CVE-2024-53103",
"url": "https://ubuntu.com/security/CVE-2024-53103",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"launchpad_bugs_fixed": [
2093621,
2078659
],
"changes": [
{
"cves": [
{
"cve": "CVE-2023-21400",
"url": "https://ubuntu.com/security/CVE-2023-21400",
"cve_description": "In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.",
"cve_priority": "high",
"cve_public_date": "2023-07-13 00:15:00 UTC"
},
{
"cve": "CVE-2024-40967",
"url": "https://ubuntu.com/security/CVE-2024-40967",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue.",
"cve_priority": "medium",
"cve_public_date": "2024-07-12 13:15:00 UTC"
},
{
"cve": "CVE-2024-53164",
"url": "https://ubuntu.com/security/CVE-2024-53164",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.",
"cve_priority": "medium",
"cve_public_date": "2024-12-27 14:15:00 UTC"
},
{
"cve": "CVE-2024-53141",
"url": "https://ubuntu.com/security/CVE-2024-53141",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.",
"cve_priority": "medium",
"cve_public_date": "2024-12-06 10:15:00 UTC"
},
{
"cve": "CVE-2024-53103",
"url": "https://ubuntu.com/security/CVE-2024-53103",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"log": [
"",
" * focal/linux: 5.4.0-205.225 -proposed tracker (LP: #2093621)",
"",
" * Hold IOPOLL locks when triggering io_uring's deferred work (LP: #2078659) //",
" CVE-2023-21400",
" - io_uring: remove extra check in __io_commit_cqring",
" - io_uring: dont kill fasync under completion_lock",
" - io_uring: ensure IOPOLL locks around deferred work",
"",
" * CVE-2024-40967",
" - iopoll: introduce read_poll_timeout macro",
" - iopoll: Introduce read_poll_timeout_atomic macro",
" - serial: imx: Introduce timeout when waiting on transmitter empty",
"",
" * CVE-2024-53164",
" - net: sched: fix ordering of qlen adjustment",
"",
" * CVE-2024-53141",
" - netfilter: ipset: add missing range check in bitmap_ip_uadt",
"",
" * CVE-2024-53103",
" - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer",
""
],
"package": "linux",
"version": "5.4.0-205.225",
"urgency": "medium",
"distributions": "focal",
"launchpad_bugs_fixed": [
2093621,
2078659
],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Fri, 10 Jan 2025 22:28:21 +0100"
}
],
"notes": "linux-modules-5.4.0-205-generic-lpae version '5.4.0-205.225' (source package linux version '5.4.0-205.225') was added. linux-modules-5.4.0-205-generic-lpae version '5.4.0-205.225' has the same source package name, linux, as removed package linux-headers-5.4.0-204. As such we can use the source package version of the removed package, '5.4.0-204.224', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package."
}
],
"snap": []
},
"removed": {
"deb": [
{
"name": "linux-headers-5.4.0-204",
"from_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-204.224",
"version": "5.4.0-204.224"
},
"to_version": {
"source_package_name": null,
"source_package_version": null,
"version": null
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [],
"notes": null
},
{
"name": "linux-headers-5.4.0-204-generic-lpae",
"from_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-204.224",
"version": "5.4.0-204.224"
},
"to_version": {
"source_package_name": null,
"source_package_version": null,
"version": null
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [],
"notes": null
},
{
"name": "linux-image-5.4.0-204-generic-lpae",
"from_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-204.224",
"version": "5.4.0-204.224"
},
"to_version": {
"source_package_name": null,
"source_package_version": null,
"version": null
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [],
"notes": null
},
{
"name": "linux-modules-5.4.0-204-generic-lpae",
"from_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-204.224",
"version": "5.4.0-204.224"
},
"to_version": {
"source_package_name": null,
"source_package_version": null,
"version": null
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [],
"notes": null
}
],
"snap": []
},
"notes": "Changelog diff for Ubuntu 20.04 focal image from daily image serial 20250122 to 20250127",
"from_series": "focal",
"to_series": "focal",
"from_serial": "20250122",
"to_serial": "20250127",
"from_manifest_filename": "daily_manifest.previous",
"to_manifest_filename": "manifest.current"
}