{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-headers-5.15.0-1073-kvm", "linux-image-5.15.0-1073-kvm", "linux-kvm-headers-5.15.0-1073", "linux-modules-5.15.0-1073-kvm" ], "removed": [ "linux-headers-5.15.0-1072-kvm", "linux-image-5.15.0-1072-kvm", "linux-kvm-headers-5.15.0-1072", "linux-modules-5.15.0-1072-kvm" ], "diff": [ "linux-headers-kvm", "linux-image-kvm", "linux-kvm" ] } }, "diff": { "deb": [ { "name": "linux-headers-kvm", "from_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1072.68", "version": "5.15.0.1072.68" }, "to_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1073.69", "version": "5.15.0.1073.69" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-1073", "" ], "package": "linux-meta-kvm", "version": "5.15.0.1073.69", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Koichiro Den ", "date": "Thu, 16 Jan 2025 12:31:49 +0900" } ], "notes": null }, { "name": "linux-image-kvm", "from_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1072.68", "version": "5.15.0.1072.68" }, "to_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1073.69", "version": "5.15.0.1073.69" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-1073", "" ], "package": "linux-meta-kvm", "version": "5.15.0.1073.69", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Koichiro Den ", "date": "Thu, 16 Jan 2025 12:31:49 +0900" } ], "notes": null }, { "name": "linux-kvm", "from_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1072.68", "version": "5.15.0.1072.68" }, "to_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1073.69", "version": "5.15.0.1073.69" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-1073", "" ], "package": "linux-meta-kvm", "version": "5.15.0.1073.69", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Koichiro Den ", "date": "Thu, 16 Jan 2025 12:31:49 +0900" } ], "notes": null } ], "snap": [] }, "added": { "deb": [ { "name": "linux-headers-5.15.0-1073-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1072.77", "version": null }, "to_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1073.78", "version": "5.15.0-1073.78" }, "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2093559, 2093573 ], "changes": [ { "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "log": [ "", " * jammy/linux-kvm: 5.15.0-1073.78 -proposed tracker (LP: #2093559)", "", " [ Ubuntu: 5.15.0-131.141 ]", "", " * jammy/linux: 5.15.0-131.141 -proposed tracker (LP: #2093573)", " * CVE-2024-53164", " - net: sched: fix ordering of qlen adjustment", " * CVE-2024-53141", " - netfilter: ipset: add missing range check in bitmap_ip_uadt", " * CVE-2024-53103", " - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer", "" ], "package": "linux-kvm", "version": "5.15.0-1073.78", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2093559, 2093573 ], "author": "Koichiro Den ", "date": "Thu, 16 Jan 2025 12:21:22 +0900" } ], "notes": "linux-headers-5.15.0-1073-kvm version '5.15.0-1073.78' (source package linux-kvm version '5.15.0-1073.78') was added. linux-headers-5.15.0-1073-kvm version '5.15.0-1073.78' has the same source package name, linux-kvm, as removed package linux-headers-5.15.0-1072-kvm. As such we can use the source package version of the removed package, '5.15.0-1072.77', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-image-5.15.0-1073-kvm", "from_version": { "source_package_name": "linux-signed-kvm", "source_package_version": "5.15.0-1072.77", "version": null }, "to_version": { "source_package_name": "linux-signed-kvm", "source_package_version": "5.15.0-1073.78", "version": "5.15.0-1073.78" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 5.15.0-1073.78", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed-kvm", "version": "5.15.0-1073.78", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 1786013 ], "author": "Koichiro Den ", "date": "Thu, 16 Jan 2025 12:32:11 +0900" } ], "notes": "linux-image-5.15.0-1073-kvm version '5.15.0-1073.78' (source package linux-signed-kvm version '5.15.0-1073.78') was added. linux-image-5.15.0-1073-kvm version '5.15.0-1073.78' has the same source package name, linux-signed-kvm, as removed package linux-image-5.15.0-1072-kvm. As such we can use the source package version of the removed package, '5.15.0-1072.77', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-kvm-headers-5.15.0-1073", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1072.77", "version": null }, "to_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1073.78", "version": "5.15.0-1073.78" }, "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2093559, 2093573 ], "changes": [ { "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "log": [ "", " * jammy/linux-kvm: 5.15.0-1073.78 -proposed tracker (LP: #2093559)", "", " [ Ubuntu: 5.15.0-131.141 ]", "", " * jammy/linux: 5.15.0-131.141 -proposed tracker (LP: #2093573)", " * CVE-2024-53164", " - net: sched: fix ordering of qlen adjustment", " * CVE-2024-53141", " - netfilter: ipset: add missing range check in bitmap_ip_uadt", " * CVE-2024-53103", " - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer", "" ], "package": "linux-kvm", "version": "5.15.0-1073.78", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2093559, 2093573 ], "author": "Koichiro Den ", "date": "Thu, 16 Jan 2025 12:21:22 +0900" } ], "notes": "linux-kvm-headers-5.15.0-1073 version '5.15.0-1073.78' (source package linux-kvm version '5.15.0-1073.78') was added. linux-kvm-headers-5.15.0-1073 version '5.15.0-1073.78' has the same source package name, linux-kvm, as removed package linux-headers-5.15.0-1072-kvm. As such we can use the source package version of the removed package, '5.15.0-1072.77', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-modules-5.15.0-1073-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1072.77", "version": null }, "to_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1073.78", "version": "5.15.0-1073.78" }, "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2093559, 2093573 ], "changes": [ { "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "log": [ "", " * jammy/linux-kvm: 5.15.0-1073.78 -proposed tracker (LP: #2093559)", "", " [ Ubuntu: 5.15.0-131.141 ]", "", " * jammy/linux: 5.15.0-131.141 -proposed tracker (LP: #2093573)", " * CVE-2024-53164", " - net: sched: fix ordering of qlen adjustment", " * CVE-2024-53141", " - netfilter: ipset: add missing range check in bitmap_ip_uadt", " * CVE-2024-53103", " - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer", "" ], "package": "linux-kvm", "version": "5.15.0-1073.78", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2093559, 2093573 ], "author": "Koichiro Den ", "date": "Thu, 16 Jan 2025 12:21:22 +0900" } ], "notes": "linux-modules-5.15.0-1073-kvm version '5.15.0-1073.78' (source package linux-kvm version '5.15.0-1073.78') was added. linux-modules-5.15.0-1073-kvm version '5.15.0-1073.78' has the same source package name, linux-kvm, as removed package linux-headers-5.15.0-1072-kvm. As such we can use the source package version of the removed package, '5.15.0-1072.77', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-headers-5.15.0-1072-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1072.77", "version": "5.15.0-1072.77" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-image-5.15.0-1072-kvm", "from_version": { "source_package_name": "linux-signed-kvm", "source_package_version": "5.15.0-1072.77", "version": "5.15.0-1072.77" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-kvm-headers-5.15.0-1072", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1072.77", "version": "5.15.0-1072.77" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-modules-5.15.0-1072-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1072.77", "version": "5.15.0-1072.77" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from daily image serial 20250123 to 20250128", "from_series": "jammy", "to_series": "jammy", "from_serial": "20250123", "to_serial": "20250128", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }