{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-headers-5.15.0-1079-kvm", "linux-image-5.15.0-1079-kvm", "linux-kvm-headers-5.15.0-1079", "linux-modules-5.15.0-1079-kvm" ], "removed": [ "linux-headers-5.15.0-1078-kvm", "linux-image-5.15.0-1078-kvm", "linux-kvm-headers-5.15.0-1078", "linux-modules-5.15.0-1078-kvm" ], "diff": [ "linux-headers-kvm", "linux-image-kvm", "linux-kvm" ] } }, "diff": { "deb": [ { "name": "linux-headers-kvm", "from_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1078.74", "version": "5.15.0.1078.74" }, "to_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1079.75", "version": "5.15.0.1079.75" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-1079", "" ], "package": "linux-meta-kvm", "version": "5.15.0.1079.75", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Koichiro Den ", "date": "Tue, 15 Apr 2025 22:18:33 +0900" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-kvm", "from_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1078.74", "version": "5.15.0.1078.74" }, "to_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1079.75", "version": "5.15.0.1079.75" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-1079", "" ], "package": "linux-meta-kvm", "version": "5.15.0.1079.75", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Koichiro Den ", "date": "Tue, 15 Apr 2025 22:18:33 +0900" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-kvm", "from_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1078.74", "version": "5.15.0.1078.74" }, "to_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1079.75", "version": "5.15.0.1079.75" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-1079", "" ], "package": "linux-meta-kvm", "version": "5.15.0.1079.75", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Koichiro Den ", "date": "Tue, 15 Apr 2025 22:18:33 +0900" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [ { "name": "linux-headers-5.15.0-1079-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1078.83", "version": null }, "to_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1079.84", "version": "5.15.0-1079.84" }, "cves": [ { "cve": "CVE-2023-52664", "url": "https://ubuntu.com/security/CVE-2023-52664", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer.", "cve_priority": "high", "cve_public_date": "2024-05-17 14:15:00 UTC" }, { "cve": "CVE-2023-52927", "url": "https://ubuntu.com/security/CVE-2023-52927", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "cve_priority": "high", "cve_public_date": "2025-03-14 15:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2107024, 2107038, 1786013 ], "changes": [ { "cves": [ { "cve": "CVE-2023-52664", "url": "https://ubuntu.com/security/CVE-2023-52664", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer.", "cve_priority": "high", "cve_public_date": "2024-05-17 14:15:00 UTC" }, { "cve": "CVE-2023-52927", "url": "https://ubuntu.com/security/CVE-2023-52927", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "cve_priority": "high", "cve_public_date": "2025-03-14 15:15:00 UTC" } ], "log": [ "", " * jammy/linux-kvm: 5.15.0-1079.84 -proposed tracker (LP: #2107024)", "", " [ Ubuntu: 5.15.0-139.149 ]", "", " * jammy/linux: 5.15.0-139.149 -proposed tracker (LP: #2107038)", " * Packaging resync (LP: #1786013)", " - [Packaging] update annotations scripts", " * CVE-2023-52664", " - net: atlantic: eliminate double free in error handling logic", " * CVE-2023-52927", " - netfilter: allow exp not to be removed in nf_ct_find_expectation", "" ], "package": "linux-kvm", "version": "5.15.0-1079.84", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2107024, 2107038, 1786013 ], "author": "Koichiro Den ", "date": "Tue, 15 Apr 2025 22:17:29 +0900" } ], "notes": "linux-headers-5.15.0-1079-kvm version '5.15.0-1079.84' (source package linux-kvm version '5.15.0-1079.84') was added. linux-headers-5.15.0-1079-kvm version '5.15.0-1079.84' has the same source package name, linux-kvm, as removed package linux-headers-5.15.0-1078-kvm. As such we can use the source package version of the removed package, '5.15.0-1078.83', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-image-5.15.0-1079-kvm", "from_version": { "source_package_name": "linux-signed-kvm", "source_package_version": "5.15.0-1078.83", "version": null }, "to_version": { "source_package_name": "linux-signed-kvm", "source_package_version": "5.15.0-1079.84", "version": "5.15.0-1079.84" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 5.15.0-1079.84", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed-kvm", "version": "5.15.0-1079.84", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 1786013 ], "author": "Koichiro Den ", "date": "Tue, 15 Apr 2025 22:18:52 +0900" } ], "notes": "linux-image-5.15.0-1079-kvm version '5.15.0-1079.84' (source package linux-signed-kvm version '5.15.0-1079.84') was added. linux-image-5.15.0-1079-kvm version '5.15.0-1079.84' has the same source package name, linux-signed-kvm, as removed package linux-image-5.15.0-1078-kvm. As such we can use the source package version of the removed package, '5.15.0-1078.83', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-kvm-headers-5.15.0-1079", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1078.83", "version": null }, "to_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1079.84", "version": "5.15.0-1079.84" }, "cves": [ { "cve": "CVE-2023-52664", "url": "https://ubuntu.com/security/CVE-2023-52664", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer.", "cve_priority": "high", "cve_public_date": "2024-05-17 14:15:00 UTC" }, { "cve": "CVE-2023-52927", "url": "https://ubuntu.com/security/CVE-2023-52927", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "cve_priority": "high", "cve_public_date": "2025-03-14 15:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2107024, 2107038, 1786013 ], "changes": [ { "cves": [ { "cve": "CVE-2023-52664", "url": "https://ubuntu.com/security/CVE-2023-52664", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer.", "cve_priority": "high", "cve_public_date": "2024-05-17 14:15:00 UTC" }, { "cve": "CVE-2023-52927", "url": "https://ubuntu.com/security/CVE-2023-52927", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "cve_priority": "high", "cve_public_date": "2025-03-14 15:15:00 UTC" } ], "log": [ "", " * jammy/linux-kvm: 5.15.0-1079.84 -proposed tracker (LP: #2107024)", "", " [ Ubuntu: 5.15.0-139.149 ]", "", " * jammy/linux: 5.15.0-139.149 -proposed tracker (LP: #2107038)", " * Packaging resync (LP: #1786013)", " - [Packaging] update annotations scripts", " * CVE-2023-52664", " - net: atlantic: eliminate double free in error handling logic", " * CVE-2023-52927", " - netfilter: allow exp not to be removed in nf_ct_find_expectation", "" ], "package": "linux-kvm", "version": "5.15.0-1079.84", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2107024, 2107038, 1786013 ], "author": "Koichiro Den ", "date": "Tue, 15 Apr 2025 22:17:29 +0900" } ], "notes": "linux-kvm-headers-5.15.0-1079 version '5.15.0-1079.84' (source package linux-kvm version '5.15.0-1079.84') was added. linux-kvm-headers-5.15.0-1079 version '5.15.0-1079.84' has the same source package name, linux-kvm, as removed package linux-headers-5.15.0-1078-kvm. As such we can use the source package version of the removed package, '5.15.0-1078.83', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-modules-5.15.0-1079-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1078.83", "version": null }, "to_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1079.84", "version": "5.15.0-1079.84" }, "cves": [ { "cve": "CVE-2023-52664", "url": "https://ubuntu.com/security/CVE-2023-52664", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer.", "cve_priority": "high", "cve_public_date": "2024-05-17 14:15:00 UTC" }, { "cve": "CVE-2023-52927", "url": "https://ubuntu.com/security/CVE-2023-52927", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "cve_priority": "high", "cve_public_date": "2025-03-14 15:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2107024, 2107038, 1786013 ], "changes": [ { "cves": [ { "cve": "CVE-2023-52664", "url": "https://ubuntu.com/security/CVE-2023-52664", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer.", "cve_priority": "high", "cve_public_date": "2024-05-17 14:15:00 UTC" }, { "cve": "CVE-2023-52927", "url": "https://ubuntu.com/security/CVE-2023-52927", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "cve_priority": "high", "cve_public_date": "2025-03-14 15:15:00 UTC" } ], "log": [ "", " * jammy/linux-kvm: 5.15.0-1079.84 -proposed tracker (LP: #2107024)", "", " [ Ubuntu: 5.15.0-139.149 ]", "", " * jammy/linux: 5.15.0-139.149 -proposed tracker (LP: #2107038)", " * Packaging resync (LP: #1786013)", " - [Packaging] update annotations scripts", " * CVE-2023-52664", " - net: atlantic: eliminate double free in error handling logic", " * CVE-2023-52927", " - netfilter: allow exp not to be removed in nf_ct_find_expectation", "" ], "package": "linux-kvm", "version": "5.15.0-1079.84", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2107024, 2107038, 1786013 ], "author": "Koichiro Den ", "date": "Tue, 15 Apr 2025 22:17:29 +0900" } ], "notes": "linux-modules-5.15.0-1079-kvm version '5.15.0-1079.84' (source package linux-kvm version '5.15.0-1079.84') was added. linux-modules-5.15.0-1079-kvm version '5.15.0-1079.84' has the same source package name, linux-kvm, as removed package linux-headers-5.15.0-1078-kvm. As such we can use the source package version of the removed package, '5.15.0-1078.83', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-headers-5.15.0-1078-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1078.83", "version": "5.15.0-1078.83" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-5.15.0-1078-kvm", "from_version": { "source_package_name": "linux-signed-kvm", "source_package_version": "5.15.0-1078.83", "version": "5.15.0-1078.83" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-kvm-headers-5.15.0-1078", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1078.83", "version": "5.15.0-1078.83" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-modules-5.15.0-1078-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1078.83", "version": "5.15.0-1078.83" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from daily image serial 20250501 to 20250504", "from_series": "jammy", "to_series": "jammy", "from_serial": "20250501", "to_serial": "20250504", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }