[ubuntu/questing-updates] linux-riscv 6.17.0-20.20.1 (Accepted)

[Andy Whitcroft]

linux-riscv (6.17.0-20.20.1) questing; urgency=medium

  * questing/linux-riscv: 6.17.0-20.20.1 -proposed tracker (LP: #2144293)

  [ Ubuntu: 6.17.0-20.20 ]

  * questing/linux: 6.17.0-20.20 -proposed tracker (LP: #2144297)
  * CVE-2026-23074
    - net/sched: Enforce that teql can only be used as root qdisc
  * CVE-2026-23060
    - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN
      spec
  * CVE-2026-23111
    - netfilter: nf_tables: fix inverted genmask check in
      nft_map_catchall_activate()

  [ Ubuntu: 6.17.0-19.19 ]

  * Questing: Failed to query NVIDIA devices (LP: #2143480)
    - [Config] disable NOVA_CORE
  * Miscellaneous upstream changes
    - apparmor: validate DFA start states are in bounds in unpack_pdb
    - apparmor: fix memory leak in verify_header
    - apparmor: replace recursive profile removal with iterative approach
    - apparmor: fix: limit the number of levels of policy namespaces
    - apparmor: fix side-effect bug in match_char() macro usage
    - apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
    - apparmor: Fix double free of ns_name in aa_replace_profiles()
    - apparmor: fix unprivileged local user can do privileged policy
      management
    - apparmor: fix differential encoding verification
    - apparmor: fix race on rawdata dereference
    - apparmor: fix race between freeing data and fs accessing it

Date: 2026-03-19 12:52:10.695382+00:00
Changed-By: Sarah Emery <sarah.emery at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-riscv/6.17.0-20.20.1
-------------- next part --------------
Sorry, changesfile not available.