[ubuntu/questing-updates] linux-azure 6.17.0-1017.17 (Accepted)

Andy Whitcroft apw at canonical.com
Thu May 28 15:35:49 UTC 2026 

linux-azure (6.17.0-1017.17) questing; urgency=medium

  [ Ubuntu: 6.17.0-35.35 ]

  * GRO managed-frag use-after-free leading to local privilege escalation
    (LP: #2154172)
    - net: gro: don't merge zcopy skbs

  [ Ubuntu: 6.17.0-32.32 ]

  * apparmor (LP: #2151747)
    - SAUCE: apparmor: pass big_resp to handler
    - SAUCE: apparmor: remove redundant kref_init for listener->count
    - SAUCE: apparmor: fix NULL pointer dereference in unpack_pdb
  * apparmor (LP: #2151747) // CVE-2026-47337
    - SAUCE: apparmor: fix NULL pointer dereference in bind_map_addr
  * apparmor (LP: #2151747) // CVE-2026-47334
    - SAUCE: apparmor: fix sleep prone memory allocation under a spin_lock
  * apparmor (LP: #2151747) // CVE-2026-47333
    - SAUCE: apparmor: fix dfa unpacking size of the notification filter
  * apparmor (LP: #2151747) // CVE-2026-47332
    - SAUCE: apparmor: fix size check against type instead of pointer
  * apparmor: LLVM/clang build failure due to uninitialized variable in
    notify.c (LP: #2148809) // CVE-2026-47330
    - SAUCE: apparmor: initialize variable used in uninitialized context
  * apparmor (LP: #2151747) // CVE-2026-47329
    - SAUCE: apparmor: fix name validation bypass on notification
  * apparmor (LP: #2151747) // CVE-2026-47327 // CVE-2026-47328
    - SAUCE: apparmor: fix glob memory leak after kstrdup
  * apparmor (LP: #2151747) // CVE-2026-47326
    - SAUCE: apparmor: fix inverted NULL check after aa_get_buffer

linux-azure (6.17.0-1016.16) questing; urgency=medium

  * questing/linux-azure: 6.17.0-1016.16 -proposed tracker (LP: #2153747)

  [ Ubuntu: 6.17.0-31.31 ]

  * questing/linux: 6.17.0-31.31 -proposed tracker (LP: #2153765)
  * Packaging resync (LP: #1786013)
    - [Packaging] update annotations scripts
  * CVE-2026-46300
    - net: skbuff: preserve shared-frag marker during coalescing
    - net: skbuff: propagate shared-frag marker through frag-transfer helpers
  * net/rds: reset op_nents when zerocopy page pin fails (LP: #2153962)
    - net/rds: reset op_nents when zerocopy page pin fails
  * CVE-2026-46333
    - ptrace: slightly saner 'get_dumpable()' logic
  * CVE-2026-43500
    - rxrpc: Fix conn-level packet handling to unshare RESPONSE packets
    - rxrpc: Fix potential UAF after skb_unshare() failure
    - rxrpc: Fix rxrpc_input_call_event() to only unshare DATA packets
    - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
  * CVE-2026-31676 // CVE-2026-43500
    - rxrpc: only handle RESPONSE during service challenge
  * CVE-2026-43284
    - xfrm: esp: avoid in-place decrypt on shared skb frags

Date: 2026-05-27 18:51:09.842746+00:00
Changed-By: John Cabaj <john-cabaj at ubuntu.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-azure/6.17.0-1017.17
-------------- next part --------------
Sorry, changesfile not available.

More information about the Questing-changes mailing list