Flatcar Container Linux
      • Sharing URL Link copied
      • /edit
      • View mode
        • Edit mode
        • View mode
        • Book mode
        • Slide mode
        Edit mode View mode Book mode Slide mode
      • Customize slides
      • Note Permission
      • Read
        • Owners
        • Signed-in users
        • Everyone
        Owners Signed-in users Everyone
      • Write
        • Owners
        • Signed-in users
        • Everyone
        Owners Signed-in users Everyone
      • Engagement control Commenting, Suggest edit, Emoji Reply
    • Invite by email
      Invitee

      This note has no invitees

    • Publish Note

      Share your work with the world Congratulations! 🎉 Your note is out in the world Publish Note

      Your note will be visible on your profile and discoverable by anyone.
      Your note is now live.
      This note is visible on your profile and discoverable online.
      Everyone on the web can find and read all notes of this public team.
      See published notes
      Unpublish note
      Please check the box to agree to the Community Guidelines.
      View profile
    • Commenting
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
      • Everyone
    • Suggest edit
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
    • Emoji Reply
    • Enable
    • Versions and GitHub Sync
    • Note settings
    • Note Insights New
    • Engagement control
    • Make a copy
    • Transfer ownership
    • Delete this note
    • Insert from template
    • Import from
      • Dropbox
      • Google Drive
      • Gist
      • Clipboard
    • Export to
      • Dropbox
      • Google Drive
      • Gist
    • Download
      • Markdown
      • HTML
      • Raw HTML
Menu Note settings Note Insights Versions and GitHub Sync Sharing URL Help
Menu
Options
Engagement control Make a copy Transfer ownership Delete this note
Import from
Dropbox Google Drive Gist Clipboard
Export to
Dropbox Google Drive Gist
Download
Markdown HTML Raw HTML
Back
Sharing URL Link copied
/edit
View mode
  • Edit mode
  • View mode
  • Book mode
  • Slide mode
Edit mode View mode Book mode Slide mode
Customize slides
Note Permission
Read
Owners
  • Owners
  • Signed-in users
  • Everyone
Owners Signed-in users Everyone
Write
Owners
  • Owners
  • Signed-in users
  • Everyone
Owners Signed-in users Everyone
Engagement control Commenting, Suggest edit, Emoji Reply
  • Invite by email
    Invitee

    This note has no invitees

    • Publish Note

    Share your work with the world Congratulations! 🎉 Your note is out in the world Publish Note

    Your note will be visible on your profile and discoverable by anyone.
    Your note is now live.
    This note is visible on your profile and discoverable online.
    Everyone on the web can find and read all notes of this public team.
    See published notes
    Unpublish note
    Please check the box to agree to the Community Guidelines.
    View profile
    Engagement control
    Commenting
    Permission
    Disabled Forbidden Owners Signed-in users Everyone
    Enable
    Permission
    • Forbidden
    • Owners
    • Signed-in users
    • Everyone
    Suggest edit
    Permission
    Disabled Forbidden Owners Signed-in users Everyone
    Enable
    Permission
    • Forbidden
    • Owners
    • Signed-in users
    Emoji Reply
    Enable
    Import from Dropbox Google Drive Gist Clipboard
       Owned this note    Owned this note      
    Published Linked with GitHub
    • Any changes
      Be notified of any changes
    • Mention me
      Be notified of mention me
    • Unsubscribe
    # Flatcar Container Linux Release - September 6th, 2023 ## Alpha 3717.0.0 - AMD64-usr - Platforms succeeded: All except Azure - Platforms failed: Azure (Kernel warnings: cl.ignition.kargs) - Platforms not tested: None - ARM64-usr - Platforms succeeded: All except EM, Azure - Platforms failed: EM (Kernel warnings: cl.network.initramfs.second-boot, coreos.ignition.once) Azure (Kernel warnings: cl.ignition.kargs) - Platforms not tested: None VERDICT: _GO_ / _WAIT_ / _NO-GO_ ## Beta 3602.1.5 - AMD64-usr - Platforms succeeded: All except DigitalOcean - Platforms failed: DigitalOcean - Platforms not tested: None - ARM64-usr - Platforms succeeded: All except EM - Platforms failed: EM (already known issue of availability of c3.large.arm64 instances) - Platforms not tested: None VERDICT: _GO_ / _WAIT_ / _NO-GO_ ## Stable 3510.2.7 - AMD64-usr - Platforms succeeded: All - Platforms failed: None - Platforms not tested: None - ARM64-usr - Platforms succeeded: All except EM - Platforms failed: EM (already known issue of availability of c3.large.arm64 instances - kubeadm.v1.24.14.calico.base) - Platforms not tested: None VERDICT: _GO_ / _WAIT_ / _NO-GO_ ## LTS 3033.3.17 - AMD64-usr - Platforms succeeded: All - Platforms failed: None - Platforms not tested: None - ARM64-usr - Platforms succeeded: All - Platforms failed: None - Platforms not tested: None VERDICT: _GO_ / _WAIT_ / _NO-GO_ ## Communication --- #### Guidelines / Things to Remember - Release notes are used in a PR and will appear on https://www.flatcar.org/releases/ - [Announcement Message](#Announcement-Message) is posted in [Flatcar-Linux-user](https://groups.google.com/g/flatcar-linux-user). Make sure to post as “Flatcar Container Linux User”, not with your personal user (this can be selected when drafting the post). --- ### Announcement Message Subject: Announcing new releases Alpha 3717.0.0, Beta 3602.1.5, Stable 3510.2.7, LTS 3033.3.17 Hello, We are pleased to announce a new Flatcar Container Linux release for the Alpha, Beta, Stable, LTS channel. ## New Alpha Release 3717.0.0 _Changes since **Alpha 3689.0.0**_ #### Security fixes: - Linux ([CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588), [CVE-2023-34319](https://nvd.nist.gov/vuln/detail/CVE-2023-34319), [CVE-2023-3772](https://nvd.nist.gov/vuln/detail/CVE-2023-3772), [CVE-2023-3773](https://nvd.nist.gov/vuln/detail/CVE-2023-3773), [CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283), [CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128), [CVE-2023-4155](https://nvd.nist.gov/vuln/detail/CVE-2023-4155), [CVE-2023-4273](https://nvd.nist.gov/vuln/detail/CVE-2023-4273), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908)) - grub ([CVE-2020-10713](https://nvd.nist.gov/vuln/detail/CVE-2020-10713), [CVE-2020-14372](https://nvd.nist.gov/vuln/detail/CVE-2020-14372), [CVE-2020-25632](https://nvd.nist.gov/vuln/detail/CVE-2020-25632), [CVE-2020-25647](https://nvd.nist.gov/vuln/detail/CVE-2020-25647), [CVE-2020-27749](https://nvd.nist.gov/vuln/detail/CVE-2020-27749), [CVE-2020-27779](https://nvd.nist.gov/vuln/detail/CVE-2020-27779), [CVE-2021-20225](https://nvd.nist.gov/vuln/detail/CVE-2021-20225), [CVE-2021-20233](https://nvd.nist.gov/vuln/detail/CVE-2021-20233), [CVE-2021-3981](https://nvd.nist.gov/vuln/detail/CVE-2021-3981), [CVE-2021-3695](https://nvd.nist.gov/vuln/detail/CVE-2021-3695), [CVE-2021-3696](https://nvd.nist.gov/vuln/detail/CVE-2021-3696), [CVE-2021-3697](https://nvd.nist.gov/vuln/detail/CVE-2021-3697), [CVE-2022-28733](https://nvd.nist.gov/vuln/detail/CVE-2022-28733), [CVE-2022-28734](https://nvd.nist.gov/vuln/detail/CVE-2022-28734), [CVE-2022-28735](https://nvd.nist.gov/vuln/detail/CVE-2022-28735), [CVE-2022-28736](https://nvd.nist.gov/vuln/detail/CVE-2022-28736), [CVE-2022-28737](https://nvd.nist.gov/vuln/detail/CVE-2022-28737), [CVE-2022-2601](https://nvd.nist.gov/vuln/detail/CVE-2022-2601), [CVE-2022-3775](https://nvd.nist.gov/vuln/detail/CVE-2022-3775)) - intel-microcode ([CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908)) - libarchive ([libarchive-20230729](https://github.com/libarchive/libarchive/releases/tag/v3.7.1)) - vim ([CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609), [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610)) - VMware: open-vm-tools ([CVE-2023-20900](https://nvd.nist.gov/vuln/detail/CVE-2023-20900)) - SDK: qemu ([CVE-2023-0330](https://nvd.nist.gov/vuln/detail/CVE-2023-0330), [CVE-2023-2861](https://nvd.nist.gov/vuln/detail/CVE-2023-2861)) - SDK: Rust ([CVE-2023-38497](https://nvd.nist.gov/vuln/detail/CVE-2023-38497)) #### Bug fixes: - Fixed the restart of Systemd services when the main process is being killed by a SIGHUP signal ([Flatcar#1157](https://github.com/flatcar/Flatcar/issues/1157)) #### Changes: - Change nvidia.service to type oneshot (from the default "simple") so the subsequent services (configured with "Requires/After") are executed after the driver installation is successfully finished ([Flatcar#1136](https://github.com/flatcar/Flatcar/issues/1136)) #### Updates: - Linux ([6.1.50](https://lwn.net/Articles/943112) (includes [6.1.49](https://lwn.net/Articles/942880), [6.1.48](https://lwn.net/Articles/942865), [6.1.47](https://lwn.net/Articles/942531), [6.1.46](https://lwn.net/Articles/941774), [6.1.45](https://lwn.net/Articles/941275), [6.1.44](https://lwn.net/Articles/940800))) - Linux Firmware ([20230804](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230804)) - cifs-utils ([7.0](https://lists.samba.org/archive/samba-technical/2022-August/137528.html)) - containerd ([1.7.5](https://github.com/containerd/containerd/releases/tag/v1.7.5) (includes [1.7.4](https://github.com/containerd/containerd/releases/tag/v1.7.4))) - cryptsetup ([2.6.1](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.6.1/docs/v2.6.1-ReleaseNotes) (includes [2.6.0](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.6.0/docs/v2.6.0-ReleaseNotes) and [2.5.0](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.5.0/docs/v2.5.0-ReleaseNotes))) - curl ([8.2.1](https://curl.se/changes.html#8_2_1) (includes [8.2.0](https://curl.se/changes.html#8_2_0))) - gdbm ([1.23](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00004.html)) - grub ([2.06](https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00022.html)) - intel-microcode ([20230808](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808) (includes [20230613](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230613))) - libarchive ([3.7.1](https://github.com/libarchive/libarchive/releases/tag/v3.7.1) (includes [3.7.0](https://github.com/libarchive/libarchive/releases/tag/v3.7.0))) - libassuan ([2.5.6](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libassuan.git;a=blob;f=NEWS;h=e52bb5dd36ac93ea227e53e89f82af9ccf38f339;hb=6b50ee6bcdd6aa81bd7cc3fb2379864c3ed479b8)) - libksba ([1.6.4](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=blob;f=NEWS;h=f640523209c1c9ce9855040e53914a79d24d6a67;hb=557999424ebd13e70d6fc17e648a5dd2a06f440b)) - libmd ([1.1.0](https://git.hadrons.org/cgit/libmd.git/log/?h=1.1.0)) - libuv ([1.46.0](https://github.com/libuv/libuv/releases/tag/v1.46.0) (includes [1.45.0](https://github.com/libuv/libuv/releases/tag/v1.45.0))) - lsof ([4.98.0](https://github.com/lsof-org/lsof/blob/4.98.0/00DIST#L5471)) - open-isns ([0.102](https://github.com/open-iscsi/open-isns/blob/v0.102/ChangeLog)) - openldap ([2.6.3](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/FQJM2JSSSOMLQH7XC7Q5IZJYOGCTV2LK/) (includes [2.6](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/IHS5V46H6NFNFUERMC6AWMPHTWRVNLFA/))) - parted ([3.6](https://git.savannah.gnu.org/gitweb/?p=parted.git;a=blob;f=NEWS;h=52bb11697039f70e55120c571750f9ee761a75aa;hb=3b5f327b213d21e9adb9ba933c78dd898fee5b1d)) - psmisc ([23.6](https://gitlab.com/psmisc/psmisc/-/blob/v23.6/ChangeLog)) - qemu guest agent ([8.0.3](https://wiki.qemu.org/ChangeLog/8.0#Guest_agent)) - quota ([4.09](https://sourceforge.net/p/linuxquota/code/ci/87d2fd7635e4bca54fa2a00b8d5b073ba9ca521b/tree/Changelog)) - runc ([1.1.9](https://github.com/opencontainers/runc/releases/tag/v1.1.9)) - vim ([9.0.1678](https://github.com/vim/vim/commits/v9.0.1678) (includes [9.0.1677](https://github.com/vim/vim/commits/v9.0.1677))) - xfsprogs ([6.3.0](https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/doc/CHANGES?h=v6.3.0)) - VMware: open-vm-tools ([12.3.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0)) - SDK: portage ([3.0.49](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.49)) - SDK: Rust ([1.72.0](https://github.com/rust-lang/rust/releases/tag/1.72.0) (includes [1.71.1](https://github.com/rust-lang/rust/releases/tag/1.71.1))) - SDK: qemu ([8.0.3](https://wiki.qemu.org/ChangeLog/8.0)) ## New Beta Release 3602.1.5 _Changes since **Beta 3602.1.4**_ #### Security fixes: - Linux ([CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588), [CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283), [CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908)) #### Bug fixes: - Fixed the restart of Systemd services when the main process is being killed by a SIGHUP signal ([flatcar#1157](https://github.com/flatcar/Flatcar/issues/1157)) #### Updates: - Linux ([5.15.129](https://lwn.net/Articles/943113) (includes [5.15.128](https://lwn.net/Articles/942866), [5.15.127](https://lwn.net/Articles/941775), [5.15.126](https://lwn.net/Articles/941296), [5.15.125](https://lwn.net/Articles/940801))) ## New Stable Release 3510.2.7 _Changes since **Stable 3510.2.6**_ #### Security fixes: - Linux ([CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-1206](https://nvd.nist.gov/vuln/detail/CVE-2023-1206), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-4004](https://nvd.nist.gov/vuln/detail/CVE-2023-4004), [CVE-2023-4147](https://nvd.nist.gov/vuln/detail/CVE-2023-4147), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908)) #### Bug fixes: - Fixed the restart of Systemd services when the main process is being killed by a SIGHUP signal ([flatcar#1157](https://github.com/flatcar/Flatcar/issues/1157)) #### Updates: - Linux ([5.15.125](https://lwn.net/Articles/940801) (includes [5.15.124](https://lwn.net/Articles/940339), [5.15.123](https://lwn.net/Articles/939424))) ## New LTS Release 3033.3.17 _Changes since **LTS 3033.3.16**_ #### Security fixes: - Linux ([CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908), [CVE-2023-1206](https://nvd.nist.gov/vuln/detail/CVE-2023-1206), [CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588), [CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283), [CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128), [CVE-2023-4147](https://nvd.nist.gov/vuln/detail/CVE-2023-4147), [CVE-2023-4273](https://nvd.nist.gov/vuln/detail/CVE-2023-4273)) #### Updates: - Linux ([5.10.193](https://lwn.net/Articles/943114) (includes [5.10.192](https://lwn.net/Articles/942867), [5.10.191](https://lwn.net/Articles/941777),[5.10.190](https://lwn.net/Articles/941276), [5.10.189](https://lwn.net/Articles/940802))) ### Detailed Security Report **Security fix**: With the Alpha 3717.0.0, Beta 3602.1.5, Stable 3510.2.7, LTS 3033.3.17 releases we ship fixes for the CVEs listed below. #### Alpha 3717.0.0 * Linux * [CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982) CVSSv3 score: n/a Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. * [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804) CVSSv3 score: 6.7(Medium) Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. * [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569) CVSSv3 score: 7.5(High) A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure. * [CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588) CVSSv3 score: 7.5(High) A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.  * [CVE-2023-34319](https://nvd.nist.gov/vuln/detail/CVE-2023-34319) CVSSv3 score: n/a * [CVE-2023-3772](https://nvd.nist.gov/vuln/detail/CVE-2023-3772) CVSSv3 score: 4.4(Medium) A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. * [CVE-2023-3773](https://nvd.nist.gov/vuln/detail/CVE-2023-3773) CVSSv3 score: 4.4(Medium) A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace. * [CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283) CVSSv3 score: 7.8(High) An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. * [CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128) CVSSv3 score: n/a A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. * [CVE-2023-4155](https://nvd.nist.gov/vuln/detail/CVE-2023-4155) CVSSv3 score: n/a * [CVE-2023-4273](https://nvd.nist.gov/vuln/detail/CVE-2023-4273) CVSSv3 score: 6.7(Medium) A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. * [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908) CVSSv3 score: 4.4(Medium) Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. * SDK: Rust * [CVE-2023-38497](https://nvd.nist.gov/vuln/detail/CVE-2023-38497) CVSSv3 score: 7.3(High) Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`. * VMware: open-vm-tools * [CVE-2023-20900](https://nvd.nist.gov/vuln/detail/CVE-2023-20900) CVSSv3 score: n/a VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor with man-in-the-middle (MITM) network positioning in the virtual machine network may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations. * grub * [CVE-2020-10713](https://nvd.nist.gov/vuln/detail/CVE-2020-10713) CVSSv3 score: 8.2(High) A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. * [CVE-2020-14372](https://nvd.nist.gov/vuln/detail/CVE-2020-14372) CVSSv3 score: 7.5(High) A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. * [CVE-2020-25632](https://nvd.nist.gov/vuln/detail/CVE-2020-25632) CVSSv3 score: 8.2(High) A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. * [CVE-2020-25647](https://nvd.nist.gov/vuln/detail/CVE-2020-25647) CVSSv3 score: 7.6(High) A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. * [CVE-2020-27749](https://nvd.nist.gov/vuln/detail/CVE-2020-27749) CVSSv3 score: 6.7(Medium) A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. * [CVE-2020-27779](https://nvd.nist.gov/vuln/detail/CVE-2020-27779) CVSSv3 score: 7.5(High) A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. * [CVE-2021-20225](https://nvd.nist.gov/vuln/detail/CVE-2021-20225) CVSSv3 score: 6.7(Medium) A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. * [CVE-2021-20233](https://nvd.nist.gov/vuln/detail/CVE-2021-20233) CVSSv3 score: 8.2(High) A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. * [CVE-2021-3981](https://nvd.nist.gov/vuln/detail/CVE-2021-3981) CVSSv3 score: 3.3(Low) A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. * [CVE-2021-3695](https://nvd.nist.gov/vuln/detail/CVE-2021-3695) CVSSv3 score: 4.5(Medium) A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. * [CVE-2021-3696](https://nvd.nist.gov/vuln/detail/CVE-2021-3696) CVSSv3 score: 4.5(Medium) A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. * [CVE-2021-3697](https://nvd.nist.gov/vuln/detail/CVE-2021-3697) CVSSv3 score: 7(High) A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. * [CVE-2022-28733](https://nvd.nist.gov/vuln/detail/CVE-2022-28733) CVSSv3 score: n/a Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer. * [CVE-2022-28734](https://nvd.nist.gov/vuln/detail/CVE-2022-28734) CVSSv3 score: 9.8(Critical) Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata. * [CVE-2022-28735](https://nvd.nist.gov/vuln/detail/CVE-2022-28735) CVSSv3 score: 7.8(High) The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. * [CVE-2022-28736](https://nvd.nist.gov/vuln/detail/CVE-2022-28736) CVSSv3 score: 7.8(High) There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved. * [CVE-2022-28737](https://nvd.nist.gov/vuln/detail/CVE-2022-28737) CVSSv3 score: 7.8(High) There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario. * [CVE-2022-2601](https://nvd.nist.gov/vuln/detail/CVE-2022-2601) CVSSv3 score: 8.6(High) A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. * [CVE-2022-3775](https://nvd.nist.gov/vuln/detail/CVE-2022-3775) CVSSv3 score: 7.1(High) When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. * intel-microcode * [CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982) CVSSv3 score: n/a Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. * [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804) CVSSv3 score: 6.7(Medium) Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. * [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908) CVSSv3 score: 4.4(Medium) Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. * qemu * [CVE-2023-0330](https://nvd.nist.gov/vuln/detail/CVE-2023-0330) CVSSv3 score: 6(Medium) A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. * [CVE-2023-2861](https://nvd.nist.gov/vuln/detail/CVE-2023-2861) CVSSv3 score: n/a * vim * [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) CVSSv3 score: 5.5(Medium) NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. * [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) CVSSv3 score: 7.8(High) Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. #### Beta 3602.1.5 * Linux * [CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982) CVSSv3 score: n/a Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. * [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804) CVSSv3 score: 6.7(Medium) Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. * [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569) CVSSv3 score: 7.5(High) A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure. * [CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588) CVSSv3 score: 7.5(High) A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.  * [CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283) CVSSv3 score: 7.8(High) An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. * [CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128) CVSSv3 score: n/a A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. * [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908) CVSSv3 score: 4.4(Medium) Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. #### Stable 3510.2.7 * Linux * [CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982) CVSSv3 score: n/a Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. * [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804) CVSSv3 score: 6.7(Medium) Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. * [CVE-2023-1206](https://nvd.nist.gov/vuln/detail/CVE-2023-1206) CVSSv3 score: 5.7(Medium) A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. * [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569) CVSSv3 score: 7.5(High) A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure. * [CVE-2023-4004](https://nvd.nist.gov/vuln/detail/CVE-2023-4004) CVSSv3 score: n/a A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. * [CVE-2023-4147](https://nvd.nist.gov/vuln/detail/CVE-2023-4147) CVSSv3 score: n/a A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. * [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569) CVSSv3 score: 7.5(High) A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure. * [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908) CVSSv3 score: 4.4(Medium) Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. #### LTS 3033.3.17 * Linux * [CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982) CVSSv3 score: n/a Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. * [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804) CVSSv3 score: 6.7(Medium) Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. * [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569) CVSSv3 score: 7.5(High) A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure. * [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908) CVSSv3 score: 4.4(Medium) Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. * [CVE-2023-1206](https://nvd.nist.gov/vuln/detail/CVE-2023-1206) CVSSv3 score: 5.7(Medium) A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. * [CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588) CVSSv3 score: 7.5(High) A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. * [CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283) CVSSv3 score: 7.8(High) An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. * [CVE-2023-4128](https://nvd.nist.gov/vuln/detail/CVE-2023-4128) CVSSv3 score: n/a A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. * [CVE-2023-4147](https://nvd.nist.gov/vuln/detail/CVE-2023-4147) CVSSv3 score: n/a A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. * [CVE-2023-4273](https://nvd.nist.gov/vuln/detail/CVE-2023-4273) CVSSv3 score: 6.7(Medium) A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. Best, The Flatcar Container Linux Maintainers --- ### Communication #### Go/No-Go message for Matrix/Slack Go/No-Go Meeting for Alpha 3717.0.0, Beta 3602.1.5, Stable 3510.2.7, LTS 3033.3.17 Pre-view images are available in https://bincache.flatcar-linux.net/images/amd64/$VERSION/ Tracking issue: https://github.com/flatcar/Flatcar/issues/1166 The Go/No-Go document is in our HackMD @flatcar namespace Link: https://hackmd.io/0fWMthtjRRGuSw7cSXdQtA?view Please give your Go/No-Go vote with 💚 for Go, ❌ for No-Go, and ✋ for Wait. Contributors & community feel free to put your suggestions, thoughts or comments on the document or here in the chat. @MAINTAINER @MAINTAINER @MAINTAINER #### Mastodon _The toot (from [@flatcar](https://hachyderm.io/@flatcar)) goes out after the changelog update has been published; it includes a link to the web changelog._ New Flatcar releases for all channels 📦 Many package updates: Linux Kernel, grub, curl and many more 🔒 CVE fixes & security patches: Linux Kernel, grub, etc 📜 Release notes at the usual spot: https://www.flatcar.org/releases/ #linux #cloudnative #containers #updates #### Kubernetes Slack _This goes in the #flatcar channel_ Please welcome Flatcar releases of this month: - Alpha 3717.0.0 (new major) - Beta 3602.1.5 (maintenance release) - Stable 3510.2.7 (maintenance release) - LTS 3033.3.17 (maintenance release) These releases include: 📦 Many package updates: Linux Kernel, grub, curl and many more 🔒 CVE fixes & security patches: Linux Kernel, grub etc 📜 Release notes at the usual spot: https://www.flatcar.org/releases/

    Import from clipboard

    Paste your markdown or webpage here...

    Advanced permission required

    Your current role can only read. Ask the system administrator to acquire write and comment permission.

    This team is disabled

    Sorry, this team is disabled. You can't edit this note.

    This note is locked

    Sorry, only owner can edit this note.

    Reach the limit

    Sorry, you've reached the max length this note can be.
    Please reduce the content or divide it to more notes, thank you!

    Import from Gist

    Import from Snippet

    or

    Export to Snippet

    Are you sure?

    Do you really want to delete this note?
    All users will lose their connection.

    Create a note from template

    Create a note from template

    Oops...
    This template has been removed or transferred.
    Upgrade
    All
    • All
    • Team
    No template.

    Create a template

    Upgrade

    Delete template

    Do you really want to delete this template?
    Turn this template into a regular note and keep its content, versions, and comments.

    This page need refresh

    You have an incompatible client version.
    Refresh to update.
    New version available!
    See releases notes here
    Refresh to enjoy new features.
    Your user state has changed.
    Refresh to load new user state.

    Sign in

    Forgot password

    or

    By clicking below, you agree to our terms of service.

    Sign in via Facebook Sign in via Twitter Sign in via GitHub Sign in via Dropbox Sign in with Wallet
    Wallet ( )
    Connect another wallet

    New to HackMD? Sign up

    Help

    • English
    • 中文
    • Français
    • Deutsch
    • 日本語
    • Español
    • Català
    • Ελληνικά
    • Português
    • italiano
    • Türkçe
    • Русский
    • Nederlands
    • hrvatski jezik
    • język polski
    • Українська
    • हिन्दी
    • svenska
    • Esperanto
    • dansk

    Documents

    Help & Tutorial

    How to use Book mode

    Slide Example

    API Docs

    Edit in VSCode

    Install browser extension

    Contacts

    Feedback

    Discord

    Send us email

    Resources

    Releases

    Pricing

    Blog

    Policy

    Terms

    Privacy

    Cheatsheet

    Syntax Example Reference
    # Header Header 基本排版
    - Unordered List
    • Unordered List
    1. Ordered List
    1. Ordered List
    - [ ] Todo List
    • Todo List
    > Blockquote
    Blockquote
    **Bold font** Bold font
    *Italics font* Italics font
    ~~Strikethrough~~ Strikethrough
    19^th^ 19th
    H~2~O H2O
    ++Inserted text++ Inserted text
    ==Marked text== Marked text
    [link text](https:// "title") Link
    ![image alt](https:// "title") Image
    `Code` Code 在筆記中貼入程式碼
    ```javascript
    var i = 0;
    ```    		 
    var i = 0;
    :smile: :smile: Emoji list
    {%youtube youtube_id %} Externals
    $L^aT_eX$ LaTeX
    :::info
    This is a alert area.
    :::

    This is a alert area.
    Versions and GitHub Sync
    Get Full History Access

    • Edit version name
    • Delete

    revision author avatar     named on  

    More Less

    Note content is identical to the latest version.
    Compare
      Choose a version
      No search result
      Version not found
    Sign in to link this note to GitHub
    Learn more
    This note is not linked with GitHub
     

    Feedback

    Submission failed, please try again

    Thanks for your support.

    On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?

    Please give us some advice and help us improve HackMD.

     

    Thanks for your feedback

    Remove version name

    Do you want to remove this version name and description?

    Transfer ownership

    Transfer to
      Warning: is a public team. If you transfer note to this team, everyone on the web can find and read this note.

        Link with GitHub

        Please authorize HackMD on GitHub
        • Please sign in to GitHub and install the HackMD app on your GitHub repo.
        • HackMD links with GitHub through a GitHub App. You can choose which repo to install our App.
        Learn more  Sign in to GitHub

        Push the note to GitHub Push to GitHub Pull a file from GitHub

          Authorize again
         

        Choose which file to push to

        Select repo
        Refresh Authorize more repos
        Select branch
        Select file
        Select branch
        Choose version(s) to push
        • Save a new version and push
        • Choose from existing versions
        Include title and tags
        Available push count

        Pull from GitHub

         
        File from GitHub
        File from HackMD

        GitHub Link Settings

        File linked

        Linked by
        File path
        Last synced branch
        Available push count

        Danger Zone

        Unlink
        You will no longer receive notification when GitHub file changes after unlink.

        Syncing

        Push failed

        Push successfully