[ubuntu/bionic-security] linux-gcp-5.4 5.4.0-1092.101~18.04.1 (Accepted)
Andy Whitcroft
apw at canonical.com
Wed Oct 19 08:34:02 UTC 2022
linux-gcp-5.4 (5.4.0-1092.101~18.04.1) bionic; urgency=medium
[ Ubuntu: 5.4.0-1092.101 ]
* CVE-2022-2602
- SAUCE: io_uring/af_unix: defer registered files gc to io_uring release
- SAUCE: io_uring/af_unix: fix memleak during unix GC
* CVE-2022-41674
- SAUCE: wifi: cfg80211: fix u8 overflow in
cfg80211_update_notlisted_nontrans()
- SAUCE: wifi: cfg80211/mac80211: reject bad MBSSID elements
- SAUCE: wifi: cfg80211: ensure length byte is present before access
- SAUCE: wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
- SAUCE: wifi: cfg80211: update hidden BSSes to avoid WARN_ON
* CVE-2022-42721
- SAUCE: wifi: cfg80211: avoid nontransmitted BSS list corruption
* CVE-2022-42720
- SAUCE: wifi: cfg80211: fix BSS refcounting bugs
linux-gcp-5.4 (5.4.0-1090.98~18.04.1) bionic; urgency=medium
* bionic/linux-gcp-5.4: 5.4.0-1090.98~18.04.1 -proposed tracker (LP: #1989870)
[ Ubuntu: 5.4.0-1090.98 ]
* focal/linux-gcp: 5.4.0-1090.98 -proposed tracker (LP: #1989871)
* Focal update: v5.4.208 upstream stable release (LP: #1988225)
- [config] Update configs after rebase
* focal/linux: 5.4.0-128.144 -proposed tracker (LP: #1990152)
* CVE-2022-3176
- io_uring: disable polling pollfree files
* ip/nexthop: fix default address selection for connected nexthop
(LP: #1988809)
- selftests/net: test nexthop without gw
* ip/nexthop: fix default address selection for connected nexthop
(LP: #1988809) // icmp_redirect.sh in ubuntu_kernel_selftests failed on
Jammy 5.15.0-49.55 (LP: #1990124)
- ip: fix triggering of 'icmp redirect'
* focal/linux: 5.4.0-127.143 -proposed tracker (LP: #1989892)
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2022.09.19)
* [UBUNTU 20.04] mlx5 driver crashes on accessing device attributes during
recovery (LP: #1987287)
- net/mlx5: Avoid processing commands before cmdif is ready
* Focal update: v5.4.210 upstream stable release (LP: #1989230)
- thermal: Fix NULL pointer dereferences in of_thermal_ functions
- ACPI: video: Force backlight native for some TongFang devices
- ACPI: video: Shortening quirk list by identifying Clevo by board_name only
- ACPI: APEI: Better fix to avoid spamming the console with old error logs
- bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()
- selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads
- bpf: Test_verifier, #70 error message updates for 32-bit right shift
- KVM: Don't null dereference ops->destroy
- selftests: KVM: Handle compiler optimizations in ucall
- media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
- macintosh/adb: fix oob read in do_adb_query() function
- x86/speculation: Add RSB VM Exit protections
- x86/speculation: Add LFENCE to RSB fill sequence
- Linux 5.4.210
* Focal update: v5.4.209 upstream stable release (LP: #1989228)
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
- ntfs: fix use-after-free in ntfs_ucsncmp()
- s390/archrandom: prevent CPACF trng invocations in interrupt context
- tcp: Fix data-races around sysctl_tcp_dsack.
- tcp: Fix a data-race around sysctl_tcp_app_win.
- tcp: Fix a data-race around sysctl_tcp_adv_win_scale.
- tcp: Fix a data-race around sysctl_tcp_frto.
- tcp: Fix a data-race around sysctl_tcp_nometrics_save.
- ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS)
- ice: do not setup vlan for loopback VSI
- scsi: ufs: host: Hold reference returned by of_parse_phandle()
- tcp: Fix a data-race around sysctl_tcp_limit_output_bytes.
- tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.
- net: ping6: Fix memleak in ipv6_renew_options().
- ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr
- igmp: Fix data-races around sysctl_igmp_qrv.
- net: sungem_phy: Add of_node_put() for reference returned by of_get_parent()
- tcp: Fix a data-race around sysctl_tcp_min_tso_segs.
- tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen.
- tcp: Fix a data-race around sysctl_tcp_autocorking.
- tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit.
- Documentation: fix sctp_wmem in ip-sysctl.rst
- tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns.
- tcp: Fix a data-race around sysctl_tcp_comp_sack_nr.
- i40e: Fix interface init with MSI interrupts (no MSI-X)
- sctp: fix sleep in atomic context bug in timer handlers
- virtio-net: fix the race between refill work and close
- perf symbol: Correct address for bss symbols
- sfc: disable softirqs for ptp TX
- sctp: leave the err path free in sctp_stream_init to sctp_stream_free
- ARM: crypto: comment out gcc warning that breaks clang builds
- mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle.
- scsi: core: Fix race between handling STS_RESOURCE and completion
- Linux 5.4.209
* Focal update: v5.4.208 upstream stable release (LP: #1988225)
- pinctrl: stm32: fix optional IRQ support to gpios
- riscv: add as-options for modules with assembly compontents
- mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication
- lockdown: Fix kexec lockdown bypass with ima policy
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
- PCI: hv: Fix multi-MSI to allow more than one MSI vector
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
- PCI: hv: Fix interrupt mapping for multi-MSI
- serial: mvebu-uart: correctly report configured baudrate value
- xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in
xfrm_bundle_lookup()
- power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
- pinctrl: ralink: Check for null return of devm_kcalloc
- perf/core: Fix data race between perf_event_set_output() and
perf_mmap_close()
- igc: Reinstate IGC_REMOVED logic and implement it properly
- ip: Fix data-races around sysctl_ip_no_pmtu_disc.
- ip: Fix data-races around sysctl_ip_fwd_use_pmtu.
- ip: Fix data-races around sysctl_ip_nonlocal_bind.
- ip: Fix a data-race around sysctl_fwmark_reflect.
- tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.
- tcp: Fix data-races around sysctl_tcp_mtu_probing.
- tcp: Fix data-races around sysctl_tcp_base_mss.
- tcp: Fix data-races around sysctl_tcp_min_snd_mss.
- tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor.
- tcp: Fix a data-race around sysctl_tcp_probe_threshold.
- tcp: Fix a data-race around sysctl_tcp_probe_interval.
- i2c: cadence: Change large transfer count reset logic to be unconditional
- net: stmmac: fix dma queue left shift overflow issue
- net/tls: Fix race in TLS device down flow
- igmp: Fix data-races around sysctl_igmp_llm_reports.
- igmp: Fix a data-race around sysctl_igmp_max_memberships.
- tcp: Fix data-races around sysctl_tcp_syncookies.
- tcp: Fix data-races around sysctl_tcp_reordering.
- tcp: Fix data-races around some timeout sysctl knobs.
- tcp: Fix a data-race around sysctl_tcp_notsent_lowat.
- tcp: Fix a data-race around sysctl_tcp_tw_reuse.
- tcp: Fix data-races around sysctl_max_syn_backlog.
- tcp: Fix data-races around sysctl_tcp_fastopen.
- iavf: Fix handling of dummy receive descriptors
- i40e: Fix erroneous adapter reinitialization during recovery process
- ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero
- gpio: pca953x: only use single read/write for No AI mode
- be2net: Fix buffer overflow in be_get_module_eeprom
- ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh.
- udp: Fix a data-race around sysctl_udp_l3mdev_accept.
- tcp: Fix data-races around sysctl knobs related to SYN option.
- tcp: Fix a data-race around sysctl_tcp_early_retrans.
- tcp: Fix data-races around sysctl_tcp_recovery.
- tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.
- tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.
- tcp: Fix a data-race around sysctl_tcp_retrans_collapse.
- tcp: Fix a data-race around sysctl_tcp_stdurg.
- tcp: Fix a data-race around sysctl_tcp_rfc1337.
- tcp: Fix data-races around sysctl_tcp_max_reordering.
- spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA
transfers
- mm/mempolicy: fix uninit-value in mpol_rebind_policy()
- bpf: Make sure mac_header was set before using it
- dlm: fix pending remove if msg allocation fails
- ima: remove the IMA_TEMPLATE Kconfig option
- [Config] updateconfigs for IMA_TEMPLATE
- locking/refcount: Define constants for saturation and max refcount values
- locking/refcount: Ensure integer operands are treated as signed
- locking/refcount: Remove unused refcount_*_checked() variants
- locking/refcount: Move the bulk of the REFCOUNT_FULL implementation into the
<linux/refcount.h> header
- locking/refcount: Improve performance of generic REFCOUNT_FULL code
- locking/refcount: Move saturation warnings out of line
- locking/refcount: Consolidate REFCOUNT_{MAX,SATURATED} definitions
- locking/refcount: Consolidate implementations of refcount_t
- [Config] updateconfigs for REFCOUNT_FULL
- x86: get rid of small constant size cases in raw_copy_{to,from}_user()
- x86/uaccess: Implement macros for CMPXCHG on user addresses
- mmap locking API: initial implementation as rwsem wrappers
- x86/mce: Deduplicate exception handling
- bitfield.h: Fix "type of reg too small for mask" test
- ALSA: memalloc: Align buffer allocations in page size
- Bluetooth: Add bt_skb_sendmsg helper
- Bluetooth: Add bt_skb_sendmmsg helper
- Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg
- Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg
- Bluetooth: Fix passing NULL to PTR_ERR
- Bluetooth: SCO: Fix sco_send_frame returning skb->len
- Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks
- tty: drivers/tty/, stop using tty_schedule_flip()
- tty: the rest, stop using tty_schedule_flip()
- tty: drop tty_schedule_flip()
- tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()
- tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
- x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm()
- Linux 5.4.208
* Focal update: v5.4.207 upstream stable release (LP: #1988219)
- ALSA: hda - Add fixup for Dell Latitidue E5430
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
- tracing/histograms: Fix memory leak problem
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale
pointer
- ip: fix dflt addr selection for connected nexthop
- ARM: 9213/1: Print message about disabled Spectre workarounds only once
- ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction
- wifi: mac80211: fix queue selection for mesh/OCB interfaces
- cgroup: Use separate src/dst nodes when preloading css_sets for migration
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL
- nilfs2: fix incorrect masking of permission flags for symlinks
- Revert "evm: Fix memleak in init_desc"
- sched/rt: Disable RT_RUNTIME_SHARE by default
- ext4: fix race condition between ext4_write and ext4_convert_inline_data
- ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count
- ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle
- ARM: 9210/1: Mark the FDT_FIXED sections as shareable
- drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
- ima: Fix a potential integer overflow in ima_appraise_measurement
- ASoC: sgtl5000: Fix noise on shutdown/remove
- net: stmmac: dwc-qos: Disable split header for Tegra194
- inetpeer: Fix data-races around sysctl.
- net: Fix data-races around sysctl_mem.
- cipso: Fix data-races around sysctl.
- icmp: Fix data-races around sysctl.
- ipv4: Fix a data-race around sysctl_fib_sync_mem.
- ARM: dts: at91: sama5d2: Fix typo in i2s1 node
- ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
- drm/i915/gt: Serialize TLB invalidates with GT resets
- icmp: Fix a data-race around sysctl_icmp_ratelimit.
- icmp: Fix a data-race around sysctl_icmp_ratemask.
- raw: Fix a data-race around sysctl_raw_l3mdev_accept.
- ipv4: Fix data-races around sysctl_ip_dynaddr.
- net: ftgmac100: Hold reference returned by of_get_child_by_name()
- sfc: fix use after free when disabling sriov
- seg6: fix skb checksum evaluation in SRH encapsulation/insertion
- seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors
- seg6: bpf: fix skb checksum in bpf_push_seg6_encap()
- sfc: fix kernel panic when creating VF
- mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE
- virtio_mmio: Add missing PM calls to freeze/restore
- virtio_mmio: Restore guest page size on resume
- netfilter: br_netfilter: do not skip all hooks with 0 priority
- cpufreq: pmac32-cpufreq: Fix refcount leak bug
- platform/x86: hp-wmi: Ignore Sanitization Mode event
- net: tipc: fix possible refcount leak in tipc_sk_create()
- NFC: nxp-nci: don't print header length mismatch on i2c error
- nvme: fix regression when disconnect a recovering ctrl
- net: sfp: fix memory leak in sfp_probe()
- ASoC: ops: Fix off by one in range control validation
- ASoC: wm5110: Fix DRE control
- ASoC: cs47l15: Fix event generation for low power mux control
- ASoC: madera: Fix event generation for OUT1 demux
- ASoC: madera: Fix event generation for rate controls
- irqchip: or1k-pic: Undefine mask_ack for level triggered hardware
- x86: Clear .brk area at early boot
- soc: ixp4xx/npe: Fix unused match warning
- ARM: dts: stm32: use the correct clock source for CEC on stm32mp151
- signal handling: don't use BUG_ON() for debugging
- USB: serial: ftdi_sio: add Belimo device ids
- usb: typec: add missing uevent when partner support PD
- usb: dwc3: gadget: Fix event pending check
- tty: serial: samsung_tty: set dma burst_size to 1
- serial: 8250: fix return error code in serial8250_request_std_resource()
- serial: stm32: Clear prev values before setting RTS delays
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
- can: m_can: m_can_tx_handler(): fix use after free of skb
- Linux 5.4.207
* Focal update: v5.4.206 upstream stable release (LP: #1988215)
- Linux 5.4.206
* Focal update: v5.4.205 upstream stable release (LP: #1988214)
- esp: limit skb_page_frag_refill use to a single page
- mm/slub: add missing TID updates on slab deactivation
- can: bcm: use call_rcu() instead of costly synchronize_rcu()
- can: grcan: grcan_probe(): remove extra of_node_get()
- can: gs_usb: gs_usb_open/close(): fix memory leak
- usbnet: fix memory leak in error case
- net: rose: fix UAF bug caused by rose_t0timer_expiry
- iommu/vt-d: Fix PCI bus rescan device hot add
- fbdev: fbmem: Fix logo center image dx issue
- video: of_display_timing.h: include errno.h
- powerpc/powernv: delay rng platform device creation until later in boot
- can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info
- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression
- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
- xfs: remove incorrect ASSERT in xfs_rename
- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
- pinctrl: sunxi: a83t: Fix NAND function name for some pins
- pinctrl: sunxi: sunxi_pconf_set: use correct offset
- ARM: at91: pm: use proper compatible for sama5d2's rtc
- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
- ibmvnic: Properly dispose of all skbs during a failover.
- selftests: forwarding: fix flood_unicast_test when h2 supports
IFF_UNICAST_FLT
- selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT
- selftests: forwarding: fix error message in learning_test
- i2c: cadence: Unregister the clk notifier in error path
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer
- misc: rtsx_usb: use separate command and response buffers
- misc: rtsx_usb: set return value in rsp_buf alloc err path
- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
- ida: don't use BUG_ON() for debugging
- dmaengine: pl330: Fix lockdep warning about non-static key
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate
- Linux 5.4.205
* Focal update: v5.4.204 upstream stable release (LP: #1988212)
- ipv6: take care of disable_policy when restoring routes
- nvdimm: Fix badblocks clear off-by-one error
- powerpc/prom_init: Fix kernel config grep
- powerpc/bpf: Fix use of user_pt_regs in uapi
- dm raid: fix accesses beyond end of raid member array
- dm raid: fix KASAN warning in raid5_add_disks
- s390/archrandom: simplify back to earlier design and initialize earlier
- SUNRPC: Fix READ_PLUS crasher
- net: rose: fix UAF bugs caused by timer handler
- net: usb: ax88179_178a: Fix packet receiving
- virtio-net: fix race between ndo_open() and virtio_device_ready()
- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
- net: tun: unlink NAPI from device on destruction
- net: tun: stop NAPI when detaching queues
- RDMA/qedr: Fix reporting QP timeout attribute
- linux/dim: Fix divide by 0 in RDMA DIM
- usbnet: fix memory allocation in helpers
- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
- caif_virtio: fix race between virtio_device_ready() and ndo_open()
- PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events
- s390: remove unneeded 'select BUILD_BIN2C'
- netfilter: nft_dynset: restore set element counter when failing to update
- net/sched: act_api: Notify user space if any actions were flushed before
error
- net: bonding: fix possible NULL deref in rlb code
- net: bonding: fix use-after-free after 802.3ad slave unbind
- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
- net: tun: avoid disabling NAPI twice
- xen/gntdev: Avoid blocking in unmap_grant_pages()
- hwmon: (ibmaem) don't call platform_device_del() if platform_device_add()
fails
- net: dsa: bcm_sf2: force pause link settings
- sit: use min
- ipv6/sit: fix ipip6_tunnel_get_prl return value
- rseq/selftests,x86_64: Add rseq_offset_deref_addv()
- selftests/rseq: remove ARRAY_SIZE define from individual tests
- selftests/rseq: introduce own copy of rseq uapi header
- selftests/rseq: Remove useless assignment to cpu variable
- selftests/rseq: Remove volatile from __rseq_abi
- selftests/rseq: Introduce rseq_get_abi() helper
- selftests/rseq: Introduce thread pointer getters
- selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35
- selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian
- selftests/rseq: Fix ppc32 missing instruction selection "u" and "x" for
load/store
- selftests/rseq: Fix ppc32 offsets by using long rather than off_t
- selftests/rseq: Fix warnings about #if checks of undefined tokens
- selftests/rseq: Remove arm/mips asm goto compiler work-around
- selftests/rseq: Fix: work-around asm goto compiler bugs
- selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread
area
- selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread
area
- selftests/rseq: Change type of rseq_offset to ptrdiff_t
- xen/blkfront: fix leaking data in shared pages
- xen/netfront: fix leaking data in shared pages
- xen/netfront: force data bouncing when backend is untrusted
- xen/blkfront: force data bouncing when backend is untrusted
- xen/arm: Fix race in RB-tree based P2M accounting
- net: usb: qmi_wwan: add Telit 0x1060 composition
- net: usb: qmi_wwan: add Telit 0x1070 composition
- clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from
ixp4xx_timer_setup()
- Linux 5.4.204
Date: 2022-10-17 18:26:11.997609+00:00
Changed-By: Thadeu Lima de Souza Cascardo <thadeu.cascardo at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1092.101~18.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list