[ubuntu/focal-security] linux 5.4.0-100.113 (Accepted)
Łukasz Zemczak
lukasz.zemczak at canonical.com
Thu Feb 17 15:04:21 UTC 2022
linux (5.4.0-100.113) focal; urgency=medium
* focal/linux: 5.4.0-100.113 -proposed tracker (LP: #1959900)
* CVE-2022-22942
- SAUCE: drm/vmwgfx: Fix stale file descriptors on failed usercopy
* CVE-2022-0330
- drm/i915: Flush TLBs before releasing backing store
* Focal update: v5.4.166 upstream stable release (LP: #1957008)
- netfilter: selftest: conntrack_vrf.sh: fix file permission
- Linux 5.4.166
- net/packet: rx_owner_map depends on pg_vec
- USB: gadget: bRequestType is a bitfield, not a enum
- HID: holtek: fix mouse probing
- udp: using datalen to cap ipv6 udp max gso segments
- selftests: Calculate udpgso segment count without header adjustment
* Focal update: v5.4.165 upstream stable release (LP: #1957007)
- serial: tegra: Change lower tolerance baud rate limit for tegra20 and
tegra30
- ntfs: fix ntfs_test_inode and ntfs_init_locked_inode function type
- HID: quirks: Add quirk for the Microsoft Surface 3 type-cover
- HID: google: add eel USB id
- HID: add hid_is_usb() function to make it simpler for USB detection
- HID: add USB_HID dependancy to hid-prodikeys
- HID: add USB_HID dependancy to hid-chicony
- HID: add USB_HID dependancy on some USB HID drivers
- HID: bigbenff: prevent null pointer dereference
- HID: wacom: fix problems when device is not a valid USB device
- HID: check for valid USB device for many HID drivers
- can: kvaser_usb: get CAN clock frequency from device
- can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase correct
stats->{rx,tx}_errors counter
- can: sja1000: fix use after free in ems_pcmcia_add_card()
- nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
- selftests: netfilter: add a vrf+conntrack testcase
- vrf: don't run conntrack on vrf with !dflt qdisc
- bpf: Fix the off-by-two error in range markings
- ice: ignore dropped packets during init
- bonding: make tx_rebalance_counter an atomic
- nfp: Fix memory leak in nfp_cpp_area_cache_add()
- seg6: fix the iif in the IPv6 socket control block
- udp: using datalen to cap max gso segments
- iavf: restore MSI state on reset
- iavf: Fix reporting when setting descriptor count
- IB/hfi1: Correct guard on eager buffer deallocation
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered
- ALSA: ctl: Fix copy of updated id with element read/write
- ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
- ALSA: pcm: oss: Fix negative period/buffer sizes
- ALSA: pcm: oss: Limit the period size to 16MB
- ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
- btrfs: clear extent buffer uptodate when we fail to write it
- btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling
- nfsd: Fix nsfd startup race (again)
- tracefs: Have new files inherit the ownership of their parent
- clk: qcom: regmap-mux: fix parent clock lookup
- drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence.
- can: pch_can: pch_can_rx_normal: fix use after free
- can: m_can: Disable and ignore ELO interrupt
- x86/sme: Explicitly map new EFI memmap table as encrypted
- libata: add horkage for ASMedia 1092
- wait: add wake_up_pollfree()
- SAUCE: binder: export __wake_up_pollfree for binder module
- binder: use wake_up_pollfree()
- signalfd: use wake_up_pollfree()
- aio: keep poll requests on waitqueue until completed
- aio: fix use-after-free due to missing POLLFREE handling
- tracefs: Set all files to the same group ownership as the mount option
- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
- qede: validate non LSO skb length
- ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer
- i40e: Fix failed opcode appearing if handling messages from VF
- i40e: Fix pre-set max number of queues for VF
- mtd: rawnand: fsmc: Take instruction delay into account
- mtd: rawnand: fsmc: Fix timing computation
- dt-bindings: net: Reintroduce PHY no lane swap binding
- tools build: Remove needless libpython-version feature check that breaks
test-all fast path
- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
- net: altera: set a couple error code in probe()
- net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
- net, neigh: clear whole pneigh_entry at alloc time
- net/qla3xxx: fix an error code in ql_adapter_up()
- Revert "UBUNTU: SAUCE: selftests: fib_tests: assign address to dummy1 for
rp_filter tests"
- selftests/fib_tests: Rework fib_rp_filter_test()
- USB: gadget: detect too-big endpoint 0 requests
- USB: gadget: zero allocate endpoint 0 buffers
- usb: core: config: fix validation of wMaxPacketValue entries
- xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime
suspending
- usb: core: config: using bit mask instead of individual bits
- xhci: avoid race between disable slot command and host runtime suspend
- iio: trigger: Fix reference counting
- iio: trigger: stm32-timer: fix MODULE_ALIAS
- iio: stk3310: Don't return error code in interrupt handler
- iio: mma8452: Fix trigger reference couting
- iio: ltr501: Don't return error code in trigger handler
- iio: kxsd9: Don't return error code in trigger handler
- iio: itg3200: Call iio_trigger_notify_done() on error
- iio: dln2-adc: Fix lockdep complaint
- iio: dln2: Check return value of devm_iio_trigger_register()
- iio: at91-sama5d2: Fix incorrect sign extension
- iio: adc: axp20x_adc: fix charging current reporting on AXP22x
- iio: ad7768-1: Call iio_trigger_notify_done() on error
- iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
- irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc()
- irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
- irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL
- irqchip: nvic: Fix offset for Interrupt Priority Offsets
- misc: fastrpc: fix improper packet size calculation
- bpf: Add selftests to cover packet access corner cases
- Linux 5.4.165
* Focal update: v5.4.164 upstream stable release (LP: #1956381)
- NFSv42: Fix pagecache invalidation after COPY/CLONE
- of: clk: Make <linux/of_clk.h> self-contained
- arm64: dts: mcbin: support 2W SFP modules
- can: j1939: j1939_tp_cmd_recv(): check the dst address of TP.CM_BAM
- gfs2: Fix length of holes reported at end-of-file
- drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY
- mac80211: do not access the IV when it was stripped
- net/smc: Transfer remaining wait queue entries during fallback
- atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
- net: return correct error code
- platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep
- s390/setup: avoid using memblock_enforce_memory_limit
- btrfs: check-integrity: fix a warning on write caching disabled disk
- thermal: core: Reset previous low and high trip during thermal zone init
- scsi: iscsi: Unblock session then wake up error handler
- ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile
- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in
hns_dsaf_ge_srst_by_port()
- net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of
bound
- net: ethernet: dec: tulip: de4x5: fix possible array overflows in
type3_infoblock()
- perf hist: Fix memory leak of a perf_hpp_fmt
- perf report: Fix memory leaks around perf_tip()
- net/smc: Avoid warning of possible recursive locking
- vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit
- kprobes: Limit max data_size of the kretprobe instances
- rt2x00: do not mark device gone on EPROTO errors during start
- cpufreq: Fix get_cpu_device() failure in add_cpu_dev_symlink()
- s390/pci: move pseudo-MMIO to prevent MIO overlap
- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
- i2c: stm32f7: flush TX FIFO upon transfer errors
- i2c: stm32f7: recover the bus on access timeout
- i2c: stm32f7: stop dma transfer in case of NACK
- i2c: cbus-gpio: set atomic transfer callback
- natsemi: xtensa: fix section mismatch warnings
- net: qlogic: qlcnic: Fix a NULL pointer dereference in
qlcnic_83xx_add_rings()
- net: mpls: Fix notifications when deleting a device
- siphash: use _unaligned version by default
- net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources()
- selftests: net: Correct case name
- rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ
is available
- net: marvell: mvpp2: Fix the computation of shared CPUs
- net: annotate data-races on txq->xmit_lock_owner
- ipv4: convert fib_num_tclassid_users to atomic_t
- net/rds: correct socket tunable error in rds_tcp_tune()
- net/smc: Keep smc_close_final rc during active close
- drm/msm: Do hw_init() before capturing GPU state
- ipv6: fix memory leak in fib6_rule_suppress
- KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register
- sched/uclamp: Fix rq->uclamp_max not set on first enqueue
- parisc: Fix KBUILD_IMAGE for self-extracting kernel
- parisc: Fix "make install" on newer debian releases
- vgacon: Propagate console boot parameters before calling `vc_resize'
- xhci: Fix commad ring abort, write all 64 bits to CRCR register.
- USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub
- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect
- x86/tsc: Add a timer to make sure TSC_adjust is always checked
- x86/tsc: Disable clocksource watchdog for TSC on qualified platorms
- x86/64/mm: Map all kernel memory into trampoline_pgd
- tty: serial: msm_serial: Deactivate RX DMA for polling support
- serial: pl011: Add ACPI SBSA UART match id
- serial: core: fix transmit-buffer reset and memleak
- serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array
- serial: 8250_pci: rewrite pericom_do_set_divisor()
- iwlwifi: mvm: retry init flow if failed
- parisc: Mark cr16 CPU clocksource unstable on all SMP machines
- net/tls: Fix authentication failure in CCM mode
- Linux 5.4.164
* Focal update: v5.4.163 upstream stable release (LP: #1956380)
- USB: serial: option: add Telit LE910S1 0x9200 composition
- USB: serial: option: add Fibocom FM101-GL variants
- usb: dwc2: gadget: Fix ISOC flow for elapsed frames
- usb: dwc2: hcd_queue: Fix use of floating point literal
- net: nexthop: fix null pointer dereference when IPv6 is not enabled
- usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts
- usb: hub: Fix usb enumeration issue due to address0 race
- usb: hub: Fix locking issues with address0_mutex
- binder: fix test regression due to sender_euid change
- ALSA: ctxfi: Fix out-of-range access
- media: cec: copy sequence field for the reply
- HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts
- staging/fbtft: Fix backlight
- staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
- xen: don't continue xenstore initialization in case of errors
- xen: detect uninitialized xenbus in xenbus_init
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
- tracing/uprobe: Fix uprobe_perf_open probes iteration
- tracing: Fix pid filtering when triggers are attached
- mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB
- mdio: aspeed: Fix "Link is Down" issue
- PCI: aardvark: Deduplicate code in advk_pcie_rd_conf()
- PCI: aardvark: Wait for endpoint to be ready before training link
- PCI: aardvark: Fix big endian support
- PCI: aardvark: Train link immediately after enabling training
- PCI: aardvark: Improve link training
- PCI: aardvark: Issue PERST via GPIO
- PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros
- PCI: aardvark: Don't touch PCIe registers if no card connected
- PCI: aardvark: Fix compilation on s390
- PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link()
- PCI: aardvark: Update comment about disabling link training
- PCI: pci-bridge-emul: Fix array overruns, improve safety
- PCI: aardvark: Configure PCIe resources from 'ranges' DT property
- PCI: aardvark: Fix PCIe Max Payload Size setting
- PCI: aardvark: Implement re-issuing config requests on CRS response
- PCI: aardvark: Simplify initialization of rootcap on virtual bridge
- PCI: aardvark: Fix link training
- PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated
bridge
- PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge
- PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge
- pinctrl: armada-37xx: Correct PWM pins definitions
- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function
- proc/vmcore: fix clearing user buffer by properly using clear_user()
- netfilter: ipvs: Fix reuse connection if RS weight is 0
- ARM: dts: BCM5301X: Fix I2C controller interrupt
- ARM: dts: BCM5301X: Add interrupt properties to GPIO node
- ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer
- ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
- net: ieee802154: handle iftypes as u32
- firmware: arm_scmi: pm: Propagate return value to caller
- NFSv42: Don't fail clone() unless the OP_CLONE operation failed
- ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
- scsi: mpt3sas: Fix kernel panic during drive powercycle test
- drm/vc4: fix error code in vc4_create_object()
- iavf: Prevent changing static ITR values if adaptive moderation is on
- ipv6: fix typos in __ip6_finish_output()
- nfp: checking parameter process for rx-usecs/tx-usecs is invalid
- net: ipv6: add fib6_nh_release_dsts stub
- net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group
- scsi: core: sysfs: Fix setting device state to SDEV_RUNNING
- net/smc: Ensure the active closing peer first closes clcsock
- nvmet-tcp: fix incomplete data digest send
- net/ncsi : Add payload to be 32-bit aligned to fix dropped packets
- PM: hibernate: use correct mode for swsusp_close()
- tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited
flows
- nvmet: use IOCB_NOWAIT only if the filesystem supports it
- igb: fix netpoll exit with traffic
- MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48
- net: vlan: fix underflow for the real_dev refcnt
- net/smc: Don't call clcsock shutdown twice when smc shutdown
- net: hns3: fix VF RSS failed problem after PF enable multi-TCs
- net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP
- net: mscc: ocelot: correctly report the timestamping RX filters in ethtool
- f2fs: set SBI_NEED_FSCK flag when inconsistent node block found
- smb3: do not error on fsync when readonly
- vhost/vsock: fix incorrect used length reported to the guest
- tracing: Check pid filtering when creating events
- s390/mm: validate VMA in PGSTE manipulation functions
- shm: extend forced shm destroy to support objects from several IPC nses
- NFC: add NCI_UNREG flag to eliminate the race
- fuse: release pipe buf after last use
- xen: sync include/xen/interface/io/ring.h with Xen's newest version
- xen/blkfront: read response from backend only once
- xen/blkfront: don't take local copy of a request from the ring page
- xen/blkfront: don't trust the backend response data blindly
- xen/netfront: read response from backend only once
- xen/netfront: don't read data from request on the ring page
- xen/netfront: disentangle tx_skb_freelist
- xen/netfront: don't trust the backend response data blindly
- tty: hvc: replace BUG_ON() with negative return value
- Linux 5.4.163
* net/mlx5e: EPERM on vlan 0 programming (LP: #1957753)
- net/mlx5e: Unblock setting vid 0 for VF in case PF isn't eswitch manager
* CVE-2021-4083
- fget: check that the fd still exists after getting a ref to it
* CVE-2021-4155
- xfs: map unwritten blocks in XFS_IOC_{ALLOC, FREE}SP just like fallocate
Date: 2022-02-03 18:40:09.933492+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Łukasz Zemczak <lukasz.zemczak at canonical.com>
https://launchpad.net/ubuntu/+source/linux/5.4.0-100.113
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list