[ubuntu/focal-security] linux-gcp 5.4.0-1115.124 (Accepted)

Andy Whitcroft apw at canonical.com
Wed Oct 4 18:17:25 UTC 2023


linux-gcp (5.4.0-1115.124) focal; urgency=medium

  * focal/linux-gcp: 5.4.0-1115.124 -proposed tracker (LP: #2036585)

  * Avoid address overwrite in kernel_connect (LP: #2035163)
    - net: Avoid address overwrite in kernel_connect

  * Fix requested for SEV live-migration (LP: #2034894)
    - x86/sev: Make enc_dec_hypercall() accept a size instead of npages

linux-gcp (5.4.0-1114.123) focal; urgency=medium

  * focal/linux-gcp: 5.4.0-1114.123 -proposed tracker (LP: #2033845)

  * Focal update: v5.4.248 upstream stable release (LP: #2031121)
    - [Config] updateconfigs for DECNET

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  [ Ubuntu: 5.4.0-164.181 ]

  * focal/linux: 5.4.0-164.181 -proposed tracker (LP: #2033867)
  * Please enable Renesas RZ platform serial installer (LP: #2022361)
    - [Config] enable hihope RZ/G2M serial console
  * Azure: hv_netvsc: add support for vlans in AF_PACKET mode (LP: #2030872)
    - hv_netvsc: add support for vlans in AF_PACKET mode
  * systemd mount units fail during boot, while file system is correctly mounted
    (LP: #1837227)
    - list: introduce list_for_each_continue()
    - proc/mounts: add cursor
  * CVE-2023-40283
    - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
  * CVE-2023-20588
    - x86/bugs: Increase the x86 bugs vector size to two u32s
    - x86/CPU/AMD: Do not leak quotient data after a division by 0
    - x86/CPU/AMD: Fix the DIV(0) initial fix attempt
  * CVE-2023-4194
    - net: tun_chr_open(): set sk_uid from current_fsuid()
    - net: tap_open(): set sk_uid from current_fsuid()
  * CVE-2023-1206
    - tcp: Reduce chance of collisions in inet6_hashfn().
  * CVE-2021-4001
    - bpf: Fix toctou on read-only map's constant scalar tracking
  * Focal update: v5.4.248 upstream stable release (LP: #2031121)
    - test_firmware: fix a memory leak with reqs buffer
    - KEYS: asymmetric: Copy sig and digest in public_key_verify_signature()
    - dasd: refactor dasd_ioctl_information
    - s390/dasd: Use correct lock while counting channel queue length
    - power: supply: ab8500: Fix external_power_changed race
    - power: supply: sc27xx: Fix external_power_changed race
    - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() +
      schedule()
    - ARM: dts: vexpress: add missing cache properties
    - power: supply: Ratelimit no data debug output
    - platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0
    - regulator: Fix error checking for debugfs_create_dir
    - irqchip/meson-gpio: Mark OF related data as maybe unused
    - power: supply: Fix logic checking if system is running from battery
    - btrfs: handle memory allocation failure in btrfs_csum_one_bio
    - parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu()
    - parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()
    - MIPS: Alchemy: fix dbdma2
    - mips: Move initrd_start check after initrd address sanitisation.
    - xen/blkfront: Only check REQ_FUA for writes
    - drm:amd:amdgpu: Fix missing buffer object unlock in failure path
    - ocfs2: fix use-after-free when unmounting read-only filesystem
    - ocfs2: check new file size on fallocate call
    - nios2: dts: Fix tse_mac "max-frame-size" property
    - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key()
    - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
    - kexec: support purgatories with .text.hot sections
    - powerpc/purgatory: remove PGO flags
    - nouveau: fix client work fence deletion race
    - RDMA/uverbs: Restrict usage of privileged QKEYs
    - net: usb: qmi_wwan: add support for Compal RXM-G1
    - ALSA: hda/realtek: Add a quirk for Compaq N14JP6
    - Remove DECnet support from kernel
    - [Config] updateconfigs for DECNET
    - USB: serial: option: add Quectel EM061KGL series
    - serial: lantiq: add missing interrupt ack
    - usb: dwc3: gadget: Reset num TRBs before giving back the request
    - spi: spi-fsl-dspi: Remove unused chip->void_write_data
    - spi: fsl-dspi: avoid SCK glitches with continuous transfers
    - netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
    - ping6: Fix send to link-local addresses with VRF.
    - RDMA/rxe: Remove the unused variable obj
    - RDMA/rxe: Removed unused name from rxe_task struct
    - RDMA/rxe: Fix the use-before-initialization error of resp_pkts
    - iavf: remove mask from iavf_irq_enable_queues()
    - IB/uverbs: Fix to consider event queue closing also upon non-blocking mode
    - IB/isert: Fix dead lock in ib_isert
    - IB/isert: Fix possible list corruption in CMA handler
    - IB/isert: Fix incorrect release of isert connection
    - ipvlan: fix bound dev checking for IPv6 l3s mode
    - sctp: fix an error code in sctp_sf_eat_auth()
    - igb: fix nvm.ops.read() error handling
    - drm/nouveau/dp: check for NULL nv_connector->native_mode
    - drm/nouveau/kms: Don't change EDID when it hasn't actually changed
    - drm/nouveau: add nv_encoder pointer check for NULL
    - net/sched: cls_api: Fix lockup on flushing explicitly created chain
    - net: lapbether: only support ethernet devices
    - net: tipc: resize nlattr array to correct size
    - selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
    - afs: Fix vlserver probe RTT handling
    - neighbour: Remove unused inline function neigh_key_eq16()
    - net: Remove unused inline function dst_hold_and_use()
    - neighbour: delete neigh_lookup_nodev as not used
    - drm/nouveau/kms: Fix NULL pointer dereference in
      nouveau_connector_detect_depth
    - mmc: block: ensure error propagation for non-blk
    - Linux 5.4.248
  * Focal update: v5.4.247 upstream stable release (LP: #2030818)
    - blk-iocost: avoid 64-bit division in ioc_timer_fn
    - block/blk-iocost (gcc13): keep large values in a new enum
    - i40iw: fix build warning in i40iw_manage_apbvt()
    - i40e: fix build warnings in i40e_alloc.h
    - spi: qup: Request DMA before enabling clocks
    - neighbour: Replace zero-length array with flexible-array member
    - neighbour: fix unaligned access to pneigh_entry
    - net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
    - Bluetooth: Fix l2cap_disconnect_req deadlock
    - Bluetooth: L2CAP: Add missing checks for invalid DCID
    - netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper
    - netfilter: ipset: Add schedule point in call_ad().
    - rfs: annotate lockless accesses to sk->sk_rxhash
    - rfs: annotate lockless accesses to RFS sock flow table
    - net: sched: move rtm_tca_policy declaration to include file
    - net: sched: fix possible refcount leak in tc_chain_tmplt_add()
    - lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release()
    - bnxt_en: Query default VLAN before VNIC setup on a VF
    - batman-adv: Broken sync while rescheduling delayed work
    - Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
    - Input: psmouse - fix OOB access in Elantech protocol
    - ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01
    - ALSA: hda/realtek: Add Lenovo P3 Tower platform
    - drm/amdgpu: fix xclk freq on CHIP_STONEY
    - can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in
      J1939 Socket
    - can: j1939: change j1939_netdev_lock type to mutex
    - can: j1939: avoid possible use-after-free when j1939_can_rx_register fails
    - ceph: fix use-after-free bug for inodes when flushing capsnaps
    - Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
    - rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting
    - pinctrl: meson-axg: add missing GPIOA_18 gpio group
    - usb: usbfs: Enforce page requirements for mmap
    - usb: usbfs: Use consistent mmap functions
    - bonding (gcc13): synchronize bond_{a,t}lb_xmit() types
    - i2c: sprd: Delete i2c adapter in .remove's error path
    - eeprom: at24: also select REGMAP
    - ext4: only check dquot_initialize_needed() when debugging
    - drm/atomic: Don't pollute crtc_state->mode_blob with error pointers
    - rbd: get snapshot context after exclusive lock is ensured to be held
    - mtd: spinand: macronix: Add support for MX35LFxGE4AD
    - Linux 5.4.247
  * CVE-2023-4128
    - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_route: No longer copy tcf_result on update to avoid use-
      after-free
  * CVE-2023-3863
    - nfc: llcp: simplify llcp_sock_connect() error paths
    - net: nfc: Fix use-after-free caused by nfc_llcp_find_local
  * CVE-2023-3212
    - gfs2: Don't deref jdesc in evict

Date: 2023-09-19 18:47:08.892925+00:00
Changed-By: John Cabaj <john.cabaj at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1115.124
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list