[ubuntu/focal-security] linux-azure-5.15 5.15.0-1046.53~20.04.1 (Accepted)
Andy Whitcroft
apw at canonical.com
Mon Sep 11 14:32:30 UTC 2023
linux-azure-5.15 (5.15.0-1046.53~20.04.1) focal; urgency=medium
* focal/linux-azure-5.15: 5.15.0-1046.53~20.04.1 -proposed tracker
(LP: #2030386)
[ Ubuntu: 5.15.0-1046.53 ]
* jammy/linux-azure: 5.15.0-1046.53 -proposed tracker (LP: #2030387)
* cifs: fix mid leak during reconnection after timeout threshold
(LP: #2029138)
- SAUCE: Fix cifs: fix mid leak during reconnection after timeout threshold
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2023.08.07)
* jammy/linux: 5.15.0-83.92 -proposed tracker (LP: #2031132)
* libgnutls report "trap invalid opcode" when trying to install packages over
https (LP: #2031093)
- [Config]: disable CONFIG_GDS_FORCE_MITIGATION
* jammy/linux: 5.15.0-81.90 -proposed tracker (LP: #2030422)
* Packaging resync (LP: #1786013)
- [Packaging] resync update-dkms-versions helper
- [Packaging] resync getabis
- debian/dkms-versions -- update from kernel-versions (main/2023.08.07)
* CVE-2022-40982
- x86/mm: Initialize text poking earlier
- x86/mm: fix poking_init() for Xen PV guests
- x86/mm: Use mm_alloc() in poking_init()
- mm: Move mm_cachep initialization to mm_init()
- init: Provide arch_cpu_finalize_init()
- x86/cpu: Switch to arch_cpu_finalize_init()
- ARM: cpu: Switch to arch_cpu_finalize_init()
- sparc/cpu: Switch to arch_cpu_finalize_init()
- um/cpu: Switch to arch_cpu_finalize_init()
- init: Remove check_bugs() leftovers
- init: Invoke arch_cpu_finalize_init() earlier
- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
- x86/init: Initialize signal frame size late
- x86/fpu: Remove cpuinfo argument from init functions
- x86/fpu: Mark init functions __init
- x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
- x86/xen: Fix secondary processors' FPU initialization
- x86/speculation: Add Gather Data Sampling mitigation
- x86/speculation: Add force option to GDS mitigation
- x86/speculation: Add Kconfig option for GDS
- KVM: Add GDS_NO support to KVM
- Documentation/x86: Fix backwards on/off logic about YMM support
- [Config]: Enable CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and
CONFIG_GDS_FORCE_MITIGATION
* CVE-2023-3609
- net/sched: cls_u32: Fix reference counter leak leading to overflow
* CVE-2023-21400
- io_uring: ensure IOPOLL locks around deferred work
* CVE-2023-4015
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
set/chain
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails
- netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
* CVE-2023-3995
- netfilter: nf_tables: disallow rule addition to bound chain via
NFTA_RULE_CHAIN_ID
* CVE-2023-3777
- netfilter: nf_tables: skip bound chain on rule flush
* losetup with mknod fails on jammy with kernel 5.15.0-69-generic
(LP: #2015400)
- loop: do not enforce max_loop hard limit by (new) default
* Include the MAC address pass through function on RTL8153DD-CG (LP: #2020295)
- r8152: add USB device driver for config selection
* Jammy update: v5.15.116 upstream stable release (LP: #2029401)
- RDMA/bnxt_re: Fix the page_size used during the MR creation
- RDMA/efa: Fix unsupported page sizes in device
- RDMA/hns: Fix base address table allocation
- RDMA/hns: Modify the value of long message loopback slice
- dmaengine: at_xdmac: Move the free desc to the tail of the desc list
- dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved()
- RDMA/bnxt_re: Fix a possible memory leak
- RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx
- iommu/rockchip: Fix unwind goto issue
- iommu/amd: Don't block updates to GATag if guest mode is on
- dmaengine: pl330: rename _start to prevent build error
- riscv: Fix unused variable warning when BUILTIN_DTB is set
- net/mlx5: fw_tracer, Fix event handling
- net/mlx5e: Don't attach netdev profile while handling internal error
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure
- netrom: fix info-leak in nr_write_internal()
- af_packet: Fix data-races of pkt_sk(sk)->num.
- amd-xgbe: fix the false linkup in xgbe_phy_status
- mtd: rawnand: ingenic: fix empty stub helper definitions
- RDMA/irdma: Add SW mechanism to generate completions on error
- RDMA/irdma: Prevent QP use after free
- RDMA/irdma: Fix Local Invalidate fencing
- af_packet: do not use READ_ONCE() in packet_bind()
- tcp: deny tcp_disconnect() when threads are waiting
- tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
- net/sched: sch_ingress: Only create under TC_H_INGRESS
- net/sched: sch_clsact: Only create under TC_H_CLSACT
- net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs
- net/sched: Prohibit regrafting ingress or clsact Qdiscs
- net: sched: fix NULL pointer dereference in mq_attach
- net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report
- udp6: Fix race condition in udp6_sendmsg & connect
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs
- net/mlx5: Read embedded cpu after init bit cleared
- net: dsa: mv88e6xxx: Increase wait after reset deactivation
- mtd: rawnand: marvell: ensure timing values are written
- mtd: rawnand: marvell: don't set the NAND frequency select
- rtnetlink: call validate_linkmsg in rtnl_create_link
- drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init"
- watchdog: menz069_wdt: fix watchdog initialisation
- ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs.
- drm/amdgpu: Use the default reset when loading or reloading the driver
- mailbox: mailbox-test: Fix potential double-free in
mbox_test_message_write()
- drm/ast: Fix ARM compatibility
- btrfs: abort transaction when sibling keys check fails for leaves
- ARM: 9295/1: unwind:fix unwind abort for uleb128 case
- media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE
- platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield
- gfs2: Don't deref jdesc in evict
- fbdev: imsttfb: Fix use after free bug in imsttfb_probe
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode
- fbdev: stifb: Fix info entry in sti_struct on error path
- nbd: Fix debugfs_create_dir error checking
- block/rnbd: replace REQ_OP_FLUSH with REQ_OP_WRITE
- nvme-pci: add NVME_QUIRK_BOGUS_NID for HS-SSD-FUTURE 2048G
- nvme-pci: add quirk for missing secondary temperature thresholds
- ASoC: dwc: limit the number of overrun messages
- um: harddog: fix modular build
- xfrm: Check if_id in inbound policy/secpath match
- ASoC: dt-bindings: Adjust #sound-dai-cells on TI's single-DAI codecs
- ASoC: ssm2602: Add workaround for playback distortions
- media: dvb_demux: fix a bug for the continuity counter
- media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer()
- media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
- media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer()
- media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer
- media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
- media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address
- media: netup_unidvb: fix irq init by register it at the end of probe
- media: dvb_ca_en50221: fix a size write bug
- media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
- media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table
- media: dvb-core: Fix use-after-free due on race condition at dvb_net
- media: dvb-core: Fix use-after-free due to race at dvb_register_device()
- media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
- s390/pkey: zeroize key blobs
- s390/topology: honour nr_cpu_ids when adding CPUs
- ACPI: resource: Add IRQ override quirk for LG UltraPC 17U70P
- wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value
- ARM: dts: stm32: add pin map for CAN controller on stm32f7
- arm64/mm: mark private VM_FAULT_X defines as vm_fault_t
- arm64: vdso: Pass (void *) to virt_to_page()
- wifi: mac80211: simplify chanctx allocation
- scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed
- wifi: b43: fix incorrect __packed annotation
- netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with
CONFIG_NF_NAT
- nvme-multipath: don't call blk_mark_disk_dead in nvme_mpath_remove_disk
- ALSA: oss: avoid missing-prototype warnings
- drm/msm: Be more shouty if per-process pgtables aren't working
- atm: hide unused procfs functions
- drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged
- nvme-pci: Add quirk for Teamgroup MP33 SSD
- mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
- media: uvcvideo: Don't expose unsupported formats to userspace
- iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT
method
- iio: adc: mxs-lradc: fix the order of two cleanup operations
- HID: google: add jewel USB id
- HID: wacom: avoid integer overflow in wacom_intuos_inout()
- iio: imu: inv_icm42600: fix timestamp reset
- dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value
- iio: light: vcnl4035: fixed chip ID check
- iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag
- iio: dac: mcp4725: Fix i2c_master_send() return value handling
- iio: adc: ad7192: Change "shorted" channels to differential
- iio: dac: build ad5758 driver when AD5758 is selected
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
- dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type
- usb: gadget: f_fs: Add unbind event before functionfs_unbind
- md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk()
- misc: fastrpc: return -EPIPE to invocations on device removal
- misc: fastrpc: reject new invocations during device removal
- scsi: stex: Fix gcc 13 warnings
- ata: libata-scsi: Use correct device no in ata_find_dev()
- drm/amd/pm: reverse mclk and fclk clocks levels for vangogh
- drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp
- drm/amd/pm: reverse mclk and fclk clocks levels for renoir
- x86/boot: Wrap literal addresses in absolute_pointer()
- ath6kl: Use struct_group() to avoid size-mismatched casting
- block/blk-iocost (gcc13): keep large values in a new enum
- mmc: vub300: fix invalid response handling
- mmc: pwrseq: sd8787: Fix WILC CHIP_EN and RESETN toggling order
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of
UARTCTRL_SBK
- btrfs: fix csum_tree_block page iteration to avoid tripping on
-Werror=array-bounds
- powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall
- iommu/amd: Fix domain flush size when syncing iotlb
- usb: cdns3: allocate TX FIFO size according to composite EP number
- usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM
- block: fix revalidate performance regression
- selinux: don't use make's grouped targets feature yet
- tracing/probe: trace_probe_primary_from_call(): checked list_first_entry
- selftests: mptcp: connect: skip if MPTCP is not supported
- selftests: mptcp: pm nl: skip if MPTCP is not supported
- selftests: mptcp: sockopt: skip if MPTCP is not supported
- ext4: add EA_INODE checking to ext4_iget()
- ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find()
- ext4: disallow ea_inodes with extended attributes
- ext4: add lockdep annotations for i_data_sem for ea_inode's
- fbcon: Fix null-ptr-deref in soft_cursor
- serial: 8250_tegra: Fix an error handling path in tegra_uart_probe()
- test_firmware: fix the memory leak of the allocated firmware buffer
- KVM: x86: Account fastpath-only VM-Exits in vCPU stats
- ksmbd: fix credit count leakage
- ksmbd: fix incorrect AllocationSize set in smb2_get_info
- KEYS: asymmetric: Copy sig and digest in public_key_verify_signature()
- regmap: Account for register length when chunking
- tpm, tpm_tis: Request threaded interrupt handler
- drm/rcar: stop using 'imply' for dependencies
- [Config] updateconfigs for DRM_RCAR_LVDS
- scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD)
- scsi: dpt_i2o: Do not process completions with invalid addresses
- [Config] updateconfigs for SCSI_DPT_I2O
- drm/amdgpu/gfx10: Disable gfxoff before disabling powergating.
- selftests: mptcp: diag: skip if MPTCP is not supported
- selftests: mptcp: simult flows: skip if MPTCP is not supported
- selftests: mptcp: join: skip if MPTCP is not supported
- ext4: enable the lazy init thread when remounting read/write
- ARM: defconfig: drop CONFIG_DRM_RCAR_LVDS
- RDMA/irdma: Fix drain SQ hang with no completion
- RDMA/irdma: Do not generate SW completions for NOPs
- Linux 5.15.116
* CVE-2023-20593
- x86/cpu/amd: Move the errata checking functionality up
- x86/cpu/amd: Add a Zenbleed fix
* CVE-2023-4004
- netfilter: nft_set_pipapo: fix improper element removal
* CVE-2023-3611
- net/sched: sch_qfq: refactor parsing of netlink parameters
- net/sched: sch_qfq: account for stab overhead in qfq_enqueue
* CVE-2023-3610
- netfilter: nf_tables: fix chain binding transaction logic
* CVE-2023-2898
- f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()
* Backport support to tolerate ZSTD compressed firmware files (LP: #2028550)
- firmware_loader: EXTRA_FIRMWARE does not support compressed files
- firmware: Add the support for ZSTD-compressed firmware files
- [Config] Enable FW_LOADER_COMPRESS_ZSTD by default
* stacked overlay file system mounts that have chroot() called against them
appear to be getting locked (by the kernel most likely?) (LP: #2016398)
- SAUCE: overlayfs: fix reference count mismatch
* kdump fails on big arm64 systems when offset is not specified (LP: #2024479)
- arm64: mm: use IS_ENABLED(CONFIG_KEXEC_CORE) instead of #ifdef
- arm64: kdump: Reimplement crashkernel=X
- docs: kdump: Update the crashkernel description for arm64
- arm64: kdump: Do not allocate crash low memory if not needed
- arm64/mm: Define defer_reserve_crashkernel()
- arm64: kdump: Provide default size when crashkernel=Y, low is not specified
- arm64: kdump: Support crashkernel=X fall back to reserve region above DMA
zones
* usbrtl sometimes doesn't reload firmware (LP: #2026028)
- Bluetooth: btrtl: Ask ic_info to drop firmware
* cifs: fix mid leak during reconnection after timeout threshold
(LP: #2029138)
- cifs: fix mid leak during reconnection after timeout threshold
* Jammy update: v5.15.115 upstream stable release (LP: #2028799)
- power: supply: bq27xxx: expose battery data when CI=1
- power: supply: bq27xxx: Move bq27xxx_battery_update() down
- power: supply: bq27xxx: Ensure power_supply_changed() is called on current
sign changes
- power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to
stabilize
- power: supply: core: Refactor
power_supply_set_input_current_limit_from_supplier()
- power: supply: bq24190: Call power_supply_changed() after updating input
current
- bpf: fix a memory leak in the LRU and LRU_PERCPU hash maps
- net/mlx5: devcom only supports 2 ports
- net/mlx5e: Fix deadlock in tc route query code
- net/mlx5: Devcom, serialize devcom registration
- platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering
- platform/x86: ISST: Remove 8 socket limit
- net: phy: mscc: enable VSC8501/2 RGMII RX clock
- net: dsa: introduce helpers for iterating through ports using dp
- net: dsa: mt7530: rework mt753[01]_setup
- net: dsa: mt7530: split-off common parts from mt7531_setup
- net: dsa: mt7530: fix network connectivity with multiple CPU ports
- Bonding: add arp_missed_max option
- bonding: fix send_peer_notif overflow
- binder: fix UAF caused by faulty buffer cleanup
- irqchip/mips-gic: Get rid of the reliance on irq_cpu_online()
- irqchip/mips-gic: Use raw spinlock for gic_lock
- net/mlx5e: Fix SQ wake logic in ptp napi_poll context
- xdp: Allow registering memory model without rxq reference
- net: page_pool: use in_softirq() instead
- page_pool: fix inconsistency for page_pool_ring_[un]lock()
- irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable
- xdp: xdp_mem_allocator can be NULL in trace_mem_connect().
- bluetooth: Add cmd validity checks at the start of hci_sock_ioctl()
- Revert "binder_alloc: add missing mmap_lock calls when using the VMA"
- Revert "android: binder: stop saving a pointer to the VMA"
- binder: add lockless binder_alloc_(set|get)_vma()
- binder: fix UAF of alloc->vma in race with munmap()
- ipv{4,6}/raw: fix output xfrm lookup wrt protocol
- netfilter: ctnetlink: Support offloaded conntrack entry deletion
- Linux 5.15.115
* Jammy update: v5.15.114 upstream stable release (LP: #2028701)
- usb: gadget: Properly configure the device for remote wakeup
- usb: dwc3: fix gadget mode suspend interrupt handler issue
- dt-bindings: ata: ahci-ceva: convert to yaml
- dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries
- watchdog: sp5100_tco: Immediately trigger upon starting.
- ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15
- spi: fsl-spi: Re-organise transfer bits_per_word adaptation
- spi: fsl-cpm: Use 16 bit mode for large transfers with even size
- ocfs2: Switch to security_inode_init_security()
- arm64: Also reset KASAN tag if page is not PG_mte_tagged
- ALSA: hda/ca0132: add quirk for EVGA X299 DARK
- ALSA: hda: Fix unhandled register update during auto-suspend period
- ALSA: hda/realtek: Enable headset onLenovo M70/M90
- mmc: sdhci-esdhc-imx: make "no-mmc-hs400" works
- ASoC: rt5682: Disable jack detection interrupt during suspend
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
- m68k: Move signal frame following exception on 68020/030
- parisc: Handle kgdb breakpoints only in kernel context
- parisc: Allow to reboot machine after system halt
- gpio: mockup: Fix mode of debugfs files
- btrfs: use nofs when cleaning up aborted transactions
- dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type
- selftests/memfd: Fix unknown type name build failure
- parisc: Fix flush_dcache_page() for usage from irq context
- perf/x86/uncore: Correct the number of CHAs on SPR
- x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms
- debugobjects: Don't wake up kswapd from fill_pool()
- fbdev: udlfb: Fix endpoint check
- net: fix stack overflow when LRO is disabled for virtual interfaces
- udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated().
- USB: core: Add routines for endpoint checks in old drivers
- USB: sisusbvga: Add endpoint checks
- media: radio-shark: Add endpoint checks
- ASoC: lpass: Fix for KASAN use_after_free out of bounds
- net: fix skb leak in __skb_tstamp_tx()
- selftests: fib_tests: mute cleanup error message
- octeontx2-pf: Fix TSOv6 offload
- bpf: Fix mask generation for 32-bit narrow loads of 64-bit fields
- ipv6: Fix out-of-bounds access in ipv6_find_tlv()
- cifs: mapchars mount option ignored
- power: supply: leds: Fix blink to LED on transition
- power: supply: mt6360: add a check of devm_work_autocancel in
mt6360_charger_probe
- power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition
- power: supply: bq27xxx: Fix I2C IRQ race on remove
- power: supply: bq27xxx: Fix poll_interval handling and races on remove
- power: supply: bq27xxx: Add cache parameter to
bq27xxx_battery_current_and_status()
- power: supply: sbs-charger: Fix INHIBITED bit for Status reg
- firmware: arm_ffa: Check if ffa_driver remove is present before executing
- firmware: arm_ffa: Fix FFA device names for logical partitions
- fs: fix undefined behavior in bit shift for SB_NOUSER
- regulator: pca9450: Fix BUCK2 enable_mask
- coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet()
- xen/pvcalls-back: fix double frees with pvcalls_new_active_socket()
- x86/show_trace_log_lvl: Ensure stack pointer is aligned, again
- ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
- sctp: fix an issue that plpmtu can never go to complete state
- forcedeth: Fix an error handling path in nv_probe()
- platform/mellanox: mlxbf-pmc: fix sscanf() error checking
- net/mlx5e: do as little as possible in napi poll when budget is 0
- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs
- net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE
- net/mlx5: Fix error message when failing to allocate device memory
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device
- arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert delay
- firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors
- regulator: mt6359: add read check for PMIC MT6359
- 3c589_cs: Fix an error handling path in tc589_probe()
- net: phy: mscc: add VSC8502 to MODULE_DEVICE_TABLE
- Linux 5.15.114
* Jammy update: v5.15.113 upstream stable release (LP: #2028408)
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device
- ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings
- net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe()
- scsi: ufs: core: Fix I/O hang that occurs when BKOPS fails in W-LUN suspend
- tick/broadcast: Make broadcast device replacement work correctly
- linux/dim: Do nothing if no time delta between samples
- net: stmmac: switch to use interrupt for hw crosstimestamping
- net: stmmac: Initialize MAC_ONEUS_TIC_COUNTER register
- net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
- netfilter: nf_tables: always release netdev hooks from notifier
- netfilter: conntrack: fix possible bug_on with enable_hooks=1
- netlink: annotate accesses to nlk->cb_running
- net: annotate sk->sk_err write from do_recvmmsg()
- net: deal with most data-races in sk_wait_event()
- net: add vlan_get_protocol_and_depth() helper
- tcp: add annotations around sk->sk_shutdown accesses
- gve: Remove the code of clearing PBA bit
- net: datagram: fix data-races in datagram_poll()
- af_unix: Fix a data race of sk->sk_receive_queue->qlen.
- af_unix: Fix data races around sk->sk_shutdown.
- drm/i915/dp: prevent potential div-by-zero
- fbdev: arcfb: Fix error handling in arcfb_probe()
- ext4: remove an unused variable warning with CONFIG_QUOTA=n
- ext4: reflect error codes from ext4_multi_mount_protect() to its callers
- ext4: fix lockdep warning when enabling MMP
- ext4: allow to find by goal if EXT4_MB_HINT_GOAL_ONLY is set
- ext4: allow ext4_get_group_info() to fail
- refscale: Move shutdown from wait_event() to wait_event_idle()
- rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access
- fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
- drm/displayid: add displayid_get_header() and check bounds better
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function
- regmap: cache: Return error in cache sync operations for REGCACHE_NONE
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks
- media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and
buffer_finish()
- media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish
- firmware: arm_sdei: Fix sleep from invalid context BUG
- ACPI: EC: Fix oops when removing custom query handlers
- remoteproc: stm32_rproc: Add mutex protection for workqueue
- drm/tegra: Avoid potential 32-bit integer overflow
- drm/msm/dp: Clean up handling of DP AUX interrupts
- ACPICA: Avoid undefined behavior: applying zero offset to null pointer
- ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in
acpi_db_display_objects
- drm/amd: Fix an out of bounds error in BIOS parser
- media: Prefer designated initializers over memset for subdev pad ops
- wifi: ath: Silence memcpy run-time false positive warning
- bpf: Annotate data races in bpf_local_storage
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
- ext2: Check block size validity during mount
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow
- bnxt: avoid overflow in bnxt_get_nvram_directory()
- net: pasemi: Fix return type of pasemi_mac_start_tx()
- net: Catch invalid index in XPS mapping
- scsi: target: iscsit: Free cmds before session free
- lib: cpu_rmap: Avoid use after free on rmap->obj array entries
- scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race
condition
- gfs2: Fix inode height consistency check
- scsi: ufs: ufs-pci: Add support for Intel Lunar Lake
- ext4: set goal start correctly in ext4_mb_normalize_request
- ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()
- f2fs: fix to drop all dirty pages during umount() if cp_error is set
- f2fs: fix to check readonly condition correctly
- samples/bpf: Fix fout leak in hbm's run_bpf_prog
- bpf: Add preempt_count_{sub,add} into btf id deny list
- wifi: iwlwifi: pcie: fix possible NULL pointer dereference
- wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf
- null_blk: Always check queue mode setting from configfs
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
- wifi: ath11k: Fix SKB corruption in REO destination ring
- nbd: fix incomplete validation of ioctl arg
- ipvs: Update width of source for ip_vs_sync_conn_options
- Bluetooth: btintel: Add LE States quirk support
- Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set
- Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
- HID: logitech-hidpp: Don't use the USB serial for USB devices
- HID: logitech-hidpp: Reconcile USB and Unifying serials
- spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3
- HID: wacom: generic: Set battery quirk only when we see battery data
- usb: typec: tcpm: fix multiple times discover svids error
- serial: 8250: Reinit port->pm on port specific driver unbind
- mcb-pci: Reallocate memory region to avoid memory overlapping
- sched: Fix KCSAN noinstr violation
- recordmcount: Fix memory leaks in the uwrite function
- RDMA/core: Fix multiple -Warray-bounds warnings
- iommu/arm-smmu-qcom: Limit the SMR groups to 128
- fs/ntfs3: Fix NULL pointer dereference in 'ni_write_inode'
- fs/ntfs3: Enhance the attribute size check
- fs/ntfs3: Fix NULL dereference in ni_write_inode
- fs/ntfs3: Validate MFT flags before replaying logs
- fs/ntfs3: Add length check in indx_get_root
- fs/ntfs3: Fix a possible null-pointer dereference in ni_clear()
- clk: tegra20: fix gcc-7 constant overflow warning
- iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any
- iommu/sprd: Release dma buffer to avoid memory leak
- Input: xpad - add constants for GIP interface numbers
- phy: st: miphy28lp: use _poll_timeout functions for waits
- soundwire: qcom: gracefully handle too many ports in DT
- mfd: dln2: Fix memory leak in dln2_probe()
- parisc: Replace regular spinlock with spin_trylock on panic path
- platform/x86: hp-wmi: Support touchpad on/off
- [Config] updateconfigs for X86_PLATFORM_DRIVERS_HP
- platform/x86: Move existing HP drivers to a new hp subdir
- platform/x86: hp-wmi: add micmute to hp_wmi_keymap struct
- xfrm: don't check the default policy if the policy allows the packet
- Revert "Fix XFRM-I support for nested ESP tunnels"
- drm/msm/dp: unregister audio driver during unbind
- drm/msm/dpu: Add INTF_5 interrupts
- drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header
- drm/msm/dpu: Remove duplicate register defines from INTF
- dt-bindings: display/msm: dsi-controller-main: Document qcom, master-dsi and
qcom, sync-dual-dsi
- ASoC: fsl_micfil: Fix error handler with pm_runtime_enable
- cpupower: Make TSC read per CPU for Mperf monitor
- af_key: Reject optional tunnel/BEET mode templates in outbound policies
- selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test
- selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test
- net: fec: Better handle pm_runtime_get() failing in .remove()
- net: phy: dp83867: add w/a for packet errors seen with short cables
- ALSA: firewire-digi00x: prevent potential use after free
- ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15
- vsock: avoid to close connected socket after the timeout
- tcp: fix possible sk_priority leak in tcp_v4_send_reset()
- serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
- serial: 8250_bcm7271: balance clk_enable calls
- serial: 8250_bcm7271: fix leak in `brcmuart_probe`
- erspan: get the proto with the md version for collect_md
- net: hns3: fix output information incomplete for dumping tx queue info with
debugfs
- net: hns3: fix sending pfc frames after reset issue
- net: hns3: fix reset delay time to avoid configuration timeout
- media: netup_unidvb: fix use-after-free at del_timer()
- SUNRPC: double free xprt_ctxt while still in use
- tracing: Introduce helpers to safely handle dynamic-sized sockaddrs
- SUNRPC: Clean up svc_deferred_class trace events
- SUNRPC: Remove dead code in svc_tcp_release_rqst()
- SUNRPC: Remove svc_rqst::rq_xprt_hlen
- SUNRPC: always free ctxt when freeing deferred request
- SUNRPC: Fix trace_svc_register() call site
- drm/exynos: fix g2d_open/close helper function definitions
- net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
- virtio-net: Maintain reverse cleanup order
- virtio_net: Fix error unwinding of XDP initialization
- tipc: add tipc_bearer_min_mtu to calculate min mtu
- tipc: do not update mtu if msg_max is too small in mtu negotiation
- tipc: check the bearer min mtu properly when setting it by netlink
- s390/cio: include subchannels without devices also for evaluation
- net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop()
- net: bcmgenet: Restore phy_stop() depending upon suspend/close
- wifi: mac80211: fix min center freq offset tracing
- wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock
- wifi: iwlwifi: mvm: don't trust firmware n_channels
- scsi: storvsc: Don't pass unused PFNs to Hyper-V host
- cassini: Fix a memory leak in the error handling path of cas_init_one()
- net: dsa: mv88e6xxx: Fix mv88e6393x EPC write command offset
- igb: fix bit_shift to be in [1..8] range
- vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
- netfilter: nf_tables: fix nft_trans type confusion
- netfilter: nft_set_rbtree: fix null deref on element insertion
- bridge: always declare tunnel functions
- ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go
- USB: usbtmc: Fix direction for 0-length ioctl control messages
- usb-storage: fix deadlock when a scsi command timeouts more than once
- USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value
- usb: dwc3: debugfs: Resume dwc3 before accessing registers
- usb: gadget: u_ether: Fix host MAC address case
- usb: typec: altmodes/displayport: fix pin_assignment_show
- xhci-pci: Only run d3cold avoidance quirk for s2idle
- xhci: Fix incorrect tracking of free space on transfer rings
- ALSA: hda: Fix Oops by 9.1 surround channel names
- ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
- ALSA: hda/realtek: Add quirk for Clevo L140AU
- ALSA: hda/realtek: Add a quirk for HP EliteDesk 805
- ALSA: hda/realtek: Add quirk for 2nd ASUS GU603
- can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag
- can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag
- can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop()
- can: kvaser_pciefd: Call request_irq() before enabling interrupts
- can: kvaser_pciefd: Empty SRB buffer in probe
- can: kvaser_pciefd: Clear listen-only bit if not explicitly requested
- can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt
- can: kvaser_pciefd: Disable interrupts in probe error path
- SMB3: Close all deferred handles of inode in case of handle lease break
- SMB3: drop reference to cfile before sending oplock break
- ksmbd: smb2: Allow messages padded to 8byte boundary
- ksmbd: allocate one more byte for implied bcc[0]
- ksmbd: fix wrong UserName check in session_user
- ksmbd: fix global-out-of-bounds in smb2_find_context_vals
- statfs: enforce statfs[64] structure initialization
- serial: Add support for Advantech PCI-1611U card
- serial: 8250_exar: Add support for USR298x PCI Modems
- serial: qcom-geni: fix enabling deactivated interrupt
- thunderbolt: Clear registers properly when auto clear isn't in use
- vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
- ceph: force updating the msg pointer in non-split case
- powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device
- tpm/tpm_tis: Disable interrupts for more Lenovo devices
- powerpc/64s/radix: Fix soft dirty tracking
- nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
- s390/qdio: fix do_sqbs() inline assembly constraint
- HID: wacom: Force pen out of prox if no events have been received in a while
- HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs
- HID: wacom: add three styli to wacom_intuos_get_tool_type
- Linux 5.15.113
* Jammy update: v5.15.112 upstream stable release (LP: #2026607)
- ring-buffer: Ensure proper resetting of atomic variables in
ring_buffer_reset_online_cpus
- crypto: ccp - Clear PSP interrupt status register before calling handler
- ubifs: Fix AA deadlock when setting xattr for encrypted file
- ubifs: Fix memory leak in do_rename
- bus: mhi: Move host MHI code to "host" directory
- bus: mhi: host: Remove duplicate ee check for syserr
- bus: mhi: host: Use mhi_tryset_pm_state() for setting fw error state
- bus: mhi: host: Range check CHDBOFF and ERDBOFF
- mailbox: zynq: Switch to flexible array to simplify code
- mailbox: zynqmp: Fix counts of child nodes
- ASoC: soc-pcm: use GFP_ATOMIC for dpcm structure
- ASoC: soc-pcm: align BE 'atomicity' with that of the FE
- ASoC: soc-pcm: Fix and cleanup DPCM locking
- ASoC: soc-pcm: serialize BE triggers
- ASoC: soc-pcm: test refcount before triggering
- ASoC: soc-pcm: fix BE handling of PAUSE_RELEASE
- fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
- drm/hyperv: Don't overwrite dirt_needed value set by host
- scsi: qedi: Fix use after free bug in qedi_remove()
- net/ncsi: clear Tx enable mode when handling a Config required AEN
- net/sched: cls_api: remove block_cb from driver_list before freeing
- sit: update dev->needed_headroom in ipip6_tunnel_bind_dev()
- selftests: srv6: make srv6_end_dt46_l3vpn_test more robust
- net: dsa: mv88e6xxx: add mv88e6321 rsvd2cpu
- writeback: fix call of incorrect macro
- watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe()
- RISC-V: mm: Enable huge page support to kernel_page_present() function
- net/sched: act_mirred: Add carrier check
- r8152: fix flow control issue of RTL8156A
- r8152: fix the poor throughput for 2.5G devices
- r8152: move setting r8153b_rx_agg_chg_indicate()
- sfc: Fix module EEPROM reporting for QSFP modules
- rxrpc: Fix hard call timeout units
- octeontx2-af: Secure APR table update with the lock
- octeontx2-af: Skip PFs if not enabled
- octeontx2-pf: Disable packet I/O for graceful exit
- octeontx2-vf: Detach LF resources on probe cleanup
- ionic: remove noise from ethtool rxnfc error msg
- ethtool: Fix uninitialized number of lanes
- ionic: catch failure from devlink_alloc
- af_packet: Don't send zero-byte data in packet_sendmsg_spkt().
- drm/amdgpu: add a missing lock for AMDGPU_SCHED
- ALSA: caiaq: input: Add error handling for unsupported input methods in
`snd_usb_caiaq_input_init`
- net: dsa: mt7530: fix corrupt frames using trgmii on 40 MHz XTAL MT7621
- virtio_net: split free_unused_bufs()
- virtio_net: suppress cpu stall when free_unused_bufs
- net: enetc: check the index of the SFI rather than the handle
- perf scripts intel-pt-events.py: Fix IPC output for Python 2
- perf vendor events power9: Remove UTF-8 characters from JSON files
- perf pmu: zfree() expects a pointer to a pointer to zero it after freeing
its contents
- perf map: Delete two variable initialisations before null pointer checks in
sort__sym_from_cmp()
- crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs()
- crypto: engine - check if BH is disabled during completion
- crypto: api - Add scaffolding to change completion function signature
- crypto: engine - Use crypto_request_complete
- crypto: engine - fix crypto_queue backlog handling
- perf symbols: Fix return incorrect build_id size in elf_read_build_id()
- perf evlist: Refactor evlist__for_each_cpu()
- perf stat: Separate bperf from bpf_profiler
- btrfs: fix btrfs_prev_leaf() to not return the same key twice
- btrfs: zoned: fix wrong use of bitops API in btrfs_ensure_empty_zones
- btrfs: fix encoded write i_size corruption with no-holes
- btrfs: don't free qgroup space unless specified
- btrfs: zero the buffer before marking it dirty in btrfs_redirty_list_add
- btrfs: print-tree: parent bytenr must be aligned to sector size
- btrfs: fix space cache inconsistency after error loading it from disk
- cifs: fix pcchunk length type in smb2_copychunk_range
- cifs: release leases for deferred close handles when freezing
- platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the
Juno Tablet
- platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i
- inotify: Avoid reporting event with invalid wd
- smb3: fix problem remounting a share after shutdown
- SMB3: force unmount was failing to close deferred close files
- sh: math-emu: fix macro redefined warning
- sh: mcount.S: fix build error when PRINTK is not enabled
- sh: init: use OF_EARLY_FLATTREE for early init
- sh: nmi_debug: fix return value of __setup handler
- remoteproc: stm32: Call of_node_put() on iteration error
- remoteproc: st: Call of_node_put() on iteration error
- remoteproc: imx_rproc: Call of_node_put() on iteration error
- ARM: dts: exynos: fix WM8960 clock name in Itop Elite
- ARM: dts: s5pv210: correct MIPI CSIS clock name
- drm/bridge: lt8912b: Fix DSI Video Mode
- drm/msm: fix NULL-deref on snapshot tear down
- drm/msm: fix NULL-deref on irq uninstall
- f2fs: fix potential corruption when moving a directory
- drm/panel: otm8009a: Set backlight parent to panel device
- drm/amd/display: fix flickering caused by S/G mode
- drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini()
- drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx
ras
- drm/amdgpu: Fix vram recover doesn't work after whole GPU reset (v2)
- drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend
- HID: wacom: Set a default resolution for older tablets
- HID: wacom: insert timestamp to packed Bluetooth (BT) events
- fs/ntfs3: Refactoring of various minor issues
- ASoC: soc-pcm: Fix DPCM lockdep warning due to nested stream locks
- ASoC: soc-compress: Inherit atomicity from DAI link for Compress FE
- ASoC: soc-pcm: Move debugfs removal out of spinlock
- ASoC: DPCM: Don't pick up BE without substream
- ASoC: soc-pcm.c: call __soc_pcm_close() in soc_pcm_close()
- drm/i915/dg2: Support 4k at 30 on HDMI
- drm/i915/dg2: Add additional HDMI pixel clock frequencies
- drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz
- drm/msm: Remove struct_mutex usage
- drm/msm/adreno: fix runtime PM imbalance at gpu load
- drm/amd/display: Refine condition of cursor visibility for pipe-split
- drm/amd/display: Add NULL plane_state check for cursor disable logic
- wifi: rtw88: rtw8821c: Fix rfe_option field width
- ksmbd: set RSS capable in FSCTL_QUERY_NETWORK_INTERFACE_INFO
- ksmbd: fix multi session connection failure
- ksmbd: replace sessions list in connection with xarray
- ksmbd: add channel rwlock
- ksmbd: fix kernel oops from idr_remove()
- ksmbd: fix racy issue while destroying session on multichannel
- ksmbd: fix deadlock in ksmbd_find_crypto_ctx()
- ksmbd: not allow guest user on multichannel
- locking/rwsem: Add __always_inline annotation to __down_read_common() and
inlined callers
- ext4: fix WARNING in mb_find_extent
- ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
- ext4: fix data races when using cached status extents
- ext4: check iomap type only if ext4_iomap_begin() does not fail
- ext4: improve error recovery code paths in __ext4_remount()
- ext4: improve error handling from ext4_dirhash()
- ext4: fix deadlock when converting an inline directory in nojournal mode
- ext4: add bounds checking in get_max_inline_xattr_value_size()
- ext4: bail out of ext4_xattr_ibody_get() fails for any reason
- ext4: remove a BUG_ON in ext4_mb_release_group_pa()
- ext4: fix invalid free tracking in ext4_xattr_move_to_block()
- drm/msm/adreno: adreno_gpu: Use suspend() instead of idle() on load error
- serial: 8250: Fix serial8250_tx_empty() race with DMA Tx
- drbd: correctly submit flush bio on barrier
- RISC-V: Fix up a cherry-pick warning in setup_vm_final()
- drm/amd/display: Fix hang when skipping modeset
- Linux 5.15.112
* CVE-2023-31084 // CVE-2023-31084 was assigned to this bug.
- media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
* CVE-2023-3776
- net/sched: cls_fw: Fix improper refcount update leads to use-after-free
Date: 2023-08-28 14:14:29.980683+00:00
Changed-By: Tim Gardner <tim.gardner at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1046.53~20.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list