[ubuntu/focal-security] linux 5.4.0-176.196 (Accepted)
Andy Whitcroft
apw at canonical.com
Mon Apr 8 21:19:03 UTC 2024
linux (5.4.0-176.196) focal; urgency=medium
* focal/linux: 5.4.0-176.196 -proposed tracker (LP: #2058756)
* Problems with HVCS and hotplugging (LP: #2056373)
- powerpc/pseries: Fix bad drc_index_start value parsing of drc-info entry
- powerpc/pseries: Fix of_read_drc_info_cell() to point at next record
- hvcs: Fix hvcs port reference counting
- hvcs: Use dev_groups to manage hvcs device attributes
- hvcs: Use driver groups to manage driver attributes
- hvcs: Get reference to tty in remove
- hvcs: Use vhangup in hotplug remove
- hvcs: Synchronize hotplug remove with port free
linux (5.4.0-175.195) focal; urgency=medium
* focal/linux: 5.4.0-175.195 -proposed tracker (LP: #2055684)
* Packaging resync (LP: #1786013)
- [Packaging] drop ABI data
- [Packaging] update annotations scripts
- debian.master/dkms-versions -- update from kernel-versions (main/2024.03.04)
* Drop ABI checks from kernel build (LP: #2055686)
- [Packaging] Remove in-tree abi checks
- [Packaging] Bring back install-<flavour> prerequisite for checks-<flavour>
- [Packaging] Remove abi-check from final-checks
* Cranky update-dkms-versions rollout (LP: #2055685)
- [Packaging] remove update-dkms-versions
- Move debian/dkms-versions to debian.master/dkms-versions
- [Packaging] Replace debian/dkms-versions with $(DEBIAN)/dkms-versions
- [Packaging] remove update-version-dkms
* linux-tools-common: man page of usbip[d] is misplaced (LP: #2054094)
- [Packaging] rules: Put usbip manpages in the correct directory
* CVE-2024-23851
- dm ioctl: log an error if the ioctl structure is corrupted
- dm: limit the number of targets and parameter size area
* Focal update: v5.4.268 upstream stable release (LP: #2055075)
- f2fs: explicitly null-terminate the xattr list
- pinctrl: lochnagar: Don't build on MIPS
- ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro
- ASoC: Intel: Skylake: Fix mem leak in few functions
- ASoC: nau8822: Fix incorrect type in assignment and cast to restricted
__be16
- ASoC: Intel: Skylake: mem leak in skl register function
- ASoC: cs43130: Fix the position of const qualifier
- ASoC: cs43130: Fix incorrect frame delay configuration
- ASoC: rt5650: add mutex to avoid the jack detection failure
- nouveau/tu102: flush all pdbs on vmm flush
- net/tg3: fix race condition in tg3_reset_task()
- ASoC: da7219: Support low DC impedance headset
- nvme: introduce helper function to get ctrl state
- drm/exynos: fix a potential error pointer dereference
- drm/exynos: fix a wrong error checking
- clk: rockchip: rk3128: Fix HCLK_OTG gate register
- jbd2: correct the printing of write_flags in jbd2_write_superblock()
- drm/crtc: Fix uninit-value bug in drm_mode_setcrtc
- neighbour: Don't let neigh_forced_gc() disable preemption for long
- tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing
- tracing: Add size check when printing trace_marker output
- ring-buffer: Do not record in NMI if the arch does not support cmpxchg in
NMI
- reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning
- Input: atkbd - skip ATKBD_CMD_GETID in translated mode
- Input: i8042 - add nomux quirk for Acer P459-G2-M
- s390/scm: fix virtual vs physical address confusion
- ARC: fix spare error
- Input: xpad - add Razer Wolverine V2 support
- ARM: sun9i: smp: fix return code check of of_property_match_string
- drm/crtc: fix uninitialized variable use
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx
- binder: use EPOLLERR from eventpoll.h
- binder: fix trivial typo of binder_free_buf_locked()
- binder: fix comment on binder_alloc_new_buf() return value
- uio: Fix use-after-free in uio_open
- parport: parport_serial: Add Brainboxes BAR details
- parport: parport_serial: Add Brainboxes device IDs and geometry
- coresight: etm4x: Fix width of CCITMIN field
- x86/lib: Fix overflow when counting digits
- EDAC/thunderx: Fix possible out-of-bounds string access
- powerpc: add crtsavres.o to always-y instead of extra-y
- powerpc/44x: select I2C for CURRITUCK
- powerpc/pseries/memhotplug: Quieten some DLPAR operations
- powerpc/pseries/memhp: Fix access beyond end of drmem array
- selftests/powerpc: Fix error handling in FPU/VMX preemption tests
- powerpc/powernv: Add a null pointer check to scom_debug_init_one()
- powerpc/powernv: Add a null pointer check in opal_event_init()
- powerpc/powernv: Add a null pointer check in opal_powercap_init()
- powerpc/imc-pmu: Add a null pointer check in update_events_in_group()
- mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response
- ACPI: video: check for error while searching for backlight device parent
- ACPI: LPIT: Avoid u32 multiplication overflow
- net: netlabel: Fix kerneldoc warnings
- netlabel: remove unused parameter in netlbl_netlink_auditinfo()
- calipso: fix memory leak in netlbl_calipso_add_pass()
- spi: sh-msiof: Enforce fixed DTDL for R-Car H3
- mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
- selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket
- crypto: virtio - Handle dataq logic with tasklet
- crypto: virtio - don't use 'default m'
- virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC
- crypto: ccp - fix memleak in ccp_init_dm_workarea
- crypto: af_alg - Disallow multiple in-flight AIO requests
- crypto: sahara - remove FLAGS_NEW_KEY logic
- crypto: sahara - fix ahash selftest failure
- crypto: sahara - fix processing requests with cryptlen < sg->length
- crypto: sahara - fix error handling in sahara_hw_descriptor_create()
- pstore: ram_core: fix possible overflow in persistent_ram_init_ecc()
- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
- crypto: virtio - Wait for tasklet to complete on device remove
- crypto: sahara - fix ahash reqsize
- crypto: sahara - fix wait_for_completion_timeout() error handling
- crypto: sahara - improve error handling in sahara_sha_process()
- crypto: sahara - fix processing hash requests with req->nbytes < sg->length
- crypto: sahara - do not resize req->src when doing hash operations
- crypto: scomp - fix req->dst buffer overflow
- blocklayoutdriver: Fix reference leak of pnfs_device_node
- NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT
- wifi: rtw88: fix RX filter in FIF_ALLMULTI flag
- bpf, lpm: Fix check prefixlen before walking trie
- wifi: libertas: stop selecting wext
- ARM: dts: qcom: apq8064: correct XOADC register address
- ncsi: internal.h: Fix a spello
- net/ncsi: Fix netlink major/minor version numbers
- firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create()
- rtlwifi: Use ffs in <foo>_phy_calculate_bit_shift
- wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior
- scsi: fnic: Return error if vmalloc() failed
- arm64: dts: qcom: sdm845-db845c: correct LED panic indicator
- scsi: hisi_sas: Replace with standard error code return value
- selftests/net: fix grep checking for fib_nexthop_multiprefix
- virtio/vsock: fix logic which reduces credit update messages
- dma-mapping: clear dev->dma_mem to NULL after freeing it
- wifi: rtlwifi: add calculate_bit_shift()
- wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift()
- wifi: rtlwifi: rtl8192c: using calculate_bit_shift()
- wifi: rtlwifi: rtl8192cu: using calculate_bit_shift()
- wifi: rtlwifi: rtl8192ce: using calculate_bit_shift()
- rtlwifi: rtl8192de: make arrays static const, makes object smaller
- wifi: rtlwifi: rtl8192de: using calculate_bit_shift()
- wifi: rtlwifi: rtl8192ee: using calculate_bit_shift()
- wifi: rtlwifi: rtl8192se: using calculate_bit_shift()
- netfilter: nf_tables: mark newset as dead on transaction abort
- Bluetooth: Fix bogus check for re-auth no supported with non-ssp
- Bluetooth: btmtkuart: fix recv_buf() return value
- ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
- ARM: davinci: always select CONFIG_CPU_ARM926T
- RDMA/usnic: Silence uninitialized symbol smatch warnings
- media: pvrusb2: fix use after free on context disconnection
- drm/bridge: Fix typo in post_disable() description
- f2fs: fix to avoid dirent corruption
- drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg()
- drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check()
- drm/radeon: check return value of radeon_ring_lock()
- ASoC: cs35l33: Fix GPIO name and drop legacy include
- ASoC: cs35l34: Fix GPIO name and drop legacy include
- drm/msm/mdp4: flush vblank event on disable
- drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks
- drm/drv: propagate errors from drm_modeset_register_all()
- drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
- drm/radeon/dpm: fix a memleak in sumo_parse_power_table
- drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table
- drm/bridge: tc358767: Fix return value on error case
- media: cx231xx: fix a memleak in cx231xx_init_isoc
- media: dvbdev: drop refcount on error path in dvb_device_open()
- drm/amdgpu/debugfs: fix error code when smc register accessors are NULL
- drm/amd/pm: fix a double-free in si_dpm_init
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table
- gpu/drm/radeon: fix two memleaks in radeon_vm_init
- drivers: clk: zynqmp: calculate closest mux rate
- watchdog: set cdev owner before adding
- watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO
- watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling
- clk: si5341: fix an error code problem in si5341_output_clk_set_rate
- mmc: sdhci_omap: Fix TI SoC dependencies
- [Config] update annotations for CONFIG_MMC_SDHCI_OMAP
- [Config] remove sdhci-omap module for arm64/ppc64el
- of: Fix double free in of_parse_phandle_with_args_map
- of: unittest: Fix of_count_phandle_with_args() expected value message
- binder: fix async space check for 0-sized buffers
- binder: fix use-after-free in shinker's callback
- Input: atkbd - use ab83 as id when skipping the getid command
- Revert "ASoC: atmel: Remove system clock tree configuration for
at91sam9g20ek"
- binder: fix race between mmput() and do_exit()
- binder: fix unused alloc->free_async_space
- tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug
- usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host()
- usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart
- Revert "usb: dwc3: Soft reset phy on probe for host"
- Revert "usb: dwc3: don't reset device side if dwc3 was configured as host-
only"
- usb: chipidea: wait controller resume finished for wakeup irq
- Revert "usb: typec: class: fix typec_altmode_put_partner to put plugs"
- usb: typec: class: fix typec_altmode_put_partner to put plugs
- usb: mon: Fix atomicity violation in mon_bin_vma_fault
- ALSA: oxygen: Fix right channel of capture volume mixer
- fbdev: flush deferred work in fb_deferred_io_fsync()
- rootfs: Fix support for rootfstype= when root= is given
- wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code
- wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors
- wifi: mwifiex: configure BSSID consistently when starting AP
- x86/kvm: Do not try to disable kvmclock if it was not enabled
- HID: wacom: Correct behavior when processing some confidence == false
touches
- mips: Fix incorrect max_low_pfn adjustment
- MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup()
- MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup()
- serial: 8250: omap: Don't skip resource freeing if
pm_runtime_resume_and_get() failed
- acpi: property: Let args be NULL in __acpi_node_get_property_reference
- software node: Let args be NULL in software_node_get_reference_args
- perf genelf: Set ELF program header addresses properly
- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length
- nvmet-tcp: fix a crash in nvmet_req_complete()
- perf env: Add perf_env__numa_node()
- perf record: Move sb_evlist to 'struct record'
- perf top: Move sb_evlist to 'struct perf_top'
- perf bpf: Decouple creating the evlist from adding the SB event
- perf env: Avoid recursively taking env->bpf_progs.lock
- apparmor: avoid crash when parsed profile name is empty
- serial: imx: Correct clock error message in function probe()
- nvmet-tcp: Fix the H2C expected PDU len calculation
- PCI: keystone: Fix race condition when initializing PHYs
- s390/pci: fix max size calculation in zpci_memcpy_toio()
- net: qualcomm: rmnet: fix global oob in rmnet_policy
- net: phy: micrel: populate .soft_reset for KSZ9131
- net: ravb: Fix dma_addr_t truncation in error case
- net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe
- netfilter: nf_tables: skip dead set elements in netlink dump
- ipvs: avoid stat macros calls from preemptible context
- kdb: Censor attempts to set PROMPT without ENABLE_MEM_READ
- kdb: Fix a potential buffer overflow in kdb_local()
- mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure
- i2c: s3c24xx: fix read transfers in polling mode
- i2c: s3c24xx: fix transferring more than one message in polling mode
- perf top: Skip side-band event setup if HAVE_LIBBPF_SUPPORT is not set
- arm64: dts: armada-3720-turris-mox: set irq type for RTC
- Linux 5.4.268
* CVE-2024-24855
- scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()
* Focal update: v5.4.267 upstream stable release (LP: #2054406)
- nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to
llcp_local
- i40e: Fix filter input checks to prevent config with invalid values
- net: sched: em_text: fix possible memory leak in em_text_destroy()
- can: raw: add support for SO_TXTIME/SCM_TXTIME
- can: raw: add support for SO_MARK
- net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps
- ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init
- net: bcmgenet: Fix FCS generation for fragmented skbuffs
- net: Save and restore msg_namelen in sock_sendmsg
- i40e: fix use-after-free in i40e_aqc_add_filters()
- ASoC: meson: g12a: extract codec-to-codec utils
- [Config] Update annotations for CONFIG_SND_MESON_CODEC_GLUE
- ASoC: meson: g12a-tohdmitx: Validate written enum values
- ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux
- i40e: Restore VF MSI-X state during PCI reset
- net/qla3xxx: switch from 'pci_' to 'dma_' API
- net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues
- asix: Add check for usbnet_get_endpoints
- bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters()
- net: Implement missing SO_TIMESTAMPING_NEW cmsg support
- mm/memory-failure: check the mapcount of the precise page
- firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and
ASM108x/VT630x PCIe cards
- i2c: core: Fix atomic xfer check for non-preempt config
- mm: fix unmap_mapping_range high bits shift bug
- mmc: rpmb: fixes pause retune on all RPMB partitions.
- mmc: core: Cancel delayed work before releasing host
- mmc: sdhci-sprd: Fix eMMC init failure after hw reset
- ath10k: Wait until copy complete is actually done before completing
- ath10k: Add interrupt summary based CE processing
- ath10k: Keep track of which interrupts fired, don't poll them
- ath10k: Get rid of "per_ce_irq" hw param
- PCI: Extract ATS disabling to a helper function
- PCI: Disable ATS for specific Intel IPU E2000 devices
- net/dst: use a smaller percpu_counter batch for dst entries accounting
- ipv6: make ip6_rt_gc_expire an atomic_t
- ipv6: remove max_size check inline with ipv4
- ASoC: meson: codec-glue: fix pcm format cast warning
- Linux 5.4.267
* CVE-2023-23000
- phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function
* CVE-2023-23004
- malidp: Fix NULL vs IS_ERR() checking
* CVE-2023-46838
- xen-netback: don't produce zero-size SKB frags
* CVE-2024-1086
- netfilter: nf_tables: reject QUEUE/DROP verdict parameters
* Focal update: v5.4.266 upstream stable release (LP: #2051655)
- ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5
- ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE
- ARM: OMAP2+: Fix null pointer dereference and memory leak in
omap_soc_device_init
- reset: Fix crash when freeing non-existent optional resets
- s390/vx: fix save/restore of fpu kernel context
- wifi: mac80211: mesh_plink: fix matches_local logic
- net/mlx5: improve some comments
- net/mlx5: Fix fw tracer first block check
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer used
by representors
- net: sched: ife: fix potential use-after-free
- ethernet: atheros: fix a memleak in atl1e_setup_ring_resources
- net/rose: fix races in rose_kill_by_device()
- net: check vlan filter feature in vlan_vids_add_by_dev() and
vlan_vids_del_by_dev()
- afs: Fix the dynamic root's d_delete to always delete unused dentries
- afs: Fix dynamic root lookup DNS check
- net: warn if gso_type isn't set for a GSO SKB
- net: check dev->gso_max_size in gso_features_check()
- afs: Fix overwriting of result of DNS query
- i2c: aspeed: Handle the coalesced stop conditions with the start conditions.
- pinctrl: at91-pio4: use dedicated lock class for IRQ
- ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10
- ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB
- smb: client: fix NULL deref in asn1_ber_decoder()
- btrfs: do not allow non subvolume root targets for snapshot
- interconnect: Treat xlate() returning NULL node as an error
- iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw
- Input: ipaq-micro-keys - add error handling for devm_kmemdup
- scsi: bnx2fc: Fix skb double free in bnx2fc_rcv()
- iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table
- iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma()
- wifi: cfg80211: Add my certificate
- wifi: cfg80211: fix certs build to not depend on file order
- USB: serial: ftdi_sio: update Actisense PIDs constant names
- USB: serial: option: add Quectel EG912Y module support
- USB: serial: option: add Foxconn T99W265 with new baseline
- USB: serial: option: add Quectel RM500Q R13 firmware support
- Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent
- net: 9p: avoid freeing uninit memory in p9pdu_vreadf
- net: rfkill: gpio: set GPIO direction
- x86/alternatives: Sync core before enabling interrupts
- usb: fotg210-hcd: delete an incorrect bounds test
- ring-buffer: Fix wake ups when buffer_percent is set to 100
- block: Don't invalidate pagecache for invalid falloc modes
- Linux 5.4.266
* CVE-2024-0607
- netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
Date: 2024-03-22 16:43:03.607998+00:00
Changed-By: Roxana Nicolescu <roxana.nicolescu at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux/5.4.0-176.196
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list