[ubuntu/focal-security] linux-gkeop 5.4.0-1097.101 (Accepted)
Andy Whitcroft
apw at canonical.com
Thu Aug 8 14:57:41 UTC 2024
linux-gkeop (5.4.0-1097.101) focal; urgency=medium
* focal/linux-gkeop: 5.4.0-1097.101 -proposed tracker (LP: #2072284)
[ Ubuntu: 5.4.0-192.212 ]
* focal/linux: 5.4.0-192.212 -proposed tracker (LP: #2072305)
* Focal update: v5.4.278 upstream stable release (LP: #2071668)
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
- speakup: Fix sizeof() vs ARRAY_SIZE() bug
- ring-buffer: Fix a race between readers and resize checks
- net: smc91x: Fix m68k kernel compilation for ColdFire CPU
- nilfs2: fix unexpected freezing of nilfs_segctor_sync()
- nilfs2: fix potential hang in nilfs_detach_log_writer()
- wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt
class
- net: usb: qmi_wwan: add Telit FN920C04 compositions
- drm/amd/display: Set color_mgmt_changed to true on unsuspend
- ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating
- ASoC: dt-bindings: rt5645: add cbj sleeve gpio property
- ASoC: da7219-aad: fix usage of device_get_named_child_node()
- drm/amdkfd: Flush the process wq before creating a kfd_process
- nvme: find numa distance only if controller has valid numa id
- openpromfs: finish conversion to the new mount API
- crypto: bcm - Fix pointer arithmetic
- firmware: raspberrypi: Use correct device for DMA mappings
- ecryptfs: Fix buffer size for tag 66 packet
- nilfs2: fix out-of-range warning
- parisc: add missing export of __cmpxchg_u8()
- crypto: ccp - drop platform ifdef checks
- s390/cio: fix tracepoint subchannel type field
- jffs2: prevent xattr node from overflowing the eraseblock
- null_blk: Fix missing mutex_destroy() at module removal
- md: fix resync softlockup when bitmap size is less than array size
- wifi: ath10k: poll service ready message before failing
- x86/boot: Ignore relocations in .notes sections in walk_relocs() too
- qed: avoid truncating work queue length
- scsi: ufs: qcom: Perform read back after writing reset bit
- scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV
- scsi: ufs: core: Perform read back after disabling interrupts
- scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL
- irqchip/alpine-msi: Fix off-by-one in allocation error path
- ACPI: disable -Wstringop-truncation
- cpufreq: Reorganize checks in cpufreq_offline()
- cpufreq: Split cpufreq_offline()
- cpufreq: Rearrange locking in cpufreq_remove_dev()
- cpufreq: exit() callback is optional
- scsi: libsas: Fix the failure of adding phy with zero-address to port
- scsi: hpsa: Fix allocation size for Scsi_Host private data
- x86/purgatory: Switch to the position-independent small code model
- wifi: ath10k: Fix an error code problem in
ath10k_dbg_sta_write_peer_debug_trigger()
- wifi: ath10k: populate board data for WCN3990
- tcp: minor optimization in tcp_add_backlog()
- tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
- tcp: avoid premature drops in tcp_add_backlog()
- macintosh/via-macii: Fix "BUG: sleeping function called from invalid
context"
- wifi: carl9170: add a proper sanity check for endpoints
- wifi: ar5523: enable proper endpoint verification
- sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe()
- Revert "sh: Handle calling csum_partial with misaligned data"
- HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors
- scsi: bfa: Ensure the copied buf is NUL terminated
- scsi: qedf: Ensure the copied buf is NUL terminated
- wifi: mwl8k: initialize cmd->addr[] properly
- usb: aqc111: stop lying about skb->truesize
- net: usb: sr9700: stop lying about skb->truesize
- m68k: Fix spinlock race in kernel thread creation
- m68k: mac: Fix reboot hang on Mac IIci
- net: ethernet: cortina: Locking fixes
- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
- net: usb: smsc95xx: stop lying about skb->truesize
- net: openvswitch: fix overwriting ct original tuple for ICMPv6
- ipv6: sr: add missing seg6_local_exit
- ipv6: sr: fix incorrect unregister order
- ipv6: sr: fix invalid unregister error path
- drm/amd/display: Fix potential index out of bounds in color transformation
function
- mtd: rawnand: hynix: fixed typo
- fbdev: shmobile: fix snprintf truncation
- drm/mediatek: Add 0 size check to mtk_drm_gem_obj
- powerpc/fsl-soc: hide unused const variable
- fbdev: sisfb: hide unused variables
- media: ngene: Add dvb_ca_en50221_init return value check
- media: radio-shark2: Avoid led_names truncations
- platform/x86: wmi: Make two functions static
- fbdev: sh7760fb: allow modular build
- drm/arm/malidp: fix a possible null pointer dereference
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
- drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector
- RDMA/hns: Use complete parentheses in macros
- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map
- ext4: avoid excessive credit estimate in ext4_tmpfile()
- sunrpc: removed redundant procp check
- SUNRPC: Fix gss_free_in_token_pages()
- selftests/kcmp: Make the test output consistent and clear
- selftests/kcmp: remove unused open mode
- RDMA/IPoIB: Fix format truncation compilation errors
- netrom: fix possible dead-lock in nr_rt_ioctl()
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
- sched/topology: Don't set SD_BALANCE_WAKE on cpuset domain relax
- sched/fair: Allow disabling sched_balance_newidle with
sched_relax_domain_level
- greybus: lights: check return of get_channel_from_mode
- soundwire: cadence/intel: simplify PDI/port mapping
- soundwire: intel: don't filter out PDI0/1
- soundwire: cadence_master: improve PDI allocation
- soundwire: cadence: fix invalid PDI offset
- dmaengine: idma64: Add check for dma_set_max_seg_size
- firmware: dmi-id: add a release callback function
- serial: max3100: Lock port->lock when calling uart_handle_cts_change()
- serial: max3100: Update uart_driver_registered on driver removal
- serial: max3100: Fix bitwise types
- greybus: arche-ctrl: move device table to its right location
- iio: pressure: dps310: support negative temperature values
- microblaze: Remove gcc flag for non existing early_printk.c file
- microblaze: Remove early printk call from cpuinfo-static.c
- usb: gadget: u_audio: Clear uac pointer when freed.
- stm class: Fix a double free in stm_register_device()
- ppdev: Remove usage of the deprecated ida_simple_xx() API
- ppdev: Add an error check in register_device
- extcon: max8997: select IRQ_DOMAIN instead of depending on it
- f2fs: fix to release node block count in error path of f2fs_new_node_page()
- serial: sh-sci: protect invalidating RXDMA on shutdown
- libsubcmd: Fix parse-options memory leak
- Input: ims-pcu - fix printf string overflow
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
- drm/msm/dpu: Always flush the slave INTF on the CTL
- um: Fix return value in ubd_init()
- um: Add winch to winch_handlers before registering winch IRQ
- media: stk1160: fix bounds checking in stk1160_copy_video()
- scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy()
- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp
- um: Fix the -Wmissing-prototypes warning for __switch_mm
- media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
- media: cec: cec-api: add locking in cec_release()
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION()
- x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when
UNWINDER_FRAME_POINTER=y
- [Config] Update CONFIG_ARCH_WANT_FRAME_POINTERS
- nfc: nci: Fix uninit-value in nci_rx_work
- sunrpc: fix NFSACL RPC retry on soft mount
- ipv6: sr: fix memleak in seg6_hmac_init_algo
- params: lift param_set_uint_minmax to common code
- tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
- openvswitch: Set the skbuff pkt_type for proper pmtud support.
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
- virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
- net: fec: avoid lock evasion when reading pps_enable
- nfc: nci: Fix kcov check in nci_rx_work()
- nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in
instance_destroy_rcu()
- spi: Don't mark message DMA mapped when no transfer in it is
- nvmet: fix ns enable/disable possible hang
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer
exhaustion
- dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
- enic: Validate length of nl attributes in enic_set_vf_port
- smsc95xx: remove redundant function arguments
- smsc95xx: use usbnet->driver_priv
- net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM
- net:fec: Add fec_enet_deinit()
- netfilter: tproxy: bail out if IP has been disabled on the device
- kconfig: fix comparison to constant symbols, 'm', 'n'
- spi: stm32: Don't warn about spurious interrupts
- ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
- ALSA: timer: Set lower bound of start tick time
- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
- SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
- binder: fix max_thread type inconsistency
- mmc: core: Do not force a retune before RPMB switch
- io_uring: fail NOP if non-zero op flags is passed in
- afs: Don't cross .backup mountpoint from backup volume
- nilfs2: fix use-after-free of timer for log writer thread
- vxlan: Fix regression when dropping packets due to invalid src addresses
- x86/mm: Remove broken vsyscall emulation code from the page fault code
- f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
- media: lgdt3306a: Add a check against null-pointer-def
- drm/amdgpu: add error handle to avoid out-of-bounds
- ata: pata_legacy: make legacy_exit() work again
- ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx
- arm64: tegra: Correct Tegra132 I2C alias
- md/raid5: fix deadlock that raid5d() wait for itself to clear
MD_SB_CHANGE_PENDING
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
- arm64: dts: hi3798cv200: fix the size of GICR
- media: mc: mark the media devnode as registered from the, start
- media: mxl5xx: Move xpt structures off stack
- media: v4l2-core: hold videodev_lock until dev reg, finishes
- fbdev: savage: Handle err return when savagefb_check_var failed
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
- crypto: ecrdsa - Fix module auto-load on add_key
- crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
- net/ipv6: Fix route deleting failure when metric equals 0
- net/9p: fix uninit-value in p9_client_rpc()
- intel_th: pci: Add Meteor Lake-S CPU support
- sparc64: Fix number of online CPUs
- kdb: Fix buffer overflow during tab-complete
- kdb: Use format-strings rather than '\0' injection in kdb_read()
- kdb: Fix console handling when editing and tab-completing commands
- kdb: Merge identical case statements in kdb_read()
- kdb: Use format-specifiers rather than memset() for padding in kdb_read()
- net: fix __dst_negative_advice() race
- xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
- sparc: move struct termio to asm/termios.h
- ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
- s390/ap: Fix crash in AP internal function modify_bitmap()
- nfs: fix undefined behavior in nfs_block_bits()
- Linux 5.4.278
* CVE-2024-27019
- netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
- netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
* CVE-2024-26886
- Bluetooth: af_bluetooth: Fix deadlock
* CVE-2023-52752
- smb: client: fix use-after-free bug in cifs_debug_data_proc_show()
* CVE-2022-48674
- erofs: fix pcluster use-after-free on UP platforms
* Focal update: v5.4.277 upstream stable release (LP: #2070179)
- pinctrl: core: handle radix_tree_insert() errors in
pinctrl_register_one_pin()
- ext4: fix bug_on in __es_tree_search
- Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"
- Revert "net: bcmgenet: use RGMII loopback for MAC reset"
- net: bcmgenet: keep MAC in reset until PHY is up
- net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access
- net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()
- net: bcmgenet: synchronize UMAC_CMD access
- smb: client: fix potential OOBs in smb2_parse_contexts()
- arm64: dts: qcom: Fix 'interrupt-map' parent address cells
- btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()
- drm/amdgpu: Fix possible NULL dereference in
amdgpu_ras_query_error_status_helper()
- usb: typec: ucsi: displayport: Fix potential deadlock
- serial: kgdboc: Fix NMI-safety problems from keyboard reset code
- docs: kernel_include.py: Cope with docutils 0.21
- Linux 5.4.277
* Focal update: v5.4.276 upstream stable release (LP: #2069758)
- dmaengine: pl330: issue_pending waits until WFP state
- dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state"
- wifi: nl80211: don't free NULL coalescing rule
- pinctrl: core: delete incorrect free in pinctrl_enable()
- pinctrl: mediatek: Check gpio pin number and use binary search in
mtk_hw_pin_field_lookup()
- pinctrl: mediatek: Supporting driving setting without mapping current to
register value
- pinctrl: mediatek: Refine mtk_pinconf_get() and mtk_pinconf_set()
- pinctrl: mediatek: Refine mtk_pinconf_get()
- pinctrl: mediatek: Backward compatible to previous Mediatek's bias-pull
usage
- pinctrl: mediatek: remove shadow variable declaration
- pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback
- pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic
- pinctrl: mediatek: paris: Rework support for
PIN_CONFIG_{INPUT,OUTPUT}_ENABLE
- sunrpc: add a struct rpc_stats arg to rpc_create_args
- nfs: expose /proc/net/sunrpc/nfs in net namespaces
- nfs: make the rpc_stat per net namespace
- nfs: Handle error of rpc_proc_register() in nfs_net_init().
- power: rt9455: hide unused rt9455_boost_voltage_values
- pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
- s390/mm: Fix storage key clearing for guest huge pages
- s390/mm: Fix clearing storage keys for huge pages
- bna: ensure the copied buf is NUL terminated
- nsh: Restore skb->{protocol,data,mac_header} for outer header in
nsh_gso_segment().
- net l2tp: drop flow hash on forward
- net: qede: use return from qede_parse_flow_attr() for flow_spec
- net: dsa: mv88e6xxx: Add number of MACs in the ATU
- net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341
- net: bridge: fix multicast-to-unicast with fraglist GSO
- tipc: fix a possible memleak in tipc_buf_append
- clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
- scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic
- gfs2: Fix invalid metadata access in punch_hole
- wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc
- wifi: cfg80211: fix rdev_dump_mpp() arguments order
- net: mark racy access on sk->sk_rcvbuf
- scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
- ALSA: line6: Zero-initialize message buffers
- net: bcmgenet: Reset RBUF on first open
- ata: sata_gemini: Check clk_enable() result
- firewire: ohci: mask bus reset interrupts between ISR and bottom half
- tools/power turbostat: Fix added raw MSR output
- tools/power turbostat: Fix Bzy_MHz documentation typo
- btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve
- btrfs: always clear PERTRANS metadata during commit
- scsi: target: Fix SELinux error when systemd-modules loads the target module
- gpu: host1x: Do not setup DMA for virtual devices
- MIPS: scall: Save thread_info.syscall unconditionally on entry
- selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior
- fs/9p: only translate RWX permissions for plain 9P2000
- fs/9p: translate O_TRUNC into OTRUNC
- 9p: explicitly deny setlease attempts
- gpio: wcove: Use -ENOTSUPP consistently
- gpio: crystalcove: Use -ENOTSUPP consistently
- clk: Don't hold prepare_lock when calling kref_put()
- fs/9p: drop inodes immediately on non-.L too
- net:usb:qmi_wwan: support Rolling modules
- pinctrl: mediatek: Fix fallback call path
- xfrm: Preserve vlan tags for transport mode software GRO
- tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
- rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
- phonet: fix rtm_phonet_notify() skb allocation
- net: bridge: fix corrupted ethernet header on multicast-to-unicast
- ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
- net: qede: sanitize 'rc' in qede_add_tc_flower_fltr()
- net: qede: use return from qede_parse_flow_attr() for flower
- firewire: nosy: ensure user_length is taken into account when fetching
packet contents
- usb: gadget: composite: fix OS descriptors w_value logic
- usb: gadget: f_fs: Fix a race condition when processing setup packets.
- tipc: fix UAF in error path
- dyndbg: fix old BUG_ON in >control parser
- drm/vmwgfx: Fix invalid reads in fence signaled events
- net: fix out-of-bounds access in ops_init
- regulator: core: fix debugfs creation regression
- pinctrl: mediatek: Fix fallback behavior for bias_set_combo
- pinctrl: mediatek: Fix some off by one bugs
- pinctrl: mediatek: remove set but not used variable 'e'
- pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback
- Linux 5.4.276
* Freezing user space processes failed after 20.008 seconds (1 tasks refusing
to freeze, wq_busy=0) (LP: #2061091)
- ALSA: Fix deadlocks with kctl removals at disconnection
* CVE-2024-36016
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
* CVE-2022-48655
- firmware: arm_scmi: Harden accesses to the reset domains
* CVE-2024-26907
- RDMA/mlx5: Fix fortify source warning while accessing Eth segment
* CVE-2024-26585
- tls: fix race between tx work scheduling and socket close
* CVE-2024-26584
- net: tls: handle backlogging of crypto requests
* CVE-2024-26583
- net/tls: Replace TLS_RX_SYNC_RUNNING with RCU
- net/tls: Fix use-after-free after the TLS device goes down and up
- tls: splice_read: fix record type check
- tls splice: remove inappropriate flags checking for MSG_PEEK
- tls: splice_read: fix accessing pre-processed records
- tls: Fix context leak on tls_device_down
- net/tls: Check for errors in tls_device_init
- net/tls: Remove the context from the list in tls_device_down
- net/tls: pass context to tls_device_decrypted()
- net/tls: Perform immediate device ctx cleanup when possible
- net/tls: Multi-threaded calls to TX tls_dev_del
- net: tls: avoid discarding data on record close
- tls: rx: don't store the record type in socket context
- tls: rx: don't store the decryption status in socket context
- tls: rx: don't issue wake ups when data is decrypted
- tls: rx: refactor decrypt_skb_update()
- tls: hw: rx: use return value of tls_device_decrypted() to carry status
- tls: rx: drop unnecessary arguments from tls_setup_from_iter()
- tls: rx: don't report text length from the bowels of decrypt
- tls: rx: wrap decryption arguments in a structure
- tls: rx: factor out writing ContentType to cmsg
- tls: rx: don't track the async count
- tls: rx: assume crypto always calls our callback
- tls: rx: use async as an in-out argument
- tls: decrement decrypt_pending if no async completion will be called
- net: tls: fix async vs NIC crypto offload
- tls: rx: simplify async wait
- tls: extract context alloc/initialization out of tls_set_sw_offload
- net: tls: factor out tls_*crypt_async_wait()
- tls: fix race between async notify and socket close
Date: 2024-07-17 18:01:10.204233+00:00
Changed-By: Jacob Martin <jacob.martin at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1097.101
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list