[ubuntu/focal-security] linux-kvm 5.4.0-1106.113 (Accepted)
Andy Whitcroft
apw at canonical.com
Wed Feb 7 18:57:07 UTC 2024
linux-kvm (5.4.0-1106.113) focal; urgency=medium
* focal/linux-kvm: 5.4.0-1106.113 -proposed tracker (LP: #2048272)
[ Ubuntu: 5.4.0-171.189 ]
* focal/linux: 5.4.0-171.189 -proposed tracker (LP: #2048282)
* Packaging resync (LP: #1786013)
- [Packaging] remove helper scripts
- [Packaging] update annotations scripts
- debian/dkms-versions -- update from kernel-versions (main/2024.01.08)
* Page fault in RDMA ODP triggers BUG_ON during MMU notifier registration
(LP: #2046534)
- RDMA/odp: Ensure the mm is still alive before creating an implicit child
* Hotplugging SCSI disk in QEMU VM fails (LP: #2047382)
- Revert "PCI: acpiphp: Reassign resources on bridge if necessary"
* CVE-2023-6040
- netfilter: nf_tables: Reject tables of unsupported family
* kernel_selftests failures on kernel-P10d-LPAR10.ppc64el.10
(LP: #2032641)
- selftests: Skip TM tests on synthetic TM implementations
* [Debian] autoreconstruct - Do not generate chmod -x for deleted files
(LP: #2045562)
- [Debian] autoreconstruct - Do not generate chmod -x for deleted files
* CVE-2023-6931
- perf/core: Add a new read format to get a number of lost samples
- perf: Fix perf_event_validate_size()
- perf: Fix perf_event_validate_size() lockdep splat
* CVE-2023-6932
- ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
* CVE-2023-6606
- smb: client: fix OOB in smbCalcSize()
* CVE-2023-45863
- kobject: Fix slab-out-of-bounds in fill_kobj_path()
* Focal update: v5.4.259 upstream stable release (LP: #2043724)
- RDMA/cxgb4: Check skb value for failure to allocate
- lib/test_meminit: fix off-by-one error in test_pages()
- pwm: hibvt: Explicitly set .polarity in .get_state()
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
- quota: Fix slow quotaoff
- net: prevent address rewrite in kernel_bind()
- drm: etvnaviv: fix bad backport leading to warning
- drm/msm/dsi: skip the wait for video mode done if not applicable
- ravb: Fix up dma_free_coherent() call in ravb_remove()
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe
- mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type
- xen-netback: use default TX queue size for vifs
- drm/vmwgfx: fix typo of sizeof argument
- ixgbe: fix crash with empty VF macvlan list
- net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()
- nfc: nci: assert requested protocol is valid
- workqueue: Override implicit ordered attribute in
workqueue_apply_unbound_cpumask()
- dmaengine: stm32-mdma: abort resume if no ongoing transfer
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer
- net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read
- usb: dwc3: Soft reset phy on probe for host
- usb: musb: Get the musb_qh poniter after musb_giveback
- usb: musb: Modify the "HWVers" register address
- iio: pressure: bmp280: Fix NULL pointer exception
- iio: pressure: dps310: Adjust Timeout Settings
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug
- mcb: remove is_added flag from mcb_device struct
- libceph: use kernel_connect()
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
- Input: powermate - fix use-after-free in powermate_config_complete
- Input: psmouse - fix fast_reconnect function for PS/2 mode
- Input: xpad - add PXN V900 support
- cgroup: Remove duplicates in cgroup v1 tasks file
- pinctrl: avoid unsafe code pattern in find_pinctrl()
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call
- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs
- dmaengine: mediatek: Fix deadlock caused by synchronize_irq()
- powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE
- powerpc/64e: Fix wrong test in __ptep_test_and_clear_young()
- ravb: Fix use-after-free issue in ravb_tx_timeout_work()
- Documentation: sysctl: align cells in second content column
- usb: hub: Guard against accesses to uninitialized BOS descriptors
- Bluetooth: hci_event: Ignore NULL link key
- Bluetooth: Reject connection with the device which has same BD_ADDR
- Bluetooth: Fix a refcnt underflow problem for hci_conn
- Bluetooth: vhci: Fix race when opening vhci device
- Bluetooth: hci_event: Fix coding style
- Bluetooth: avoid memcmp() out of bounds warning
- ice: fix over-shifted variable
- nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
- regmap: fix NULL deref on lookup
- KVM: x86: Mask LVTPC when handling a PMI
- netfilter: nft_payload: fix wrong mac header matching
- qed: fix LL2 RX buffer allocation
- xfrm: fix a data-race in xfrm_gen_index()
- xfrm: interface: use DEV_STATS_INC()
- net: ipv4: fix return value check in esp_remove_trailer
- net: ipv6: fix return value check in esp_remove_trailer
- net: rfkill: gpio: prevent value glitch during probe
- tcp: fix excessive TLP and RACK timeouts from HZ rounding
- tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb
- tun: prevent negative ifindex
- ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset()
- i40e: prevent crash on probe if hw registers have invalid values
- net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve
- neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section
- netfilter: nft_set_rbtree: .deactivate fails if element has expired
- net: pktgen: Fix interface flags printing
- resource: Add irqresource_disabled()
- ACPI: Drop acpi_dev_irqresource_disabled()
- ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA
- ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks
- ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA
- ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone
- btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1
- btrfs: initialize start_slot in btrfs_log_prealloc_extents
- i2c: mux: Avoid potential false error message in i2c_mux_add_adapter
- overlayfs: set ctime when setting mtime and atime
- gpio: timberdale: Fix potential deadlock on &tgpio->lock
- ata: libata-eh: Fix compilation warning in ata_eh_link_report()
- tracing: relax trace_event_eval_update() execution with cond_resched()
- HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event
- Bluetooth: Avoid redundant authentication
- Bluetooth: hci_core: Fix build warnings
- wifi: mac80211: allow transmitting EAPOL frames with tainted key
- wifi: cfg80211: avoid leaking stack data into trace
- regulator/core: Revert "fix kobject release warning and memory leak in
regulator_register()"
- sky2: Make sure there is at least one frag_addr available
- drm: panel-orientation-quirks: Add quirk for One Mix 2S
- btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c
- HID: multitouch: Add required quirk for Synaptics 0xcd7e device
- Bluetooth: hci_event: Fix using memcmp when comparing keys
- mtd: rawnand: qcom: Unmap the right resource upon probe failure
- mtd: spinand: micron: correct bitmask for ecc status
- mtd: physmap-core: Restore map_rom fallback
- mmc: core: sdio: hold retuning if sdio in 1-bit mode
- mmc: core: Capture correct oemid-bits for eMMC cards
- Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()"
- ACPI: irq: Fix incorrect return value in acpi_register_gsi()
- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition
- USB: serial: option: add entry for Sierra EM9191 with new firmware
- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL
- s390/pci: fix iommu bitmap allocation
- gpio: vf610: set value before the direction to avoid a glitch
- ASoC: pxa: fix a memory leak in probe()
- phy: mapphone-mdm6600: Fix runtime disable on probe
- phy: mapphone-mdm6600: Fix runtime PM for remove
- phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event
- Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
- xfrm6: fix inet6_dev refcount underflow problem
- Linux 5.4.259
* Focal update: v5.4.258 upstream stable release (LP: #2042107)
- NFS/pNFS: Report EINVAL errors from connect() to the server
- SUNRPC: Mark the cred for revalidation if the server rejects it
- tracing: Increase trace array ref count on enable and filter files
- ata: libahci: clear pending interrupt status
- ext4: remove the 'group' parameter of ext4_trim_extent
- ext4: add new helper interface ext4_try_to_trim_range()
- ext4: scope ret locally in ext4_try_to_trim_range()
- ext4: change s_last_trim_minblks type to unsigned long
- ext4: mark group as trimmed only if it was fully scanned
- ext4: replace the traditional ternary conditional operator with with
max()/min()
- ext4: move setting of trimmed bit into ext4_try_to_trim_range()
- ext4: do not let fstrim block system suspend
- ASoC: meson: spdifin: start hw on dai probe
- netfilter: nf_tables: disallow element removal on anonymous sets
- bpf: Avoid deadlock when using queue and stack maps from NMI
- selftests/tls: Add {} to avoid static checker warning
- selftests: tls: swap the TX and RX sockets in some tests
- ASoC: imx-audmix: Fix return error with devm_clk_get()
- i40e: Fix for persistent lldp support
- SAUCE: Revert "UBUNTU: SAUCE: i40e Fix GPF when deleting VMs"
- i40e: Remove scheduling while atomic possibility
- i40e: Fix warning message and call stack during rmmod i40e driver
- i40e: Fix VF VLAN offloading when port VLAN is configured
- powerpc/perf/hv-24x7: Update domain value check
- dccp: fix dccp_v4_err()/dccp_v6_err() again
- net: hns3: add 5ms delay before clear firmware reset irq source
- net: bridge: use DEV_STATS_INC()
- team: fix null-ptr-deref when team device type is changed
- net: rds: Fix possible NULL-pointer dereference
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe()
- i2c: mux: demux-pinctrl: check the return value of devm_kstrdup()
- Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN
- scsi: qla2xxx: Fix update_fcport for current_topology
- scsi: qla2xxx: Fix deletion race condition
- drm/amd/display: Reinstate LFC optimization
- drm/amd/display: Fix LFC multiplier changing erratically
- drm/amd/display: prevent potential division by zero errors
- ata: libata: disallow dev-initiated LPM transitions to unsupported states
- MIPS: Alchemy: only build mmc support helpers if au1xmmc is enabled
- clk: tegra: fix error return case for recalc_rate
- ARM: dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot
- bus: ti-sysc: Fix SYSC_QUIRK_SWSUP_SIDLE_ACT handling for uart wake-up
- xtensa: add default definition for XCHAL_HAVE_DIV32
- xtensa: iss/network: make functions static
- xtensa: boot: don't add include-dirs
- xtensa: boot/lib: fix function prototypes
- gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip
- parisc: sba: Fix compile warning wrt list of SBA devices
- parisc: iosapic.c: Fix sparse warnings
- parisc: drivers: Fix sparse warning
- parisc: irq: Make irq_stack_union static to avoid sparse warning
- selftests/ftrace: Correctly enable event in instance-event.tc
- ring-buffer: Avoid softlockup in ring_buffer_resize()
- ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset()
- spi: nxp-fspi: reset the FLSHxCR1 registers
- bpf: Clarify error expectations from bpf_clone_redirect
- powerpc/watchpoints: Annotate atomic context in more places
- ncsi: Propagate carrier gain/loss events to the NCSI controller
- fbdev/sh7760fb: Depend on FB=y
- nvme-pci: do not set the NUMA node of device if it has none
- watchdog: iTCO_wdt: No need to stop the timer in probe
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running
- i40e: improve locking of mac_filter_hash
- i40e: always propagate error value in i40e_set_vsi_promisc()
- i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc
- smack: Record transmuting in smk_transmuted
- smack: Retrieve transmuting information in smack_inode_getsecurity()
- Smack:- Use overlay inode label in smack_inode_copy_up()
- serial: 8250_port: Check IRQ data before use
- nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
- ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre
M70q
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES
- i2c: i801: unregister tco_pdev in i801_probe() error path
- ring-buffer: Update "shortest_full" in polling
- btrfs: properly report 0 avail for very full file systems
- net: thunderbolt: Fix TCPv6 GSO checksum calculation
- ata: libata-core: Fix ata_port_request_pm() locking
- ata: libata-core: Fix port and device removal
- ata: libata-core: Do not register PM operations for SAS ports
- ata: libata-sata: increase PMP SRST timeout to 10s
- fs: binfmt_elf_efpic: fix personality for ELF-FDPIC
- rbd: move rbd_dev_refresh() definition
- rbd: decouple header read-in from updating rbd_dev->header
- rbd: decouple parent info read-in from updating rbd_dev
- rbd: take header_rwsem in rbd_dev_refresh() only when updating
- Revert "PCI: qcom: Disable write access to read only registers for IP
v2.3.3"
- scsi: zfcp: Fix a double put in zfcp_port_enqueue()
- qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info
- wifi: mwifiex: Fix tlv_buf_left calculation
- net: replace calls to sock->ops->connect() with kernel_connect()
- net: prevent rewrite of msg_name in sock_sendmsg()
- wifi: iwlwifi: dbg_ini: fix structure packing
- wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet
- drivers/net: process the result of hdlc_open() and add call of hdlc_close()
in uhdlc_close()
- wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling
- regmap: rbtree: Fix wrong register marked as in-cache when creating new node
- ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig
- scsi: target: core: Fix deadlock due to recursive locking
- NFS4: Trace state recovery operation
- NFS: Add a helper nfs_client_for_each_server()
- NFSv4: Fix a nfs4_state_manager() race
- modpost: add missing else to the "of" check
- net: fix possible store tearing in neigh_periodic_work()
- ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()
- net: dsa: mv88e6xxx: Avoid EEPROM timeout when EEPROM is absent
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg
- net: nfc: llcp: Add lock when modifying device list
- netfilter: handle the connecting collision properly in
nf_conntrack_proto_sctp
- net: stmmac: dwmac-stm32: fix resume on STM32 MCU
- tcp: fix quick-ack counting to count actual ACKs of new data
- tcp: fix delayed ACKs for MSS boundary condition
- sctp: update transport state when processing a dupcook packet
- sctp: update hb timer immediately after users change hb_interval
- cpupower: add Makefile dependencies for install targets
- RDMA/core: Require admin capabilities to set system parameters
- IB/mlx4: Fix the size of a buffer in add_port_entries()
- gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config()
- gpio: pxa: disable pinctrl calls for MMP_GPIO
- RDMA/cma: Fix truncation compilation warning in make_cma_ports
- RDMA/uverbs: Fix typo of sizeof argument
- RDMA/siw: Fix connection failure handling
- RDMA/mlx5: Fix NULL string error
- parisc: Restore __ldcw_align for PA-RISC 2.0 processors
- NFS: Fix a race in __nfs_list_for_each_server()
- ima: rework CONFIG_IMA dependency block
- [Config] Update IMA_BLACKLIST_KEYRING and IMA_LOAD_X509
- xen/events: replace evtchn_rwlock with RCU
- Linux 5.4.258
Date: 2024-01-22 13:02:13.233926+00:00
Changed-By: Kevin Becker <kevin.becker at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1106.113
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list