[ubuntu/focal-security] linux-aws 5.4.0-1126.136 (Accepted)
Andy Whitcroft
apw at canonical.com
Wed Jun 12 12:12:07 UTC 2024
linux-aws (5.4.0-1126.136) focal; urgency=medium
* focal/linux-aws: 5.4.0-1126.136 -proposed tracker (LP: #2063766)
[ Ubuntu: 5.4.0-186.206 ]
* focal/linux: 5.4.0-186.206 -proposed tracker (LP: #2063812)
* Mount CIFS fails with Permission denied (LP: #2061986)
- cifs: fix ntlmssp auth when there is no key exchange
* USB stick can't be detected (LP: #2040948)
- usb: Disable USB3 LPM at shutdown
* CVE-2024-26733
- net: dev: Convert sa_data to flexible array in struct sockaddr
- arp: Prevent overflow in arp_req_get().
- stddef: Introduce DECLARE_FLEX_ARRAY() helper
* CVE-2024-26712
- powerpc/kasan: Fix addr error caused by page alignment
* CVE-2023-52530
- wifi: mac80211: fix potential key use-after-free
* CVE-2021-47063
- drm: bridge/panel: Cleanup connector on bridge detach
* [Ubuntu 22.04.4/linux-image-6.5.0-26-generic] Kernel output "UBSAN: array-
index-out-of-bounds in /build/linux-hwe-6.5-34pCLi/linux-
hwe-6.5-6.5.0/drivers/net/hyperv/netvsc.c:1445:41" multiple times,
especially during boot. (LP: #2058477)
- hv: hyperv.h: Replace one-element array with flexible-array member
* CVE-2024-26614
- tcp: make sure init the accept_queue's spinlocks once
- ipv6: init the accept_queue's spinlocks in inet6_create
* Focal update: v5.4.271 upstream stable release (LP: #2060216)
- netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
- net: ip_tunnel: prevent perpetual headroom growth
- tun: Fix xdp_rxq_info's queue_index when detaching
- ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
- lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is
detected
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read
- Bluetooth: Avoid potential use-after-free in hci_error_reset
- Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
- Bluetooth: Enforce validation on max value of connection interval
- netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
- rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
- efi/capsule-loader: fix incorrect allocation size
- power: supply: bq27xxx-i2c: Do not free non existing IRQ
- ALSA: Drop leftover snd-rtctimer stuff from Makefile
- afs: Fix endless loop in directory parsing
- gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
- wifi: nl80211: reject iftype change with mesh ID change
- btrfs: dev-replace: properly validate device names
- dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
- dmaengine: fsl-qdma: init irq after reg initialization
- mmc: core: Fix eMMC initialization with 1-bit bus connection
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers
- cachefiles: fix memory leak in cachefiles_add_cache()
- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
- gpio: 74x164: Enable output pins after registers are reset
- Linux 5.4.271
* Focal update: v5.4.270 upstream stable release (LP: #2060019)
- KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table()
- KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
- net/sched: Retire CBQ qdisc
- [Config] updateconfigs for NET_SCH_CBQ
- net/sched: Retire ATM qdisc
- [Config] updateconfigs for NET_SCH_ATM
- net/sched: Retire dsmark qdisc
- [Config] updateconfigs for NET_SCH_DSMARK
- sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
- memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock()
- nilfs2: replace WARN_ONs for invalid DAT metadata block requests
- userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
- sched/rt: Fix sysctl_sched_rr_timeslice intial value
- sched/rt: Disallow writing invalid values to sched_rt_period_us
- scsi: target: core: Add TMF to tmr_list handling
- dmaengine: shdma: increase size of 'dev_id'
- dmaengine: fsl-qdma: increase size of 'irq_name'
- wifi: cfg80211: fix missing interfaces when dumping
- wifi: mac80211: fix race condition on enabling fast-xmit
- fbdev: savage: Error out if pixclock equals zero
- fbdev: sis: Error out if pixclock equals zero
- ahci: asm1166: correct count of reported ports
- ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers
- ext4: avoid allocating blocks from corrupted group in
ext4_mb_try_best_found()
- ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
- regulator: pwm-regulator: Add validity checks in continuous .get_voltage
- nvmet-tcp: fix nvme tcp ida memory leak
- ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
- netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in
sctp_new
- nvmet-fc: abort command when there is no binding
- hwmon: (coretemp) Enlarge per package core count limit
- scsi: lpfc: Use unsigned type for num_sge
- firewire: core: send bus reset promptly on gap count error
- virtio-blk: Ensure no requests in virtqueues before deleting vqs.
- s390/qeth: Fix potential loss of L3-IP@ in case of network issues
- pmdomain: renesas: r8a77980-sysc: CR7 must be always on
- tcp: factor out __tcp_close() helper
- tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit
- tcp: add annotations around sk->sk_shutdown accesses
- pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours
- pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
- spi: mt7621: Fix an error message in mt7621_spi_probe()
- net: bridge: clear bridge's private skb space on xmit
- selftests/bpf: Avoid running unprivileged tests with alignment requirements
- Revert "drm/sun4i: dsi: Change the start delay calculation"
- drm/amdgpu: Check for valid number of registers to read
- x86/alternatives: Disable KASAN in apply_alternatives()
- dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata()
- iomap: Set all uptodate bits for an Uptodate page
- drm/amdgpu: Fix type of second parameter in trans_msg() callback
- arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node
- PCI: tegra: Fix reporting GPIO error value
- PCI: tegra: Fix OF node reference leak
- IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
- dm-crypt: don't modify the data when using authenticated encryption
- gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
- PCI/MSI: Prevent MSI hardware interrupt number truncation
- l2tp: pass correct message length to ip6_append_data
- ARM: ep93xx: Add terminator to gpiod_lookup_table
- usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()
- usb: cdns3: fix memory double free when handle zero packet
- usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
- usb: roles: don't get/set_role() when usb_role_switch is unregistered
- IB/hfi1: Fix a memleak in init_credit_return
- RDMA/bnxt_re: Return error for SRQ resize
- RDMA/srpt: Make debug output more detailed
- RDMA/srpt: fix function pointer cast warnings
- scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions
- bpf, scripts: Correct GPL license name
- scsi: jazz_esp: Only build if SCSI core is builtin
- nouveau: fix function cast warnings
- ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid
- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
- afs: Increase buffer size in afs_update_volume_status()
- ipv6: sr: fix possible use-after-free and null-ptr-deref
- packet: move from strlcpy with unused retval to strscpy
- s390: use the correct count for __iowrite64_copy()
- tls: rx: jump to a more appropriate label
- tls: rx: drop pointless else after goto
- tls: stop recv() if initial process_rx_list gave us non-DATA
- netfilter: nf_tables: set dormant flag on hook register failure
- drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3
- drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set
- fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
- scripts/bpf: Fix xdp_md forward declaration typo
- Linux 5.4.270
* CVE-2023-47233
- wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
* CVE-2021-47070
- uio: uio_hv_generic: use devm_kzalloc() for private data alloc
- uio_hv_generic: Fix another memory leak in error handling paths
* CVE-2024-26622
- tomoyo: fix UAF write bug in tomoyo_write_control()
Date: 2024-05-10 15:52:12.423484+00:00
Changed-By: Philip Cox <philip.cox at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1126.136
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list