[ubuntu/focal-security] linux 5.4.0-173.191 (Accepted)
Andy Whitcroft
apw at canonical.com
Wed Mar 6 16:28:44 UTC 2024
linux (5.4.0-173.191) focal; urgency=medium
* focal/linux: 5.4.0-173.191 -proposed tracker (LP: #2052135)
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2024.02.05)
* CVE-2023-0340
- vhost: use kzalloc() instead of kmalloc() followed by memset()
* CVE-2023-6915
- ida: Fix crash in ida_free when the bitmap is empty
* Focal update: v5.4.265 upstream stable release (LP: #2051644)
- afs: Fix refcount underflow from error handling race
- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX
- qca_debug: Prevent crash on TX ring changes
- qca_debug: Fix ethtool -G iface tx behavior
- qca_spi: Fix reset behavior
- atm: solos-pci: Fix potential deadlock on &cli_queue_lock
- atm: solos-pci: Fix potential deadlock on &tx_queue_lock
- atm: Fix Use-After-Free in do_vcc_ioctl
- qed: Fix a potential use-after-free in qed_cxt_tables_alloc
- net: Remove acked SYN flag from packet in the transmit queue correctly
- sign-file: Fix incorrect return values check
- vsock/virtio: Fix unsigned integer wrap around in
virtio_transport_has_space()
- net: stmmac: use dev_err_probe() for reporting mdio bus registration failure
- net: stmmac: Handle disabled MDIO busses from devicetree
- cred: switch to using atomic_long_t
- ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants
- usb: aqc111: check packet for fixup for true limit
- blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock
required!"
- bcache: avoid oversize memory allocation by small stripe_size
- bcache: add code comments for bch_btree_node_get() and
__bch_btree_node_alloc()
- bcache: avoid NULL checking to c->root in run_cache_set()
- platform/x86: intel_telemetry: Fix kernel doc descriptions
- HID: add ALWAYS_POLL quirk for Apple kb
- HID: hid-asus: reset the backlight brightness level on resume
- HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad
- asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation
- net: usb: qmi_wwan: claim interface 4 for ZTE MF290
- HID: hid-asus: add const to read-only outgoing usb buffer
- soundwire: stream: fix NULL pointer dereference for multi_link
- ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS
- arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify
- team: Fix use-after-free when an option instance allocation fails
- ring-buffer: Fix memory leak of free page
- mmc: block: Be sure to wait while busy in CQE error recovery
- powerpc/ftrace: Create a dummy stackframe to fix stack unwind
- powerpc/ftrace: Fix stack teardown in ftrace_no_trace
- Linux 5.4.265
* Focal update: v5.4.264 upstream stable release (LP: #2049935)
- hrtimers: Push pending hrtimers away from outgoing CPU earlier
- netfilter: ipset: fix race condition between swap/destroy and kernel side
add/del/test
- tg3: Move the [rt]x_dropped counters to tg3_napi
- tg3: Increment tx_dropped in tg3_tso_bug()
- kconfig: fix memory leak from range properties
- drm/amdgpu: correct chunk_ptr to a pointer to chunk.
- of: base: Add of_get_cpu_state_node() to get idle states for a CPU node
- ACPI/IORT: Make iort_get_device_domain IRQ domain agnostic
- ACPI/IORT: Make iort_msi_map_rid() PCI agnostic
- of/iommu: Make of_map_rid() PCI agnostic
- of/irq: make of_msi_map_get_device_domain() bus agnostic
- of/irq: Make of_msi_map_rid() PCI bus agnostic
- of: base: Fix some formatting issues and provide missing descriptions
- of: Fix kerneldoc output formatting
- of: Add missing 'Return' section in kerneldoc comments
- of: dynamic: Fix of_reconfig_get_state_change() return value documentation
- ipv6: fix potential NULL deref in fib6_add()
- hv_netvsc: rndis_filter needs to select NLS
- net: arcnet: Fix RESET flag handling
- net: arcnet: com20020 fix error handling
- arcnet: restoring support for multiple Sohard Arcnet cards
- ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit()
- net: hns: fix fake link up on xge port
- netfilter: xt_owner: Fix for unsafe access of sk->sk_socket
- tcp: do not accept ACK of bytes we never sent
- bpf: sockmap, updating the sg structure should also update curr
- RDMA/bnxt_re: Correct module description string
- hwmon: (acpi_power_meter) Fix 4.29 MW bug
- ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate
- tracing: Fix a warning when allocating buffered events fails
- scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle()
- ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init
- ARM: dts: imx: make gpt node name generic
- ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt
- ALSA: pcm: fix out-of-bounds in snd_pcm_state_names
- nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage()
- tracing: Always update snapshot buffer size
- tracing: Fix incomplete locking when disabling buffered events
- tracing: Fix a possible race when disabling buffered events
- packet: Move reference count in packet_sock to atomic_long_t
- arm64: dts: mediatek: mt7622: fix memory node warning check
- arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names
- gpiolib: sysfs: Fix error handling on failed export
- mmc: core: add helpers mmc_regulator_enable/disable_vqmmc
- mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled
- usb: gadget: f_hid: fix report descriptor allocation
- parport: Add support for Brainboxes IX/UC/PX parallel cards
- usb: typec: class: fix typec_altmode_put_partner to put plugs
- ARM: PL011: Fix DMA support
- serial: sc16is7xx: address RX timeout interrupt errata
- serial: 8250_omap: Add earlycon support for the AM654 UART controller
- x86/CPU/AMD: Check vendor in the AMD microcode callback
- KVM: s390/mm: Properly reset no-dat
- nilfs2: fix missing error check for sb_set_blocksize call
- io_uring/af_unix: disable sending io_uring over sockets
- netlink: don't call ->netlink_bind with table lock held
- genetlink: add CAP_NET_ADMIN test for multicast bind
- psample: Require 'CAP_NET_ADMIN' when joining "packets" group
- drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group
- tools headers UAPI: Sync linux/perf_event.h with the kernel sources
- cifs: Fix non-availability of dedup breaking generic/304
- smb: client: fix potential NULL deref in parse_dfs_referrals()
- devcoredump : Serialize devcd_del work
- devcoredump: Send uevent once devcd is ready
- Linux 5.4.264
* CVE-2024-0646
- net: tls, update curr on splice as well
* CVE-2024-0565
- smb: client: fix OOB in receive_encrypted_standard()
* CVE-2023-51781
- appletalk: Fix Use-After-Free in atalk_ioctl
* CVE-2023-51782
- net/rose: Fix Use-After-Free in rose_ioctl
* Focal update: v5.4.263 upstream stable release (LP: #2049084)
- driver core: Release all resources during unbind before updating device
links
- RDMA/irdma: Prevent zero-length STAG registration
- PCI: keystone: Drop __init from ks_pcie_add_pcie_{ep,port}()
- afs: Make error on cell lookup failure consistent with OpenAFS
- drm/panel: simple: Fix Innolux G101ICE-L01 bus flags
- drm/panel: simple: Fix Innolux G101ICE-L01 timings
- ata: pata_isapnp: Add missing error check for devm_ioport_map()
- drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full
- HID: core: store the unique system identifier in hid_device
- HID: fix HID device resource race between HID core and debugging support
- ipv4: Correct/silence an endian warning in __ip_do_redirect
- net: usb: ax88179_178a: fix failed operations during ax88179_reset
- arm/xen: fix xen_vcpu_info allocation alignment
- amd-xgbe: handle corner-case during sfp hotplug
- amd-xgbe: handle the corner-case during tx completion
- amd-xgbe: propagate the correct speed and duplex status
- net: axienet: Fix check for partial TX checksum
- afs: Return ENOENT if no cell DNS record can be found
- afs: Fix file locking on R/O volumes to operate in local mode
- nvmet: remove unnecessary ctrl parameter
- nvmet: nul-terminate the NQNs passed in the connect command
- MIPS: KVM: Fix a build warning about variable set but not used
- ext4: add a new helper to check if es must be kept
- ext4: factor out __es_alloc_extent() and __es_free_extent()
- ext4: use pre-allocated es in __es_insert_extent()
- ext4: use pre-allocated es in __es_remove_extent()
- ext4: using nofail preallocation in ext4_es_remove_extent()
- ext4: using nofail preallocation in ext4_es_insert_delayed_block()
- ext4: using nofail preallocation in ext4_es_insert_extent()
- ext4: fix slab-use-after-free in ext4_es_insert_extent()
- ext4: make sure allocate pending entry not fail
- arm64: cpufeature: Extract capped perfmon fields
- KVM: arm64: limit PMU version to PMUv3 for ARMv8.1
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in
btree_gc_coalesce()
- s390/dasd: protect device queue against concurrent access
- USB: serial: option: add Luat Air72*U series products
- hv_netvsc: Fix race of register_netdevice_notifier and VF register
- hv_netvsc: Mark VF as slave before exposing it to user-mode
- dm-delay: fix a race between delay_presuspend and delay_bio
- bcache: check return value from btree_node_alloc_replacement()
- bcache: prevent potential division by zero error
- USB: serial: option: add Fibocom L7xx modules
- USB: serial: option: fix FM101R-GL defines
- USB: serial: option: don't claim interface 4 for ZTE MF290
- USB: dwc2: write HCINT with INTMASK applied
- usb: dwc3: set the dma max_seg_size
- USB: dwc3: qcom: fix resource leaks on probe deferral
- USB: dwc3: qcom: fix wakeup after probe deferral
- io_uring: fix off-by one bvec index
- pinctrl: avoid reload of p state in list iteration
- firewire: core: fix possible memory leak in create_units()
- mmc: block: Do not lose cache flush during CQE error recovery
- ALSA: hda: Disable power-save on KONTRON SinglePC
- ALSA: hda/realtek: Headset Mic VREF to 100%
- ALSA: hda/realtek: Add supported ALC257 for ChromeOS
- dm-verity: align struct dm_verity_fec_io properly
- dm verity: don't perform FEC for failed readahead IO
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR
- powerpc: Don't clobber f0/vs0 during fp|altivec register save
- btrfs: fix off-by-one when checking chunk map includes logical address
- btrfs: send: ensure send_fd is writable
- btrfs: make error messages more clear when getting a chunk map
- Input: xpad - add HyperX Clutch Gladiate Support
- net: stmmac: xgmac: Disable FPE MMC interrupts
- ravb: Fix races between ravb_tx_timeout_work() and net related ops
- net: ravb: Use pm_runtime_resume_and_get()
- net: ravb: Start TX queues after HW initialization succeeded
- smb3: fix touch -h of symlink
- s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family
- s390/cmma: fix detection of DAT pages
- mtd: cfi_cmdset_0001: Support the absence of protection registers
- mtd: cfi_cmdset_0001: Byte swap OTP info
- fbdev: stifb: Make the STI next font pointer a 32-bit signed offset
- ima: annotate iint mutex to avoid lockdep false positive warnings
- ovl: skip overlayfs superblocks at global sync
- ima: detect changes to the backing overlay file
- scsi: qla2xxx: Simplify the code for aborting SCSI commands
- scsi: core: Introduce the scsi_cmd_to_rq() function
- scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
- scsi: qla2xxx: Fix system crash due to bad pointer access
- cpufreq: imx6q: don't warn for disabling a non-existing frequency
- cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily
- mmc: cqhci: Increase recovery halt timeout
- mmc: cqhci: Warn of halt or task clear failure
- mmc: cqhci: Fix task clearing in CQE error recovery
- mmc: core: convert comma to semicolon
- mmc: block: Retry commands in CQE error recovery
- Linux 5.4.263
* Focal update: v5.4.262 upstream stable release (LP: #2049069)
- locking/ww_mutex/test: Fix potential workqueue corruption
- perf/core: Bail out early if the request AUX area is out of bound
- clocksource/drivers/timer-imx-gpt: Fix potential memory leak
- clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
- x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
- wifi: mac80211_hwsim: fix clang-specific fortify warning
- wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
- wifi: ath9k: fix clang-specific fortify warnings
- wifi: ath10k: fix clang-specific fortify warning
- net: annotate data-races around sk->sk_tx_queue_mapping
- net: annotate data-races around sk->sk_dst_pending_confirm
- wifi: ath10k: Don't touch the CE interrupt registers after power up
- Bluetooth: Fix double free in hci_conn_cleanup
- platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
- drm/komeda: drop all currently held locks if deadlock happens
- drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
- drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
- drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
- selftests/efivarfs: create-read: fix a resource leak
- crypto: pcrypt - Fix hungtask for PADATA_RESET
- RDMA/hfi1: Use FIELD_GET() to extract Link Width
- fs/jfs: Add check for negative db_l2nbperpage
- fs/jfs: Add validity check for db_maxag and db_agpref
- jfs: fix array-index-out-of-bounds in dbFindLeaf
- jfs: fix array-index-out-of-bounds in diAlloc
- ARM: 9320/1: fix stack depot IRQ stack filter
- ALSA: hda: Fix possible null-ptr-deref when assigning a stream
- PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields
- atm: iphase: Do PCI error checks on own line
- scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
- HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W
- tty: vcc: Add check for kstrdup() in vcc_probe()
- usb: gadget: f_ncm: Always set current gadget in ncm_bind()
- i2c: sun6i-p2wi: Prevent potential division by zero
- media: gspca: cpia1: shift-out-of-bounds in set_flicker
- media: vivid: avoid integer overflow
- gfs2: ignore negated quota changes
- media: cobalt: Use FIELD_GET() to extract Link Width
- drm/amd/display: Avoid NULL dereference of timing generator
- kgdb: Flush console before entering kgdb on panic
- ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings
- pwm: Fix double shift bug
- wifi: iwlwifi: Use FW rate for non-data frames
- NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO
- ipvlan: add ipvlan_route_v6_outbound() helper
- tty: Fix uninit-value access in ppp_sync_receive()
- net: hns3: fix variable may not initialized problem in hns3_init_mac_addr()
- tipc: Fix kernel-infoleak due to uninitialized TLV value
- ppp: limit MRU to 64K
- xen/events: fix delayed eoi list handling
- ptp: annotate data-race around q->head and q->tail
- bonding: stop the device in bond_setup_by_slave()
- net: ethernet: cortina: Fix max RX frame define
- net: ethernet: cortina: Handle large frames
- net: ethernet: cortina: Fix MTU max setting
- netfilter: nf_conntrack_bridge: initialize err to 0
- net: stmmac: Rework stmmac_rx()
- net: stmmac: fix rx budget limit check
- net/mlx5_core: Clean driver version and name
- net/mlx5e: Check return value of snprintf writing to fw_version buffer for
representors
- macvlan: Don't propagate promisc change to lower dev in passthru
- tools/power/turbostat: Fix a knl bug
- cifs: spnego: add ';' in HOST_KEY_LEN
- media: venus: hfi: add checks to perform sanity on queue pointers
- randstruct: Fix gcc-plugin performance mode to stay in group
- bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END
- scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for
selected registers
- x86/cpu/hygon: Fix the CPU topology evaluation for real
- KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space
- KVM: x86: Ignore MSR_AMD64_TW_CFG access
- audit: don't take task_lock() in audit_exe_compare() code path
- audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()
- hvc/xen: fix error path in xen_hvc_init() to always register frontend driver
- PCI/sysfs: Protect driver's D3cold preference from user space
- ACPI: resource: Do IRQ override on TongFang GMxXGxx
- mmc: meson-gx: Remove setting of CMD_CFG_ERROR
- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware
- PCI: keystone: Don't discard .remove() callback
- PCI: keystone: Don't discard .probe() callback
- parisc/pdc: Add width field to struct pdc_model
- clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks
- mmc: vub300: fix an error code
- PM: hibernate: Use __get_safe_page() rather than touching the list
- PM: hibernate: Clean up sync_read handling in snapshot_write_next()
- btrfs: don't arbitrarily slow down delalloc if we're committing
- jbd2: fix potential data lost in recovering journal raced with synchronizing
fs bdev
- quota: explicitly forbid quota files from being encrypted
- kernel/reboot: emergency_restart: Set correct system_state
- i2c: core: Run atomic i2c xfer when !preemptible
- mcb: fix error handling for different scenarios when parsing
- dmaengine: stm32-mdma: correct desc prep when channel running
- mm/cma: use nth_page() in place of direct struct page manipulation
- i3c: master: cdns: Fix reading status register
- parisc: Prevent booting 64-bit kernels on PA1.x machines
- parisc/pgtable: Do not drop upper 5 address bits of physical address
- ALSA: info: Fix potential deadlock at disconnection
- ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC
- serial: meson: remove redundant initialization of variable id
- tty: serial: meson: retrieve port FIFO size from DT
- serial: meson: Use platform_get_irq() to get the interrupt
- tty: serial: meson: fix hard LOCKUP on crtscts mode
- Bluetooth: btusb: add Realtek 8822CE to usb_device_id table
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559
- bluetooth: Add device 0bda:887b to device tables
- bluetooth: Add device 13d3:3571 to device tables
- Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables
- Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE
- Revert ncsi: Propagate carrier gain/loss events to the NCSI controller
- net: dsa: lan9303: consequently nested-lock physical MDIO
- i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
- media: lirc: drop trailing space from scancode transmit
- media: sharp: fix sharp encoding
- media: venus: hfi_parser: Add check to keep the number of codecs within
range
- media: venus: hfi: fix the check to handle session buffer requirement
- media: venus: hfi: add checks to handle capabilities from firmware
- nfsd: fix file memleak on client_opens_release
- ext4: apply umask if ACL support is disabled
- ext4: correct offset of gdb backup in non meta_bg group to update_backups
- ext4: correct return value of ext4_convert_meta_bg
- ext4: correct the start block of counting reserved clusters
- ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
- drm/amdgpu: fix error handling in amdgpu_bo_list_get()
- tracing: Have trace_event_file have ref counters
- netfilter: nf_tables: pass context to nft_set_destroy()
- netfilter: nftables: rename set element data activation/deactivation
functions
- netfilter: nf_tables: drop map element references from preparation phase
- netfilter: nft_set_rbtree: Switch to node list walk for overlap detection
- netfilter: nft_set_rbtree: fix null deref on element insertion
- netfilter: nft_set_rbtree: fix overlap expiration walk
- netfilter: nf_tables: don't skip expired elements during walk
- netfilter: nf_tables: GC transaction API to avoid race with control plane
- netfilter: nf_tables: adapt set backend to use GC transaction API
- netfilter: nft_set_hash: mark set element as dead when deleting from packet
path
- netfilter: nf_tables: remove busy mark and gc batch API
- netfilter: nf_tables: fix GC transaction races with netns and netlink event
exit path
- netfilter: nf_tables: GC transaction race with netns dismantle
- netfilter: nf_tables: GC transaction race with abort path
- netfilter: nf_tables: use correct lock to protect gc_list
- netfilter: nf_tables: defer gc run if previous batch is still pending
- netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
- netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention
- netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration
- netfilter: nf_tables: fix memleak when more than 255 elements expired
- netfilter: nf_tables: unregister flowtable hooks on netns exit
- netfilter: nf_tables: double hook unregistration in netns path
- netfilter: nftables: update table flags from the commit phase
- netfilter: nf_tables: fix table flag updates
- netfilter: nf_tables: disable toggling dormant table state more than once
- netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for
5.4)
- Linux 5.4.262
* Focal update: v5.4.261 upstream stable release (LP: #2049049)
- vfs: fix readahead(2) on block devices
- genirq/matrix: Exclude managed interrupts in irq_matrix_allocated()
- i40e: fix potential memory leaks in i40e_remove()
- tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed
- wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
- wifi: mt76: mt7603: rework/fix rx pse hang check
- tcp_metrics: add missing barriers on delete
- tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics()
- tcp_metrics: do not create an entry from tcp_init_metrics()
- wifi: rtlwifi: fix EDCA limit set by BT coexistence
- can: dev: can_restart(): don't crash kernel if carrier is OK
- can: dev: can_restart(): fix race condition between controller restart and
netif_carrier_on()
- thermal: core: prevent potential string overflow
- r8169: use tp_to_dev instead of open code
- r8169: fix rare issue with broken rx after link-down on RTL8125
- chtls: fix tp->rcv_tstamp initialization
- tcp: Remove one extra ktime_get_ns() from cookie_init_timestamp
- tcp: fix cookie_init_timestamp() overflows
- ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias()
- ipv6: avoid atomic fragment on GSO packets
- net: add DEV_STATS_READ() helper
- ipvlan: properly track tx_errors
- regmap: debugfs: Fix a erroneous check after snprintf()
- clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
- clk: qcom: gcc-sm8150: use ARRAY_SIZE instead of specifying num_parents
- clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src
- clk: imx: Select MXC_CLK for CLK_IMX8QXP
- clk: keystone: pll: fix a couple NULL vs IS_ERR() checks
- clk: npcm7xx: Fix incorrect kfree
- clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data
- clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
- clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data
- clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data
- clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
- platform/x86: wmi: Fix probe failure when failing to register WMI devices
- platform/x86: wmi: remove unnecessary initializations
- platform/x86: wmi: Fix opening of char device
- hwmon: (coretemp) Fix potentially truncated sysfs attribute name
- drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs
- drm/rockchip: vop: Fix call to crtc reset helper
- drm/radeon: possible buffer overflow
- drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe()
- arm64: dts: qcom: sdm845-mtp: fix WiFi configuration
- ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator
- soc: qcom: llcc cleanup to get rid of sdm845 specific driver file
- [Config] remove CONFIG_QCOM_SDM845_LLCC
- soc: qcom: Rename llcc-slice to llcc-qcom
- [Config] remove llcc-slice module
- soc: qcom: llcc: Handle a second device without data corruption
- firmware: ti_sci: Replace HTTP links with HTTPS ones
- firmware: ti_sci: Mark driver as non removable
- clk: scmi: Free scmi_clk allocated when the clocks with invalid info are
skipped
- hwrng: geode - fix accessing registers
- libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return
value
- sched/rt: Provide migrate_disable/enable() inlines
- nd_btt: Make BTT lanes preemptible
- crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure
- crypto: caam/jr - fix Chacha20 + Poly1305 self test failure
- HID: cp2112: Use irqchip template
- hid: cp2112: Fix duplicate workqueue initialization
- ARM: 9321/1: memset: cast the constant byte to unsigned char
- ext4: move 'ix' sanity check to corrent position
- scsi: ufs: core: Leave space for '\0' in utf8 desc string
- RDMA/hfi1: Workaround truncation compilation error
- sh: bios: Revive earlyprintk support
- ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails
- ASoC: ams-delta.c: use component after check
- mfd: dln2: Fix double put in dln2_probe
- leds: pwm: simplify if condition
- leds: pwm: convert to atomic PWM API
- leds: pwm: Don't disable the PWM when the LED should be off
- ledtrig-cpu: Limit to 8 CPUs
- leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
- tty: tty_jobctrl: fix pid memleak in disassociate_ctty()
- usb: dwc2: fix possible NULL pointer dereference caused by driver
concurrency
- dmaengine: ti: edma: handle irq_of_parse_and_map() errors
- misc: st_core: Do not call kfree_skb() under spin_lock_irqsave()
- tools: iio: privatize globals and functions in iio_generic_buffer.c file
- tools: iio: iio_generic_buffer: Fix some integer type and calculation
- tools: iio: iio_generic_buffer ensure alignment
- USB: usbip: fix stub_dev hub disconnect
- dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc()
- f2fs: fix to initialize map.m_pblk in f2fs_precache_extents()
- modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host
- powerpc/xive: Fix endian conversion size
- powerpc/imc-pmu: Use the correct spinlock initializer.
- powerpc/pseries: fix potential memory leak in init_cpu_associativity()
- i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs
- rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call
- pcmcia: cs: fix possible hung task and memory leak pccardd()
- pcmcia: ds: fix refcount leak in pcmcia_device_add()
- pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
- media: bttv: fix use after free error due to btv->timeout timer
- media: s3c-camif: Avoid inappropriate kfree()
- media: dvb-usb-v2: af9035: fix missing unlock
- regmap: prevent noinc writes from clobbering cache
- pwm: sti: Avoid conditional gotos
- pwm: sti: Reduce number of allocations and drop usage of chip_data
- pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume
- Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
- llc: verify mac len before reading mac header
- tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
- inet: shrink struct flowi_common
- dccp: Call security_inet_conn_request() after setting IPv4 addresses.
- dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses.
- Fix termination state for idr_for_each_entry_ul()
- net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs
- net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT
- tg3: power down device only on SYSTEM_POWER_OFF
- r8169: respect userspace disabling IFF_MULTICAST
- netfilter: xt_recent: fix (increase) ipv6 literal buffer length
- netfilter: nft_redir: use `struct nf_nat_range2` throughout and deduplicate
eval call-backs
- netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses
- drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE
- spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies
- fbdev: imsttfb: Fix error path of imsttfb_probe()
- fbdev: imsttfb: fix a resource leak in probe
- fbdev: fsl-diu-fb: mark wr_reg_wa() static
- Revert "mmc: core: Capture correct oemid-bits for eMMC cards"
- btrfs: use u64 for buffer sizes in the tree search ioctls
- Linux 5.4.261
* Focal update: v5.4.260 upstream stable release (LP: #2049024)
- mtd: rawnand: marvell: Ensure program page operations are successful
- selftests/ftrace: Add new test case which checks non unique symbol
- mcb: Return actual parsed size when reading chameleon table
- mcb-lpc: Reallocate memory region to avoid memory overlapping
- virtio_balloon: Fix endless deflation and inflation on arm64
- virtio-mmio: fix memory leak of vm_dev
- r8169: fix the KCSAN reported data-race in rtl_tx while reading
TxDescArray[entry].opts1
- r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1
- treewide: Spelling fix in comment
- igb: Fix potential memory leak in igb_add_ethtool_nfc_entry
- neighbour: fix various data-races
- igc: Fix ambiguity in the ethtool advertising
- net: ieee802154: adf7242: Fix some potential buffer overflow in
adf7242_stats_show()
- r8152: Increase USB control msg timeout to 5000ms as per spec
- r8152: Run the unload routine if we have errors during probe
- r8152: Cancel hw_phy_work if we have an error in probe
- tcp: fix wrong RTO timeout when received SACK reneging
- gtp: uapi: fix GTPA_MAX
- gtp: fix fragmentation needed check with gso
- iio: exynos-adc: request second interupt only when touchscreen mode is used
- i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node()
- i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node()
- i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node()
- i2c: stm32f7: Fix PEC handling in case of SMBUS transfers
- i2c: aspeed: Fix i2c bus hang in slave read
- nvmem: imx: correct nregs for i.MX6ULL
- nvmem: imx: correct nregs for i.MX6SLL
- nvmem: imx: correct nregs for i.MX6UL
- perf/core: Fix potential NULL deref
- clk: Sanitize possible_parent_show to Handle Return Value of
of_clk_get_parent_name
- i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR
- x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility
- drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper()
- arm64: fix a concurrency issue in emulation_proc_handler()
- smbdirect: missing rc checks while waiting for rdma events
- f2fs: fix to do sanity check on inode type during garbage collection
- nfsd: lock_rename() needs both directories to live on the same fs
- x86/mm: Simplify RESERVE_BRK()
- x86/mm: Fix RESERVE_BRK() for older binutils
- ext4: add two helper functions extent_logical_end() and pa_logical_end()
- ext4: avoid overlapping preallocations due to overflow
- ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
- driver: platform: Add helper for safer setting of driver_override
- rpmsg: Constify local variable in field store macro
- rpmsg: Fix kfree() of static memory on setting driver_override
- rpmsg: Fix calling device_lock() on non-initialized device
- rpmsg: glink: Release driver_override
- rpmsg: Fix possible refcount leak in rpmsg_register_device_override()
- x86: Fix .brk attribute in linker script
- Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table
- irqchip/stm32-exti: add missing DT IRQ flag translation
- dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe
- Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport
- fbdev: atyfb: only use ioremap_uc() on i386 and ia64
- spi: npcm-fiu: Fix UMA reads when dummy.nbytes == 0
- netfilter: nfnetlink_log: silence bogus compiler warning
- ASoC: rt5650: fix the wrong result of key button
- fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit()
- scsi: mpt3sas: Fix in error path
- platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
- platform/mellanox: mlxbf-tmfifo: Fix a warning message
- net: chelsio: cxgb4: add an error code check in t4_load_phy_fw
- ata: ahci: fix enum constants for gcc-13
- remove the sx8 block driver
- [Config] remove CONFIG_BLK_DEV_SX8
- Revert "ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver"
- PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device
- usb: storage: set 1.50 as the lower bcdDevice for older "Super Top"
compatibility
- tty: 8250: Remove UC-257 and UC-431
- tty: 8250: Add support for additional Brainboxes UC cards
- tty: 8250: Add support for Brainboxes UP cards
- tty: 8250: Add support for Intashield IS-100
- Linux 5.4.260
* CVE-2023-51779
- Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
* CVE-2023-22995
- usb: dwc3: dwc3-qcom: Add missing platform_device_put() in
dwc3_qcom_acpi_register_core
Date: 2024-02-02 13:51:11.989695+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux/5.4.0-173.191
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list