[ubuntu/focal-security] linux 5.4.0-173.191 (Accepted)

Andy Whitcroft apw at canonical.com
Wed Mar 6 16:28:44 UTC 2024


linux (5.4.0-173.191) focal; urgency=medium

  * focal/linux: 5.4.0-173.191 -proposed tracker (LP: #2052135)

  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2024.02.05)

  * CVE-2023-0340
    - vhost: use kzalloc() instead of kmalloc() followed by memset()

  * CVE-2023-6915
    - ida: Fix crash in ida_free when the bitmap is empty

  * Focal update: v5.4.265 upstream stable release (LP: #2051644)
    - afs: Fix refcount underflow from error handling race
    - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX
    - qca_debug: Prevent crash on TX ring changes
    - qca_debug: Fix ethtool -G iface tx behavior
    - qca_spi: Fix reset behavior
    - atm: solos-pci: Fix potential deadlock on &cli_queue_lock
    - atm: solos-pci: Fix potential deadlock on &tx_queue_lock
    - atm: Fix Use-After-Free in do_vcc_ioctl
    - qed: Fix a potential use-after-free in qed_cxt_tables_alloc
    - net: Remove acked SYN flag from packet in the transmit queue correctly
    - sign-file: Fix incorrect return values check
    - vsock/virtio: Fix unsigned integer wrap around in
      virtio_transport_has_space()
    - net: stmmac: use dev_err_probe() for reporting mdio bus registration failure
    - net: stmmac: Handle disabled MDIO busses from devicetree
    - cred: switch to using atomic_long_t
    - ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants
    - usb: aqc111: check packet for fixup for true limit
    - blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock
      required!"
    - bcache: avoid oversize memory allocation by small stripe_size
    - bcache: add code comments for bch_btree_node_get() and
      __bch_btree_node_alloc()
    - bcache: avoid NULL checking to c->root in run_cache_set()
    - platform/x86: intel_telemetry: Fix kernel doc descriptions
    - HID: add ALWAYS_POLL quirk for Apple kb
    - HID: hid-asus: reset the backlight brightness level on resume
    - HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad
    - asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation
    - net: usb: qmi_wwan: claim interface 4 for ZTE MF290
    - HID: hid-asus: add const to read-only outgoing usb buffer
    - soundwire: stream: fix NULL pointer dereference for multi_link
    - ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS
    - arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify
    - team: Fix use-after-free when an option instance allocation fails
    - ring-buffer: Fix memory leak of free page
    - mmc: block: Be sure to wait while busy in CQE error recovery
    - powerpc/ftrace: Create a dummy stackframe to fix stack unwind
    - powerpc/ftrace: Fix stack teardown in ftrace_no_trace
    - Linux 5.4.265

  * Focal update: v5.4.264 upstream stable release (LP: #2049935)
    - hrtimers: Push pending hrtimers away from outgoing CPU earlier
    - netfilter: ipset: fix race condition between swap/destroy and kernel side
      add/del/test
    - tg3: Move the [rt]x_dropped counters to tg3_napi
    - tg3: Increment tx_dropped in tg3_tso_bug()
    - kconfig: fix memory leak from range properties
    - drm/amdgpu: correct chunk_ptr to a pointer to chunk.
    - of: base: Add of_get_cpu_state_node() to get idle states for a CPU node
    - ACPI/IORT: Make iort_get_device_domain IRQ domain agnostic
    - ACPI/IORT: Make iort_msi_map_rid() PCI agnostic
    - of/iommu: Make of_map_rid() PCI agnostic
    - of/irq: make of_msi_map_get_device_domain() bus agnostic
    - of/irq: Make of_msi_map_rid() PCI bus agnostic
    - of: base: Fix some formatting issues and provide missing descriptions
    - of: Fix kerneldoc output formatting
    - of: Add missing 'Return' section in kerneldoc comments
    - of: dynamic: Fix of_reconfig_get_state_change() return value documentation
    - ipv6: fix potential NULL deref in fib6_add()
    - hv_netvsc: rndis_filter needs to select NLS
    - net: arcnet: Fix RESET flag handling
    - net: arcnet: com20020 fix error handling
    - arcnet: restoring support for multiple Sohard Arcnet cards
    - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit()
    - net: hns: fix fake link up on xge port
    - netfilter: xt_owner: Fix for unsafe access of sk->sk_socket
    - tcp: do not accept ACK of bytes we never sent
    - bpf: sockmap, updating the sg structure should also update curr
    - RDMA/bnxt_re: Correct module description string
    - hwmon: (acpi_power_meter) Fix 4.29 MW bug
    - ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate
    - tracing: Fix a warning when allocating buffered events fails
    - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle()
    - ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init
    - ARM: dts: imx: make gpt node name generic
    - ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt
    - ALSA: pcm: fix out-of-bounds in snd_pcm_state_names
    - nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage()
    - tracing: Always update snapshot buffer size
    - tracing: Fix incomplete locking when disabling buffered events
    - tracing: Fix a possible race when disabling buffered events
    - packet: Move reference count in packet_sock to atomic_long_t
    - arm64: dts: mediatek: mt7622: fix memory node warning check
    - arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names
    - gpiolib: sysfs: Fix error handling on failed export
    - mmc: core: add helpers mmc_regulator_enable/disable_vqmmc
    - mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled
    - usb: gadget: f_hid: fix report descriptor allocation
    - parport: Add support for Brainboxes IX/UC/PX parallel cards
    - usb: typec: class: fix typec_altmode_put_partner to put plugs
    - ARM: PL011: Fix DMA support
    - serial: sc16is7xx: address RX timeout interrupt errata
    - serial: 8250_omap: Add earlycon support for the AM654 UART controller
    - x86/CPU/AMD: Check vendor in the AMD microcode callback
    - KVM: s390/mm: Properly reset no-dat
    - nilfs2: fix missing error check for sb_set_blocksize call
    - io_uring/af_unix: disable sending io_uring over sockets
    - netlink: don't call ->netlink_bind with table lock held
    - genetlink: add CAP_NET_ADMIN test for multicast bind
    - psample: Require 'CAP_NET_ADMIN' when joining "packets" group
    - drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group
    - tools headers UAPI: Sync linux/perf_event.h with the kernel sources
    - cifs: Fix non-availability of dedup breaking generic/304
    - smb: client: fix potential NULL deref in parse_dfs_referrals()
    - devcoredump : Serialize devcd_del work
    - devcoredump: Send uevent once devcd is ready
    - Linux 5.4.264

  * CVE-2024-0646
    - net: tls, update curr on splice as well

  * CVE-2024-0565
    - smb: client: fix OOB in receive_encrypted_standard()

  * CVE-2023-51781
    - appletalk: Fix Use-After-Free in atalk_ioctl

  * CVE-2023-51782
    - net/rose: Fix Use-After-Free in rose_ioctl

  * Focal update: v5.4.263 upstream stable release (LP: #2049084)
    - driver core: Release all resources during unbind before updating device
      links
    - RDMA/irdma: Prevent zero-length STAG registration
    - PCI: keystone: Drop __init from ks_pcie_add_pcie_{ep,port}()
    - afs: Make error on cell lookup failure consistent with OpenAFS
    - drm/panel: simple: Fix Innolux G101ICE-L01 bus flags
    - drm/panel: simple: Fix Innolux G101ICE-L01 timings
    - ata: pata_isapnp: Add missing error check for devm_ioport_map()
    - drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full
    - HID: core: store the unique system identifier in hid_device
    - HID: fix HID device resource race between HID core and debugging support
    - ipv4: Correct/silence an endian warning in __ip_do_redirect
    - net: usb: ax88179_178a: fix failed operations during ax88179_reset
    - arm/xen: fix xen_vcpu_info allocation alignment
    - amd-xgbe: handle corner-case during sfp hotplug
    - amd-xgbe: handle the corner-case during tx completion
    - amd-xgbe: propagate the correct speed and duplex status
    - net: axienet: Fix check for partial TX checksum
    - afs: Return ENOENT if no cell DNS record can be found
    - afs: Fix file locking on R/O volumes to operate in local mode
    - nvmet: remove unnecessary ctrl parameter
    - nvmet: nul-terminate the NQNs passed in the connect command
    - MIPS: KVM: Fix a build warning about variable set but not used
    - ext4: add a new helper to check if es must be kept
    - ext4: factor out __es_alloc_extent() and __es_free_extent()
    - ext4: use pre-allocated es in __es_insert_extent()
    - ext4: use pre-allocated es in __es_remove_extent()
    - ext4: using nofail preallocation in ext4_es_remove_extent()
    - ext4: using nofail preallocation in ext4_es_insert_delayed_block()
    - ext4: using nofail preallocation in ext4_es_insert_extent()
    - ext4: fix slab-use-after-free in ext4_es_insert_extent()
    - ext4: make sure allocate pending entry not fail
    - arm64: cpufeature: Extract capped perfmon fields
    - KVM: arm64: limit PMU version to PMUv3 for ARMv8.1
    - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA
    - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in
      btree_gc_coalesce()
    - s390/dasd: protect device queue against concurrent access
    - USB: serial: option: add Luat Air72*U series products
    - hv_netvsc: Fix race of register_netdevice_notifier and VF register
    - hv_netvsc: Mark VF as slave before exposing it to user-mode
    - dm-delay: fix a race between delay_presuspend and delay_bio
    - bcache: check return value from btree_node_alloc_replacement()
    - bcache: prevent potential division by zero error
    - USB: serial: option: add Fibocom L7xx modules
    - USB: serial: option: fix FM101R-GL defines
    - USB: serial: option: don't claim interface 4 for ZTE MF290
    - USB: dwc2: write HCINT with INTMASK applied
    - usb: dwc3: set the dma max_seg_size
    - USB: dwc3: qcom: fix resource leaks on probe deferral
    - USB: dwc3: qcom: fix wakeup after probe deferral
    - io_uring: fix off-by one bvec index
    - pinctrl: avoid reload of p state in list iteration
    - firewire: core: fix possible memory leak in create_units()
    - mmc: block: Do not lose cache flush during CQE error recovery
    - ALSA: hda: Disable power-save on KONTRON SinglePC
    - ALSA: hda/realtek: Headset Mic VREF to 100%
    - ALSA: hda/realtek: Add supported ALC257 for ChromeOS
    - dm-verity: align struct dm_verity_fec_io properly
    - dm verity: don't perform FEC for failed readahead IO
    - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR
    - powerpc: Don't clobber f0/vs0 during fp|altivec register save
    - btrfs: fix off-by-one when checking chunk map includes logical address
    - btrfs: send: ensure send_fd is writable
    - btrfs: make error messages more clear when getting a chunk map
    - Input: xpad - add HyperX Clutch Gladiate Support
    - net: stmmac: xgmac: Disable FPE MMC interrupts
    - ravb: Fix races between ravb_tx_timeout_work() and net related ops
    - net: ravb: Use pm_runtime_resume_and_get()
    - net: ravb: Start TX queues after HW initialization succeeded
    - smb3: fix touch -h of symlink
    - s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family
    - s390/cmma: fix detection of DAT pages
    - mtd: cfi_cmdset_0001: Support the absence of protection registers
    - mtd: cfi_cmdset_0001: Byte swap OTP info
    - fbdev: stifb: Make the STI next font pointer a 32-bit signed offset
    - ima: annotate iint mutex to avoid lockdep false positive warnings
    - ovl: skip overlayfs superblocks at global sync
    - ima: detect changes to the backing overlay file
    - scsi: qla2xxx: Simplify the code for aborting SCSI commands
    - scsi: core: Introduce the scsi_cmd_to_rq() function
    - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
    - scsi: qla2xxx: Fix system crash due to bad pointer access
    - cpufreq: imx6q: don't warn for disabling a non-existing frequency
    - cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily
    - mmc: cqhci: Increase recovery halt timeout
    - mmc: cqhci: Warn of halt or task clear failure
    - mmc: cqhci: Fix task clearing in CQE error recovery
    - mmc: core: convert comma to semicolon
    - mmc: block: Retry commands in CQE error recovery
    - Linux 5.4.263

  * Focal update: v5.4.262 upstream stable release (LP: #2049069)
    - locking/ww_mutex/test: Fix potential workqueue corruption
    - perf/core: Bail out early if the request AUX area is out of bound
    - clocksource/drivers/timer-imx-gpt: Fix potential memory leak
    - clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
    - x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
    - wifi: mac80211_hwsim: fix clang-specific fortify warning
    - wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
    - wifi: ath9k: fix clang-specific fortify warnings
    - wifi: ath10k: fix clang-specific fortify warning
    - net: annotate data-races around sk->sk_tx_queue_mapping
    - net: annotate data-races around sk->sk_dst_pending_confirm
    - wifi: ath10k: Don't touch the CE interrupt registers after power up
    - Bluetooth: Fix double free in hci_conn_cleanup
    - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
    - drm/komeda: drop all currently held locks if deadlock happens
    - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
    - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
    - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
    - selftests/efivarfs: create-read: fix a resource leak
    - crypto: pcrypt - Fix hungtask for PADATA_RESET
    - RDMA/hfi1: Use FIELD_GET() to extract Link Width
    - fs/jfs: Add check for negative db_l2nbperpage
    - fs/jfs: Add validity check for db_maxag and db_agpref
    - jfs: fix array-index-out-of-bounds in dbFindLeaf
    - jfs: fix array-index-out-of-bounds in diAlloc
    - ARM: 9320/1: fix stack depot IRQ stack filter
    - ALSA: hda: Fix possible null-ptr-deref when assigning a stream
    - PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields
    - atm: iphase: Do PCI error checks on own line
    - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
    - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W
    - tty: vcc: Add check for kstrdup() in vcc_probe()
    - usb: gadget: f_ncm: Always set current gadget in ncm_bind()
    - i2c: sun6i-p2wi: Prevent potential division by zero
    - media: gspca: cpia1: shift-out-of-bounds in set_flicker
    - media: vivid: avoid integer overflow
    - gfs2: ignore negated quota changes
    - media: cobalt: Use FIELD_GET() to extract Link Width
    - drm/amd/display: Avoid NULL dereference of timing generator
    - kgdb: Flush console before entering kgdb on panic
    - ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings
    - pwm: Fix double shift bug
    - wifi: iwlwifi: Use FW rate for non-data frames
    - NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO
    - ipvlan: add ipvlan_route_v6_outbound() helper
    - tty: Fix uninit-value access in ppp_sync_receive()
    - net: hns3: fix variable may not initialized problem in hns3_init_mac_addr()
    - tipc: Fix kernel-infoleak due to uninitialized TLV value
    - ppp: limit MRU to 64K
    - xen/events: fix delayed eoi list handling
    - ptp: annotate data-race around q->head and q->tail
    - bonding: stop the device in bond_setup_by_slave()
    - net: ethernet: cortina: Fix max RX frame define
    - net: ethernet: cortina: Handle large frames
    - net: ethernet: cortina: Fix MTU max setting
    - netfilter: nf_conntrack_bridge: initialize err to 0
    - net: stmmac: Rework stmmac_rx()
    - net: stmmac: fix rx budget limit check
    - net/mlx5_core: Clean driver version and name
    - net/mlx5e: Check return value of snprintf writing to fw_version buffer for
      representors
    - macvlan: Don't propagate promisc change to lower dev in passthru
    - tools/power/turbostat: Fix a knl bug
    - cifs: spnego: add ';' in HOST_KEY_LEN
    - media: venus: hfi: add checks to perform sanity on queue pointers
    - randstruct: Fix gcc-plugin performance mode to stay in group
    - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END
    - scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for
      selected registers
    - x86/cpu/hygon: Fix the CPU topology evaluation for real
    - KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space
    - KVM: x86: Ignore MSR_AMD64_TW_CFG access
    - audit: don't take task_lock() in audit_exe_compare() code path
    - audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()
    - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver
    - PCI/sysfs: Protect driver's D3cold preference from user space
    - ACPI: resource: Do IRQ override on TongFang GMxXGxx
    - mmc: meson-gx: Remove setting of CMD_CFG_ERROR
    - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware
    - PCI: keystone: Don't discard .remove() callback
    - PCI: keystone: Don't discard .probe() callback
    - parisc/pdc: Add width field to struct pdc_model
    - clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks
    - mmc: vub300: fix an error code
    - PM: hibernate: Use __get_safe_page() rather than touching the list
    - PM: hibernate: Clean up sync_read handling in snapshot_write_next()
    - btrfs: don't arbitrarily slow down delalloc if we're committing
    - jbd2: fix potential data lost in recovering journal raced with synchronizing
      fs bdev
    - quota: explicitly forbid quota files from being encrypted
    - kernel/reboot: emergency_restart: Set correct system_state
    - i2c: core: Run atomic i2c xfer when !preemptible
    - mcb: fix error handling for different scenarios when parsing
    - dmaengine: stm32-mdma: correct desc prep when channel running
    - mm/cma: use nth_page() in place of direct struct page manipulation
    - i3c: master: cdns: Fix reading status register
    - parisc: Prevent booting 64-bit kernels on PA1.x machines
    - parisc/pgtable: Do not drop upper 5 address bits of physical address
    - ALSA: info: Fix potential deadlock at disconnection
    - ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC
    - serial: meson: remove redundant initialization of variable id
    - tty: serial: meson: retrieve port FIFO size from DT
    - serial: meson: Use platform_get_irq() to get the interrupt
    - tty: serial: meson: fix hard LOCKUP on crtscts mode
    - Bluetooth: btusb: add Realtek 8822CE to usb_device_id table
    - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559
    - bluetooth: Add device 0bda:887b to device tables
    - bluetooth: Add device 13d3:3571 to device tables
    - Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables
    - Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE
    - Revert ncsi: Propagate carrier gain/loss events to the NCSI controller
    - net: dsa: lan9303: consequently nested-lock physical MDIO
    - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
    - media: lirc: drop trailing space from scancode transmit
    - media: sharp: fix sharp encoding
    - media: venus: hfi_parser: Add check to keep the number of codecs within
      range
    - media: venus: hfi: fix the check to handle session buffer requirement
    - media: venus: hfi: add checks to handle capabilities from firmware
    - nfsd: fix file memleak on client_opens_release
    - ext4: apply umask if ACL support is disabled
    - ext4: correct offset of gdb backup in non meta_bg group to update_backups
    - ext4: correct return value of ext4_convert_meta_bg
    - ext4: correct the start block of counting reserved clusters
    - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
    - drm/amdgpu: fix error handling in amdgpu_bo_list_get()
    - tracing: Have trace_event_file have ref counters
    - netfilter: nf_tables: pass context to nft_set_destroy()
    - netfilter: nftables: rename set element data activation/deactivation
      functions
    - netfilter: nf_tables: drop map element references from preparation phase
    - netfilter: nft_set_rbtree: Switch to node list walk for overlap detection
    - netfilter: nft_set_rbtree: fix null deref on element insertion
    - netfilter: nft_set_rbtree: fix overlap expiration walk
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: remove busy mark and gc batch API
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
    - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention
    - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration
    - netfilter: nf_tables: fix memleak when more than 255 elements expired
    - netfilter: nf_tables: unregister flowtable hooks on netns exit
    - netfilter: nf_tables: double hook unregistration in netns path
    - netfilter: nftables: update table flags from the commit phase
    - netfilter: nf_tables: fix table flag updates
    - netfilter: nf_tables: disable toggling dormant table state more than once
    - netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for
      5.4)
    - Linux 5.4.262

  * Focal update: v5.4.261 upstream stable release (LP: #2049049)
    - vfs: fix readahead(2) on block devices
    - genirq/matrix: Exclude managed interrupts in irq_matrix_allocated()
    - i40e: fix potential memory leaks in i40e_remove()
    - tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed
    - wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
    - wifi: mt76: mt7603: rework/fix rx pse hang check
    - tcp_metrics: add missing barriers on delete
    - tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics()
    - tcp_metrics: do not create an entry from tcp_init_metrics()
    - wifi: rtlwifi: fix EDCA limit set by BT coexistence
    - can: dev: can_restart(): don't crash kernel if carrier is OK
    - can: dev: can_restart(): fix race condition between controller restart and
      netif_carrier_on()
    - thermal: core: prevent potential string overflow
    - r8169: use tp_to_dev instead of open code
    - r8169: fix rare issue with broken rx after link-down on RTL8125
    - chtls: fix tp->rcv_tstamp initialization
    - tcp: Remove one extra ktime_get_ns() from cookie_init_timestamp
    - tcp: fix cookie_init_timestamp() overflows
    - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias()
    - ipv6: avoid atomic fragment on GSO packets
    - net: add DEV_STATS_READ() helper
    - ipvlan: properly track tx_errors
    - regmap: debugfs: Fix a erroneous check after snprintf()
    - clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
    - clk: qcom: gcc-sm8150: use ARRAY_SIZE instead of specifying num_parents
    - clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src
    - clk: imx: Select MXC_CLK for CLK_IMX8QXP
    - clk: keystone: pll: fix a couple NULL vs IS_ERR() checks
    - clk: npcm7xx: Fix incorrect kfree
    - clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data
    - clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
    - clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data
    - clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data
    - clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
    - platform/x86: wmi: Fix probe failure when failing to register WMI devices
    - platform/x86: wmi: remove unnecessary initializations
    - platform/x86: wmi: Fix opening of char device
    - hwmon: (coretemp) Fix potentially truncated sysfs attribute name
    - drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs
    - drm/rockchip: vop: Fix call to crtc reset helper
    - drm/radeon: possible buffer overflow
    - drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe()
    - arm64: dts: qcom: sdm845-mtp: fix WiFi configuration
    - ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator
    - soc: qcom: llcc cleanup to get rid of sdm845 specific driver file
    - [Config] remove CONFIG_QCOM_SDM845_LLCC
    - soc: qcom: Rename llcc-slice to llcc-qcom
    - [Config] remove llcc-slice module
    - soc: qcom: llcc: Handle a second device without data corruption
    - firmware: ti_sci: Replace HTTP links with HTTPS ones
    - firmware: ti_sci: Mark driver as non removable
    - clk: scmi: Free scmi_clk allocated when the clocks with invalid info are
      skipped
    - hwrng: geode - fix accessing registers
    - libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return
      value
    - sched/rt: Provide migrate_disable/enable() inlines
    - nd_btt: Make BTT lanes preemptible
    - crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure
    - crypto: caam/jr - fix Chacha20 + Poly1305 self test failure
    - HID: cp2112: Use irqchip template
    - hid: cp2112: Fix duplicate workqueue initialization
    - ARM: 9321/1: memset: cast the constant byte to unsigned char
    - ext4: move 'ix' sanity check to corrent position
    - scsi: ufs: core: Leave space for '\0' in utf8 desc string
    - RDMA/hfi1: Workaround truncation compilation error
    - sh: bios: Revive earlyprintk support
    - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails
    - ASoC: ams-delta.c: use component after check
    - mfd: dln2: Fix double put in dln2_probe
    - leds: pwm: simplify if condition
    - leds: pwm: convert to atomic PWM API
    - leds: pwm: Don't disable the PWM when the LED should be off
    - ledtrig-cpu: Limit to 8 CPUs
    - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
    - tty: tty_jobctrl: fix pid memleak in disassociate_ctty()
    - usb: dwc2: fix possible NULL pointer dereference caused by driver
      concurrency
    - dmaengine: ti: edma: handle irq_of_parse_and_map() errors
    - misc: st_core: Do not call kfree_skb() under spin_lock_irqsave()
    - tools: iio: privatize globals and functions in iio_generic_buffer.c file
    - tools: iio: iio_generic_buffer: Fix some integer type and calculation
    - tools: iio: iio_generic_buffer ensure alignment
    - USB: usbip: fix stub_dev hub disconnect
    - dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc()
    - f2fs: fix to initialize map.m_pblk in f2fs_precache_extents()
    - modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host
    - powerpc/xive: Fix endian conversion size
    - powerpc/imc-pmu: Use the correct spinlock initializer.
    - powerpc/pseries: fix potential memory leak in init_cpu_associativity()
    - i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs
    - rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call
    - pcmcia: cs: fix possible hung task and memory leak pccardd()
    - pcmcia: ds: fix refcount leak in pcmcia_device_add()
    - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
    - media: bttv: fix use after free error due to btv->timeout timer
    - media: s3c-camif: Avoid inappropriate kfree()
    - media: dvb-usb-v2: af9035: fix missing unlock
    - regmap: prevent noinc writes from clobbering cache
    - pwm: sti: Avoid conditional gotos
    - pwm: sti: Reduce number of allocations and drop usage of chip_data
    - pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume
    - Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
    - llc: verify mac len before reading mac header
    - tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
    - inet: shrink struct flowi_common
    - dccp: Call security_inet_conn_request() after setting IPv4 addresses.
    - dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses.
    - Fix termination state for idr_for_each_entry_ul()
    - net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs
    - net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT
    - tg3: power down device only on SYSTEM_POWER_OFF
    - r8169: respect userspace disabling IFF_MULTICAST
    - netfilter: xt_recent: fix (increase) ipv6 literal buffer length
    - netfilter: nft_redir: use `struct nf_nat_range2` throughout and deduplicate
      eval call-backs
    - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses
    - drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE
    - spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies
    - fbdev: imsttfb: Fix error path of imsttfb_probe()
    - fbdev: imsttfb: fix a resource leak in probe
    - fbdev: fsl-diu-fb: mark wr_reg_wa() static
    - Revert "mmc: core: Capture correct oemid-bits for eMMC cards"
    - btrfs: use u64 for buffer sizes in the tree search ioctls
    - Linux 5.4.261

  * Focal update: v5.4.260 upstream stable release (LP: #2049024)
    - mtd: rawnand: marvell: Ensure program page operations are successful
    - selftests/ftrace: Add new test case which checks non unique symbol
    - mcb: Return actual parsed size when reading chameleon table
    - mcb-lpc: Reallocate memory region to avoid memory overlapping
    - virtio_balloon: Fix endless deflation and inflation on arm64
    - virtio-mmio: fix memory leak of vm_dev
    - r8169: fix the KCSAN reported data-race in rtl_tx while reading
      TxDescArray[entry].opts1
    - r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1
    - treewide: Spelling fix in comment
    - igb: Fix potential memory leak in igb_add_ethtool_nfc_entry
    - neighbour: fix various data-races
    - igc: Fix ambiguity in the ethtool advertising
    - net: ieee802154: adf7242: Fix some potential buffer overflow in
      adf7242_stats_show()
    - r8152: Increase USB control msg timeout to 5000ms as per spec
    - r8152: Run the unload routine if we have errors during probe
    - r8152: Cancel hw_phy_work if we have an error in probe
    - tcp: fix wrong RTO timeout when received SACK reneging
    - gtp: uapi: fix GTPA_MAX
    - gtp: fix fragmentation needed check with gso
    - iio: exynos-adc: request second interupt only when touchscreen mode is used
    - i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node()
    - i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node()
    - i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node()
    - i2c: stm32f7: Fix PEC handling in case of SMBUS transfers
    - i2c: aspeed: Fix i2c bus hang in slave read
    - nvmem: imx: correct nregs for i.MX6ULL
    - nvmem: imx: correct nregs for i.MX6SLL
    - nvmem: imx: correct nregs for i.MX6UL
    - perf/core: Fix potential NULL deref
    - clk: Sanitize possible_parent_show to Handle Return Value of
      of_clk_get_parent_name
    - i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR
    - x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility
    - drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper()
    - arm64: fix a concurrency issue in emulation_proc_handler()
    - smbdirect: missing rc checks while waiting for rdma events
    - f2fs: fix to do sanity check on inode type during garbage collection
    - nfsd: lock_rename() needs both directories to live on the same fs
    - x86/mm: Simplify RESERVE_BRK()
    - x86/mm: Fix RESERVE_BRK() for older binutils
    - ext4: add two helper functions extent_logical_end() and pa_logical_end()
    - ext4: avoid overlapping preallocations due to overflow
    - ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
    - driver: platform: Add helper for safer setting of driver_override
    - rpmsg: Constify local variable in field store macro
    - rpmsg: Fix kfree() of static memory on setting driver_override
    - rpmsg: Fix calling device_lock() on non-initialized device
    - rpmsg: glink: Release driver_override
    - rpmsg: Fix possible refcount leak in rpmsg_register_device_override()
    - x86: Fix .brk attribute in linker script
    - Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table
    - irqchip/stm32-exti: add missing DT IRQ flag translation
    - dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe
    - Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport
    - fbdev: atyfb: only use ioremap_uc() on i386 and ia64
    - spi: npcm-fiu: Fix UMA reads when dummy.nbytes == 0
    - netfilter: nfnetlink_log: silence bogus compiler warning
    - ASoC: rt5650: fix the wrong result of key button
    - fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit()
    - scsi: mpt3sas: Fix in error path
    - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
    - platform/mellanox: mlxbf-tmfifo: Fix a warning message
    - net: chelsio: cxgb4: add an error code check in t4_load_phy_fw
    - ata: ahci: fix enum constants for gcc-13
    - remove the sx8 block driver
    - [Config] remove CONFIG_BLK_DEV_SX8
    - Revert "ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver"
    - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device
    - usb: storage: set 1.50 as the lower bcdDevice for older "Super Top"
      compatibility
    - tty: 8250: Remove UC-257 and UC-431
    - tty: 8250: Add support for additional Brainboxes UC cards
    - tty: 8250: Add support for Brainboxes UP cards
    - tty: 8250: Add support for Intashield IS-100
    - Linux 5.4.260

  * CVE-2023-51779
    - Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg

  * CVE-2023-22995
    - usb: dwc3: dwc3-qcom: Add missing platform_device_put() in
      dwc3_qcom_acpi_register_core

Date: 2024-02-02 13:51:11.989695+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux/5.4.0-173.191
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list