[ubuntu/focal-updates] linux-iot 5.4.0-1048.51 (Accepted)
Andy Whitcroft
apw at canonical.com
Wed Apr 2 20:32:37 UTC 2025
linux-iot (5.4.0-1048.51) focal; urgency=medium
* focal/linux-iot: 5.4.0-1048.51 -proposed tracker (LP: #2101985)
[ Ubuntu: 5.4.0-211.231 ]
* focal/linux: 5.4.0-211.231 -proposed tracker (LP: #2101996)
* cve-2018-5803 kernel panic (LP: #2101091)
- SAUCE: sctp: sysctl: pass right argument to container_of
[ Ubuntu: 5.4.0-210.230 ]
* focal/linux: 5.4.0-210.230 -proposed tracker (LP: #2098353)
* Focal update: v5.4.290 upstream stable release (LP: #2098439)
- jbd2: flush filesystem device before updating tail sequence
- dm array: fix releasing a faulty array block twice in dm_array_cursor_end
- dm array: fix unreleased btree blocks on closing a faulty array cursor
- dm array: fix cursor index when skipping across block boundaries
- ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
- net: 802: LLC+SNAP OID:PID lookup on start of skb data
- tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
- tcp/dccp: allow a connection when sk_max_ack_backlog is zero
- net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
- tls: Fix tls_sw_sendmsg error handling
- dm thin: make get_first_thin use rcu-safe list first function
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
- sctp: sysctl: auth_enable: avoid using current->nsproxy
- drm/amd/display: Add check for granularity in dml ceil/floor helpers
- ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
- ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[]
- drm/amd/display: increase MAX_SURFACES to the value supported by hw
- USB: serial: option: add MeiG Smart SRM815
- USB: serial: option: add Neoway N723-EA support
- staging: iio: ad9834: Correct phase range check
- staging: iio: ad9832: Correct phase range check
- usb-storage: Add max sectors quirk for Nokia 208
- USB: serial: cp210x: add Phoenix Contact UPS Device
- usb: gadget: u_serial: Disable ep before setting port to null to fix the
crash caused by port being null
- USB: usblp: return error when setting unsupported protocol
- USB: core: Disable LPM only for non-suspended ports
- usb: fix reference leak in usb_new_device()
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
- iio: pressure: zpa2326: fix information leak in triggered buffer
- iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered
buffer
- iio: light: vcnl4035: fix information leak in triggered buffer
- iio: imu: kmx61: fix information leak in triggered buffer
- iio: adc: ti-ads8688: fix information leak in triggered buffer
- iio: gyro: fxas21002c: Fix missing data update in trigger handler
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
- iio: adc: at91: call input_free_device() on allocated iio_dev
- iio: inkern: call iio_device_put() only on mapped devices
- arm64: dts: rockchip: fix defines in pd_vio node for rk3399
- arm64: dts: rockchip: fix pd_tcpc0 and pd_tcpc1 node position on rk3399
- arm64: dts: rockchip: add #power-domain-cells to power domain nodes
- arm64: dts: rockchip: add hevc power domain clock to rk3328
- phy: core: fix code style in devm_of_phy_provider_unregister
- phy: core: Fix that API devm_of_phy_provider_unregister() fails to
unregister the phy provider
- ocfs2: correct return value of ocfs2_local_free_info()
- ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
- sctp: sysctl: rto_min/max: avoid using current->nsproxy
- net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
- net: net_namespace: Optimize the code
- net: add exit_batch_rtnl() method
- gtp: use exit_batch_rtnl() method
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
- gtp: Destroy device along with udp socket's netns dismantle.
- nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
- drm/v3d: Ensure job pointer is set to NULL after job completion
- i2c: mux: demux-pinctrl: check initial mux selection, too
- mac802154: check local interfaces before deleting sdata list
- hfs: Sanity check the root record
- kheaders: Ignore silly-rename files
- poll_wait: add mb() to fix theoretical race between waitqueue_active() and
.poll()
- nvmet: propagate npwg topology
- net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
- fs/proc: fix softlockup in __read_vmcore (part 2)
- irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
- hrtimers: Handle CPU state correctly on hotplug
- ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
- scsi: sg: Fix slab-use-after-free read in sg_release()
- net: fix data-races around sk->sk_forward_alloc
- ASoC: wm8994: Add depends on MFD core
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
- irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
- m68k: Update ->thread.esp0 before calling syscall_trace() in ret_from_signal
- m68k: Add missing mmap_read_lock() to sys_cacheflush()
- signal/m68k: Use force_sigsegv(SIGSEGV) in fpsp040_die
- net: xen-netback: hash.c: Use built-in RCU list checking
- net/xen-netback: prevent UAF in xenvif_flush_hash()
- vfio/platform: check the bounds of read/write syscalls
- ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path
- ext4: fix slab-use-after-free in ext4_split_extent_at()
- USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
- Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix
the crash caused by port being null"
- Input: atkbd - map F23 key to support default copilot shortcut
- Input: xpad - add unofficial Xbox 360 wireless receiver clone
- Input: xpad - add support for wooting two he (arm)
- drm/v3d: Assign job pointer to NULL before signaling the fence
- xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
- Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM
conditionals
- Linux 5.4.290
* CVE-2021-47219
- scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
* CVE-2024-49925
- fbdev: efifb: Register sysfs groups through driver core
* CVE-2024-56614
- xsk: fix OOB map writes when deleting elements
* net: stmmac: kernel continually prints wol unbalance irq warning
(LP: #2095376)
- net: stmmac: ethtool: Fixed calltrace caused by unbalanced disable_irq_wake
calls
* CVE-2024-44938
- jfs: Fix shift-out-of-bounds in dbDiscardAG
* CVE-2024-43900
- media: xc2028: avoid use-after-free in load_firmware_cb()
* Focal update: v5.4.289 upstream stable release (LP: #2095437)
- usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with
iommu enabled
- PCI/AER: Disable AER service on suspend
- ALSA: usb: Fix UBSAN warning in parse_audio_unit()
- PCI: Add ACS quirk for Broadcom BCM5760X NIC
- i2c: pnx: Fix timeout in wait functions
- drm/i915: Fix memory leak by correcting cache object name in error handler
- erofs: fix order >= MAX_ORDER warning due to crafted negative i_size
- erofs: fix incorrect symlink detection in fast symlink
- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll
- ionic: use ee->offset when returning sprom data
- net: hinic: Fix cleanup in create_rxqs/txqs()
- net: ethernet: bgmac-platform: fix an OF node reference leak
- netfilter: ipset: Fix for recursive locking warning
- mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk
- chelsio/chtls: prevent potential integer overflow on 32bit
- i2c: riic: Always round-up when calculating bus period
- efivarfs: Fix error on non-existent file
- USB: serial: option: add TCL IK512 MBIM & ECM
- USB: serial: option: add MeiG Smart SLM770A
- USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready
- USB: serial: option: add MediaTek T7XX compositions
- USB: serial: option: add Telit FE910C04 rmnet compositions
- sh: clk: Fix clk_enable() to return 0 on NULL clk
- zram: refuse to use zero sized block device as backing device
- btrfs: tree-checker: reject inline extent items with 0 ref count
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget
- of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one()
- nilfs2: prevent use of deleted inode
- udmabuf: also check for F_SEAL_FUTURE_WRITE
- of: Fix error path in of_parse_phandle_with_args_map()
- of: Fix refcount leakage for OF node returned by __of_get_dma_parent()
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
- bpf: Check negative offsets in __bpf_skb_min_len()
- nfsd: restore callback functionality for NFSv4.0
- mtd: diskonchip: Cast an operand to prevent potential overflow
- phy: core: Fix an OF node refcount leakage in _of_phy_get()
- phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup()
- phy: core: Fix that API devm_phy_put() fails to release the phy
- phy: core: Fix that API devm_phy_destroy() fails to destroy the phy
- dmaengine: mv_xor: fix child node refcount handling in early exit
- dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset
- mtd: rawnand: fix double free in atmel_pmecc_create_user()
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label
update
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040
- scsi: megaraid_sas: Fix for a potential deadlock
- regmap: Use correct format specifier for logging range errors
- platform/x86: asus-nb-wmi: Ignore unknown event 0xCF
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load
time
- virtio-blk: don't keep queue frozen during system suspend
- epoll: Add synchronous wakeup support for ep_poll_callback
- MIPS: Probe toolchain support of -msym32
- ipv6: use skb_expand_head in ip6_finish_output2
- ipv6: use skb_expand_head in ip6_xmit
- ipv6: fix possible UAF in ip6_finish_output2()
- bpf: fix recursive lock when verdict program return SK_PASS
- tracing: Constify string literal data member in struct trace_event_call
- btrfs: avoid monopolizing a core when activating a swap file
- ipv6: prevent possible UAF in ip6_xmit()
- selinux: ignore unknown extended permissions
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet
- IB/mlx5: Introduce and use mlx5_core_is_vf()
- net/mlx5: Make API mlx5_core_is_ecpf accept const pointer
- RDMA/mlx5: Enforce same type port association for multiport RoCE
- RDMA/bnxt_re: Add check for path mtu in modify_qp
- RDMA/bnxt_re: Fix reporting hw_ver in query_device
- RDMA/bnxt_re: Fix max_qp_wrs reported
- drm: bridge: adv7511: Enable SPDIF DAI
- drm/bridge: adv7511_audio: Update Audio InfoFrame properly
- netrom: check buffer length before accessing it
- netfilter: Replace zero-length array with flexible-array member
- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
- net: llc: reset skb->transport_header
- ALSA: usb-audio: US16x08: Initialize array before use
- af_packet: fix vlan_get_tci() vs MSG_PEEK
- af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK
- ila: serialize calls to nf_register_net_hooks()
- wifi: mac80211: wake the queues in case of failure in resume
- sound: usb: format: don't warn that raw DSD is unsupported
- bpf: fix potential error return
- net: usb: qmi_wwan: add Telit FE910C04 compositions
- irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base
- ARC: build: Try to guess GCC variant of cross compiler
- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host
- modpost: fix the missed iteration for the max bit in do_input()
- RDMA/uverbs: Prevent integer overflow issue
- pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking
- sky2: Add device ID 11ab:4373 for Marvell 88E8075
- net/sctp: Prevent autoclose integer overflow in sctp_association_init()
- drm: adv7511: Drop dsi single lane support
- mm: vmscan: account for free pages to prevent infinite Loop in
throttle_direct_reclaim()
- ftrace: use preempt_enable/disable notrace macros to avoid double fault
- Linux 5.4.289
* Focal update: v5.4.289 upstream stable release (LP: #2095437) //
CVE-2024-38588
- ftrace: Fix possible use-after-free issue in ftrace_location()
* Focal update: v5.4.288 upstream stable release (LP: #2095199)
- usb: host: max3421-hcd: Correctly abort a USB request.
- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys()
- usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature
- usb: ehci-hcd: fix call balance of clocks handling routines
- usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to
accessing null pointer
- xfs: don't drop errno values when we fail to ficlone the entire range
- bpf, sockmap: Fix update element with same
- batman-adv: Do not send uninitialized TT changes
- batman-adv: Remove uninitialized data in full table TT response
- batman-adv: Do not let TT changes list grows indefinitely
- tipc: fix NULL deref in cleanup_bearer()
- net: lapb: increase LAPB_HEADER_LEN
- ACPI: resource: Fix memory resource type union access
- qca_spi: Fix clock speed for multiple QCA7000
- qca_spi: Make driver probing reliable
- net/sched: netem: account for backlog updates from child qdisc
- ACPICA: events/evxfregn: don't release the ContextMutex that was never
acquired
- blk-iocost: clamp inuse and skip noops in __propagate_weights()
- blk-iocost: fix weight updates of inner active iocgs
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights()
- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status
- tracing/kprobes: Skip symbol counting logic for module symbols in
create_local_trace_kprobe()
- xen/netfront: fix crash when removing device
- ALSA: usb-audio: Fix a DMA to stack memory bug
- Linux 5.4.288
* Focal update: v5.4.287 upstream stable release (LP: #2095145)
- netlink: terminate outstanding dump on socket close
- net/mlx5: fs, lock FTE when checking if active
- net/mlx5e: kTLS, Fix incorrect page refcounting
- ocfs2: uncache inode which has failed entering the group
- KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind
CONFIG_BROKEN
- nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
- ocfs2: fix UBSAN warning in ocfs2_verify_volume()
- nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
- Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
- media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set
- kbuild: Use uname for LINUX_COMPILE_HOST detection
- mm: revert "mm: shmem: fix data-race in shmem_getattr()"
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet
- mac80211: fix user-power when emulating chanctx
- selftests/watchdog-test: Fix system accidentally reset after watchdog-test
- ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB
- net: usb: qmi_wwan: add Quectel RG650V
- soc: qcom: Add check devm_kasprintf() returned value
- regulator: rk808: Add apply_bit for BUCK3 on RK809
- ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate()
- ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div()
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
- ipmr: Fix access to mfc_cache_list without lock held
- cifs: Fix buffer overflow when parsing NFS reparse points
- NFSD: Force all NFSv4.2 COPY requests to be synchronous
- nvme: fix metadata handling in nvme-passthrough
- mips: asm: fix warning when disabling MIPS_FP_SUPPORT
- initramfs: avoid filename buffer overrun
- nvme-pci: fix freeing of the HMB descriptor table
- m68k: mvme147: Fix SCSI controller IRQ numbers
- m68k: mvme16x: Add and use "mvme16x.h"
- m68k: mvme147: Reinstate early console
- acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block()
- s390/syscalls: Avoid creation of arch/arch/ directory
- hfsplus: don't query the device logical block size multiple times
- firmware: google: Unregister driver_info on failure and exit in gsmi
- firmware: google: Unregister driver_info on failure
- EDAC/bluefield: Fix potential integer overflow
- EDAC/fsl_ddr: Fix bad bit shift operations
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return
-EBUSY
- crypto: cavium - Fix the if condition to exit loop after timeout
- crypto: bcm - add error check in the ahash_hmac_init function
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw()
- time: Fix references to _msecs_to_jiffies() handling of values
- soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq()
- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
- mmc: mmc_spi: drop buggy snprintf()
- efi/tpm: Pass correct address to memblock_reserve
- tpm: fix signed/unsigned bug when checking event logs
- ARM: dts: cubieboard4: Fix DCDC5 regulator constraints
- regmap: irq: Set lockdep class for hierarchical IRQ domains
- firmware: arm_scpi: Check the DVFS OPP count returned by the firmware
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
- drm/omap: Fix locking in omap_gem_new_dmabuf()
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq()
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
- drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq()
- dt-bindings: vendor-prefixes: Add NeoFidelity, Inc
- ASoC: fsl_micfil: Drop unnecessary register read
- ASoC: fsl_micfil: do not define SHIFT/MASK for single bits
- ASoC: fsl_micfil: use GENMASK to define register bit fields
- ASoC: fsl_micfil: fix regmap_write_bits usage
- bpf: Fix the xdp_adjust_tail sample prog issue
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_config_scan()
- drm/panfrost: Remove unused id_mask from struct panfrost_model
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
- drm/etnaviv: dump: fix sparse warnings
- drm/etnaviv: fix power register offset on GC300
- drm/etnaviv: hold GPU lock across perfmon sampling
- bpf, sockmap: Several fixes to bpf_msg_push_data
- bpf, sockmap: Several fixes to bpf_msg_pop_data
- bpf, sockmap: Fix sk_msg_reset_curr
- selftests: net: really check for bg process completion
- net: rfkill: gpio: Add check for clk_enable()
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
- ALSA: 6fire: Release resources at card release
- netpoll: Use rcu_access_pointer() in netpoll_poll_lock
- trace/trace_event_perf: remove duplicate samples on the first tracepoint
event
- powerpc/vdso: Flag VDSO64 entry points as functions
- mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race
- mfd: da9052-spi: Change read-mask to write-mask
- mfd: intel_soc_pmic_bxtwc: Use dev_err_probe()
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices
- cpufreq: loongson2: Unregister platform_driver on failure
- mtd: rawnand: atmel: Fix possible memory leak
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey
- mfd: rt5033: Fix missing regmap_del_irq_chip()
- scsi: bfa: Fix use-after-free in bfad_im_module_exit()
- scsi: fusion: Remove unused variable 'rc'
- scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()
- scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()
- ocfs2: fix uninitialized value in ocfs2_file_read_iter()
- powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static
- fbdev/sh7760fb: Alloc DMA memory from hardware device
- fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()
- dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format
- dt-bindings: clock: axi-clkgen: include AXI clk
- clk: axi-clkgen: use devm_platform_ioremap_resource() short-hand
- clk: clk-axi-clkgen: make sure to enable the AXI bus clock
- perf cs-etm: Don't flush when packet_queue fills up
- perf probe: Correct demangled symbols in C++ program
- PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads
- PCI: cpqphp: Fix PCIBIOS_* return value confusion
- m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x
- m68k: coldfire/device.c: only build FEC when HW macros are defined
- perf trace: Do not lose last events in a race
- perf trace: Avoid garbage when not printing a syscall's arguments
- rpmsg: glink: Add TX_DATA_CONT command while sending
- rpmsg: glink: Send READ_NOTIFY command in FIFO full case
- rpmsg: glink: Fix GLINK command prefix
- rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
- NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
- NFSD: Fix nfsd4_shutdown_copy()
- vfio/pci: Properly hide first-in-list PCIe extended capability
- power: supply: core: Remove might_sleep() from power_supply_put()
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
- tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL
configuration
- marvell: pxa168_eth: fix call balance of pep->clk handling routines
- net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
- ipmr: convert /proc handlers to rcu_read_lock()
- ipmr: fix tables suspicious RCU usage
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()
- usb: yurex: make waiting on yurex_write interruptible
- USB: chaoskey: fail open after removal
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock
- misc: apds990x: Fix missing pm_runtime_disable()
- staging: greybus: uart: clean up TIOCGSERIAL
- apparmor: fix 'Do simple duplicate message elimination'
- usb: ehci-spear: fix call balance of sehci clk handling routines
- cgroup: Make operations on the cgroup root_list RCU safe
- cgroup: Move rcu_head up near the top of cgroup_root
- soc: qcom: socinfo: fix revision check in qcom_socinfo_probe()
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox
devices
- ext4: supress data-race warnings in ext4_free_inodes_{count,set}()
- ext4: fix FS_IOC_GETFSMAP handling
- jfs: xattr: check invalid xattr size more strictly
- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata()
- PCI: Fix use-after-free of slot->bus on hot remove
- comedi: Flush partial mappings in error case
- tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler
- Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}()
- Revert "usb: gadget: composite: fix OS descriptors w_value logic"
- serial: sh-sci: Clean sci_ports[0] after at earlycon exit
- Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit"
- spi: Fix acpi deferred irq probe
- ubi: wl: Put source PEB into correct list if trying locking LEB failed
- um: ubd: Do not use drvdata in release
- um: net: Do not use drvdata in release
- serial: 8250: omap: Move pm_runtime_get_sync
- um: vector: Do not use drvdata in release
- sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
- media: wl128x: Fix atomicity violation in fmc_send_cmd()
- ALSA: hda/realtek: Update ALC225 depop procedure
- ALSA: hda/realtek: Set PCBeep to default value for ALC274
- ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max
- ALSA: hda/realtek: Apply quirk for Medion E15433
- usb: dwc3: gadget: Fix checking for number of TRBs left
- lib: string_helpers: silence snprintf() output truncation warning
- NFSD: Prevent a potential integer overflow
- SUNRPC: make sure cache entry active before cache_show
- rpmsg: glink: Propagate TX failures in intentless mode as well
- um: Fix potential integer overflow during physmem setup
- um: Fix the return value of elf_core_copy_task_fpregs
- um/sysrq: remove needless variable sp
- um: add show_stack_loglvl()
- um: Clean up stacktrace dump
- um: Always dump trace for specified task in show_stack
- NFSv4.0: Fix a use-after-free problem in the asynchronous open()
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq()
- rtc: abx80x: Fix WDT bit position of the status register
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
- ubifs: Correct the total block count by deducting journal reservation
- ubi: fastmap: Fix duplicate slab cache names while attaching
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
- jffs2: fix use of uninitialized variable
- block: return unsigned int from bdev_io_min
- 9p/xen: fix init sequence
- 9p/xen: fix release of IRQ
- rtc: ab-eoz9: don't fail temperature reads on undervoltage notification
- modpost: remove incorrect code in do_eisa_entry()
- SUNRPC: correct error code comment in xs_tcp_setup_socket()
- SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE
- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport
- sh: intc: Fix use-after-free bug in register_intc_controller()
- ASoC: fsl_micfil: fix the naming style for mask definition
- quota: flush quota_release_work upon quota writeback
- btrfs: ref-verify: fix use-after-free after invalid ref action
- media: i2c: tc358743: Fix crash in the probe error path when using polling
- media: ts2020: fix null-ptr-deref in ts2020_probe()
- media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled
- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate()
- media: platform: allegro-dvt: Fix possible memory leak in
allocate_buffers_internal()
- ovl: Filter invalid inodes with missing lookup function
- ftrace: Fix regression with module command in stack_trace_filter
- clk: qcom: gcc-qcs404: fix initial rate of GPLL3
- ad7780: fix division by zero in ad7780_write_raw()
- util_macros.h: fix/rework find_closest() macros
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()
- dm thin: Add missing destroy_work_on_stack()
- nfsd: make sure exp active before svc_export_show
- nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur
- drm/etnaviv: flush shader L1 cache after user commandstream
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
- watchdog: mediatek: Make sure system reset gets asserted in
mtk_wdt_restart()
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
- ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
- netfilter: x_tables: fix LED ID check in led_tg_check()
- net/sched: tbf: correct backlog statistic for GSO packets
- can: j1939: j1939_session_new(): fix skb reference counting
- net/ipv6: release expired exception dst cached in socket
- dccp: Fix memory leak in dccp_feat_change_recv
- tipc: add reference counter to bearer
- tipc: enable creating a "preliminary" node
- tipc: add new AEAD key structure for user API
- tipc: Fix use-after-free of kernel socket in cleanup_bearer().
- net/qed: allow old cards not supporting "num_images" to work
- igb: Fix potential invalid memory access in igb_init_module()
- netfilter: ipset: Hold module reference while requesting a module
- netfilter: nft_set_hash: skip duplicated elements pending gc run
- xen/xenbus: reference count registered modules
- xenbus/backend: Add memory pressure handler callback
- xenbus/backend: Protect xenbus callback with lock
- xen/xenbus: fix locking
- xen: Fix the issue of resource not being properly released in
xenbus_dev_probe()
- x86/asm: Reorder early variables
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit
- gpio: grgpio: use a helper variable to store the address of ofdev->dev
- gpio: grgpio: Add NULL check in grgpio_probe
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter
- tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
- spi: mpc52xx: Add cancel_work_sync before module remove
- ocfs2: free inode when ocfs2_get_init_inode() fails
- bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie
- bpf: Fix exact match conditions in trie_get_next_key()
- HID: wacom: fix when get product name maybe null pointer
- tracing: Fix cmp_entries_dup() to respect sort() comparison rules
- ocfs2: update seq_file index in ocfs2_dlm_seq_next
- scsi: qla2xxx: Fix NVMe and NPIV connect issue
- scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
- scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
- dma-buf: fix dma_fence_array_signaled v4
- regmap: detach regmap from dev on regmap_exit
- mmc: core: Further prevent card detect during shutdown
- s390/cpum_sf: Handle CPU hotplug remove during sampling
- media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
- media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
- drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
- drm/mcde: Enable module autoloading
- drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()
- samples/bpf: Fix a resource leak
- net: fec_mpc52xx_phy: Use %pa to format resource_size_t
- net: ethernet: fs_enet: Use %pa to format resource_size_t
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
- af_packet: avoid erroring out after sock_init_data() in packet_create()
- Bluetooth: L2CAP: do not leave dangling sk pointer on error in
l2cap_sock_create()
- net: af_can: do not leave a dangling sk pointer in can_create()
- net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
- net: inet: do not leave a dangling sk pointer in inet_create()
- net: inet6: do not leave a dangling sk pointer in inet6_create()
- wifi: ath5k: add PCI ID for SX76X
- wifi: ath5k: add PCI ID for Arcadyan devices
- jfs: array-index-out-of-bounds fix in dtReadFirst
- jfs: fix shift-out-of-bounds in dbSplit
- jfs: fix array-index-out-of-bounds in jfs_readdir
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
- drm/amdgpu: set the right AMDGPU sg segment limitation
- wifi: ipw2x00: libipw_rx_any(): fix bad alignment
- wifi: brcmfmac: Fix oops due to NULL pointer dereference in
brcmf_sdiod_sglist_rw()
- Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables
- ASoC: hdmi-codec: reorder channel allocation list
- rocker: fix link status detection in rocker_carrier_init()
- net/neighbor: clear error in case strict check is not set
- netpoll: Use rcu_access_pointer() in __netpoll_setup
- tracing: Use atomic64_inc_return() in trace_clock_counter()
- leds: class: Protect brightness_show() with led_cdev->led_access mutex
- scsi: st: Don't modify unknown block number in MTIOCGET
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
- pinctrl: qcom-pmic-gpio: add support for PM8937
- nvdimm: rectify the illogical code within nd_dax_probe()
- f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
- PCI: Add 'reset_subordinate' to reset hierarchy below bridge
- PCI: Add ACS quirk for Wangxun FF5xxx NICs
- i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to
avoid deadlock
- usb: chipidea: udc: handle USB Error Interrupt if IOC not set
- powerpc/prom_init: Fixup missing powermac #size-cells
- misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
- xdp: Simplify devmap cleanup
- bpf: fix OOB devmap writes when deleting elements
- Revert "unicode: Don't special case ignorable code points"
- perf/x86/intel/pt: Fix buffer full but size is 0 case
- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device
- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE
- jffs2: Prevent rtime decompress memory corruption
- jffs2: Fix rtime decompressor
- ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume"
- modpost: Add .irqentry.text to OTHER_SECTIONS
- Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()"
- PCI: rockchip-ep: Fix address translation unit programming
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources
- bpf, xdp: Update devmap comments to reflect napi/rcu usage
- Linux 5.4.287
* CVE-2024-23848
- media: cec: abort if the current transmit was canceled
- media: cec: core: avoid recursive cec_claim_log_addrs
- media: cec: core: avoid confusing "transmit timed out" message
linux-iot (5.4.0-1046.49) focal; urgency=medium
* focal/linux-iot: 5.4.0-1046.49 -proposed tracker (LP: #2093774)
* Add list of source files to linux-buildinfo (LP: #2086606)
- [Packaging] iot: Add dwarfdump dependency
[ Ubuntu: 5.4.0-208.228 ]
* CVE-2025-0927
- SAUCE: fs: hfs/hfsplus: add key_len boundary check to hfs_bnode_read_key
[ Ubuntu: 5.4.0-207.227 ]
* focal/linux: 5.4.0-207.227 -proposed tracker (LP: #2095347)
* Remove "ftrace: Fix possible use-after-free issue in ftrace_location()" bad
commit from focal (LP: #2095348)
- Revert "ftrace: Fix possible use-after-free issue in ftrace_location()"
[ Ubuntu: 5.4.0-206.226 ]
* focal/linux: 5.4.0-206.226 -proposed tracker (LP: #2093785)
* nouveau keeps showing `disp: ctrl 00000080` and crippling the system
(LP: #2078011)
- drm/nouveau/disp/gv100-: halt NV_PDISP_FE_RM_INTR_STAT_CTRL_DISP_ERROR
storms
- drm/nouveau/kms/gv100-: move window ownership setup into modesetting path
- drm/nouveau/kms/gv100-: avoid sending a core update until the first modeset
* CVE-2024-43863
- drm/vmwgfx: Fix a deadlock in dma buf fence polling
* CVE-2024-40911
- wifi: cfg80211: Lock wiphy in cfg80211_get_station
* CVE-2024-35896
- netfilter: validate user input for expected length
- netfilter: complete validation of user input
* CVE-2023-52458
- block: add check that partition length needs to be aligned with block size
* kernel:nft "Could not process rule: Device or resource busy" on unreferenced
chain (LP: #2089699)
- SAUCE: netfilter: nf_tables: Fix EBUSY on deleting unreferenced chain
* CVE-2024-35887
- lockdep: Add preemption enabled/disabled assertion APIs
- timers: Don't block on ->expiry_lock for TIMER_IRQSAFE timers
- Documentation: Remove bogus claim about del_timer_sync()
- ARM: spear: Do not use timer namespace for timer_shutdown() function
- clocksource/drivers/arm_arch_timer: Do not use timer namespace for
timer_shutdown() function
- clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown()
function
- timers: Get rid of del_singleshot_timer_sync()
- timers: Replace BUG_ON()s
- timers: Rename del_timer() to timer_delete()
- Documentation: Replace del_timer/del_timer_sync()
- timers: Silently ignore timers with a NULL function
- timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode
- timers: Add shutdown mechanism to the internal functions
- timers: Provide timer_shutdown[_sync]()
- timers: Update the documentation to reflect on the new timer_shutdown() API
- ax25: fix use-after-free bugs caused by ax25_ds_del_timer
* CVE-2024-40965
- clk: Add a devm variant of clk_rate_exclusive_get()
- clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get()
- i2c: lpi2c: Avoid calling clk_get_rate during transfer
* CVE-2024-40982
- ssb: Fix potential NULL pointer dereference in ssb_device_uevent()
* CVE-2024-41066
- ibmvnic: Add tx check to prevent skb leak
* CVE-2024-42252
- closures: Change BUG_ON() to WARN_ON()
* CVE-2024-46731
- drm/amd/pm: fix the Out-of-bounds read warning
* Focal update: v5.4.286 upstream stable release (LP: #2089558)
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-
excavator
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion
- ARM: dts: rockchip: fix rk3036 acodec node
- ARM: dts: rockchip: drop grf reference from rk3036 hdmi
- ARM: dts: rockchip: Fix the spi controller on rk3036
- ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin
- enetc: simplify the return expression of enetc_vf_set_mac_addr()
- net: enetc: set MAC address to the VF net_device
- can: c_can: fix {rx,tx}_errors statistics
- media: stb0899_algo: initialize cfr before using it
- media: dvb_frontend: don't play tricks with underflow values
- media: adv7604: prevent underflow condition when reporting colorspace
- ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init()
- pwm: imx-tpm: Use correct MODULO value for EPWM mode
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
- dm cache: correct the number of origin blocks to match the target length
- dm cache: optimize dirty bit checking with find_next_bit when resizing
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t
overflow
- mtd: rawnand: protect access to rawnand devices while in suspend
- spi: fix use-after-free of the add_lock mutex
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in
uvc_parse_format
- fs/proc: fix compile warning about variable 'vmcore_mmap_ops'
- USB: serial: qcserial: add support for Sierra Wireless EM86xx
- USB: serial: option: add Fibocom FG132 0x0112 composition
- USB: serial: option: add Quectel RG650V
- irqchip/gic-v3: Force propagation of the active state with a read-back
- ALSA: usb-audio: Support jack detection on Dell dock
- ALSA: usb-audio: Add quirks for Dell WD19 dock
- NFSD: Fix NFSv4's PUTPUBFH operation
- ALSA: usb-audio: Add endianness annotations
- 9p: Avoid creating multiple slab caches with the same name
- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
- bpf: use kvzmalloc to allocate BPF verifier environment
- sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML
- powerpc/powernv: Free name on error in opal_event_init()
- fs: Fix uninitialized value issue in from_kuid and from_kgid
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition
- md/raid10: improve code of mrdev in raid10_sync_request
- mm: clarify a confusing comment for remap_pfn_range()
- mm: fix ambiguous comments for better code readability
- mm/memory.c: make remap_pfn_range() reject unaligned addr
- mm: add remap_pfn_range_notrack
- 9p: fix slab cache name creation for real
- Linux 5.4.286
* Focal update: v5.4.286 upstream stable release (LP: #2089558) //
CVE-2024-47674
- mm: avoid leaving partial pfn mappings around in error case
* Focal update: v5.4.286 upstream stable release (LP: #2089558) //
CVE-2024-38588
- ftrace: Fix possible use-after-free issue in ftrace_location()
* Focal update: v5.4.286 upstream stable release (LP: #2089558) //
CVE-2024-50265
- ocfs2: remove entry once instead of null-ptr-dereference in
ocfs2_xa_remove()
* Focal update: v5.4.286 upstream stable release (LP: #2089558) //
CVE-2024-50267
- USB: serial: io_edgeport: fix use after free in debug printk
* Focal update: v5.4.286 upstream stable release (LP: #2089558) //
CVE-2024-50269
- usb: musb: sunxi: Fix accessing an released usb phy
* Focal update: v5.4.286 upstream stable release (LP: #2089558) //
CVE-2021-47469
- spi: Fix deadlock when adding SPI controllers on SPI buses
* Focal update: v5.4.286 upstream stable release (LP: #2089558) //
CVE-2024-50273
- btrfs: reinitialize delayed ref list after deleting it from the list
* Focal update: v5.4.286 upstream stable release (LP: #2089558) //
CVE-2024-53066
- nfs: Fix KMSAN warning in decode_getfattr_attrs()
* Focal update: v5.4.286 upstream stable release (LP: #2089558) //
CVE-2024-50278
- dm cache: fix potential out-of-bounds access on the first resume
* Focal update: v5.4.286 upstream stable release (LP: #2089558) //
CVE-2024-50279
- dm cache: fix out-of-bounds access to the dirty bitset when resizing
* Focal update: v5.4.286 upstream stable release (LP: #2089558) //
CVE-2024-50282
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()
* Focal update: v5.4.286 upstream stable release (LP: #2089558) //
CVE-2024-50287
- media: v4l2-tpg: prevent the risk of a division by zero
* Focal update: v5.4.286 upstream stable release (LP: #2089558) //
CVE-2024-50290
- media: cx24116: prevent overflows on SNR calculus
* Focal update: v5.4.286 upstream stable release (LP: #2089558) //
CVE-2024-53061
- media: s5p-jpeg: prevent buffer overflows
* Focal update: v5.4.286 upstream stable release (LP: #2089558) //
CVE-2024-53063
- media: dvbdev: prevent the risk of out of memory access
* Focal update: v5.4.286 upstream stable release (LP: #2089558) //
CVE-2024-50296
- net: hns3: fix kernel crash when uninstalling driver
* Focal update: v5.4.286 upstream stable release (LP: #2089558) //
CVE-2024-50299
- sctp: properly validate chunk size in sctp_sf_ootb()
* Focal update: v5.4.286 upstream stable release (LP: #2089558) //
CVE-2024-50301
- security/keys: fix slab-out-of-bounds in key_task_permission
* Focal update: v5.4.286 upstream stable release (LP: #2089558) //
CVE-2024-50302
- HID: core: zero-initialize the report buffer
* Add list of source files to linux-buildinfo (LP: #2086606)
- [Packaging] Sort build dependencies alphabetically
- [Packaging] Add list of used source files to buildinfo package
* Focal update: v5.4.285 upstream stable release (LP: #2089233)
- usbnet: ipheth: fix carrier detection in modes 1 and 4
- net: ethernet: use ip_hdrlen() instead of bit shift
- net: phy: vitesse: repair vsc73xx autonegotiation
- scripts: kconfig: merge_config: config files: add a trailing newline
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399
Puma
- ice: fix accounting for filters shared by multiple VSIs
- net/mlx5e: Add missing link modes to ptys2ethtool_map
- net: ftgmac100: Enable TX interrupt to avoid TX timeout
- soundwire: stream: Revert "soundwire: stream: fix programming slave ports
for non-continous port maps"
- selftests: breakpoints: Fix a typo of function name
- ASoC: allow module autoloading for table db1200_pids
- ALSA: hda/realtek - Fixed ALC256 headphone no sound
- ALSA: hda/realtek - FIxed ALC285 headphone no sound
- pinctrl: at91: make it work with current gpiolib
- microblaze: don't treat zero reserved memory regions as error
- net: ftgmac100: Ensure tx descriptor updates are visible
- wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room()
- ASoC: tda7419: fix module autoloading
- drm: komeda: Fix an issue related to normalized zpos
- spi: bcm63xx: Enable module autoloading
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency
- USB: serial: pl2303: add device id for Macrosilicon MS3020
- ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe()
- wifi: ath9k: fix parameter check in ath9k_init_debug()
- wifi: ath9k: Remove error checks when creating debugfs entries
- fs: explicitly unregister per-superblock BDIs
- mount: warn only once about timestamp range expiration
- fs/namespace: fnic: Switch to use %ptTd
- mount: handle OOM on mnt_warn_timestamp_expiry
- can: j1939: use correct function name in comment
- netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
- netfilter: nf_tables: reject element expiration with no timeout
- netfilter: nf_tables: reject expiration higher than timeout
- wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
- wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors
- mac80211: parse radiotap header when selecting Tx queue
- Bluetooth: btusb: Fix not handling ZPL/short-transfer
- net: tipc: avoid possible garbage value
- block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()
- block, bfq: don't break merge chain in bfq_split_bfqq()
- spi: ppc4xx: handle irq_of_parse_and_map() errors
- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ
- ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property
- ARM: versatile: fix OF node leak in CPUs prepare
- reset: berlin: fix OF node leak in probe() error path
- clocksource/drivers/qcom: Add missing iounmap() on errors in
msm_dt_timer_init()
- hwmon: (max16065) Fix overflows seen when writing limits
- mtd: slram: insert break after errors in parsing the map
- hwmon: (ntc_thermistor) fix module autoloading
- power: supply: axp20x_battery: allow disabling battery charging
- power: supply: axp20x_battery: Remove design from min and max voltage
- power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense
- fbdev: hpfb: Fix an error handling path in hpfb_dio_probe()
- mtd: powernv: Add check devm_kasprintf() returned value
- drm/stm: Fix an error handling path in stm_drm_platform_probe()
- drm/amdgpu: Replace one-element array with flexible-array member
- drm/amdgpu: properly handle vbios fake edid sizing
- drm/radeon: Replace one-element array with flexible-array member
- drm/radeon: properly handle vbios fake edid sizing
- drm/rockchip: vop: Allow 4096px width scaling
- drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
- drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets
- drm/msm: Fix incorrect file name output in adreno_request_fw()
- drm/msm/a5xx: disable preemption in submits by default
- drm/msm/a5xx: properly clear preemption records on resume
- drm/msm/a5xx: fix races in preemption evaluation stage
- ipmi: docs: don't advertise deprecated sysfs entries
- drm/msm: fix %s null argument error
- drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind()
- xen: use correct end address of kernel for conflict checking
- xen/swiotlb: add alignment check for dma buffers
- selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c
- selftests/bpf: Fix compiling flow_dissector.c with musl-libc
- selftests/bpf: Fix compiling tcp_rtt.c with musl-libc
- selftests/bpf: Fix error compiling test_lru_map.c
- xz: cleanup CRC32 edits from 2018
- kthread: add kthread_work tracepoints
- kthread: fix task state in kthread worker if being frozen
- ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard
- smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso
- ext4: avoid negative min_clusters in find_group_orlov()
- ext4: return error on ext4_find_inline_entry
- nilfs2: determine empty node blocks as corrupted
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit
- perf sched timehist: Fix missing free of session in perf_sched__timehist()
- perf sched timehist: Fixed timestamp error when unable to confirm event
sched_in time
- perf time-utils: Fix 32-bit nsec parsing
- clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228
- PCI: xilinx-nwl: Fix register misspelling
- pinctrl: single: fix missing error code in pcs_probe()
- clk: ti: dra7-atl: Fix leak of of_nodes
- pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function
- watchdog: imx_sc_wdt: Don't disable WDT in suspend
- RDMA/hns: Optimize hem allocation performance
- riscv: Fix fp alignment bug in perf_callchain_user()
- f2fs: enhance to update i_mode and acl atomically in f2fs_setattr()
- f2fs: fix typo
- f2fs: fix to update i_ctime in __f2fs_setxattr()
- f2fs: remove unneeded check condition in __f2fs_setxattr()
- f2fs: reduce expensive checkpoint trigger frequency
- iio: adc: ad7606: fix oversampling gpio array
- iio: adc: ad7606: fix standby gpio state to match the documentation
- coresight: tmc: sg: Do not leak sg_table
- net: qrtr: Update packets cloning when broadcasting
- netfilter: ctnetlink: compile ctnetlink_label_size with
CONFIG_NF_CONNTRACK_EVENTS
- Remove *.orig pattern from .gitignore
- soc: versatile: integrator: fix OF node leak in probe() error path
- drm/amd/display: Round calculated vtotal
- USB: appledisplay: close race between probe and completion handler
- USB: misc: cypress_cy7c63: check for short transfer
- USB: class: CDC-ACM: fix race between get_serial and set_serial
- tty: rp2: Fix reset with non forgiving PCIe host bridges
- drbd: Fix atomicity violation in drbd_uuid_set_bm()
- drbd: Add NULL check for net_conf to prevent dereference in state validation
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx
- wifi: rtw88: 8822c: Fix reported RX band width
- debugobjects: Fix conditions in fill_pool()
- f2fs: prevent possible int overflow in dir_block_index()
- f2fs: avoid potential int overflow in sanity_check_area_boundary()
- hwrng: mtk - Use devm_pm_runtime_enable
- fs: Fix file_set_fowner LSM hook inconsistencies
- nfs: fix memory leak in error path of nfs4_do_reclaim
- ASoC: meson: axg: extract sound card utils
- [Config] updateconfigs for SND_MESON_CARD_UTILS
- PCI: xilinx-nwl: Use irq_data_get_irq_chip_data()
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler
- soc: versatile: realview: fix memory leak during device remove
- soc: versatile: realview: fix soc_dev leak during device remove
- usb: yurex: Replace snprintf() with the safer scnprintf() variant
- USB: misc: yurex: fix race between read and write
- pps: remove usage of the deprecated ida_simple_xx() API
- pps: add an error check in parport_attach
- mm: only enforce minimum stack gap size if it's sensible
- i2c: aspeed: Update the stop sw state when the bus recovery occurs
- i2c: isch: Add missed 'else'
- usb: yurex: Fix inconsistent locking bug in yurex_read()
- mailbox: rockchip: fix a typo in module autoloading
- Minor fixes to the CAIF Transport drivers Kconfig file
- drivers: net: Fix Kconfig indentation, continued
- ieee802154: Fix build error
- net/mlx5: Added cond_resched() to crdump collection
- netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED
- net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq()
- Bluetooth: btmrvl_sdio: Refactor irq wakeup
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq()
- ipv4: ip_gre: Fix drops of small packets in ipgre_xmit
- ALSA: hda/realtek: Fix the push button function for the ALC257
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats()
- ice: Adjust over allocation of memory in ice_sched_add_root_node() and
ice_sched_add_node()
- net: hisilicon: hip04: fix OF node leak in probe()
- net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info()
- net: hisilicon: hns_mdio: fix OF node leak in probe()
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails
- net: sched: consistently use rcu_replace_pointer() in taprio_change()
- wifi: rtw88: select WANT_DEV_COREDUMP
- ACPI: EC: Do not release locks during operation region accesses
- net: mvpp2: Increase size of queue_name buffer
- ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR).
- ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process
- ACPICA: iasl: handle empty connection_node
- proc: add config & param to block forcing mem writes
- [Config] updateconfigs to select PROC_MEM_ALWAYS_FORCE
- nfp: Use IRQF_NO_AUTOEN flag in request_irq()
- signal: Replace BUG_ON()s
- ALSA: hdsp: Break infinite MIDI input flush loop
- x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments()
- power: reset: brcmstb: Do not go into infinite loop if reset fails
- ata: sata_sil: Rename sil_blacklist to sil_quirks
- jfs: UBSAN: shift-out-of-bounds in dbFindBits
- drm/printer: Allow NULL data in devcoredump printer
- scsi: aacraid: Rearrange order of struct aac_srb_unit
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode()
- of/irq: Refer to actual buffer size in of_irq_parse_one()
- ext4: ext4_search_dir should return a proper error
- spi: s3c64xx: fix timeout counters in flush_fifo
- selftests: breakpoints: use remaining time to check if suspend succeed
- selftests: vDSO: fix vDSO symbols lookup for powerpc64
- i2c: xiic: Wait for TX empty to avoid missed TX NAKs
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp()
- spi: bcm63xx: Fix module autoloading
- perf/core: Fix small negative period being ignored
- parisc: Fix itlb miss handler for 64-bit programs
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
- ALSA: core: add isascii() check to card ID generator
- ext4: propagate errors from ext4_find_extent() in ext4_insert_range()
- ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space()
- ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit()
- parisc: Fix 64-bit userspace syscall path
- parisc: Fix stack start for ADDR_NO_RANDOMIZE personality
- of/irq: Support #msi-cells=<0> in of_msi_get_domain
- mm: krealloc: consider spare memory for __GFP_ZERO
- ocfs2: fix the la space leak when unmounting an ocfs2 volume
- ocfs2: fix uninit-value in ocfs2_get_block()
- riscv: define ILLEGAL_POINTER_VALUE for 64bit
- clk: rockchip: fix error for unknown clocks
- media: sun4i_csi: Implement link validate for sun4i_csi subdev
- media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
- iio: magnetometer: ak8975: Fix reading for ak099xx sensors
- tomoyo: fallback to realpath if symlink's pathname does not exist
- rtc: at91sam9: fix OF node leak in probe() error path
- Input: adp5589-keys - fix adp5589_gpio_get_value()
- ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[]
- ACPI: resource: Add Asus ExpertBook B2502CVA to
irq1_level_low_skip_override[]
- gpio: davinci: fix lazy disable
- i2c: qcom-geni: Let firmware specify irq trigger flags
- i2c: qcom-geni: Grow a dev pointer to simplify code
- i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
- arm64: Add Cortex-715 CPU part definition
- arm64: cputype: Add Neoverse-N3 definitions
- arm64: errata: Expand speculative SSBS workaround once more
- nfsd: use ktime_get_seconds() for timestamps
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds
- clk: qcom: rpmh: Simplify clk_rpmh_bcm_send_cmd()
- clk: qcom: clk-rpmh: Fix overflow in BCM vote
- r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"
- ACPI: battery: Simplify battery hook locking
- ext4: fix inode tree inconsistency caused by ENOMEM
- net: ethernet: cortina: Drop TSO support
- tracing: Remove precision vsnprintf() check from print event
- drm/crtc: fix uninitialized variable use even harder
- tracing: Have saved_cmdlines arrays all in one allocation
- virtio_console: fix misc probe bugs
- Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
- bpf: Check percpu map value size first
- s390/facility: Disable compile time optimization for decompressor code
- s390/mm: Add cond_resched() to cmm_alloc/free_pages()
- ext4: nested locking for xattr inode
- s390/cpum_sf: Remove WARN_ON_ONCE statements
- ktest.pl: Avoid false positives with grub2 skip regex
- clk: bcm: bcm53573: fix OF node leak in init
- PCI: Add ACS quirk for Qualcomm SA8775P
- i2c: i801: Use a different adapter-name for IDF adapters
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken
- media: videobuf2-core: clear memory related fields in
__vb2_plane_dmabuf_put()
- usb: chipidea: udc: enable suspend interrupt after usb reset
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the
Crashkernel Scenario
- tools/iio: Add memory allocation failure check for trigger_name
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus
attribute
- ice: fix VLAN replay after reset
- SUNRPC: Fix integer overflow in decode_rc_list()
- tcp: fix to allow timestamp undo if no retransmits were sent
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe
- gpio: aspeed: Add the flush write to ensure the write complete.
- gpio: aspeed: Use devm_clk api to manage clock source
- net: ibm: emac: mal: fix wrong goto
- net: annotate lockless accesses to sk->sk_ack_backlog
- net: annotate lockless accesses to sk->sk_max_ack_backlog
- sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start
- locking/lockdep: Fix bad recursion pattern
- locking/lockdep: Rework lockdep_lock
- locking/lockdep: Avoid potential access of invalid memory in lock_class
- lockdep: fix deadlock issue between lockdep and rcu
- HID: plantronics: Workaround for an unexcepted opposite volume key
- Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant"
- usb: dwc3: core: Stop processing of pending events if controller is halted
- usb: xhci: Fix problem with xhci resume from suspend
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in
ish_fw_xfer_direct_dma
- arm64: probes: Fix simulate_ldr*_literal()
- tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols
- tracing/kprobes: Fix symbol counting logic by looking at modules as well
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
- fat: fix uninitialized variable
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR
- KVM: s390: Change virtual to physical address access in diag 0x258 handler
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
- drm/vmwgfx: Handle surface check failure correctly
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig
- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
- iio: hid-sensors: Fix an error handling path in
_hid_sensor_set_report_latency()
- iio: light: opt3001: add missing full-scale range value
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
- Bluetooth: Remove debugfs directory on module init failure
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
- xhci: Fix incorrect stream context type macro
- USB: serial: option: add support for Quectel EG916Q-GL
- USB: serial: option: add Telit FN920C04 MBIM compositions
- x86/resctrl: Annotate get_mem_config() functions as __init
- x86/apic: Always explicitly disarm TSC-deadline timer
- mac80211: Fix NULL ptr deref for injected rate info
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure
- ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
- ipv4: give an IPv4 dev to blackhole_netdev
- RDMA/bnxt_re: Return more meaningful error
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation
- macsec: don't increment counters for an unrelated SA
- net: ethernet: aeroflex: fix potential memory leak in
greth_start_xmit_gbit()
- genetlink: hold RCU in genlmsg_mcast()
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian
- KVM: s390: gaccess: Check if guest address is in memslot
- jfs: Fix sanity check in dbMount
- net: usb: usbnet: fix name regression
- r8169: avoid unsolicited interrupts
- posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
- ALSA: hda/realtek: Update default depop procedure
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid
detection issue
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event
- selinux: improve error checking in sel_write_load()
- arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning
- cgroup: Fix potential overflow issue when checking max_depth
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys
- mac80211: do drv_reconfig_complete() before restarting all
- mac80211: Add support to trigger sta disconnect on hardware restart
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe()
- dt-bindings: gpu: Convert Samsung Image Rotator to dt-schema
- gtp: simplify error handling code in 'gtp_encap_enable()'
- gtp: allow -1 to be specified as file description from userspace
- net: support ip generic csum processing in skb_csum_hwoffload_help
- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension
- drivers/misc: ti-st: Remove unneeded variable in st_tty_open
- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state()
- net: amd: mvme147: Fix probe banner message
- misc: sgi-gru: Don't disable preemption in GRU driver
- usbip: tools: Fix detach_port() invalid port error path
- usb: phy: Fix API devm_usb_put_phy() can not release the phy
- xhci: Fix Link TRB DMA in command ring stopped completion event
- Revert "driver core: Fix uevent_show() vs driver detach race"
- riscv: Remove unused GENERATING_ASM_OFFSETS
- Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device"
- vt: prevent kernel-infoleak in con_font_get()
- mac80211: always have ieee80211_sta_restart()
- mm: krealloc: Fix MTE false alarm in __do_krealloc
- Linux 5.4.285
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50228
- mm: shmem: fix data-race in shmem_getattr()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50230
- nilfs2: fix kernel bug due to missing clearing of checked flag
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50218
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50229
- nilfs2: fix potential deadlock with newly created symlinks
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50233
- staging: iio: frequency: ad9832: fix division by zero in
ad9832_calc_freqreg()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50234
- wifi: iwlegacy: Clear stale interrupts before resuming device
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50236
- wifi: ath10k: Fix memory leak in management tx
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50237
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50251
- netfilter: nft_payload: sanitize offset and length before calling
skb_checksum()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50262
- bpf: Fix out-of-bounds write in trie_get_next_key()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-53059
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50142
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50116
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50117
- drm/amd: Guard against bad data for ATIF ACPI method
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50205
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50127
- net: sched: fix use-after-free in taprio_change()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50167
- be2net: fix potential memory leak in be_xmit()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50168
- net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50131
- tracing: Consider the NULL character when validating the event length
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50143
- udf: fix uninit-value use in udf_get_fileshortad
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50134
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real
VLA
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50194
- arm64: probes: Fix uprobes for big-endian kernels
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50148
- Bluetooth: bnep: fix wild-memory-access in proto_unregister
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50150
- usb: typec: altmode should keep reference to parent
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50151
- smb: client: fix OOBs when building SMB2_IOCTL request
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50171
- net: systemport: fix potential memory leak in bcm_sysport_xmit()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50202
- nilfs2: propagate directory read errors from nilfs_find_entry()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50074
- parport: Proper fix for array out-of-bounds access
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50082
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-40953
- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50199
- mm/swapfile: skip HugeTLB pages for unuse_vma
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50099
- arm64: probes: Remove broken LDR (literal) uprobe support
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50195
- posix-clock: Fix missing timespec64 check in pc_clock_settime()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50096
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50024
- net: Fix an unsafe loop on the list
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49878
- resource: fix region_intersects() vs add_memory_driver_managed()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50033
- slip: make slhc_remember() more robust against malicious packets
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50035
- ppp: fix ppp_async_encode() illegal access
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50039
- net/sched: accept TCA_STAB only for root qdisc
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50040
- igb: Do not bring the device up after non-fatal error
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50044
- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50045
- netfilter: br_netfilter: fix panic with metadata_dst skb
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-38544
- RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50180
- fbdev: sisfb: Fix strbuf array overflow
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50184
- virtio_pmem: Check device status before requesting flush
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50059
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in
switchtec_ntb_remove due to race condition
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50089
- unicode: Don't special case ignorable code points
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49955
- ACPI: battery: Fix possible crash when unregistering a battery hook
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49973
- r8169: add tally counter fields added with RTL8125
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49975
- uprobes: fix kernel info leak via "[uprobes]" vma
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49867
- btrfs: wait for fixup workers before stopping cleaner kthread during umount
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49868
- btrfs: fix a NULL pointer dereference when failed to start a new trasacntion
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49981
- media: venus: fix use after free bug in venus_remove due to race condition
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49982
- aoe: fix the potential use-after-free problem in more places
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49877
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49957
- ocfs2: fix null-ptr-deref when journal load failed.
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49965
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49966
- ocfs2: cancel dqi_sync_work before freeing oinfo
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49958
- ocfs2: reserve space for inline xattr before attaching reflink tree
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49959
- jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49879
- drm: omapdrm: Add missing check for alloc_ordered_workqueue
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49882
- ext4: fix double brelse() the buffer of the extents path
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49883
- ext4: aovid use-after-free in ext4_ext_insert_extent()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49985
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50006
- ext4: fix i_data_sem unlock order in ext4_ind_migrate()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49892
- drm/amd/display: Initialize get_bytes_per_element's default to 1
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49894
- drm/amd/display: Fix index out of bounds in degamma hardware format
translation
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49896
- drm/amd/display: Check stream before comparing them
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49900
- jfs: Fix uninit-value access of new_ea in ea_buffer
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49902
- jfs: check if leafidx greater than num leaves per dmap tree
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49903
- jfs: Fix uaf in dbFreeBits
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49924
- fbdev: pxafb: Fix possible use after free in pxafb_task()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50007
- ALSA: asihpi: Fix potential OOB array access
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50008
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_cmd_802_11_scan_ext()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49995
- tipc: guard against string buffer overrun
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49962
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in
acpi_db_convert_to_package()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49938
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47740
- f2fs: Require FMODE_WRITE for atomic write ioctls
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49944
- sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49948
- net: add more sanity checks to qdisc_pkt_len_init()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49949
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49997
- net: ethernet: lantiq_etop: fix memory disclosure
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49952
- netfilter: nf_tables: prevent nf_skb_duplicated corruption
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50179
- ceph: remove the incorrect Fw reference check when dirtying pages
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49963
- mailbox: bcm2835: Fix timeout during suspend mode
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-46849
- ASoC: meson: axg-card: fix 'use-after-free'
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47679
- vfs: fix race between evice_inodes() and find_inode()&iput()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49860
- ACPI: sysfs: validate return type of _STR method
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47742
- firmware_loader: Block path traversal
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47684
- tcp: check skb is non-NULL in tcp_rto_delta_us()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47747
- net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race
Condition
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47685
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47692
- nfsd: return -EINVAL when namelen is 0
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47737
- nfsd: call cache_put if xdr_reserve_space returns NULL
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2023-52917
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47749
- RDMA/cxgb4: Added NULL check for lookup_atid
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47696
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47756
- PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47697
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47698
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47757
- nilfs2: fix potential oob read in nilfs_btree_check_delete()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47699
- nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47701
- ext4: avoid OOB when system.data xattr changes underneath the filesystem
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-49851
- tpm: Clean up TPM space after command failure
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47723
- jfs: fix out-of-bounds in dbNextAG() and diAlloc()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47706
- block, bfq: fix possible UAF for bfqq->bic with merge chain
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47709
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47710
- sock_map: Add a cond_resched() in sock_hash_free()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47712
- wifi: wilc1000: fix potential RCU dereference issue in
wilc_parse_join_bss_param
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47713
- wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47671
- USB: usbtmc: prevent kernel-usb-infoleak
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-44931
- gpio: prevent potential speculation leaks in gpio_device_get_desc()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-41016
- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47670
- ocfs2: add bounds checking to ocfs2_xattr_find_entry()
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-47672
- wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-46853
- spi: nxp-fspi: fix the KASAN report out-of-bounds bug
* Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-46854
- net: dpaa: Pad packets to ETH_ZLEN
[ Ubuntu: 5.4.0-205.225 ]
* focal/linux: 5.4.0-205.225 -proposed tracker (LP: #2093621)
* Hold IOPOLL locks when triggering io_uring's deferred work (LP: #2078659) //
CVE-2023-21400
- io_uring: remove extra check in __io_commit_cqring
- io_uring: dont kill fasync under completion_lock
- io_uring: ensure IOPOLL locks around deferred work
* CVE-2024-40967
- iopoll: introduce read_poll_timeout macro
- iopoll: Introduce read_poll_timeout_atomic macro
- serial: imx: Introduce timeout when waiting on transmitter empty
* CVE-2024-53164
- net: sched: fix ordering of qlen adjustment
* CVE-2024-53141
- netfilter: ipset: add missing range check in bitmap_ip_uadt
* CVE-2024-53103
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer
[ Ubuntu: 5.4.0-204.224 ]
* focal/linux: 5.4.0-204.224 -proposed tracker (LP: #2091090)
* CVE-2024-50264
- vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans
* CVE-2024-53057
- net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
* CVE-2024-49967
- ext4: no need to continue when the number of entries is 1
* CVE-2024-43892
- memcg: protect concurrent access to mem_cgroup_idr
* CVE-2024-38553
- net: fec: remove .ndo_poll_controller to avoid deadlocks
* CVE-2024-38597
- eth: sungem: remove .ndo_poll_controller to avoid deadlocks
* CVE-2023-52821
- drm/panel: fix a possible null pointer dereference
* CVE-2024-36952
- scsi: lpfc: Move NPIV's transport unregistration to after resource clean up
* CVE-2024-40910
- ax25: Fix refcount imbalance on inbound connections
* CVE-2024-35963
- Bluetooth: hci_sock: Fix not validating setsockopt user input
* CVE-2024-35965
- Bluetooth: L2CAP: uninitialized variables in l2cap_sock_setsockopt()
- Bluetooth: L2CAP: Fix not validating setsockopt user input
* CVE-2024-35966
- Bluetooth: RFCOMM: Fix not validating setsockopt user input
* CVE-2024-35967
- Bluetooth: SCO: Fix not validating setsockopt user input
* CVE-2021-47101
- net: asix: fix uninit value bugs
- asix: fix wrong return value in asix_check_host_enable()
- asix: fix uninit-value in asix_mdio_read()
* CVE-2022-38096
- drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
* CVE-2021-47001
- xprtrdma: Fix cwnd update ordering
Date: 2025-03-20 13:14:12.964184+00:00
Changed-By: Wei-Lin Chang <weilin.chang at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1048.51
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list