[ubuntu/focal-security] linux-hwe-5.15 5.15.0-136.147~20.04.1 (Accepted)
Andy Whitcroft
apw at canonical.com
Mon Mar 31 21:14:00 UTC 2025
linux-hwe-5.15 (5.15.0-136.147~20.04.1) focal; urgency=medium
* focal/linux-hwe-5.15: 5.15.0-136.147~20.04.1 -proposed tracker
(LP: #2102427)
[ Ubuntu: 5.15.0-136.147 ]
* jammy/linux: 5.15.0-136.147 -proposed tracker (LP: #2102429)
* CVE-2024-57798
- drm/dp_mst: Skip CSN if topology probing is not done yet
- drm/dp_mst: Ensure mst_primary pointer is valid in
drm_dp_mst_handle_up_req()
* CVE-2024-56658
- net: defer final 'struct net' free in netns dismantle
* CVE-2024-35864
- smb: client: fix potential UAF in smb2_is_valid_lease_break()
* CVE-2024-35864/CVE-2024-26928
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
linux-hwe-5.15 (5.15.0-135.146~20.04.1) focal; urgency=medium
* focal/linux-hwe-5.15: 5.15.0-135.146~20.04.1 -proposed tracker
(LP: #2098298)
[ Ubuntu: 5.15.0-135.146 ]
* jammy/linux: 5.15.0-135.146 -proposed tracker (LP: #2098300)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.02.10)
* Jammy update: v5.15.178 upstream stable release (LP: #2098441)
- ASoC: wm8994: Add depends on MFD core
- ASoC: samsung: Add missing selects for MFD_WM8994
- seccomp: Stub for !CONFIG_SECCOMP
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
- irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
- ASoC: samsung: Add missing depends on I2C
- regmap: detach regmap from dev on regmap_exit
- mptcp: don't always assume copied data in mptcp_cleanup_rbuf()
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
- net: sched: fix ets qdisc OOB Indexing
- vfio/platform: check the bounds of read/write syscalls
- fs/ntfs3: Additional check in ntfs_file_release
- platform/chrome: cros_ec_typec: Check for EC driver
- ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
- scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
- wifi: iwlwifi: add a few rate index validity checks
- USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
- ALSA: usb-audio: Add delay quirk for USB Audio Device
- Input: atkbd - map F23 key to support default copilot shortcut
- Input: xpad - add unofficial Xbox 360 wireless receiver clone
- Input: xpad - add support for wooting two he (arm)
- drm/v3d: Assign job pointer to NULL before signaling the fence
- Linux 5.15.178
* CVE-2024-49925
- fbdev: efifb: Register sysfs groups through driver core
* Jammy update: v5.15.177 upstream stable release (LP: #2097298)
- ceph: give up on paths longer than PATH_MAX
- jbd2: flush filesystem device before updating tail sequence
- dm array: fix releasing a faulty array block twice in dm_array_cursor_end
- dm array: fix unreleased btree blocks on closing a faulty array cursor
- dm array: fix cursor index when skipping across block boundaries
- exfat: fix the infinite loop in exfat_readdir()
- exfat: fix the infinite loop in __exfat_free_cluster()
- ASoC: mediatek: disable buffer pre-allocation
- ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
- net: 802: LLC+SNAP OID:PID lookup on start of skb data
- tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
- tcp/dccp: allow a connection when sk_max_ack_backlog is zero
- net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails
- cxgb4: Avoid removal of uninserted tid
- tls: Fix tls_sw_sendmsg error handling
- netfilter: nf_tables: imbalance in flowtable binding
- netfilter: conntrack: clamp maximum hashtable size to INT_MAX
- drm/mediatek: Add support for 180-degree rotation in the display driver
- ksmbd: fix a missing return value check bug
- afs: Fix the maximum cell name length
- dm thin: make get_first_thin use rcu-safe list first function
- dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
- sctp: sysctl: rto_min/max: avoid using current->nsproxy
- sctp: sysctl: auth_enable: avoid using current->nsproxy
- sctp: sysctl: udp_port: avoid using current->nsproxy
- sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
- drm/amd/display: Add check for granularity in dml ceil/floor helpers
- riscv: Fix sleeping in invalid context in die()
- ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
- ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[]
- drm/amd/display: increase MAX_SURFACES to the value supported by hw
- scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity
- USB: serial: option: add MeiG Smart SRM815
- USB: serial: option: add Neoway N723-EA support
- staging: iio: ad9834: Correct phase range check
- staging: iio: ad9832: Correct phase range check
- usb-storage: Add max sectors quirk for Nokia 208
- USB: serial: cp210x: add Phoenix Contact UPS Device
- usb: dwc3: gadget: fix writing NYET threshold
- topology: Keep the cpumask unchanged when printing cpumap
- USB: usblp: return error when setting unsupported protocol
- USB: core: Disable LPM only for non-suspended ports
- usb: fix reference leak in usb_new_device()
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
- iio: pressure: zpa2326: fix information leak in triggered buffer
- iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered
buffer
- iio: light: vcnl4035: fix information leak in triggered buffer
- iio: imu: kmx61: fix information leak in triggered buffer
- iio: adc: ti-ads8688: fix information leak in triggered buffer
- iio: gyro: fxas21002c: Fix missing data update in trigger handler
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
- iio: adc: at91: call input_free_device() on allocated iio_dev
- iio: inkern: call iio_device_put() only on mapped devices
- iio: adc: ad7124: Disable all channels at probe time
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
- arm64: dts: rockchip: add hevc power domain clock to rk3328
- of: unittest: Add bus address range parsing tests
- of/address: Add support for 3 address cell bus
- of: address: Fix address translation when address-size is greater than 2
- of: address: Remove duplicated functions
- of: address: Store number of bus flag cells rather than bool
- of: address: Preserve the flags portion on 1:1 dma-ranges mapping
- phy: usb: Add "wake on" functionality for newer Synopsis XHCI controllers
- phy: usb: Toggle the PHY power during init
- ocfs2: correct return value of ocfs2_local_free_info()
- ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
- mptcp: drop port parameter of mptcp_pm_add_addr_signal
- mptcp: fix TCP options overflow.
- phy: usb: Use slow clock for wake enabled suspend
- phy: usb: Fix clock imbalance for suspend/resume
- net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
- bpf: Fix bpf_sk_select_reuseport() memory leak
- pktgen: Avoid out-of-bounds access in get_imix_entries
- net: add exit_batch_rtnl() method
- gtp: use exit_batch_rtnl() method
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
- gtp: Destroy device along with udp socket's netns dismantle.
- nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
- net: xilinx: axienet: Fix IRQ coalescing packet count overflow
- net/mlx5: Add priorities for counters in RDMA namespaces
- net/mlx5: Refactor mlx5_get_flow_namespace
- net/mlx5: Fix RDMA TX steering prio
- drm/v3d: Ensure job pointer is set to NULL after job completion
- Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data"
- i2c: mux: demux-pinctrl: check initial mux selection, too
- i2c: rcar: fix NACK handling when being a target
- mac802154: check local interfaces before deleting sdata list
- hfs: Sanity check the root record
- fs: fix missing declaration of init_files
- kheaders: Ignore silly-rename files
- ACPI: resource: acpi_dev_irq_override(): Check DMI match last
- poll_wait: add mb() to fix theoretical race between waitqueue_active() and
.poll()
- nvmet: propagate npwg topology
- net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
- vsock/virtio: cancel close work in the destructor
- vsock: reset socket state when de-assigning the transport
- vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
- filemap: avoid truncating 64-bit offset to 32 bits
- fs/proc: fix softlockup in __read_vmcore (part 2)
- gpiolib: cdev: Fix use after free in lineinfo_changed_notify
- irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
- hrtimers: Handle CPU state correctly on hotplug
- drm/i915/fb: Relax clear color alignment to 64 bytes
- iio: imu: inv_icm42600: fix spi burst write not supported
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
- iio: adc: rockchip_saradc: fix information leak in triggered buffer
- Revert "drm/amdgpu: rework resume handling for display (v2)"
- Revert "regmap: detach regmap from dev on regmap_exit"
- vsock/virtio: discard packets if the transport changes
- ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
- nfsd: add list_head nf_gc to struct nfsd_file
- x86/xen: fix SLS mitigation in xen_hypercall_iret()
- scsi: sg: Fix slab-use-after-free read in sg_release()
- net: fix data-races around sk->sk_forward_alloc
- xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
- Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM
conditionals
- Linux 5.15.177
* CVE-2024-46784
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
* CVE-2024-44938
- jfs: Fix shift-out-of-bounds in dbDiscardAG
* CVE-2024-43900
- media: xc2028: avoid use-after-free in load_firmware_cb()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327)
- ALSA: usb: Fix UBSAN warning in parse_audio_unit()
- usb: cdns3: Add quirk flag to enable suspend residency
- ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP
- PCI: vmd: Create domain symlink before pci_bus_add_devices()
- PCI: Add ACS quirk for Broadcom BCM5760X NIC
- MIPS: Loongson64: DTS: Fix msi node for ls7a
- usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with
iommu enabled
- i2c: pnx: Fix timeout in wait functions
- erofs: fix incorrect symlink detection in fast symlink
- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll
- ionic: use ee->offset when returning sprom data
- net: hinic: Fix cleanup in create_rxqs/txqs()
- net: ethernet: bgmac-platform: fix an OF node reference leak
- netfilter: ipset: Fix for recursive locking warning
- net: mdiobus: fix an OF node reference leak
- mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk
- chelsio/chtls: prevent potential integer overflow on 32bit
- i2c: riic: Always round-up when calculating bus period
- efivarfs: Fix error on non-existent file
- USB: serial: option: add TCL IK512 MBIM & ECM
- USB: serial: option: add MeiG Smart SLM770A
- USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready
- USB: serial: option: add MediaTek T7XX compositions
- USB: serial: option: add Telit FE910C04 rmnet compositions
- hwmon: (tmp513) Don't use "proxy" headers
- hwmon: (tmp513) Simplify with dev_err_probe()
- hwmon: (tmp513) Use SI constants from units.h
- hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit
Registers
- hwmon: (tmp513) Fix Current Register value interpretation
- hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit
Registers
- hwmon: (tmp513) Fix division of negative numbers
- sh: clk: Fix clk_enable() to return 0 on NULL clk
- zram: refuse to use zero sized block device as backing device
- btrfs: tree-checker: reject inline extent items with 0 ref count
- tracing: Fix test_event_printk() to process entire print argument
- tracing: Add missing helper functions in event pointer dereference check
- tracing: Add "%s" check in test_event_printk()
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget
- of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one()
- udmabuf: also check for F_SEAL_FUTURE_WRITE
- of: Fix error path in of_parse_phandle_with_args_map()
- of: Fix refcount leakage for OF node returned by __of_get_dma_parent()
- ceph: validate snapdirname option length when mounting
- epoll: Add synchronous wakeup support for ep_poll_callback
- drm/amdgpu: Handle NULL bo->tbo.resource (again) in amdgpu_vm_bo_update
- mm/vmstat: fix a W=1 clang compiler warning
- tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress()
- tcp_bpf: Add sk_rmem_alloc related logic for tcp_bpf ingress redirection
- bpf: Check negative offsets in __bpf_skb_min_len()
- nfsd: restore callback functionality for NFSv4.0
- mtd: diskonchip: Cast an operand to prevent potential overflow
- mtd: rawnand: arasan: Fix double assertion of chip-select
- mtd: rawnand: arasan: Fix missing de-registration of NAND
- phy: core: Fix an OF node refcount leakage in _of_phy_get()
- phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup()
- phy: core: Fix that API devm_phy_put() fails to release the phy
- phy: core: Fix that API devm_of_phy_provider_unregister() fails to
unregister the phy provider
- phy: core: Fix that API devm_phy_destroy() fails to destroy the phy
- dmaengine: mv_xor: fix child node refcount handling in early exit
- dmaengine: dw: Select only supported masters for ACPI devices
- mtd: rawnand: fix double free in atmel_pmecc_create_user()
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label
update
- watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040
- ALSA: hda/conexant: fix Z60MR100 startup pop issue
- regmap: Use correct format specifier for logging range errors
- platform/x86: asus-nb-wmi: Ignore unknown event 0xCF
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load
time
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN
as an error
- virtio-blk: don't keep queue frozen during system suspend
- vmalloc: fix accounting with i915
- MIPS: Probe toolchain support of -msym32
- arm64: mm: Rename asid2idx() to ctxid2asid()
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit
ASIDs
- drm/dp_mst: Verify request type in the corresponding down message reply
- lib: stackinit: hide never-taken branch from compiler
- ksmbd: fix racy issue from session lookup and expire
- tracing: Constify string literal data member in struct trace_event_call
- btrfs: avoid monopolizing a core when activating a swap file
- x86/hyperv: Fix hv tsc page based sched_clock for hibernation
- selinux: ignore unknown extended permissions
- tracing: Have process_string() also allow arrays
- thunderbolt: Add support for Intel Raptor Lake
- thunderbolt: Add support for Intel Meteor Lake
- thunderbolt: Add Intel Barlow Ridge PCI ID
- thunderbolt: Add support for Intel Lunar Lake
- thunderbolt: Add support for Intel Panther Lake-M/P
- xhci: retry Stop Endpoint on buggy NEC controllers
- usb: xhci: Limit Stop Endpoint retries
- xhci: Turn NEC specific quirk for handling Stop Endpoint errors generic
- RDMA/mlx5: Enforce same type port association for multiport RoCE
- RDMA/bnxt_re: Add check for path mtu in modify_qp
- RDMA/bnxt_re: Fix reporting hw_ver in query_device
- RDMA/bnxt_re: Fix max_qp_wrs reported
- RDMA/bnxt_re: Fix the locking while accessing the QP table
- drm/bridge: adv7511_audio: Update Audio InfoFrame properly
- RDMA/hns: Remove redundant 'attr_mask' in modify_qp_init_to_init()
- RDMA/hns: Remove redundant 'bt_level' for hem_list_alloc_item()
- RDMA/hns: Fix mapping error of zero-hop WQE buffer
- RDMA/hns: Fix warning storm caused by invalid input in IO path
- RDMA/hns: Fix missing flush CQE for DWQE
- net: stmmac: platform: provide devm_stmmac_probe_config_dt()
- net: stmmac: don't create a MDIO bus if unnecessary
- net: stmmac: restructure the error path of stmmac_probe_config_dt()
- drm/i915/dg1: Fix power gate sequence.
- net: llc: reset skb->transport_header
- ALSA: usb-audio: US16x08: Initialize array before use
- eth: bcmsysport: fix call balance of priv->clk handling routines
- net: mv643xx_eth: fix an OF node reference leak
- net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init()
- btrfs: rename and export __btrfs_cow_block()
- btrfs: sysfs: convert scnprintf and snprintf to sysfs_emit
- btrfs: sysfs: fix direct super block member reads
- wifi: mac80211: wake the queues in case of failure in resume
- sound: usb: enable DSD output for ddHiFi TC44C
- sound: usb: format: don't warn that raw DSD is unsupported
- bpf: fix potential error return
- net: usb: qmi_wwan: add Telit FE910C04 compositions
- irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base
- ARC: build: Try to guess GCC variant of cross compiler
- usb: xhci: Avoid queuing redundant Stop Endpoint commands
- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host
- modpost: fix the missed iteration for the max bit in do_input()
- kcov: mark in_softirq_really() as __always_inline
- sky2: Add device ID 11ab:4373 for Marvell 88E8075
- net/sctp: Prevent autoclose integer overflow in sctp_association_init()
- drm: adv7511: Drop dsi single lane support
- dt-bindings: display: adi,adv7533: Drop single lane support
- Linux 5.15.176
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57884
- mm: vmscan: account for free pages to prevent infinite Loop in
throttle_direct_reclaim()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57889
- pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57890
- RDMA/uverbs: Prevent integer overflow issue
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57896
- btrfs: flush delalloc workers queue before stopping cleaner kthread during
unmount
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57897
- drm/amdkfd: Correct the migration DMA map direction
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56759
- btrfs: fix use-after-free when COWing tree bock and tracing is enabled
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57900
- ila: serialize calls to nf_register_net_hooks()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57901
- af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57902
- af_packet: fix vlan_get_tci() vs MSG_PEEK
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57903
- net: restrict SO_REUSEPORT to inet sockets
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-36476
- RDMA/rtrs: Ensure 'ib_sge list' is accessible
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57802
- netrom: check buffer length before accessing it
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57841
- net: fix memory leak in tcp_conn_request()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-49998
- net: dsa: improve shutdown sequence
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-50121
- nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57792
- power: supply: gpio-charger: Fix set charge current limits
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56763
- tracing: Prevent bad count for tracing_cpumask_write
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56626
- ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56627
- ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56616
- drm/dp_mst: Fix MST sideband message body length check
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-53099
- bpf: Check validity of link->type in bpf_link_show_fdinfo()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57807
- scsi: megaraid_sas: Fix for a potential deadlock
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56767
- dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56769
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-53690
- nilfs2: prevent use of deleted inode
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-55881
- KVM: x86: Play nice with protected guests in complete_hypercall_exit()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-55916
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56369
- drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56715
- ionic: Fix netdev notifier unregister on failure
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56716
- netdevsim: prevent bad user input in nsim_dev_health_break_write()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57791
- net/smc: check return value of sock_recvmsg when draining clc data
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-47408
- net/smc: check smcd_v2_ext_offset when receiving proposal msg
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-49571
- net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal
msg
* Jammy update: v5.15.175 upstream stable release (LP: #2095302)
- tcp: check space before adding MPTCP SYN options
- ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5
- usb: host: max3421-hcd: Correctly abort a USB request.
- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys()
- usb: dwc2: Fix HCD resume
- usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature
- usb: dwc2: Fix HCD port connection race
- usb: ehci-hcd: fix call balance of clocks handling routines
- drm/i915: Fix memory leak by correcting cache object name in error handler
- xfs: update btree keys correctly when _insrec splits an inode root block
- xfs: don't drop errno values when we fail to ficlone the entire range
- xfs: return from xfs_symlink_verify early on V4 filesystems
- xfs: fix scrub tracepoints when inode-rooted btrees are involved
- bpf, sockmap: Fix update element with same
- batman-adv: Do not send uninitialized TT changes
- batman-adv: Remove uninitialized data in full table TT response
- batman-adv: Do not let TT changes list grows indefinitely
- tipc: fix NULL deref in cleanup_bearer()
- selftests: mlxsw: sharedbuffer: Remove h1 ingress test case
- selftests: mlxsw: sharedbuffer: Remove duplicate test cases
- ptp: kvm: Use decrypted memory in confidential guest on x86
- ptp: kvm: x86: Return EOPNOTSUPP instead of ENODEV from kvm_arch_ptp_init()
- net: sparx5: fix FDMA performance issue
- net: sparx5: fix the maximum frame length register
- ACPI: resource: Fix memory resource type union access
- cxgb4: use port number to set mac addr
- qca_spi: Fix clock speed for multiple QCA7000
- qca_spi: Make driver probing reliable
- Documentation: PM: Clarify pm_runtime_resume_and_get() return value
- bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
- team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
- ACPICA: events/evxfregn: don't release the ContextMutex that was never
acquired
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights()
- tracing/kprobes: Skip symbol counting logic for module symbols in
create_local_trace_kprobe()
- xen/netfront: fix crash when removing device
- x86: make get_cpu_vendor() accessible from Xen code
- objtool/x86: allow syscall instruction
- x86/static-call: provide a way to do very early static-call updates
- x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0
- x86/asm: Make serialize() always_inline
- x86/xen: don't do PV iret hypercall through hypercall page
- x86/xen: add central hypercall functions
- x86/xen: use new hypercall functions instead of hypercall page
- x86/xen: remove hypercall page
- ALSA: usb-audio: Fix a DMA to stack memory bug
- x86/static-call: fix 32-bit build
- Linux 5.15.175
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-53125
- bpf: sync_linked_regs() must preserve subreg_def
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-56770
- net/sched: netem: account for backlog updates from child qdisc
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-56659
- net: lapb: increase LAPB_HEADER_LEN
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-56662
- acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-42315
- exfat: fix potential deadlock on __exfat_get_dentry_set
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-53119
- virtio/vsock: Fix accept_queue memory leak
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-56670
- usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to
accessing null pointer
* Jammy update: v5.15.174 upstream stable release (LP: #2095283)
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer
- media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled
- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate()
- media: uvcvideo: Stop stream during unregister
- vmstat: call fold_vm_zone_numa_events() before show per zone NUMA event
- iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables
- leds: lp55xx: Remove redundant test for invalid channel number
- clk: qcom: gcc-qcs404: fix initial rate of GPLL3
- samples: pktgen: correct dev to DEV
- ARM: 9419/1: mm: Fix kernel memory mapping for xip kernels
- x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y
- vdpa/mlx5: Fix PA offset with unaligned starting iotlb map
- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled
- ocfs2: fix UBSAN warning in ocfs2_verify_volume()
- drm/bridge: tc358768: Fix DSI command tx
- mmc: sunxi-mmc: Add D1 MMC variant
- mmc: sunxi-mmc: Fix A100 compatible description
- lib/buildid: Fix build ID parsing logic
- media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set
- NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point
- NFSD: Async COPY result needs to return a write verifier
- NFSD: Initialize struct nfsd4_copy earlier
- NFSD: Never decrement pending_async_copies on error
- mm: revert "mm: shmem: fix data-race in shmem_getattr()"
- mm: avoid unsafe VMA hook invocation when error arises on mmap hook
- mm: unconditionally close VMAs on error
- mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling
- NFS: nfs_async_write_reschedule_io must not recurse into the writeback code
- ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet
- ASoC: Intel: sst: Support LPE0F28 ACPI HID
- wifi: iwlwifi: mvm: Use the sync timepoint API in suspend
- mac80211: fix user-power when emulating chanctx
- usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver
- selftests/watchdog-test: Fix system accidentally reset after watchdog-test
- ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB
- net: usb: qmi_wwan: add Quectel RG650V
- soc: qcom: Add check devm_kasprintf() returned value
- regulator: rk808: Add apply_bit for BUCK3 on RK809
- platform/x86: dell-smbios-base: Extends support to Alienware products
- platform/x86: dell-wmi-base: Handle META key Lock/Unlock events
- can: j1939: fix error in J1939 documentation.
- ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate()
- ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div()
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
- ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry
- ARM: 9420/1: smp: Fix SMP for xip kernels
- ipmr: Fix access to mfc_cache_list without lock held
- nvme: fix metadata handling in nvme-passthrough
- x86/barrier: Do not serialize MSR accesses on AMD
- kselftest/arm64: mte: fix printf type warnings about longs
- s390/cio: Do not unregister the subchannel based on DNV
- brd: remove brd_devices_mutex mutex
- mips: asm: fix warning when disabling MIPS_FP_SUPPORT
- m68k: mvme147: Fix SCSI controller IRQ numbers
- m68k: mvme16x: Add and use "mvme16x.h"
- m68k: mvme147: Reinstate early console
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG
- acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block()
- s390/syscalls: Avoid creation of arch/arch/ directory
- firmware: google: Unregister driver_info on failure
- crypto: qat - remove faulty arbiter config reset
- thermal: core: Initialize thermal zones before registering them
- EDAC/fsl_ddr: Fix bad bit shift operations
- crypto: cavium - Fix the if condition to exit loop after timeout
- ACPI: CPPC: Fix _CPC register setting issue
- crypto: caam - add error check to caam_rsa_set_priv_key_form
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw()
- time: Fix references to _msecs_to_jiffies() handling of values
- timekeeping: Consolidate fast timekeeper
- seqlock/latch: Provide raw_read_seqcount_latch_retry()
- kcsan, seqlock: Support seqcount_latch_t
- kcsan, seqlock: Fix incorrect assumption in read_seqbegin()
- clocksource/drivers:sp804: Make user selectable
- spi: spi-fsl-lpspi: downgrade log level for pio mode
- spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq()
- soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq()
- mmc: mmc_spi: drop buggy snprintf()
- tpm: fix signed/unsigned bug when checking event logs
- arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4
- arm64: dts: mt8183: kukui: Fix the address of eeprom at i2c4
- arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source
trackpad
- Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline"
- cgroup/bpf: only cgroup v2 can be attached by bpf programs
- arm64: dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns
- arm64: dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns
- arm64: dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns
- pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle
- ARM: dts: cubieboard4: Fix DCDC5 regulator constraints
- pmdomain: ti-sci: Add missing of_node_put() for args.np
- spi: tegra210-quad: Avoid shift-out-of-bounds
- spi: zynqmp-gqspi: Undo runtime PM changes at driver exit time
- regmap: irq: Set lockdep class for hierarchical IRQ domains
- arm64: dts: mt8183: jacuzzi: remove unused ddc-i2c-bus
- arm64: dts: mt8183: jacuzzi: Move panel under aux-bus
- arm64: dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names
- arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed
regulators
- selftests/resctrl: Protect against array overrun during iMC config parsing
- media: venus: venc: Use pmruntime autosuspend
- media: venus: vdec: decoded picture buffer handling during reconfig sequence
- media: venus : Addition of EOS Event support for Encoder
- media: venus : Addition of support for VIDIOC_TRY_ENCODER_CMD
- venus: venc: add handling for VIDIOC_ENCODER_CMD
- media: venus: provide ctx queue lock for ioctl synchronization
- media: atomisp: remove #ifdef HAS_NO_HMEM
- platform/x86: panasonic-laptop: Replace snprintf in show functions with
sysfs_emit
- platform/x86: panasonic-laptop: Return errno correctly in show callback
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused
- drm/omap: Fix possible NULL dereference
- drm/omap: Fix locking in omap_gem_new_dmabuf()
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq()
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq()
- drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq()
- drm/v3d: Address race-condition in MMU flush
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2
- dt-bindings: vendor-prefixes: Add NeoFidelity, Inc
- ASoC: fsl_micfil: Drop unnecessary register read
- ASoC: fsl_micfil: do not define SHIFT/MASK for single bits
- ASoC: fsl_micfil: use GENMASK to define register bit fields
- ASoC: fsl_micfil: fix regmap_write_bits usage
- ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode
- drm/bridge: anx7625: Drop EDID cache on bridge power off
- libbpf: Fix output .symtab byte-order during linking
- bpf: Fix the xdp_adjust_tail sample prog issue
- libbpf: fix sym_is_subprog() logic for weak global subprogs
- xfrm: rename xfrm_state_offload struct to allow reuse
- xfrm: store and rely on direction to construct offload flags
- netdevsim: rely on XFRM state direction instead of flags
- netdevsim: copy addresses for both in and out paths
- drm/bridge: tc358767: Fix link properties discovery
- selftests/bpf: Fix msg_verify_data in test_sockmap
- selftests/bpf: Fix txmsg_redir of test_txmsg_pull in test_sockmap
- drm: fsl-dcu: enable PIXCLK on LS1021A
- drm/panfrost: Remove unused id_mask from struct panfrost_model
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited
- drm/etnaviv: fix power register offset on GC300
- drm/etnaviv: hold GPU lock across perfmon sampling
- wifi: wfx: Fix error handling in wfx_core_init()
- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk()
- netfilter: nf_tables: skip transaction if update object is not implemented
- netfilter: nf_tables: must hold rcu read lock while iterating object type
list
- netlink: typographical error in nlmsg_type constants definition
- selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap
- selftests/bpf: Fix SENDPAGE data logic in test_sockmap
- selftests, bpf: Add one test for sockmap with strparser
- selftests/bpf: Fix total_bytes in msg_loop_rx in test_sockmap
- selftests/bpf: Add push/pop checking for msg_verify_data in test_sockmap
- bpf, sockmap: Several fixes to bpf_msg_push_data
- bpf, sockmap: Fix sk_msg_reset_curr
- selftests: net: really check for bg process completion
- drm/amdkfd: Fix wrong usage of INIT_WORK()
- net: rfkill: gpio: Add check for clk_enable()
- driver core: Introduce device_find_any_child() helper
- netpoll: Use rcu_access_pointer() in netpoll_poll_lock
- wireguard: selftests: load nf_conntrack if not present
- trace/trace_event_perf: remove duplicate samples on the first tracepoint
event
- pinctrl: zynqmp: drop excess struct member description
- powerpc/vdso: Flag VDSO64 entry points as functions
- mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race
- mfd: da9052-spi: Change read-mask to write-mask
- mfd: intel_soc_pmic_bxtwc: Use dev_err_probe()
- cpufreq: loongson2: Unregister platform_driver on failure
- mtd: rawnand: atmel: Fix possible memory leak
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey
- clk: imx: lpcg-scu: SW workaround for errata (e10858)
- clk: imx: clk-scu: fix clk enable state save and restore
- mfd: rt5033: Fix missing regmap_del_irq_chip()
- scsi: fusion: Remove unused variable 'rc'
- RDMA/hns: Fix out-of-order issue of requester when setting FENCE
- powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static
- powerpc/kexec: Fix return of uninitialized variable
- fbdev/sh7760fb: Alloc DMA memory from hardware device
- dt-bindings: clock: axi-clkgen: include AXI clk
- clk: clk-axi-clkgen: make sure to enable the AXI bus clock
- pinctrl: k210: Undef K210_PC_DEFAULT
- mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb()
- perf cs-etm: Don't flush when packet_queue fills up
- perf probe: Fix libdw memory leak
- perf probe: Correct demangled symbols in C++ program
- PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads
- PCI: cpqphp: Fix PCIBIOS_* return value confusion
- f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block
- f2fs: remove struct segment_allocation default_salloc_ops
- f2fs: open code allocate_segment_by_default
- f2fs: remove the unused flush argument to change_curseg
- f2fs: check curseg->inited before write_sum_page in change_curseg
- perf trace: avoid garbage when not printing a trace event's arguments
- m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x
- m68k: coldfire/device.c: only build FEC when HW macros are defined
- perf trace: Do not lose last events in a race
- perf trace: Avoid garbage when not printing a syscall's arguments
- rpmsg: glink: Add TX_DATA_CONT command while sending
- rpmsg: glink: Send READ_NOTIFY command in FIFO full case
- rpmsg: glink: Fix GLINK command prefix
- rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length
- remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region
- NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
- sunrpc: simplify two-level sysctl registration for svcrdma_parm_table
- NFSD: Fix nfsd4_shutdown_copy()
- hwmon: (tps23861) Fix reporting of negative temperatures
- vdpa/mlx5: Fix suboptimal range on iotlb iteration
- selftests/mount_setattr: Fix failures on 64K PAGE_SIZE kernels
- fs_parser: update mount_api doc to match function signature
- power: supply: core: Remove might_sleep() from power_supply_put()
- power: supply: bq27xxx: Fix registers of bq27426
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
- tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL
configuration
- net: mdio-ipq4019: add missing error check
- marvell: pxa168_eth: fix call balance of pep->clk handling routines
- net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
- octeontx2-af: RPM: Fix mismatch in lmac type
- spi: atmel-quadspi: Fix register name in verbose logging function
- net: hsr: fix hsr_init_sk() vs network/transport headers.
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down
- iio: light: al3010: Fix an error handling path in al3010_probe()
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()
- usb: yurex: make waiting on yurex_write interruptible
- USB: chaoskey: fail open after removal
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock
- misc: apds990x: Fix missing pm_runtime_disable()
- counter: stm32-timer-cnt: Add check for clk_enable()
- ALSA: hda/realtek: Update ALC256 depop procedure
- apparmor: fix 'Do simple duplicate message elimination'
- usb: ehci-spear: fix call balance of sehci clk handling routines
- Revert "drivers: clk: zynqmp: update divider round rate logic"
- ASoC: Intel: sst: Fix used of uninitialized ctx to log an error
- soc: qcom: socinfo: fix revision check in qcom_socinfo_probe()
- ext4: supress data-race warnings in ext4_free_inodes_{count,set}()
- ext4: fix FS_IOC_GETFSMAP handling
- jfs: xattr: check invalid xattr size more strictly
- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata()
- perf/x86/intel/pt: Fix buffer full but size is 0 case
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit
- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector
- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status
- fsnotify: fix sending inotify event with unexpected filename
- tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler
- locking/lockdep: Avoid creating new name string literals in
lockdep_set_subclass()
- exfat: fix uninit-value in __exfat_get_dentry_set
- Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}()
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue
- Revert "usb: gadget: composite: fix OS descriptors w_value logic"
- serial: sh-sci: Clean sci_ports[0] after at earlycon exit
- Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit"
- gpio: exar: set value when external pull-up or pull-down is present
- spi: Fix acpi deferred irq probe
- mtd: spi-nor: core: replace dummy buswidth from addr to data
- cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power()
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement
- ubi: wl: Put source PEB into correct list if trying locking LEB failed
- serial: 8250: omap: Move pm_runtime_get_sync
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
- soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting()
- media: v4l2-core: v4l2-dv-timings: check cvt/gtf result
- ALSA: hda/realtek: Update ALC225 depop procedure
- ALSA: hda/realtek: Set PCBeep to default value for ALC274
- ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max
- ALSA: hda/realtek: Apply quirk for Medion E15433
- usb: dwc3: gadget: Fix checking for number of TRBs left
- lib: string_helpers: silence snprintf() output truncation warning
- rpmsg: glink: Propagate TX failures in intentless mode as well
- um: Fix the return value of elf_core_copy_task_fpregs
- um: Always dump trace for specified task in show_stack
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq()
- rtc: abx80x: Fix WDT bit position of the status register
- ubifs: Correct the total block count by deducting journal reservation
- jffs2: fix use of uninitialized variable
- block: return unsigned int from bdev_io_min
- 9p/xen: fix init sequence
- rtc: ab-eoz9: don't fail temperature reads on undervoltage notification
- modpost: remove incorrect code in do_eisa_entry()
- nfs: ignore SB_RDONLY when mounting nfs
- sunrpc: remove unnecessary test in rpc_task_set_client()
- SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE
- ASoC: fsl_micfil: fix the naming style for mask definition
- xfs: fix log recovery when unknown rocompat bits are set
- xfs: remove unknown compat feature check in superblock write validation
- btrfs: add might_sleep() annotations
- util_macros.h: fix/rework find_closest() macros
- scsi: ufs: exynos: Fix hibern8 notify callbacks
- PCI: keystone: Add link up check to ks_pcie_other_map_bus()
- ovl: properly handle large files in ovl_security_fileattr
- dm thin: Add missing destroy_work_on_stack()
- PCI: rockchip-ep: Fix address translation unit programming
- drm/etnaviv: flush shader L1 cache after user commandstream
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
- watchdog: mediatek: Make sure system reset gets asserted in
mtk_wdt_restart()
- can: peak_usb: CANFD: store 64-bits hw timestamps
- can: do not increase rx statistics when generating a CAN rx error message
frame
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation
fails
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
- ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
- ptp: Add error handling for adjfine callback in ptp_clock_adjtime
- net/sched: tbf: correct backlog statistic for GSO packets
- net/smc: Limit backlog connections
- net/qed: allow old cards not supporting "num_images" to work
- net: sched: fix erspan_opt settings in cls_flower
- netfilter: nft_set_hash: skip duplicated elements pending gc run
- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
- ethtool: Fix wrong mod state in case of verbose and no_mask bitset
- gpio: grgpio: use a helper variable to store the address of ofdev->dev
- dt_bindings: rs485: Correct delay values
- dt-bindings: serial: rs485: Fix rs485-rts-delay property
- serial: amba-pl011: Use port lock wrappers
- serial: amba-pl011: Fix RX stall when DMA is used
- bpftool: Remove asserts from JIT disassembler
- bpftool: fix potential NULL pointer dereferencing in prog_dump()
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter
- ALSA: pcm: Add more disconnection checks at file ops
- ALSA: pcm: Avoid reference to status->state
- ALSA: usb-audio: Notify xrun for low-latency mode
- tools: Override makefile ARCH variable if defined, but empty
- drm/v3d: Enable Performance Counters before clearing them
- bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie
- bpf: Fix exact match conditions in trie_get_next_key()
- watchdog: rti: of: honor timeout-sec property
- tracing: Fix cmp_entries_dup() to respect sort() comparison rules
- ALSA: usb-audio: add mixer mapping for Corsair HS80
- ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8
- ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG)
- scsi: qla2xxx: Fix abort in bsg timeout
- scsi: qla2xxx: Fix NVMe and NPIV connect issue
- scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
- scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
- dma-buf: fix dma_fence_array_signaled v4
- regmap: detach regmap from dev on regmap_exit
- mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10
tablet
- mmc: core: Further prevent card detect during shutdown
- ocfs2: update seq_file index in ocfs2_dlm_seq_next
- epoll: annotate racy check
- btrfs: avoid unnecessary device path update for the same device
- kselftest/arm64: Don't leak pipe fds in pac.exec_sign_all()
- media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
- media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
- drm/vc4: hvs: Set AXI panic modes for the HVS
- drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
- drm/mcde: Enable module autoloading
- drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()
- r8169: don't apply UDP padding quirk on RTL8126A
- samples/bpf: Fix a resource leak
- net: fec_mpc52xx_phy: Use %pa to format resource_size_t
- net: ethernet: fs_enet: Use %pa to format resource_size_t
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
- Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc
- wifi: ath5k: add PCI ID for SX76X
- wifi: ath5k: add PCI ID for Arcadyan devices
- drm/panel: simple: Add Microchip AC69T88A LVDS Display panel
- drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih
- drm/amdgpu: Dereference the ATCS ACPI buffer
- drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr
- drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov
- wifi: ipw2x00: libipw_rx_any(): fix bad alignment
- ASoC: hdmi-codec: reorder channel allocation list
- rocker: fix link status detection in rocker_carrier_init()
- net/neighbor: clear error in case strict check is not set
- netpoll: Use rcu_access_pointer() in __netpoll_setup
- pinctrl: freescale: fix COMPILE_TEST error with PINCTRL_IMX_SCU
- tracing: Use atomic64_inc_return() in trace_clock_counter()
- scsi: st: Don't modify unknown block number in MTIOCGET
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
- pinctrl: qcom-pmic-gpio: add support for PM8937
- nvdimm: rectify the illogical code within nd_dax_probe()
- PCI: Detect and trust built-in Thunderbolt chips
- PCI: Add 'reset_subordinate' to reset hierarchy below bridge
- PCI: Add ACS quirk for Wangxun FF5xxx NICs
- usb: chipidea: udc: handle USB Error Interrupt if IOC not set
- misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
- modpost: Include '.text.*' in TEXT_SECTIONS
- modpost: Add .irqentry.text to OTHER_SECTIONS
- sched/core: Remove the unnecessary need_resched() check in nohz_csd_func()
- sched/fair: Add NOHZ balancer flag for nohz.next_balance updates
- sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU turning
busy
- sched/core: Prevent wakeup of ksoftirqd during idle load balance
- btrfs: fix missing snapshot drew unlock when root is dead during swap
activation
- tracing/eprobe: Fix to release eprobe when failed to add dyn_event
- Revert "unicode: Don't special case ignorable code points"
- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device
- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE
- jffs2: Fix rtime decompressor
- mm/damon/vaddr-test: split a test function having >1024 bytes frame size
- mm/damon/vaddr: fix issue in damon_va_evenly_split_region()
- xhci: dbc: Fix STALL transfer event handling
- mmc: mtk-sd: Fix error handle of probe function
- ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume"
- Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()"
- scsi: core: Fix scsi_mode_select() buffer length handling
- gve: Fixes for napi_poll when budget is 0
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint
- net: dsa: microchip: correct KSZ8795 static MAC table access
- drm/amdgpu: rework resume handling for display (v2)
- serial: amba-pl011: fix build regression
- media: venus: vdec: fixed possible memory leak issue
- net/smc: Fix af_ops of child socket pointing to released memory
- Bluetooth: hci_core: Fix calling mgmt_device_connected
- Linux 5.15.174
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-46871
- drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-49950
- Bluetooth: L2CAP: Fix uaf in l2cap_connect
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-50275
- arm64/sve: Discard stale CPU state when handling SVE traps
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-47730
- crypto: hisilicon/qm - inject error before stopping queue
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-46809
- drm/amd/display: Check BIOS images before it is used
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-57850
- jffs2: Prevent rtime decompress memory corruption
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56781
- powerpc/prom_init: Fixup missing powermac #size-cells
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56785
- MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-43098
- i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to
avoid deadlock
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-45828
- i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56586
- f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56587
- leds: class: Protect brightness_show() with led_cdev->led_access mutex
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56589
- scsi: hisi_sas: Add cond_resched() for no forced preemption model
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56590
- Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56593
- wifi: brcmfmac: Fix oops due to NULL pointer dereference in
brcmf_sdiod_sglist_rw()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56594
- drm/amdgpu: set the right AMDGPU sg segment limitation
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56595
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56596
- jfs: fix array-index-out-of-bounds in jfs_readdir
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56597
- jfs: fix shift-out-of-bounds in dbSplit
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56598
- jfs: array-index-out-of-bounds fix in dtReadFirst
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-47143
- dma-debug: fix a possible deadlock on radix_lock
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56600
- net: inet6: do not leave a dangling sk pointer in inet6_create()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56601
- net: inet: do not leave a dangling sk pointer in inet_create()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56602
- net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56603
- net: af_can: do not leave a dangling sk pointer in can_create()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56605
- Bluetooth: L2CAP: do not leave dangling sk pointer on error in
l2cap_sock_create()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56606
- af_packet: avoid erroring out after sock_init_data() in packet_create()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56787
- soc: imx8m: Probe the SoC driver as platform driver
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56610
- kcsan: Turn report_filterlist_lock into a raw_spinlock
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-57849
- s390/cpum_sf: Handle CPU hotplug remove during sampling
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56568
- iommu/arm-smmu: Defer probe of clients after smmu device bound
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56614
- xsk: fix OOB map writes when deleting elements
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56615
- bpf: fix OOB devmap writes when deleting elements
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-48881
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56619
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56622
- scsi: ufs: core: sysfs: Prevent div by zero
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56623
- scsi: qla2xxx: Fix use after free on unload
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-57874
- arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56625
- can: dev: can_set_termination(): allow sleeping GPIOs
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56629
- HID: wacom: fix when get product name maybe null pointer
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56630
- ocfs2: free inode when ocfs2_get_init_inode() fails
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-50051
- spi: mpc52xx: Add cancel_work_sync before module remove
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56633
- tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56634
- gpio: grgpio: Add NULL check in grgpio_probe
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56636
- geneve: do not assume mac header is set in geneve_xmit_skb()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56637
- netfilter: ipset: Hold module reference while requesting a module
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-52332
- igb: Fix potential invalid memory access in igb_init_module()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56640
- net/smc: fix LGR and link use-after-free issue
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56642
- tipc: Fix use-after-free of kernel socket in cleanup_bearer().
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56643
- dccp: Fix memory leak in dccp_feat_change_recv
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56644
- net/ipv6: release expired exception dst cached in socket
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56645
- can: j1939: j1939_session_new(): fix skb reference counting
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56648
- net: hsr: avoid potential out-of-bound access in fill_frame_info()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56650
- netfilter: x_tables: fix LED ID check in led_tg_check()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56776
- drm/sti: avoid potential dereference of error pointers
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56777
- drm/sti: avoid potential dereference of error pointers in
sti_gdp_atomic_check
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56778
- drm/sti: avoid potential dereference of error pointers in
sti_hqvdp_atomic_check
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-46841
- btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in
walk_down_proc()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56779
- nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56558
- nfsd: make sure exp active before svc_export_show
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56562
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-57838
- s390/entry: Mark IRQ entries to fix stack depot warnings
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56567
- ad7780: fix division by zero in ad7780_write_raw()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56581
- btrfs: ref-verify: fix use-after-free after invalid ref action
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56774
- btrfs: add a sanity check for btrfs root in btrfs_search_slot()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56780
- quota: flush quota_release_work upon quota writeback
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53165
- sh: intc: Fix use-after-free bug in register_intc_controller()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56688
- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56704
- 9p/xen: fix release of IRQ
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53171
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53172
- ubi: fastmap: Fix duplicate slab cache names while attaching
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56739
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53173
- NFSv4.0: Fix a use-after-free problem in the asynchronous open()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53145
- um: Fix potential integer overflow during physmem setup
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53174
- SUNRPC: make sure cache entry active before cache_show
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53146
- NFSD: Prevent a potential integer overflow
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56698
- usb: dwc3: gadget: Fix looping of queued SG entries
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53180
- ALSA: pcm: Add sanity NULL check for the default mmap fault handler
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56700
- media: wl128x: Fix atomicity violation in fmc_send_cmd()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2022-49034
- sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53181
- um: vector: Do not use drvdata in release
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53183
- um: net: Do not use drvdata in release
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53184
- um: ubd: Do not use drvdata in release
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-50055
- driver core: bus: Fix double free in driver API bus_register()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56741
- apparmor: test: Fix memory leak for aa_unpack_strdup()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53148
- comedi: Flush partial mappings in error case
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53194
- PCI: Fix use-after-free of slot->bus on hot remove
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53197
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox
devices
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53150
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53198
- xen: Fix the issue of resource not being properly released in
xenbus_dev_probe()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-50283
- ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53206
- tcp: Fix use-after-free of nreq in reqsk_timer_handler().
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53214
- vfio/pci: Properly hide first-in-list PCIe extended capability
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53215
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53217
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53151
- svcrdma: Address an integer overflow
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56745
- PCI: Fix reset_method_store() memory leak
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56746
- fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53155
- ocfs2: fix uninitialized value in ocfs2_file_read_iter()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53226
- RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56747
- scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56748
- scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53227
- scsi: bfa: Fix use-after-free in bfad_im_module_exit()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56701
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56678
- powerpc/mm/fault: Fix kfence page fault reporting
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56723
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56724
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56691
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56694
- bpf: fix recursive lock when verdict program return SK_PASS
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53237
- Bluetooth: fix use-after-free in device_for_each_child()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53239
- ALSA: 6fire: Release resources at card release
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56531
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56532
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56533
- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56720
- bpf, sockmap: Several fixes to bpf_msg_pop_data
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56726
- octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56728
- octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56679
- octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56539
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_config_scan()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53156
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56705
- media: atomisp: Add check for rgby_data memory allocation failure
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53157
- firmware: arm_scpi: Check the DVFS OPP count returned by the firmware
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53158
- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56681
- crypto: bcm - add error check in the ahash_hmac_init function
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56708
- EDAC/igen6: Avoid segmentation fault on module unload
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56690
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return
-EBUSY
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53161
- EDAC/bluefield: Fix potential integer overflow
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56754
- crypto: caam - Fix the pointer passed to caam_qi_shutdown()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56548
- hfsplus: don't query the device logical block size multiple times
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56756
- nvme-pci: fix freeing of the HMB descriptor table
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53142
- initramfs: avoid filename buffer overrun
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56693
- brd: defer automatic disk creation until module initialization succeeds
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-49996
- cifs: Fix buffer overflow when parsing NFS reparse points
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53096
- mm: resolve faulty mmap_region() error path behaviour
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53122
- mptcp: cope racing subflow creation in mptcp_rcv_space_adjust
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-49974
- NFSD: Limit the number of concurrent async COPY operations
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53127
- Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53130
- nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53131
- nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53135
- KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind
CONFIG_BROKEN
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53112
- ocfs2: uncache inode which has failed entering the group
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53113
- mm: fix NULL pointer dereference in alloc_pages_bulk_noprof
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53120
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53138
- net/mlx5e: kTLS, Fix incorrect page refcounting
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53121
- net/mlx5: fs, lock FTE when checking if active
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53129
- drm/rockchip: vop: Fix a dereferenced before check warning
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53140
- netlink: terminate outstanding dump on socket close
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56569
- ftrace: Fix regression with module command in stack_trace_filter
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56570
- ovl: Filter invalid inodes with missing lookup function
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56572
- media: platform: allegro-dvt: Fix possible memory leak in
allocate_buffers_internal()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56574
- media: ts2020: fix null-ptr-deref in ts2020_probe()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56575
- media: imx-jpeg: Ensure power suppliers be suspended before detach them
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56576
- media: i2c: tc358743: Fix crash in the probe error path when using polling
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56578
- media: imx-jpeg: Set video drvdata before register video device
* CVE-2024-56672
- blk-cgroup: Fix UAF in blkcg_unpin_online()
Date: 2025-03-19 16:06:12.681535+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-136.147~20.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list