[ubuntu/jammy-security] linux-oem-6.5 6.5.0-1027.28 (Accepted)

Andy Whitcroft apw at canonical.com
Thu Aug 1 14:12:03 UTC 2024


linux-oem-6.5 (6.5.0-1027.28) jammy; urgency=medium

  * jammy/linux-oem-6.5: 6.5.0-1027.28 -proposed tracker (LP: #2073849)

  * Packaging resync (LP: #1786013)
    - debian.oem/dkms-versions -- manual update for ipu6

linux-oem-6.5 (6.5.0-1026.27) jammy; urgency=medium

  * jammy/linux-oem-6.5: 6.5.0-1026.27 -proposed tracker (LP: #2068340)

  * Packaging resync (LP: #1786013)
    - debian.oem/dkms-versions -- manual update for ipu6
    - debian.oem/dkms-versions -- update from kernel-versions (main/2024.06.10)

  * RFIM and SAGV Linux Support for G10 models (LP: #2070158)
    - drm/i915/display: Add meaningful traces for QGV point info error handling
    - drm/i915/display: Extract code required to calculate max qgv/psf gv point
    - drm/i915/display: extract code to prepare qgv points mask
    - drm/i915/display: Disable SAGV on bw init, to force QGV point recalculation
    - drm/i915/display: handle systems with duplicate psf gv points
    - drm/i915/display: force qgv check after the hw state readout

  [ Ubuntu: 6.5.0-44.44 ]

  * mantic/linux: 6.5.0-44.44 -proposed tracker (LP: #2068341)
  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2024.06.10)
  * Some DUTs can't boot up after installing the proposed kernel on Mantic
    (LP: #2061940)
    - SAUCE: Revert "x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat
      section"
    - SAUCE: Revert "x86/boot: Increase section and file alignment to 4k/512"
    - SAUCE: Revert "x86/boot: Split off PE/COFF .data section"
    - SAUCE: Revert "x86/boot: Drop PE/COFF .reloc section"
    - SAUCE: Revert "x86/boot: Construct PE/COFF .text section from assembler"
    - SAUCE: Revert "x86/boot: Derive file size from _edata symbol"
    - SAUCE: Revert "x86/boot: Define setup size in linker script"
    - SAUCE: Revert "x86/boot: Set EFI handover offset directly in header asm"
    - SAUCE: Revert "x86/boot: Grab kernel_info offset from zoffset header
      directly"
    - SAUCE: Revert "x86/boot: Drop redundant code setting the root device"
    - SAUCE: Revert "x86/boot: Drop references to startup_64"
    - SAUCE: Revert "x86/boot: Omit compression buffer from PE/COFF image memory
      footprint"
    - SAUCE: Revert "x86/boot: Remove the 'bugger off' message"
    - SAUCE: Revert "x86/efi: Drop alignment flags from PE section headers"
    - SAUCE: Revert "x86/efi: Drop EFI stub .bss from .data section"
  * CVE-2023-52880
    - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
  * i915 cannot probe successfully on HP ZBook Power 16 G11 (LP: #2067883)
    - drm/i915/mtl: Remove the 'force_probe' requirement for Meteor Lake
  * CVE-2024-26838
    - RDMA/irdma: Fix KASAN issue with tasklet
  * mtk_t7xx WWAN module fails to probe with: Invalid device status 0x1
    (LP: #2049358)
    - Revert "UBUNTU: SAUCE: net: wwan: t7xx: PCIe reset rescan"
    - Revert "UBUNTU: SAUCE: net: wwan: t7xx: Add AP CLDMA"
    - net: wwan: t7xx: Add AP CLDMA
    - wwan: core: Add WWAN fastboot port type
    - net: wwan: t7xx: Add sysfs attribute for device state machine
    - net: wwan: t7xx: Infrastructure for early port configuration
    - net: wwan: t7xx: Add fastboot WWAN port
  * TCP memory  leak, slow network (arm64) (LP: #2045560)
    - net: make SK_MEMORY_PCPU_RESERV tunable
    - net: fix sk_memory_allocated_{add|sub} vs softirqs
  * CVE-2024-26923
    - af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
    - af_unix: Fix garbage collector racing against connect()
  * Add support for Quectel EM160R-GL modem [1eac:100d] (LP: #2063399)
    - Add support for Quectel EM160R-GL modem
  * Add support for Quectel RM520N-GL modem [1eac:1007] (LP: #2063529)
    - Add support for Quectel RM520N-GL modem
    - Add support for Quectel RM520N-GL modem
  * [SRU][22.04.4]: megaraid_sas: Critical Bug Fixes (LP: #2046722)
    - scsi: megaraid_sas: Log message when controller reset is requested but not
      issued
    - scsi: megaraid_sas: Driver version update to 07.727.03.00-rc1
  * Fix the RTL8852CE BT FW Crash based on SER false alarm (LP: #2060904)
    - wifi: rtw89: disable txptctrl IMR to avoid flase alarm
    - wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of
      firmware command
  * CVE-2024-23307
    - md/raid5: fix atomicity violation in raid5_cache_count
  * CVE-2024-26889
    - Bluetooth: hci_core: Fix possible buffer overflow
  * CVE-2024-24861
    - media: xc4000: Fix atomicity violation in xc4000_get_frequency
  * CVE-2023-6270
    - aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
  * CVE-2024-26642
    - netfilter: nf_tables: disallow anonymous set with timeout flag
  * CVE-2024-26926
    - binder: check offset alignment in binder_get_object()
  * CVE-2024-26922
    - drm/amdgpu: validate the parameters of bo mapping operations more clearly
  * CVE-2024-26803
    - net: veth: clear GRO when clearing XDP even when down
  * CVE-2024-26790
    - dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
  * CVE-2024-26890
    - Bluetooth: hci_h5: Add ability to allocate memory for private data
    - Bluetooth: btrtl: fix out of bounds memory access
  * CVE-2024-26802
    - stmmac: Clear variable when destroying workqueue
  * CVE-2024-26798
    - fbcon: always restore the old font data in fbcon_do_set_font()
  * RTL8852BE fw security fail then lost WIFI function during suspend/resume
    cycle (LP: #2063096)
    - wifi: rtw89: download firmware with five times retry
  * Fix bluetooth connections with 3.0 device (LP: #2063067)
    - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
  * USB stick can't be detected (LP: #2040948)
    - usb: Disable USB3 LPM at shutdown
  * CVE-2024-26733
    - arp: Prevent overflow in arp_req_get().
  * CVE-2024-26736
    - afs: Increase buffer size in afs_update_volume_status()
  * CVE-2024-26792
    - btrfs: fix double free of anonymous device after snapshot creation failure
  * CVE-2024-26782
    - mptcp: fix double-free on socket dismantle
  * CVE-2024-26748
    - usb: cdns3: fix memory double free when handle zero packet
  * CVE-2024-26735
    - ipv6: sr: fix possible use-after-free and null-ptr-deref
  * CVE-2024-26789
    - crypto: arm64/neonbs - fix out-of-bounds access on short input
  * CVE-2024-26734
    - devlink: fix possible use-after-free and memory leaks in devlink_init()
  * The keyboard does not work after latest kernel update (LP: #2060727)
    - Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID
  * proc_sched_rt01 from ubuntu_ltp failed (LP: #2057734)
    - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
    - sched/rt: Disallow writing invalid values to sched_rt_period_us
  * Avoid creating non-working backlight sysfs knob from ASUS board
    (LP: #2060422)
    - platform/x86: asus-wmi: Consider device is absent when the read is ~0
  * [Ubuntu 22.04.4/linux-image-6.5.0-26-generic] Kernel output "UBSAN: array-
    index-out-of-bounds in /build/linux-hwe-6.5-34pCLi/linux-
    hwe-6.5-6.5.0/drivers/net/hyperv/netvsc.c:1445:41" multiple times,
    especially during boot. (LP: #2058477)
    - hv: hyperv.h: Replace one-element array with flexible-array member
  * Fix acpi_power_meter accessing IPMI region before it's ready (LP: #2059263)
    - ACPI: IPMI: Add helper to wait for when SMI is selected
    - hwmon: (acpi_power_meter) Ensure IPMI space handler is ready on Dell systems
  * Include cifs.ko in linux-modules package (LP: #2042546)
    - [Packaging] Replace fs/cifs with fs/smb/client in inclusion list
  * Mantic update: upstream stable patchset 2024-04-16 (LP: #2061814)
    - btrfs: add and use helper to check if block group is used
    - btrfs: do not delete unused block group if it may be used soon
    - btrfs: forbid creating subvol qgroups
    - btrfs: forbid deleting live subvol qgroup
    - btrfs: send: return EOPNOTSUPP on unknown flags
    - btrfs: don't reserve space for checksums when writing to nocow files
    - btrfs: reject encoded write if inode has nodatasum flag set
    - btrfs: don't drop extent_map for free space inode on write error
    - driver core: Fix device_link_flag_is_sync_state_only()
    - of: unittest: Fix compile in the non-dynamic case
    - KVM: selftests: Fix a semaphore imbalance in the dirty ring logging test
    - wifi: iwlwifi: Fix some error codes
    - wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table()
    - of: property: Improve finding the supplier of a remote-endpoint property
    - net: openvswitch: limit the number of recursions from action sets
    - lan966x: Fix crash when adding interface under a lag
    - spi: ppc4xx: Drop write-only variable
    - ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
    - net: sysfs: Fix /sys/class/net/<iface> path for statistics
    - nouveau/svm: fix kvcalloc() argument order
    - MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler
    - i40e: Do not allow untrusted VF to remove administratively set MAC
    - i40e: Fix waiting for queues of all VSIs to be disabled
    - scs: add CONFIG_MMU dependency for vfree_atomic()
    - tracing/trigger: Fix to return error if failed to alloc snapshot
    - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
    - scsi: storvsc: Fix ring buffer size calculation
    - dm-crypt, dm-verity: disable tasklets
    - ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF
    - parisc: Prevent hung tasks when printing inventory on serial console
    - ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift
      1 SF114-32
    - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
    - HID: i2c-hid-of: fix NULL-deref on failed power up
    - HID: wacom: generic: Avoid reporting a serial of '0' to userspace
    - HID: wacom: Do not register input devices until after hid_hw_start
    - iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP
    - usb: ucsi: Add missing ppm_lock
    - usb: ulpi: Fix debugfs directory leak
    - usb: ucsi_acpi: Fix command completion handling
    - USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
    - usb: f_mass_storage: forbid async queue when shutdown happen
    - usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend
    - interconnect: qcom: sc8180x: Mark CO0 BCM keepalive
    - media: ir_toy: fix a memleak in irtoy_tx
    - driver core: fw_devlink: Improve detection of overlapping cycles
    - cifs: fix underflow in parse_server_interfaces()
    - i2c: qcom-geni: Correct I2C TRE sequence
    - irqchip/loongson-eiointc: Use correct struct type in eiointc_domain_alloc()
    - i2c: pasemi: split driver into two separate modules
    - modpost: trim leading spaces when processing source files list
    - mptcp: get rid of msk->subflow
    - mptcp: fix data re-injection from stale subflow
    - selftests: mptcp: add missing kconfig for NF Filter
    - selftests: mptcp: add missing kconfig for NF Filter in v6
    - selftests: mptcp: add missing kconfig for NF Mangle
    - selftests: mptcp: increase timeout to 30 min
    - mptcp: drop the push_pending field
    - mptcp: check addrs list in userspace_pm_get_local_id
    - scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
    - Revert "drm/amd: flush any delayed gfxoff on suspend entry"
    - drm/virtio: Set segment size for virtio_gpu device
    - lsm: fix the logic in security_inode_getsecctx()
    - firewire: core: correct documentation of fw_csr_string() kernel API
    - ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads
    - kbuild: Fix changing ELF file type for output of gen_btf for big endian
    - nfc: nci: free rx_data_reassembly skb on NCI device cleanup
    - net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
    - net: stmmac: do not clear TBS enable bit on link up/down
    - xen-netback: properly sync TX responses
    - modpost: Don't let "driver"s reference .exit.*
    - linux/init: remove __memexit* annotations
    - um: Fix adding '-no-pie' for clang
    - modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS
    - ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
    - ASoC: codecs: wcd938x: handle deferred probe
    - ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power
    - binder: signal epoll threads of self-work
    - misc: fastrpc: Mark all sessions as invalid in cb_remove
    - ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks()
    - tracing: Fix wasted memory in saved_cmdlines logic
    - staging: iio: ad5933: fix type mismatch regression
    - iio: magnetometer: rm3100: add boundary check for the value read from
      RM3100_REG_TMRC
    - iio: core: fix memleak in iio_device_register_sysfs
    - iio: commom: st_sensors: ensure proper DMA alignment
    - iio: accel: bma400: Fix a compilation problem
    - iio: adc: ad_sigma_delta: ensure proper DMA alignment
    - iio: imu: adis: ensure proper DMA alignment
    - iio: imu: bno055: serdev requires REGMAP
    - media: rc: bpf attach/detach requires write permission
    - ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails
    - drm/msm: Wire up tlb ops
    - drm/prime: Support page array >= 4GB
    - drm/amd/display: Increase frame-larger-than for all display_mode_vba files
    - drm/amd/display: Preserve original aspect ratio in create stream
    - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
    - ring-buffer: Clean ring_buffer_poll_wait() error return
    - nfp: flower: fix hardware offload for the transfer layer port
    - serial: max310x: set default value when reading clock ready bit
    - serial: max310x: improve crystal stable clock detection
    - serial: max310x: fail probe if clock crystal is unstable
    - serial: max310x: prevent infinite while() loop in port startup
    - powerpc/64: Set task pt_regs->link to the LR value on scv entry
    - powerpc/cputable: Add missing PPC_FEATURE_BOOKE on PPC64 Book-E
    - powerpc/pseries: fix accuracy of stolen time
    - x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6
    - x86/fpu: Stop relying on userspace for info to fault in xsave buffer
    - KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl
    - x86/mm/ident_map: Use gbpages only where full GB page should be mapped.
    - io_uring/net: fix multishot accept overflow handling
    - mmc: slot-gpio: Allow non-sleeping GPIO ro
    - ALSA: hda/realtek: fix mute/micmute LED For HP mt645
    - ALSA: hda/conexant: Add quirk for SWS JS201D
    - nilfs2: fix data corruption in dsync block recovery for small block sizes
    - nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
    - crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked
    - nfp: use correct macro for LengthSelect in BAR config
    - nfp: flower: prevent re-adding mac index for bonded port
    - wifi: cfg80211: fix wiphy delayed work queueing
    - wifi: mac80211: reload info pointer in ieee80211_tx_dequeue()
    - irqchip/irq-brcmstb-l2: Add write memory barrier before exit
    - irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update
    - zonefs: Improve error handling
    - mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk can't be detected
      by BIOS
    - ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8
    - tools/rtla: Remove unused sched_getattr() function
    - tools/rtla: Replace setting prio with nice for SCHED_OTHER
    - tools/rtla: Exit with EXIT_SUCCESS when help is invoked
    - tools/rtla: Fix uninitialized bucket/data->bucket_size warning
    - tools/rtla: Fix Makefile compiler options for clang
    - fs: relax mount_setattr() permission checks
    - net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio
    - s390/qeth: Fix potential loss of L3-IP@ in case of network issues
    - net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio
    - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
    - ceph: prevent use-after-free in encode_cap_msg()
    - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
    - mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE
    - of: property: fix typo in io-channels
    - can: netlink: Fix TDCO calculation using the old data bittiming
    - can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
    - can: j1939: Fix UAF in j1939_sk_match_filter during
      setsockopt(SO_J1939_FILTER)
    - pmdomain: core: Move the unused cleanup to a _sync initcall
    - fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of
      lock_task_sighand()
    - tracing: Inform kmemleak of saved_cmdlines allocation
    - selftests/mm: ksm_tests should only MADV_HUGEPAGE valid memory
    - selftests/mm: Update va_high_addr_switch.sh to check CPU for la57 flag
    - md: bypass block throttle for superblock update
    - block: fix partial zone append completion handling in req_bio_endio()
    - netfilter: ipset: Missing gc cancellations fixed
    - parisc: Fix random data corruption from exception handler
    - nfsd: don't take fi_lock in nfsd_break_deleg_cb()
    - sched/membarrier: reduce the ability to hammer on sys_membarrier
    - of: property: Add in-ports/out-ports support to of_graph_get_port_parent()
    - nilfs2: fix potential bug in end_buffer_async_write
    - arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata
    - work around gcc bugs with 'asm goto' with outputs
    - [Config] updateconfigs for GCC_ASM_GOTO_OUTPUT_WORKAROUND
    - update workarounds for gcc "asm goto" issue
    - selftests/landlock: Fix fs_test build with old libc
    - KVM: selftests: Delete superfluous, unused "stage" variable in AMX test
    - KVM: selftests: Avoid infinite loop in hyperv_features when invtsc is
      missing
    - drm/msm/gem: Fix double resv lock aquire
    - ASoC: SOF: ipc3-topology: Fix pipeline tear down logic
    - net/handshake: Fix handshake_req_destroy_test1
    - bonding: do not report NETDEV_XDP_ACT_XSK_ZEROCOPY
    - devlink: Fix command annotation documentation
    - of: property: Improve finding the consumer of a remote-endpoint property
    - perf: CXL: fix mismatched cpmu event opcode
    - selftests: forwarding: Fix layer 2 miss test flakiness
    - selftests: forwarding: Fix bridge MDB test flakiness
    - selftests: bridge_mdb: Use MDB get instead of dump
    - selftests: forwarding: Suppress grep warnings
    - ptrace: Introduce exception_ip arch hook
    - mm/memory: Use exception ip to search exception tables
    - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
    - selftests/mm: switch to bash from sh
    - selftests: mm: fix map_hugetlb failure on 64K page size systems
    - nouveau: offload fence uevents work to workqueue
    - HID: bpf: remove double fdget()
    - HID: bpf: actually free hdev memory after attaching a HID-BPF program
    - usb: chipidea: core: handle power lost in workqueue
    - usb: core: Prevent null pointer dereference in update_port_device_state
    - interconnect: qcom: sm8550: Enable sync_state
    - powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add
    - powerpc/6xx: set High BAT Enable flag on G2_LE cores
    - iio: adc: ad4130: zero-initialize clock init data
    - iio: adc: ad4130: only set GPIO_CTRL if pin is unused
    - irqchip/gic-v3-its: Handle non-coherent GICv4 redistributors
    - kallsyms: ignore ARMv4 thunks along with others
    - selftests: mptcp: add mptcp_lib_kill_wait
    - mptcp: fix rcv space initialization
    - mptcp: really cope with fastopen race
    - Revert "powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add"
    - drm/amd: Don't init MEC2 firmware when it fails to load
    - usb: typec: tpcm: Fix issues with power being removed during reset
    - tracing/timerlat: Move hrtimer_init to timerlat_fd open()
    - tracing/synthetic: Fix trace_string() return value
    - tracing/probes: Fix to show a parse error for bad type for $comm
    - tracing/probes: Fix to set arg size and fmt after setting type from BTF
    - Revert "workqueue: Override implicit ordered attribute in
      workqueue_apply_unbound_cpumask()"
    - iio: pressure: bmp280: Add missing bmp085 to SPI id table
    - pmdomain: mediatek: fix race conditions with genpd
    - drm/amd/display: Add align done check
    - drm/amdgpu/soc21: update VCN 4 max HEVC encoding resolution
    - drm/amd/display: Fix MST Null Ptr for RV
    - net: dsa: mv88e6xxx: Fix failed probe due to unsupported C45 reads
    - nfp: flower: add hardware offload check for post ct entry
    - ftrace: Fix DIRECT_CALLS to use SAVE_REGS by default
    - serial: core: introduce uart_port_tx_flags()
    - serial: mxs-auart: fix tx
    - KVM: x86: make KVM_REQ_NMI request iff NMI pending for vcpu
    - crypto: algif_hash - Remove bogus SGL free on zero-length error path
    - nfp: enable NETDEV_XDP_ACT_REDIRECT feature flag
    - wifi: iwlwifi: mvm: fix a crash when we run out of stations
    - thunderbolt: Fix setting the CNS bit in ROUTER_CS_5
    - smb: client: set correct id, uid and cruid for multiuser automounts
    - KVM: arm64: Fix circular locking dependency
    - arm64/signal: Don't assume that TIF_SVE means we saved SVE state
    - ASoC: SOF: IPC3: fix message bounds on ipc ops
    - tools/rv: Fix curr_reactor uninitialized variable
    - tools/rv: Fix Makefile compiler options for clang
    - tools/rtla: Fix clang warning about mount_point var size
    - pmdomain: renesas: r8a77980-sysc: CR7 must be always on
    - blk-wbt: Fix detection of dirty-throttled tasks
    - docs: kernel_feat.py: fix build error for missing files
    - tracing: Fix HAVE_DYNAMIC_FTRACE_WITH_REGS ifdef
    - netfilter: ipset: fix performance regression in swap operation
    - tracefs: Check for dentry->d_inode exists in set_gid()
    - x86/efi: Drop EFI stub .bss from .data section
    - x86/efi: Drop alignment flags from PE section headers
    - x86/boot: Remove the 'bugger off' message
    - x86/boot: Omit compression buffer from PE/COFF image memory footprint
    - x86/boot: Drop redundant code setting the root device
    - x86/boot: Drop references to startup_64
    - x86/boot: Grab kernel_info offset from zoffset header directly
    - x86/boot: Set EFI handover offset directly in header asm
    - x86/boot: Define setup size in linker script
    - x86/boot: Derive file size from _edata symbol
    - x86/boot: Construct PE/COFF .text section from assembler
    - x86/boot: Drop PE/COFF .reloc section
    - x86/boot: Split off PE/COFF .data section
    - x86/boot: Increase section and file alignment to 4k/512
    - x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section
    - x86/barrier: Do not serialize MSR accesses on AMD
    - Documentation/arch/ia64/features.rst: fix kernel-feat directive
    - Upstream stable to v6.1.79, v6.6.18
  * Mantic update: upstream stable patchset 2024-04-16 (LP: #2061814) //
    CVE-2024-26694
    - wifi: iwlwifi: fix double-free bug
  * There is sound from the speakers and headphones at the same time on Oasis 14
    and 16 platforms (LP: #2054487) // Mantic update: upstream stable patchset
    2024-04-16 (LP: #2061814)
    - ALSA: hda/realtek - Add speaker pin verbtable for Dell dual speaker platform
    - ALSA: hda/realtek: add IDs for Dell dual spk platform
  * Mantic update: upstream stable patchset 2024-04-16 (LP: #2061814) //
    CVE-2024-26710
    - powerpc/kasan: Limit KASAN thread size increase to 32KB
  * Mantic update: upstream stable patchset 2024-04-16 (LP: #2061814) //
    CVE-2024-26712
    - powerpc/kasan: Fix addr error caused by page alignment
  * Mantic update: upstream stable patchset 2024-04-02 (LP: #2059991)
    - ext4: regenerate buddy after block freeing failed if under fc replay
    - dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools
    - dmaengine: ti: k3-udma: Report short packet errors
    - dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA
    - dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA
    - phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
    - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
    - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
    - cifs: failure to add channel on iface should bump up weight
    - drm/msms/dp: fixed link clock divider bits be over written in BPC unknown
      case
    - drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case
    - drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup
    - net: stmmac: xgmac: fix handling of DPP safety error for DMA channels
    - wifi: mac80211: fix waiting for beacons logic
    - netdevsim: avoid potential loop in nsim_dev_trap_report_work()
    - net: atlantic: Fix DMA mapping for PTP hwts ring
    - selftests: net: cut more slack for gro fwd tests.
    - selftests: net: avoid just another constant wait
    - tunnels: fix out of bounds access when building IPv6 PMTU error
    - atm: idt77252: fix a memleak in open_card_ubr0
    - octeontx2-pf: Fix a memleak otx2_sq_init
    - hwmon: (aspeed-pwm-tacho) mutex for tach reading
    - hwmon: (coretemp) Fix out-of-bounds memory access
    - hwmon: (coretemp) Fix bogus core_id to attr name mapping
    - inet: read sk->sk_family once in inet_recv_error()
    - drm/i915/gvt: Fix uninitialized variable in handle_mmio()
    - rxrpc: Fix response to PING RESPONSE ACKs to a dead call
    - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
    - af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC.
    - ppp_async: limit MRU to 64K
    - selftests: cmsg_ipv6: repeat the exact packet
    - netfilter: nft_compat: narrow down revision to unsigned 8-bits
    - netfilter: nft_compat: reject unused compat flag
    - netfilter: nft_compat: restrict match/target protocol to u16
    - drm/amd/display: Implement bounds check for stream encoder creation in
      DCN301
    - netfilter: nft_ct: reject direction for ct id
    - fs/ntfs3: Fix an NULL dereference bug
    - scsi: core: Move scsi_host_busy() out of host lock if it is for per-command
    - blk-iocost: Fix an UBSAN shift-out-of-bounds warning
    - ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision
    - ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter
    - ALSA: usb-audio: add quirk for RODE NT-USB+
    - USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
    - USB: serial: option: add Fibocom FM101-GL variant
    - USB: serial: cp210x: add ID for IMST iM871A-USB
    - usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK
    - usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK
    - hrtimer: Report offline hrtimer enqueue
    - Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU
    - io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers
    - net: stmmac: xgmac: use #define for string constants
    - ALSA: usb-audio: Sort quirk table entries
    - net: stmmac: xgmac: fix a typo of register name in DPP safety handling
    - perf evlist: Fix evlist__new_default() for > 1 core PMU
    - cifs: avoid redundant calls to disable multichannel
    - rust: arc: add explicit `drop()` around `Box::from_raw()`
    - rust: task: remove redundant explicit link
    - rust: print: use explicit link in documentation
    - MAINTAINERS: add Catherine as xfs maintainer for 6.6.y
    - xfs: bump max fsgeom struct version
    - xfs: hoist freeing of rt data fork extent mappings
    - xfs: prevent rt growfs when quota is enabled
    - xfs: rt stubs should return negative errnos when rt disabled
    - xfs: fix units conversion error in xfs_bmap_del_extent_delay
    - xfs: make sure maxlen is still congruent with prod when rounding down
    - xfs: introduce protection for drop nlink
    - xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space
    - xfs: allow read IO and FICLONE to run concurrently
    - xfs: factor out xfs_defer_pending_abort
    - xfs: abort intent items when recovery intents fail
    - xfs: only remap the written blocks in xfs_reflink_end_cow_extent
    - xfs: up(ic_sema) if flushing data device fails
    - xfs: fix internal error from AGFL exhaustion
    - xfs: inode recovery does not validate the recovered inode
    - xfs: clean up dqblk extraction
    - xfs: dquot recovery does not validate the recovered dquot
    - xfs: clean up FS_XFLAG_REALTIME handling in xfs_ioctl_setattr_xflags
    - xfs: respect the stable writes flag on the RT device
    - wifi: mac80211: fix RCU use in TDLS fast-xmit
    - wifi: iwlwifi: exit eSR only after the FW does
    - wifi: brcmfmac: Adjust n_channels usage for __counted_by
    - selftests/net: convert unicast_extensions.sh to run it in unique namespace
    - selftests/net: convert pmtu.sh to run it in unique namespace
    - selftests/net: change shebang to bash to support "source"
    - selftests: net: fix tcp listener handling in pmtu.sh
    - tsnep: Fix mapping for zero copy XDP_TX action
    - rxrpc: Fix generation of serial numbers to skip zero
    - rxrpc: Fix delayed ACKs to not set the reference serial number
    - rxrpc: Fix counting of new acks and nacks
    - selftests: net: let big_tcp test cope with slow env
    - drm/amd/display: Fix 'panel_cntl' could be null in
      'dcn21_set_backlight_level()'
    - drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'
    - riscv: Improve tlb_flush()
    - riscv: Make __flush_tlb_range() loop over pte instead of flushing the whole
      tlb
    - riscv: Improve flush_tlb_kernel_range()
    - mm: Introduce flush_cache_vmap_early()
    - riscv: mm: execute local TLB flush after populating vmemmap
    - riscv: Fix set_huge_pte_at() for NAPOT mapping
    - riscv: Fix hugetlb_mask_last_page() when NAPOT is enabled
    - riscv: Flush the tlb when a page directory is freed
    - libceph: rename read_sparse_msg_*() to read_partial_sparse_msg_*()
    - libceph: just wait for more data to be available on the socket
    - riscv: Fix arch_hugetlb_migration_supported() for NAPOT
    - riscv: declare overflow_stack as exported from traps.c
    - Revert "usb: typec: tcpm: fix cc role at port reset"
    - x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups
    - xhci: process isoc TD properly when there was a transaction error mid TD.
    - xhci: handle isoc Babble and Buffer Overrun events properly
    - usb: dwc3: pci: add support for the Intel Arrow Lake-H
    - media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c)
    - io_uring/poll: move poll execution helpers higher up
    - io_uring/net: un-indent mshot retry path in io_recv_finish()
    - io_uring/poll: add requeue return code from poll multishot handling
    - io_uring/net: limit inline multishot retries
    - Upstream stable to v6.1.78, v6.6.17
  * Mantic update: upstream stable patchset 2024-04-02 (LP: #2059991) // The
    keyboard does not work after latest kernel update (LP: #2060727)
    - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
  * CVE-2024-26593
    - i2c: i801: Fix block process call transactions
  * Mantic update: upstream stable patchset 2024-03-26 (LP: #2059068)
    - selftests/bpf: tests for iterating callbacks
  * CVE-2024-26925
    - netfilter: nf_tables: release batch on table validation from abort path
    - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
  * CVE-2024-26924
    - netfilter: nft_set_pipapo: do not free live element
  * CVE-2024-26809
    - netfilter: nft_set_pipapo: release elements in clone only from destroy path
  * Mantic update: upstream stable patchset 2024-04-02 (LP: #2059991) //
    CVE-2024-26809
    - netfilter: nft_set_pipapo: store index in scratch maps
    - netfilter: nft_set_pipapo: add helper to release pcpu scratch area
    - netfilter: nft_set_pipapo: remove scratch_aligned pointer
  * CVE-2024-26643
    - netfilter: nf_tables: mark set as dead when unbinding anonymous set with
      timeout

Date: 2024-07-25 12:21:11.647956+00:00
Changed-By: LEE KUAN-YING <kuan-ying.lee at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-oem-6.5/6.5.0-1027.28
-------------- next part --------------
Sorry, changesfile not available.


More information about the jammy-changes mailing list