[ubuntu/jammy-security] linux-gke 5.15.0-1064.70 (Accepted)
Andy Whitcroft
apw at canonical.com
Thu Aug 8 14:59:24 UTC 2024
linux-gke (5.15.0-1064.70) jammy; urgency=medium
* jammy/linux-gke: 5.15.0-1064.70 -proposed tracker (LP: #2072221)
[ Ubuntu: 5.15.0-118.128 ]
* jammy/linux: 5.15.0-118.128 -proposed tracker (LP: #2072255)
* Jammy update: v5.15.160 upstream stable release (LP: #2070292)
- drm/amd/display: Fix division by zero in setup_dsc_config
- pinctrl: core: handle radix_tree_insert() errors in
pinctrl_register_one_pin()
- nfsd: don't allow nfsd threads to be signalled.
- KEYS: trusted: Fix memory leak in tpm2_key_encode()
- Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"
- net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access
- net: bcmgenet: synchronize UMAC_CMD access
- netlink: annotate lockless accesses to nlk->max_recvmsg_len
- netlink: annotate data-races around sk->sk_err
- KVM: x86: Clear "has_error_code", not "error_code", for RM exception
injection
- drm/amdgpu: Fix possible NULL dereference in
amdgpu_ras_query_error_status_helper()
- binder: fix max_thread type inconsistency
- usb: typec: ucsi: displayport: Fix potential deadlock
- serial: kgdboc: Fix NMI-safety problems from keyboard reset code
- remoteproc: mediatek: Make sure IPI buffer fits in L2TCM
- KEYS: trusted: Do not use WARN when encode fails
- admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET
- docs: kernel_include.py: Cope with docutils 0.21
- Linux 5.15.160
* Jammy update: v5.15.159 upstream stable release (LP: #2070028)
- dmaengine: pl330: issue_pending waits until WFP state
- dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state"
- wifi: nl80211: don't free NULL coalescing rule
- ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf
- ksmbd: validate request buffer size in smb2_allocate_rsp_buf()
- ksmbd: clear RENAME_NOREPLACE before calling vfs_rename
- eeprom: at24: Use dev_err_probe for nvmem register failure
- eeprom: at24: Probe for DDR3 thermal sensor in the SPD case
- eeprom: at24: fix memory corruption race condition
- pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T
- pinctrl/meson: fix typo in PDM's pin name
- pinctrl: core: delete incorrect free in pinctrl_enable()
- pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic
- pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback
- pinctrl: mediatek: paris: Rework support for
PIN_CONFIG_{INPUT,OUTPUT}_ENABLE
- sunrpc: add a struct rpc_stats arg to rpc_create_args
- nfs: expose /proc/net/sunrpc/nfs in net namespaces
- nfs: make the rpc_stat per net namespace
- nfs: Handle error of rpc_proc_register() in nfs_net_init().
- power: rt9455: hide unused rt9455_boost_voltage_values
- power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator
- pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
- regulator: mt6360: De-capitalize devicetree regulator subnodes
- bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition
- bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
- bpf: Fix a verifier verbose message
- spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs
- s390/mm: Fix storage key clearing for guest huge pages
- s390/mm: Fix clearing storage keys for huge pages
- xdp: Move conversion to xdp_frame out of map functions
- xdp: Add xdp_do_redirect_frame() for pre-computed xdp_frames
- xdp: use flags field to disambiguate broadcast redirect
- bna: ensure the copied buf is NUL terminated
- octeontx2-af: avoid off-by-one read from userspace
- nsh: Restore skb->{protocol,data,mac_header} for outer header in
nsh_gso_segment().
- net l2tp: drop flow hash on forward
- s390/vdso: Add CFI for RA register to asm macro vdso_func
- net: qede: sanitize 'rc' in qede_add_tc_flower_fltr()
- net: qede: use return from qede_parse_flow_attr() for flower
- net: qede: use return from qede_parse_flow_attr() for flow_spec
- net: qede: use return from qede_parse_actions()
- ASoC: meson: axg-fifo: use FIELD helpers
- ASoC: meson: axg-fifo: use threaded irq to check periods
- ASoC: meson: axg-card: make links nonatomic
- ASoC: meson: axg-tdm-interface: manage formatters in trigger
- ASoC: meson: cards: select SND_DYNAMIC_MINORS
- ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()
- s390/cio: Ensure the copied buf is NUL terminated
- cxgb4: Properly lock TX queue for the selftest.
- net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341
- net: bridge: fix multicast-to-unicast with fraglist GSO
- net: core: reject skb_copy(_expand) for fraglist GSO skbs
- tipc: fix a possible memleak in tipc_buf_append
- s390/qeth: don't keep track of Input Queue count
- s390/qeth: Fix kernel panic after setting hsuid
- drm/panel: ili9341: Respect deferred probe
- drm/panel: ili9341: Use predefined error codes
- net: gro: add flush check in udp_gro_receive_segment
- clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
- KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id
- KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()
- scsi: lpfc: Move NPIV's transport unregistration to after resource clean up
- scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic
- scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port()
- gfs2: Fix invalid metadata access in punch_hole
- wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc
- wifi: cfg80211: fix rdev_dump_mpp() arguments order
- net: mark racy access on sk->sk_rcvbuf
- scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
- btrfs: return accurate error code on open failure in open_fs_devices()
- kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries
- ALSA: line6: Zero-initialize message buffers
- net: bcmgenet: Reset RBUF on first open
- ata: sata_gemini: Check clk_enable() result
- firewire: ohci: mask bus reset interrupts between ISR and bottom half
- tools/power turbostat: Fix added raw MSR output
- tools/power turbostat: Fix Bzy_MHz documentation typo
- btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve
- btrfs: always clear PERTRANS metadata during commit
- scsi: target: Fix SELinux error when systemd-modules loads the target module
- blk-iocost: avoid out of bounds shift
- gpu: host1x: Do not setup DMA for virtual devices
- MIPS: scall: Save thread_info.syscall unconditionally on entry
- selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior
- iommu: mtk: fix module autoloading
- fs/9p: only translate RWX permissions for plain 9P2000
- fs/9p: translate O_TRUNC into OTRUNC
- 9p: explicitly deny setlease attempts
- gpio: wcove: Use -ENOTSUPP consistently
- gpio: crystalcove: Use -ENOTSUPP consistently
- clk: Don't hold prepare_lock when calling kref_put()
- fs/9p: drop inodes immediately on non-.L too
- drm/nouveau/dp: Don't probe eDP ports twice harder
- net:usb:qmi_wwan: support Rolling modules
- bpf, sockmap: TCP data stall on recv before accept
- bpf, sockmap: Handle fin correctly
- bpf, sockmap: Convert schedule_work into delayed_work
- bpf, sockmap: Reschedule is now done through backlog
- bpf, sockmap: Improved check for empty queue
- qibfs: fix dentry leak
- xfrm: Preserve vlan tags for transport mode software GRO
- ARM: 9381/1: kasan: clear stale stack poison
- tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
- rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
- hwmon: (corsair-cpro) Use a separate buffer for sending commands
- hwmon: (corsair-cpro) Use complete_all() instead of complete() in
ccp_raw_event()
- hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock
- phonet: fix rtm_phonet_notify() skb allocation
- net: bridge: fix corrupted ethernet header on multicast-to-unicast
- ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
- net: hns3: PF support get unicast MAC address space assigned by firmware
- net: hns3: using user configure after hardware reset
- net: hns3: add log for workqueue scheduled late
- net: hns3: add query vf ring and vector map relation
- net: hns3: refactor function hclge_mbx_handler()
- net: hns3: direct return when receive a unknown mailbox message
- net: hns3: refactor hns3 makefile to support hns3_common module
- net: hns3: create new cmdq hardware description structure hclge_comm_hw
- net: hns3: create new set of unified hclge_comm_cmd_send APIs
- net: hns3: refactor hclge_cmd_send with new hclge_comm_cmd_send API
- net: hns3: change type of numa_node_mask as nodemask_t
- net: hns3: use appropriate barrier function after setting a bit value
- net: hns3: split function hclge_init_vlan_config()
- net: hns3: fix port vlan filter not disabled issue
- drm/meson: dw-hdmi: power up phy on device init
- drm/meson: dw-hdmi: add bandgap setting for g12
- drm/connector: Add \n to message about demoting connector force-probes
- drm/amd/display: Atom Integrated System Info v2_2 for DCN35
- Revert "Revert "ACPI: CPPC: Use access_width over bit_width for system
memory accesses""
- ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro
- ACPI: CPPC: Fix access width used for PCC registers
- btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send()
- firewire: nosy: ensure user_length is taken into account when fetching
packet contents
- Reapply "drm/qxl: simplify qxl_fence_wait"
- arm64: dts: qcom: Fix 'interrupt-map' parent address cells
- usb: typec: ucsi: Check for notifications after init
- usb: typec: ucsi: Fix connector check on init
- usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed
device
- usb: ohci: Prevent missed ohci interrupts
- usb: gadget: composite: fix OS descriptors w_value logic
- usb: gadget: f_fs: Fix a race condition when processing setup packets.
- usb: xhci-plat: Don't include xhci.h
- usb: dwc3: core: Prevent phy suspend during init
- ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU
- btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()
- mptcp: ensure snd_nxt is properly initialized on connect
- dt-bindings: iio: health: maxim,max30102: fix compatible check
- iio:imu: adis16475: Fix sync mode setting
- iio: accel: mxc4005: Interrupt handling fixes
- tipc: fix UAF in error path
- net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()
- ASoC: tegra: Fix DSPK 16-bit playback
- ASoC: ti: davinci-mcasp: Fix race condition during probe
- dyndbg: fix old BUG_ON in >control parser
- slimbus: qcom-ngd-ctrl: Add timeout for wait operation
- mei: me: add lunar lake point M DID
- drm/vmwgfx: Fix invalid reads in fence signaled events
- net: fix out-of-bounds access in ops_init
- hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us
- regulator: core: fix debugfs creation regression
- Bluetooth: qca: add missing firmware sanity checks
- Bluetooth: qca: fix NVM configuration parsing
- Bluetooth: qca: fix firmware check error path
- keys: Fix overwrite of key expiration on instantiation
- md: fix kmemleak of rdev->serial
- Linux 5.15.159
* Freezing user space processes failed after 20.008 seconds (1 tasks refusing
to freeze, wq_busy=0) (LP: #2061091)
- ALSA: Fix deadlocks with kctl removals at disconnection
* CVE-2024-27017
- netfilter: nft_set_pipapo: constify lookup fn args where possible
- netfilter: nft_set_pipapo: walk over current view on netlink dump
- netfilter: nf_tables: missing iterator type in lookup walk
* CVE-2024-26952
- ksmbd: fix potencial out-of-bounds when buffer offset is invalid
* CVE-2024-26886
- Bluetooth: af_bluetooth: Fix deadlock
* CVE-2023-52752
- smb: client: fix use-after-free bug in cifs_debug_data_proc_show()
* CVE-2024-25742
- x86/sev: Harden #VC instruction emulation somewhat
- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler
* CVE-2024-36016
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
Date: 2024-07-17 17:08:10.261541+00:00
Changed-By: Jacob Martin <jacob.martin at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1064.70
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list