[ubuntu/jammy-security] linux-kvm 5.15.0-1053.58 (Accepted)
Andy Whitcroft
apw at canonical.com
Tue Mar 19 12:10:20 UTC 2024
linux-kvm (5.15.0-1053.58) jammy; urgency=medium
* jammy/linux-kvm: 5.15.0-1053.58 -proposed tracker (LP: #2056014)
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/s2024.02.05)
[ Ubuntu: 5.15.0-101.111 ]
* jammy/linux: 5.15.0-101.111 -proposed tracker (LP: #2056026)
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
- debian/dkms-versions -- update from kernel-versions (main/s2024.02.05)
* CVE-2024-24855
- scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()
* CVE-2024-1086
- netfilter: nf_tables: reject QUEUE/DROP verdict parameters
* CVE-2024-1085
- netfilter: nf_tables: check if catch-all set element is active in next
generation
* CVE-2023-32247
- ksmbd: destroy expired sessions
* CVE-2023-23000
- phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function
linux-kvm (5.15.0-1052.57) jammy; urgency=medium
* jammy/linux-kvm: 5.15.0-1052.57 -proposed tracker (LP: #2052077)
[ Ubuntu: 5.15.0-100.110 ]
* jammy/linux: 5.15.0-100.110 -proposed tracker (LP: #2052616)
* i915 regression introduced with 5.5 kernel (LP: #2044131)
- drm/i915: Skip some timing checks on BXT/GLK DSI transcoders
* Audio balancing setting doesn't work with the cirrus codec (LP: #2051050)
- ALSA: hda/cs8409: Suppress vmaster control for Dolphin models
* partproke is broken on empty loopback device (LP: #2049689)
- block: Move checking GENHD_FL_NO_PART to bdev_add_partition()
* CVE-2023-0340
- vhost: use kzalloc() instead of kmalloc() followed by memset()
* CVE-2023-51780
- atm: Fix Use-After-Free in do_vcc_ioctl
* CVE-2023-6915
- ida: Fix crash in ida_free when the bitmap is empty
* CVE-2024-0646
- net: tls, update curr on splice as well
* CVE-2024-0565
- smb: client: fix OOB in receive_encrypted_standard()
* CVE-2023-51781
- appletalk: Fix Use-After-Free in atalk_ioctl
* Jammy update: v5.15.143 upstream stable release (LP: #2050858)
- vdpa/mlx5: preserve CVQ vringh index
- hrtimers: Push pending hrtimers away from outgoing CPU earlier
- i2c: designware: Fix corrupted memory seen in the ISR
- netfilter: ipset: fix race condition between swap/destroy and kernel side
add/del/test
- tg3: Move the [rt]x_dropped counters to tg3_napi
- tg3: Increment tx_dropped in tg3_tso_bug()
- kconfig: fix memory leak from range properties
- drm/amdgpu: correct chunk_ptr to a pointer to chunk.
- platform/x86: asus-wmi: Adjust tablet/lidflip handling to use enum
- platform/x86: asus-wmi: Add support for ROG X13 tablet mode
- platform/x86: asus-wmi: Simplify tablet-mode-switch probing
- platform/x86: asus-wmi: Simplify tablet-mode-switch handling
- platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code
- of: dynamic: Fix of_reconfig_get_state_change() return value documentation
- platform/x86: wmi: Allow duplicate GUIDs for drivers that use struct
wmi_driver
- platform/x86: wmi: Skip blocks with zero instances
- ipv6: fix potential NULL deref in fib6_add()
- octeontx2-pf: Add missing mutex lock in otx2_get_pauseparam
- octeontx2-af: Check return value of nix_get_nixlf before using nixlf
- hv_netvsc: rndis_filter needs to select NLS
- r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE
- r8152: Add RTL8152_INACCESSIBLE checks to more loops
- r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash()
- r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1()
- r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en()
- mlxbf-bootctl: correctly identify secure boot with development keys
- platform/mellanox: Add null pointer checks for devm_kasprintf()
- platform/mellanox: Check devm_hwmon_device_register_with_groups() return
value
- arcnet: restoring support for multiple Sohard Arcnet cards
- net: stmmac: fix FPE events losing
- octeontx2-af: fix a use-after-free in rvu_npa_register_reporters
- i40e: Fix unexpected MFS warning message
- net: bnxt: fix a potential use-after-free in bnxt_init_tc
- ionic: fix snprintf format length warning
- ionic: Fix dim work handling in split interrupt mode
- ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit()
- net: hns: fix fake link up on xge port
- octeontx2-af: Update Tx link register range
- netfilter: nf_tables: validate family when identifying table via handle
- netfilter: xt_owner: Fix for unsafe access of sk->sk_socket
- tcp: do not accept ACK of bytes we never sent
- bpf: sockmap, updating the sg structure should also update curr
- psample: Require 'CAP_NET_ADMIN' when joining "packets" group
- net: add missing kdoc for struct genl_multicast_group::flags
- drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group
- tee: optee: Fix supplicant based device enumeration
- RDMA/hns: Fix unnecessary err return when using invalid congest control
algorithm
- RDMA/irdma: Do not modify to SQD on error
- RDMA/irdma: Add wait for suspend on SQD
- arm64: dts: rockchip: Expand reg size of vdec node for RK3399
- RDMA/rtrs-srv: Do not unconditionally enable irq
- RDMA/rtrs-clt: Start hb after path_up
- RDMA/rtrs-srv: Check return values while processing info request
- RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true
- RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight
- RDMA/rtrs-clt: Fix the max_send_wr setting
- RDMA/rtrs-clt: Remove the warnings for req in_use check
- RDMA/bnxt_re: Correct module description string
- hwmon: (acpi_power_meter) Fix 4.29 MW bug
- hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe()
- ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate
- RDMA/core: Fix umem iterator when PAGE_SIZE is greater then HCA pgsz
- RDMA/irdma: Avoid free the non-cqp_request scratch
- arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb
- arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3
- ARM: dts: imx6ul-pico: Describe the Ethernet PHY clock
- tracing: Fix a warning when allocating buffered events fails
- scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle()
- ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init
- ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt
- ARM: dts: imx28-xea: Pass the 'model' property
- riscv: fix misaligned access handling of C.SWSP and C.SDSP
- md: introduce md_ro_state
- md: don't leave 'MD_RECOVERY_FROZEN' in error path of md_set_readonly()
- kprobes: consistent rcu api usage for kretprobe holder
- nvme-pci: Add sleep quirk for Kingston drives
- io_uring: fix mutex_unlock with unreferenced ctx
- ALSA: usb-audio: Add Pioneer DJM-450 mixer controls
- ALSA: pcm: fix out-of-bounds in snd_pcm_state_names
- nilfs2: fix missing error check for sb_set_blocksize call
- nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage()
- checkstack: fix printed address
- tracing: Always update snapshot buffer size
- tracing: Disable snapshot buffer when stopping instance tracers
- tracing: Fix incomplete locking when disabling buffered events
- tracing: Fix a possible race when disabling buffered events
- packet: Move reference count in packet_sock to atomic_long_t
- regmap: fix bogus error on regcache_sync success
- platform/surface: aggregator: fix recv_buf() return value
- arm64: dts: mediatek: mt7622: fix memory node warning check
- arm64: dts: mediatek: mt8183-kukui-jacuzzi: fix dsi unnecessary cells
properties
- arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names
- arm64: dts: mediatek: mt8183: Fix unit address for scp reserved memory
- binder: fix memory leaks of spam and pending work
- kallsyms: Make kallsyms_on_each_symbol generally available
- coresight: etm4x: Make etm4_remove_dev() return void
- coresight: etm4x: Remove bogous __exit annotation for some functions
- misc: mei: client.c: return negative error code in mei_cl_write
- misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write
- ring-buffer: Force absolute timestamp on discard of event
- tracing: Set actual size after ring buffer resize
- tracing: Stop current tracer when resizing buffer
- r8169: fix rtl8125b PAUSE frames blasting when suspended
- mm: fix oops when filemap_map_pmd() without prealloc_pte
- io_uring/af_unix: disable sending io_uring over sockets
- platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch reporting
- docs/process/howto: Replace C89 with C11
- tools headers UAPI: Sync linux/perf_event.h with the kernel sources
- arm64: dts: mediatek: align thermal zone node names with dtschema
- arm64: dts: mediatek: mt8183: Move thermal-zones to the root node
- arm64: dts: mediatek: add missing space before {
- arm64: dts: mt8183: kukui: Fix underscores in node names
- gpiolib: sysfs: Fix error handling on failed export
- drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c
- drm/amdgpu: correct the amdgpu runtime dereference usage count
- usb: gadget: f_hid: fix report descriptor allocation
- parport: Add support for Brainboxes IX/UC/PX parallel cards
- usb: typec: class: fix typec_altmode_put_partner to put plugs
- ARM: PL011: Fix DMA support
- serial: sc16is7xx: address RX timeout interrupt errata
- serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit
- serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt
- serial: 8250_omap: Add earlycon support for the AM654 UART controller
- x86/CPU/AMD: Check vendor in the AMD microcode callback
- KVM: s390/mm: Properly reset no-dat
- KVM: SVM: Update EFER software model on CR0 trap for SEV-ES
- MIPS: Loongson64: Reserve vgabios memory on boot
- MIPS: Loongson64: Enable DMA noncoherent support
- cifs: Fix non-availability of dedup breaking generic/304
- smb: client: fix potential NULL deref in parse_dfs_referrals()
- devcoredump : Serialize devcd_del work
- devcoredump: Send uevent once devcd is ready
- Linux 5.15.143
* Intel E810-XXV - NETDEV WATCHDOG: (ice): transmit queue timed out
(LP: #2036239)
- ice: Add feature bitmap, helpers and a check for DSCP
- ice: Add driver support for firmware changes for LAG
- ice: alter feature support check for SRIOV and LAG
* Don't WARN_ON_ONCE() for a broken discovery table (LP: #2048404)
- perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery table
* Reject connection when malformed L2CAP signal packet is received
(LP: #2047634)
- Bluetooth: L2CAP: Send reject on command corrupted request
* Jammy update: v5.15.142 upstream stable release (LP: #2050849)
- pinctrl: avoid reload of p state in list iteration
- firewire: core: fix possible memory leak in create_units()
- mmc: cqhci: Increase recovery halt timeout
- mmc: cqhci: Warn of halt or task clear failure
- mmc: cqhci: Fix task clearing in CQE error recovery
- mmc: block: Retry commands in CQE error recovery
- mmc: block: Do not lose cache flush during CQE error recovery
- mmc: block: Be sure to wait while busy in CQE error recovery
- ALSA: hda: Disable power-save on KONTRON SinglePC
- ALSA: hda/realtek: Headset Mic VREF to 100%
- ALSA: hda/realtek: Add supported ALC257 for ChromeOS
- dm-verity: align struct dm_verity_fec_io properly
- dm verity: don't perform FEC for failed readahead IO
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR
- iommu/vt-d: Add MTL to quirk list to skip TE disabling
- powerpc: Don't clobber f0/vs0 during fp|altivec register save
- parisc: Drop the HP-UX ENOSYM and EREMOTERELEASE error codes
- btrfs: ref-verify: fix memory leaks in btrfs_ref_tree_mod()
- btrfs: fix off-by-one when checking chunk map includes logical address
- btrfs: send: ensure send_fd is writable
- btrfs: make error messages more clear when getting a chunk map
- Input: xpad - add HyperX Clutch Gladiate Support
- vlan: introduce vlan_dev_free_egress_priority
- vlan: move dev_put into vlan_dev_uninit
- rcu: Avoid tracing a few functions executed in stop machine
- hv_netvsc: fix race of netvsc and VF register_netdevice
- USB: core: Change configuration warnings to notices
- usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
- dpaa2-eth: increase the needed headroom to account for alignment
- uapi: propagate __struct_group() attributes to the container union
- selftests/net: ipsec: fix constant out of range
- octeontx2-af: Fix possible buffer overflow
- net: stmmac: xgmac: Disable FPE MMC interrupts
- octeontx2-pf: Fix adding mbox work queue entry when num_vfs > 64
- Revert "workqueue: remove unused cancel_work()"
- r8169: prevent potential deadlock in rtl8169_close
- ravb: Fix races between ravb_tx_timeout_work() and net related ops
- net: ravb: Check return value of reset_control_deassert()
- net: ravb: Use pm_runtime_resume_and_get()
- net: ravb: Start TX queues after HW initialization succeeded
- net: ravb: Stop DMA in case of failures on ravb_open()
- perf intel-pt: Fix async branch flags
- selftests/resctrl: Add missing SPDX license to Makefile
- selftests/resctrl: Move _GNU_SOURCE define into Makefile
- smb3: fix touch -h of symlink
- ASoC: Intel: Move soc_intel_is_foo() helpers to a generic header
- ASoC: SOF: sof-pci-dev: use community key on all Up boards
- ASoC: SOF: sof-pci-dev: add parameter to override topology filename
- ASoC: SOF: sof-pci-dev: don't use the community key on APL Chromebooks
- ASoC: SOF: sof-pci-dev: Fix community key quirk detection
- fbdev: stifb: Make the STI next font pointer a 32-bit signed offset
- fs: add ctime accessors infrastructure
- smb3: fix caching of ctime on setxattr
- cpufreq: imx6q: don't warn for disabling a non-existing frequency
- cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily
- iommu/vt-d: Omit devTLB invalidation requests when TES=0
- iommu/vt-d: Make context clearing consistent with context mapping
- mmc: core: add helpers mmc_regulator_enable/disable_vqmmc
- mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled
- r8169: disable ASPM in case of tx timeout
- r8169: fix deadlock on RTL8125 in jumbo mtu mode
- iomap: update ki_pos a little later in iomap_dio_complete
- Linux 5.15.142
* Jammy update: v5.15.141 upstream stable release (LP: #2050044)
- afs: Fix afs_server_list to be cleaned up with RCU
- afs: Make error on cell lookup failure consistent with OpenAFS
- drm/panel: boe-tv101wum-nl6: Fine tune the panel power sequence
- drm/panel: auo,b101uan08.3: Fine tune the panel power sequence
- drm/panel: simple: Fix Innolux G101ICE-L01 bus flags
- drm/panel: simple: Fix Innolux G101ICE-L01 timings
- wireguard: use DEV_STATS_INC()
- octeontx2-pf: Fix memory leak during interface down
- ata: pata_isapnp: Add missing error check for devm_ioport_map()
- drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full
- HID: core: store the unique system identifier in hid_device
- HID: fix HID device resource race between HID core and debugging support
- ipv4: Correct/silence an endian warning in __ip_do_redirect
- net: usb: ax88179_178a: fix failed operations during ax88179_reset
- net/smc: avoid data corruption caused by decline
- arm/xen: fix xen_vcpu_info allocation alignment
- octeontx2-pf: Fix ntuple rule creation to direct packet to VF with higher Rx
queue than its PF
- amd-xgbe: handle corner-case during sfp hotplug
- amd-xgbe: handle the corner-case during tx completion
- amd-xgbe: propagate the correct speed and duplex status
- net: axienet: Fix check for partial TX checksum
- afs: Return ENOENT if no cell DNS record can be found
- afs: Fix file locking on R/O volumes to operate in local mode
- nvmet: nul-terminate the NQNs passed in the connect command
- USB: dwc3: qcom: fix resource leaks on probe deferral
- USB: dwc3: qcom: fix ACPI platform device leak
- lockdep: Fix block chain corruption
- MIPS: KVM: Fix a build warning about variable set but not used
- media: camss: Replace hard coded value with parameter
- media: camss: sm8250: Virtual channels for CSID
- media: qcom: camss: Fix set CSI2_RX_CFG1_VC_MODE when VC is greater than 3
- media: qcom: camss: Fix csid-gen2 for test pattern generator
- ext4: add a new helper to check if es must be kept
- ext4: factor out __es_alloc_extent() and __es_free_extent()
- ext4: use pre-allocated es in __es_insert_extent()
- ext4: use pre-allocated es in __es_remove_extent()
- ext4: using nofail preallocation in ext4_es_remove_extent()
- ext4: using nofail preallocation in ext4_es_insert_delayed_block()
- ext4: using nofail preallocation in ext4_es_insert_extent()
- ext4: fix slab-use-after-free in ext4_es_insert_extent()
- ext4: make sure allocate pending entry not fail
- proc: sysctl: prevent aliased sysctls from getting passed to init
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA
- swiotlb-xen: provide the "max_mapping_size" method
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in
btree_gc_coalesce()
- md: fix bi_status reporting in md_end_clone_io
- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race
- io_uring/fs: consider link->flags when getting path for LINKAT
- s390/dasd: protect device queue against concurrent access
- USB: serial: option: add Luat Air72*U series products
- hv_netvsc: Fix race of register_netdevice_notifier and VF register
- hv_netvsc: Mark VF as slave before exposing it to user-mode
- dm-delay: fix a race between delay_presuspend and delay_bio
- bcache: check return value from btree_node_alloc_replacement()
- bcache: prevent potential division by zero error
- bcache: fixup init dirty data errors
- bcache: fixup lock c->root error
- usb: cdnsp: Fix deadlock issue during using NCM gadget
- USB: serial: option: add Fibocom L7xx modules
- USB: serial: option: fix FM101R-GL defines
- USB: serial: option: don't claim interface 4 for ZTE MF290
- usb: typec: tcpm: Skip hard reset when in error recovery
- USB: dwc2: write HCINT with INTMASK applied
- usb: dwc3: Fix default mode initialization
- usb: dwc3: set the dma max_seg_size
- USB: dwc3: qcom: fix software node leak on probe errors
- USB: dwc3: qcom: fix wakeup after probe deferral
- io_uring: fix off-by one bvec index
- Linux 5.15.141
* Jammy update: v5.15.140 upstream stable release (LP: #2050038)
- locking/ww_mutex/test: Fix potential workqueue corruption
- perf/core: Bail out early if the request AUX area is out of bound
- clocksource/drivers/timer-imx-gpt: Fix potential memory leak
- clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
- workqueue: Provide one lock class key per work_on_cpu() callsite
- x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
- wifi: mac80211_hwsim: fix clang-specific fortify warning
- wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
- atl1c: Work around the DMA RX overflow issue
- bpf: Detect IP == ksym.end as part of BPF program
- wifi: ath9k: fix clang-specific fortify warnings
- wifi: ath10k: fix clang-specific fortify warning
- net: annotate data-races around sk->sk_tx_queue_mapping
- net: annotate data-races around sk->sk_dst_pending_confirm
- wifi: ath10k: Don't touch the CE interrupt registers after power up
- Bluetooth: btusb: Add date->evt_skb is NULL check
- Bluetooth: Fix double free in hci_conn_cleanup
- platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
- drm/komeda: drop all currently held locks if deadlock happens
- drm/amdkfd: Fix a race condition of vram buffer unref in svm code
- drm/amd/display: use full update for clip size increase of large plane
source
- string.h: add array-wrappers for (v)memdup_user()
- kernel: kexec: copy user-array safely
- kernel: watch_queue: copy user-array safely
- drm: vmwgfx_surface.c: copy user-array safely
- drm/msm/dp: skip validity check for DP CTS EDID checksum
- drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
- drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
- drm/amdgpu: Fix potential null pointer derefernce
- drm/panel: fix a possible null pointer dereference
- drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference
- drm/amdgpu/vkms: fix a possible null pointer dereference
- drm/panel: st7703: Pick different reset sequence
- drm/amdkfd: Fix shift out-of-bounds issue
- drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
- arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size
- selftests/efivarfs: create-read: fix a resource leak
- ASoC: soc-card: Add storage for PCI SSID
- crypto: pcrypt - Fix hungtask for PADATA_RESET
- RDMA/hfi1: Use FIELD_GET() to extract Link Width
- scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool
- fs/jfs: Add check for negative db_l2nbperpage
- fs/jfs: Add validity check for db_maxag and db_agpref
- jfs: fix array-index-out-of-bounds in dbFindLeaf
- jfs: fix array-index-out-of-bounds in diAlloc
- HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround
- ARM: 9320/1: fix stack depot IRQ stack filter
- ALSA: hda: Fix possible null-ptr-deref when assigning a stream
- PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields
- atm: iphase: Do PCI error checks on own line
- scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
- PCI: Use FIELD_GET() to extract Link Width
- PCI: Extract ATS disabling to a helper function
- PCI: Disable ATS for specific Intel IPU E2000 devices
- misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller
- PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk
- HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W
- exfat: support handle zero-size directory
- tty: vcc: Add check for kstrdup() in vcc_probe()
- usb: gadget: f_ncm: Always set current gadget in ncm_bind()
- 9p/trans_fd: Annotate data-racy writes to file::f_flags
- 9p: v9fs_listxattr: fix %s null argument warning
- i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler
- i2c: sun6i-p2wi: Prevent potential division by zero
- virtio-blk: fix implicit overflow on virtio_max_dma_size
- i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data.
- media: gspca: cpia1: shift-out-of-bounds in set_flicker
- media: vivid: avoid integer overflow
- gfs2: ignore negated quota changes
- gfs2: fix an oops in gfs2_permission
- media: cobalt: Use FIELD_GET() to extract Link Width
- media: ccs: Fix driver quirk struct documentation
- media: imon: fix access to invalid resource for the second interface
- drm/amd/display: Avoid NULL dereference of timing generator
- kgdb: Flush console before entering kgdb on panic
- i2c: dev: copy userspace array safely
- ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings
- drm/qxl: prevent memory leak
- drm/amdgpu: fix software pci_unplug on some chips
- pwm: Fix double shift bug
- wifi: iwlwifi: Use FW rate for non-data frames
- tracing: Reuse logic from perf's get_recursion_context()
- tracing/perf: Add interrupt_context_level() helper
- sched/core: Optimize in_task() and in_interrupt() a bit
- media: cadence: csi2rx: Unregister v4l2 async notifier
- media: cec: meson: always include meson sub-directory in Makefile
- SUNRPC: ECONNRESET might require a rebind
- SUNRPC: Add an IS_ERR() check back to where it was
- NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO
- SUNRPC: Fix RPC client cleaned up the freed pipefs dentries
- gfs2: Silence "suspicious RCU usage in gfs2_permission" warning
- mptcp: diag: switch to context structure
- mptcp: listen diag dump support
- net: inet: Remove count from inet_listen_hashbucket
- net: inet: Open code inet_hash2 and inet_unhash2
- net: inet: Retire port only listening_hash
- net: set SOCK_RCU_FREE before inserting socket into hashtable
- ipvlan: add ipvlan_route_v6_outbound() helper
- tty: Fix uninit-value access in ppp_sync_receive()
- net: hns3: fix add VLAN fail issue
- net: hns3: refine the definition for struct hclge_pf_to_vf_msg
- net: hns3: add byte order conversion for PF to VF mailbox message
- net: hns3: add barrier in vf mailbox reply process
- net: hns3: fix incorrect capability bit display for copper port
- net: hns3: fix variable may not initialized problem in hns3_init_mac_addr()
- net: hns3: fix VF reset fail issue
- net: hns3: fix VF wrong speed and duplex issue
- tipc: Fix kernel-infoleak due to uninitialized TLV value
- ppp: limit MRU to 64K
- xen/events: fix delayed eoi list handling
- ptp: annotate data-race around q->head and q->tail
- bonding: stop the device in bond_setup_by_slave()
- net: ethernet: cortina: Fix max RX frame define
- net: ethernet: cortina: Handle large frames
- net: ethernet: cortina: Fix MTU max setting
- af_unix: fix use-after-free in unix_stream_read_actor()
- netfilter: nf_conntrack_bridge: initialize err to 0
- netfilter: nf_tables: use the correct get/put helpers
- netfilter: nf_tables: add and use BE register load-store helpers
- netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
- net: stmmac: fix rx budget limit check
- net/mlx5e: Remove incorrect addition of action fwd flag
- net/mlx5e: Move mod hdr allocation to a single place
- net/mlx5e: Refactor mod header management API
- net/mlx5e: Fix pedit endianness
- net/mlx5e: Reduce the size of icosq_str
- net/mlx5e: Check return value of snprintf writing to fw_version buffer for
representors
- macvlan: Don't propagate promisc change to lower dev in passthru
- tools/power/turbostat: Fix a knl bug
- tools/power/turbostat: Enable the C-state Pre-wake printing
- cifs: spnego: add ';' in HOST_KEY_LEN
- cifs: fix check of rc in function generate_smb3signingkey
- xfs: refactor buffer cancellation table allocation
- xfs: don't leak xfs_buf_cancel structures when recovery fails
- xfs: convert buf_cancel_table allocation to kmalloc_array
- xfs: use invalidate_lock to check the state of mmap_lock
- xfs: prevent a UAF when log IO errors race with unmount
- xfs: flush inode gc workqueue before clearing agi bucket
- xfs: fix use-after-free in xattr node block inactivation
- xfs: don't leak memory when attr fork loading fails
- xfs: fix intermittent hang during quotacheck
- xfs: add missing cmap->br_state = XFS_EXT_NORM update
- xfs: Fix false ENOSPC when performing direct write on a delalloc extent in
cow fork
- xfs: fix inode reservation space for removing transaction
- xfs: avoid a UAF when log intent item recovery fails
- xfs: fix exception caused by unexpected illegal bestcount in leaf dir
- xfs: fix memory leak in xfs_errortag_init
- xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init()
- i915/perf: Fix NULL deref bugs with drm_dbg() calls
- media: venus: hfi: add checks to perform sanity on queue pointers
- powerpc/perf: Fix disabling BHRB and instruction sampling
- randstruct: Fix gcc-plugin performance mode to stay in group
- bpf: Fix check_stack_write_fixed_off() to correctly spill imm
- bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END
- scsi: mpt3sas: Fix loop logic
- scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for
selected registers
- scsi: qla2xxx: Fix system crash due to bad pointer access
- crypto: x86/sha - load modules based on CPU features
- x86/cpu/hygon: Fix the CPU topology evaluation for real
- KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space
- KVM: x86: Ignore MSR_AMD64_TW_CFG access
- audit: don't take task_lock() in audit_exe_compare() code path
- audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()
- tty/sysrq: replace smp_processor_id() with get_cpu()
- hvc/xen: fix console unplug
- hvc/xen: fix error path in xen_hvc_init() to always register frontend driver
- hvc/xen: fix event channel handling for secondary consoles
- PCI/sysfs: Protect driver's D3cold preference from user space
- watchdog: move softlockup_panic back to early_param
- ACPI: resource: Do IRQ override on TongFang GMxXGxx
- arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer
- parisc/pdc: Add width field to struct pdc_model
- clk: socfpga: Fix undefined behavior bug in struct stratix10_clock_data
- clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks
- clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks
- mmc: vub300: fix an error code
- mmc: sdhci_am654: fix start loop index for TAP value parsing
- PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common()
- PCI: exynos: Don't discard .remove() callback
- wifi: wilc1000: use vmm_table as array in wilc struct
- svcrdma: Drop connection after an RDMA Read error
- rcu/tree: Defer setting of jiffies during stall reset
- arm64: dts: qcom: ipq6018: Fix hwlock index for SMEM
- PM: hibernate: Use __get_safe_page() rather than touching the list
- PM: hibernate: Clean up sync_read handling in snapshot_write_next()
- rcu: kmemleak: Ignore kmemleak false positives when RCU-freeing objects
- btrfs: don't arbitrarily slow down delalloc if we're committing
- firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit
- ACPI: FPDT: properly handle invalid FPDT subtables
- ima: annotate iint mutex to avoid lockdep false positive warnings
- ima: detect changes to the backing overlay file
- wifi: ath11k: fix temperature event locking
- wifi: ath11k: fix dfs radar event locking
- wifi: ath11k: fix htt pktlog locking
- mmc: meson-gx: Remove setting of CMD_CFG_ERROR
- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware
- KEYS: trusted: Rollback init_trusted() consistently
- PCI: keystone: Don't discard .remove() callback
- PCI: keystone: Don't discard .probe() callback
- netfilter: nf_tables: split async and sync catchall in two functions
- selftests/resctrl: Remove duplicate feature check from CMT test
- selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests
- ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix
- jbd2: fix potential data lost in recovering journal raced with synchronizing
fs bdev
- quota: explicitly forbid quota files from being encrypted
- kernel/reboot: emergency_restart: Set correct system_state
- i2c: core: Run atomic i2c xfer when !preemptible
- tracing: Have the user copy of synthetic event address use correct context
- mcb: fix error handling for different scenarios when parsing
- dmaengine: stm32-mdma: correct desc prep when channel running
- s390/cmma: fix detection of DAT pages
- mm/cma: use nth_page() in place of direct struct page manipulation
- mm/memory_hotplug: use pfn math in place of direct struct page manipulation
- mtd: cfi_cmdset_0001: Byte swap OTP info
- i3c: master: cdns: Fix reading status register
- i3c: master: svc: fix race condition in ibi work thread
- i3c: master: svc: fix wrong data return when IBI happen during start frame
- i3c: master: svc: fix ibi may not return mandatory data byte
- i3c: master: svc: fix check wrong status register in irq handler
- i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen
- parisc: Prevent booting 64-bit kernels on PA1.x machines
- parisc/pgtable: Do not drop upper 5 address bits of physical address
- xhci: Enable RPM on controllers that support low-power states
- ALSA: info: Fix potential deadlock at disconnection
- ALSA: hda/realtek - Add Dell ALC295 to pin fall back table
- ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC
- serial: meson: Use platform_get_irq() to get the interrupt
- tty: serial: meson: fix hard LOCKUP on crtscts mode
- regmap: Ensure range selector registers are updated after cache sync
- cpufreq: stats: Fix buffer overflow detection in trans_stats()
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559
- bluetooth: Add device 0bda:887b to device tables
- bluetooth: Add device 13d3:3571 to device tables
- Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables
- Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE
- ksmbd: fix slab out of bounds write in smb_inherit_dacl()
- arm64: dts: qcom: ipq6018: switch TCSR mutex to MMIO
- arm64: dts: qcom: ipq6018: Fix tcsr_mutex register size
- powerpc/pseries/ddw: simplify enable_ddw()
- Revert ncsi: Propagate carrier gain/loss events to the NCSI controller
- Revert "i2c: pxa: move to generic GPIO recovery"
- lsm: fix default return value for vm_enough_memory
- lsm: fix default return value for inode_getsecctx
- sbsa_gwdt: Calculate timeout with 64-bit math
- i2c: designware: Disable TX_EMPTY irq while waiting for block length byte
- s390/ap: fix AP bus crash on early config change callback invocation
- net: ethtool: Fix documentation of ethtool_sprintf()
- net: dsa: lan9303: consequently nested-lock physical MDIO
- net: phylink: initialize carrier state at creation
- i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
- f2fs: avoid format-overflow warning
- media: lirc: drop trailing space from scancode transmit
- media: sharp: fix sharp encoding
- media: venus: hfi_parser: Add check to keep the number of codecs within
range
- media: venus: hfi: fix the check to handle session buffer requirement
- media: venus: hfi: add checks to handle capabilities from firmware
- media: ccs: Correctly initialise try compose rectangle
- nfsd: fix file memleak on client_opens_release
- riscv: kprobes: allow writing to x0
- mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2
- mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors
- r8169: fix network lost after resume on DASH systems
- mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER
- media: qcom: camss: Fix pm_domain_on sequence in probe
- media: qcom: camss: Fix vfe_get() error jump
- media: qcom: camss: Fix VFE-17x vfe_disable_output()
- media: qcom: camss: Fix missing vfe_lite clocks check
- ext4: apply umask if ACL support is disabled
- ext4: correct offset of gdb backup in non meta_bg group to update_backups
- ext4: correct return value of ext4_convert_meta_bg
- ext4: correct the start block of counting reserved clusters
- ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
- ext4: add missed brelse in update_backups
- drm/amd/pm: Handle non-terminated overdrive commands.
- drm/i915: Fix potential spectre vulnerability
- drm/amdgpu: don't use ATRM for external devices
- drm/amdgpu: fix error handling in amdgpu_bo_list_get()
- drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox
- powerpc/powernv: Fix fortify source warnings in opal-prd.c
- tracing: Have trace_event_file have ref counters
- Input: xpad - add VID for Turtle Beach controllers
- driver core: Release all resources during unbind before updating device
links
- Linux 5.15.140
* CVE-2023-46862
- io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid
* Jammy update: v5.15.139 upstream stable release (LP: #2049432)
- iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user()
- sched/uclamp: Ignore (util == 0) optimization in feec() when p_util_max = 0
- sched: Fix stop_one_cpu_nowait() vs hotplug
- vfs: fix readahead(2) on block devices
- writeback, cgroup: switch inodes with dirty timestamps to release dying
cgwbs
- x86/srso: Fix SBPB enablement for (possible) future fixed HW
- futex: Don't include process MM in futex key on no-MMU
- x86: Share definition of __is_canonical_address()
- x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot
- x86/boot: Fix incorrect startup_gdt_descr.size
- pstore/platform: Add check for kstrdup
- genirq/matrix: Exclude managed interrupts in irq_matrix_allocated()
- i40e: fix potential memory leaks in i40e_remove()
- selftests/bpf: Test tail call counting with bpf2bpf and data on stack
- selftests/bpf: Correct map_fd to data_fd in tailcalls
- udp: add missing WRITE_ONCE() around up->encap_rcv
- tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed
- gve: Use size_add() in call to struct_size()
- mlxsw: Use size_mul() in call to struct_size()
- tipc: Use size_add() in calls to struct_size()
- net: spider_net: Use size_add() in call to struct_size()
- wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
- wifi: mt76: mt7603: rework/fix rx pse hang check
- mt76: dma: use kzalloc instead of devm_kzalloc for txwi
- mt76: add support for overriding the device used for DMA mapping
- mt76: pass original queue id from __mt76_tx_queue_skb to the driver
- wifi: mt76: mt7603: improve stuck beacon handling
- tcp_metrics: add missing barriers on delete
- tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics()
- tcp_metrics: do not create an entry from tcp_init_metrics()
- wifi: rtlwifi: fix EDCA limit set by BT coexistence
- can: dev: can_restart(): don't crash kernel if carrier is OK
- can: dev: can_restart(): fix race condition between controller restart and
netif_carrier_on()
- can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is
accessed out of bounds
- PM / devfreq: rockchip-dfi: Make pmu regmap mandatory
- netfilter: nf_tables: Drop pointless memset when dumping rules
- thermal: core: prevent potential string overflow
- r8169: use tp_to_dev instead of open code
- r8169: fix rare issue with broken rx after link-down on RTL8125
- chtls: fix tp->rcv_tstamp initialization
- tcp: fix cookie_init_timestamp() overflows
- iwlwifi: pcie: adjust to Bz completion descriptor
- wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues
- wifi: iwlwifi: pcie: synchronize IRQs before NAPI
- wifi: iwlwifi: empty overflow queue during flush
- ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias()
- ipv6: avoid atomic fragment on GSO packets
- net: add DEV_STATS_READ() helper
- ipvlan: properly track tx_errors
- regmap: debugfs: Fix a erroneous check after snprintf()
- spi: tegra: Fix missing IRQ check in tegra_slink_probe()
- clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
- clk: qcom: mmcc-msm8998: Don't check halt bit on some branch clks
- clk: qcom: mmcc-msm8998: Fix the SMMU GDSC
- clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src
- clk: imx: Select MXC_CLK for CLK_IMX8QXP
- clk: imx: imx8mq: correct error handling path
- clk: imx: imx8qxp: Fix elcdif_pll clock
- clk: renesas: rzg2l: Simplify multiplication/shift logic
- clk: renesas: rzg2l: Use FIELD_GET() for PLL register fields
- clk: renesas: rzg2l: Fix computation formula
- spi: nxp-fspi: use the correct ioremap function
- clk: keystone: pll: fix a couple NULL vs IS_ERR() checks
- clk: ti: Add ti_dt_clk_name() helper to use clock-output-names
- clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name()
- clk: ti: Update component clocks to use ti_dt_clk_name()
- clk: ti: change ti_clk_register[_omap_hw]() API
- clk: ti: fix double free in of_ti_divider_clk_setup()
- clk: npcm7xx: Fix incorrect kfree
- clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data
- clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data
- clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
- clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data
- clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data
- clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
- clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM
- platform/x86: wmi: Fix probe failure when failing to register WMI devices
- platform/x86: wmi: remove unnecessary initializations
- platform/x86: wmi: Fix opening of char device
- hwmon: (axi-fan-control) Fix possible NULL pointer dereference
- hwmon: (coretemp) Fix potentially truncated sysfs attribute name
- drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs
- drm/rockchip: vop: Fix call to crtc reset helper
- drm/radeon: possible buffer overflow
- drm/mipi-dsi: Create devm device registration
- drm/mipi-dsi: Create devm device attachment
- drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers
- drm/bridge: lt8912b: Register and attach our DSI device at probe
- drm/bridge: lt8912b: Add hot plug detection
- drm/bridge: lt8912b: Fix bridge_detach
- drm/bridge: lt8912b: Fix crash on bridge detach
- drm/bridge: lt8912b: Manually disable HPD only if it was enabled
- drm/bridge: lt8912b: Add missing drm_bridge_attach call
- drm/bridge: tc358768: Fix use of uninitialized variable
- drm/bridge: tc358768: Disable non-continuous clock mode
- drm/bridge: tc358768: Fix bit updates
- drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code
- drm/mediatek: Fix iommu fault by swapping FBs after updating plane state
- drm/mediatek: Fix iommu fault during crtc enabling
- drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe()
- arm64/arm: xen: enlighten: Fix KPTI checks
- drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map()
- xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled
- drm/msm/dsi: use msm_gem_kernel_put to free TX buffer
- drm: mediatek: mtk_dsi: Fix NO_EOT_PACKET settings/handling
- perf: hisi: Fix use-after-free when register pmu fails
- ARM: dts: renesas: blanche: Fix typo in GP_11_2 pin name
- arm64: dts: qcom: msm8916: Fix iommu local address range
- arm64: dts: qcom: msm8992-libra: drop duplicated reserved memory
- arm64: dts: qcom: sc7280: Add missing LMH interrupts
- arm64: dts: qcom: sdm845-mtp: fix WiFi configuration
- ARM64: dts: marvell: cn9310: Use appropriate label for spi1 pins
- arm64: dts: qcom: apq8016-sbc: Add missing ADV7533 regulators
- ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator
- soc: qcom: llcc: Handle a second device without data corruption
- firmware: ti_sci: Mark driver as non removable
- firmware: arm_ffa: Assign the missing IDR allocation ID to the FFA device
- clk: scmi: Free scmi_clk allocated when the clocks with invalid info are
skipped
- arm64: dts: imx8qm-ss-img: Fix jpegenc compatible entry
- arm64: dts: imx8mm: Add sound-dai-cells to micfil node
- arm64: dts: imx8mn: Add sound-dai-cells to micfil node
- selftests/pidfd: Fix ksft print formats
- selftests/resctrl: Ensure the benchmark commands fits to its array
- crypto: hisilicon/hpre - Fix a erroneous check after snprintf()
- hwrng: geode - fix accessing registers
- RDMA/core: Use size_{add,sub,mul}() in calls to struct_size()
- scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code
- libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return
value
- nd_btt: Make BTT lanes preemptible
- crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure
- crypto: caam/jr - fix Chacha20 + Poly1305 self test failure
- crypto: qat - increase size of buffers
- hid: cp2112: Fix duplicate workqueue initialization
- ARM: 9321/1: memset: cast the constant byte to unsigned char
- ext4: move 'ix' sanity check to corrent position
- ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not
described
- IB/mlx5: Fix rdma counter binding for RAW QP
- RDMA/hns: Fix uninitialized ucmd in hns_roce_create_qp_common()
- RDMA/hns: Fix signed-unsigned mixed comparisons
- RDMA/hns: The UD mode can only be configured with DCQCN
- ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe
- scsi: ufs: core: Leave space for '\0' in utf8 desc string
- RDMA/hfi1: Workaround truncation compilation error
- hid: cp2112: Fix IRQ shutdown stopping polling for all IRQs on chip
- sh: bios: Revive earlyprintk support
- Revert "HID: logitech-hidpp: add a module parameter to keep firmware
gestures"
- HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk
- HID: logitech-hidpp: Don't restart IO, instead defer hid_connect() only
- HID: logitech-hidpp: Revert "Don't restart communication if not necessary"
- HID: logitech-hidpp: Move get_wireless_feature_index() check to
hidpp_connect_event()
- ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails
- padata: Fix refcnt handling in padata_free_shell()
- crypto: qat - fix deadlock in backlog processing
- ASoC: ams-delta.c: use component after check
- mfd: core: Un-constify mfd_cell.of_reg
- mfd: core: Ensure disabled devices are skipped without aborting
- mfd: dln2: Fix double put in dln2_probe
- mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs
- leds: turris-omnia: Drop unnecessary mutex locking
- leds: turris-omnia: Do not use SMBUS calls
- leds: pwm: Don't disable the PWM when the LED should be off
- leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
- f2fs: compress: fix to avoid use-after-free on dic
- f2fs: compress: fix to avoid redundant compress extension
- tty: tty_jobctrl: fix pid memleak in disassociate_ctty()
- livepatch: Fix missing newline character in klp_resolve_symbols()
- dmaengine: idxd: Register dsa_bus_type before registering idxd sub-drivers
- usb: dwc2: fix possible NULL pointer dereference caused by driver
concurrency
- usb: chipidea: Fix DMA overwrite for Tegra
- usb: chipidea: Simplify Tegra DMA alignment code
- dmaengine: ti: edma: handle irq_of_parse_and_map() errors
- misc: st_core: Do not call kfree_skb() under spin_lock_irqsave()
- tools: iio: iio_generic_buffer ensure alignment
- USB: usbip: fix stub_dev hub disconnect
- dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc()
- f2fs: fix to initialize map.m_pblk in f2fs_precache_extents()
- powerpc: Only define __parse_fpscr() when required
- modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host
- powerpc/40x: Remove stale PTE_ATOMIC_UPDATES macro
- powerpc/xive: Fix endian conversion size
- powerpc/imc-pmu: Use the correct spinlock initializer.
- powerpc/pseries: fix potential memory leak in init_cpu_associativity()
- usb: host: xhci-plat: fix possible kernel oops while resuming
- perf machine: Avoid out of bounds LBR memory read
- perf hist: Add missing puts to hist__account_cycles
- 9p/net: fix possible memory leak in p9_check_errors()
- i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs
- cxl/mem: Fix shutdown order
- rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call
- pcmcia: cs: fix possible hung task and memory leak pccardd()
- pcmcia: ds: fix refcount leak in pcmcia_device_add()
- pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
- media: i2c: max9286: Fix some redundant of_node_put() calls
- media: bttv: fix use after free error due to btv->timeout timer
- media: s3c-camif: Avoid inappropriate kfree()
- media: vidtv: psi: Add check for kstrdup
- media: vidtv: mux: Add check and kfree for kstrdup
- media: cedrus: Fix clock/reset sequence
- media: dvb-usb-v2: af9035: fix missing unlock
- regmap: prevent noinc writes from clobbering cache
- pwm: sti: Reduce number of allocations and drop usage of chip_data
- pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume
- Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
- llc: verify mac len before reading mac header
- hsr: Prevent use after free in prp_create_tagged_frame()
- tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
- bpf: Check map->usercnt after timer->timer is assigned
- inet: shrink struct flowi_common
- octeontx2-pf: Fix error codes
- octeontx2-pf: Fix holes in error code
- dccp: Call security_inet_conn_request() after setting IPv4 addresses.
- dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses.
- Fix termination state for idr_for_each_entry_ul()
- net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs
- selftests: pmtu.sh: fix result checking
- net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT
- net/smc: allow cdc msg send rather than drop it with NULL sndbuf_desc
- net/smc: put sk reference if close work was canceled
- tg3: power down device only on SYSTEM_POWER_OFF
- block: remove unneeded return value of bio_check_ro()
- blk-core: use pr_warn_ratelimited() in bio_check_ro()
- r8169: respect userspace disabling IFF_MULTICAST
- i2c: iproc: handle invalid slave state
- netfilter: xt_recent: fix (increase) ipv6 literal buffer length
- netfilter: nft_redir: use `struct nf_nat_range2` throughout and deduplicate
eval call-backs
- netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses
- drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE
- ASoC: hdmi-codec: register hpd callback on component probe
- spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies
- fbdev: imsttfb: Fix error path of imsttfb_probe()
- fbdev: imsttfb: fix a resource leak in probe
- fbdev: fsl-diu-fb: mark wr_reg_wa() static
- tracing/kprobes: Fix the order of argument descriptions
- btrfs: use u64 for buffer sizes in the tree search ioctls
- Linux 5.15.139
* Jammy update: v5.15.138 upstream stable release (LP: #2049417)
- ASoC: codecs: wcd938x: fix resource leaks on bind errors
- ASoC: codecs: wcd938x: fix runtime PM imbalance on remove
- pinctrl: qcom: lpass-lpi: fix concurrent register updates
- tcp: remove dead code from tcp_sendmsg_locked()
- tcp: cleanup tcp_remove_empty_skb() use
- mptcp: more conservative check for zero probes
- mcb: Return actual parsed size when reading chameleon table
- mcb-lpc: Reallocate memory region to avoid memory overlapping
- virtio_balloon: Fix endless deflation and inflation on arm64
- virtio-mmio: fix memory leak of vm_dev
- vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE
- mm/page_alloc: correct start page when guard page debug is enabled
- mm/migrate: fix do_pages_move for compat pointers
- nfsd: lock_rename() needs both directories to live on the same fs
- drm/i915/pmu: Check if pmu is closed before stopping event
- vsock/virtio: factor our the code to initialize and delete VQs
- vsock/virtio: add support for device suspend/resume
- vsock/virtio: initialize the_virtio_vsock before using VQs
- drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper()
- firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels()
- r8169: fix the KCSAN reported data-race in rtl_tx() while reading tp->cur_tx
- r8169: fix the KCSAN reported data-race in rtl_tx while reading
TxDescArray[entry].opts1
- r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1
- i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value
- treewide: Spelling fix in comment
- igb: Fix potential memory leak in igb_add_ethtool_nfc_entry
- neighbour: fix various data-races
- igc: Fix ambiguity in the ethtool advertising
- net: ieee802154: adf7242: Fix some potential buffer overflow in
adf7242_stats_show()
- net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg
- r8152: Increase USB control msg timeout to 5000ms as per spec
- r8152: Run the unload routine if we have errors during probe
- r8152: Cancel hw_phy_work if we have an error in probe
- r8152: Release firmware if we have an error in probe
- tcp: fix wrong RTO timeout when received SACK reneging
- gtp: uapi: fix GTPA_MAX
- gtp: fix fragmentation needed check with gso
- i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR
- kasan: print the original fault addr when access invalid shadow
- iio: exynos-adc: request second interupt only when touchscreen mode is used
- iio: adc: xilinx-xadc: Don't clobber preset voltage/temperature thresholds
- iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale
- i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node()
- i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node()
- i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node()
- i2c: stm32f7: Fix PEC handling in case of SMBUS transfers
- i2c: aspeed: Fix i2c bus hang in slave read
- tracing/kprobes: Fix the description of variable length arguments
- misc: fastrpc: Clean buffers on remote invocation failures
- nvmem: imx: correct nregs for i.MX6ULL
- nvmem: imx: correct nregs for i.MX6SLL
- nvmem: imx: correct nregs for i.MX6UL
- perf/core: Fix potential NULL deref
- sparc32: fix a braino in fault handling in csum_and_copy_..._user()
- clk: Sanitize possible_parent_show to Handle Return Value of
of_clk_get_parent_name
- iio: afe: rescale: reorder includes
- iio: afe: rescale: expose scale processing function
- iio: afe: rescale: add offset support
- iio: afe: rescale: Accept only offset channels
- gve: Fix GFP flags when allocing pages
- x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility
- x86/mm: Simplify RESERVE_BRK()
- x86/mm: Fix RESERVE_BRK() for older binutils
- ext4: add two helper functions extent_logical_end() and pa_logical_end()
- ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
- ext4: avoid overlapping preallocations due to overflow
- objtool/x86: add missing embedded_insn check
- driver: platform: Add helper for safer setting of driver_override
- rpmsg: Constify local variable in field store macro
- rpmsg: Fix kfree() of static memory on setting driver_override
- rpmsg: Fix calling device_lock() on non-initialized device
- rpmsg: glink: Release driver_override
- rpmsg: Fix possible refcount leak in rpmsg_register_device_override()
- x86: Fix .brk attribute in linker script
- ASoC: simple-card: fixup asoc_simple_probe() error handling
- net: sched: cls_u32: Fix allocation size in u32_init()
- irqchip/riscv-intc: Mark all INTC nodes as initialized
- irqchip/stm32-exti: add missing DT IRQ flag translation
- dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe
- powerpc/85xx: Fix math emulation exception
- Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport
- fbdev: atyfb: only use ioremap_uc() on i386 and ia64
- fs/ntfs3: Add ckeck in ni_update_parent()
- fs/ntfs3: Write immediately updated ntfs state
- fs/ntfs3: Use kvmalloc instead of kmalloc(... __GFP_NOWARN)
- fs/ntfs3: Fix possible NULL-ptr-deref in ni_readpage_cmpr()
- fs/ntfs3: Fix NULL pointer dereference on error in attr_allocate_frame()
- fs/ntfs3: Fix directory element type detection
- fs/ntfs3: Avoid possible memory leak
- spi: npcm-fiu: Fix UMA reads when dummy.nbytes == 0
- netfilter: nfnetlink_log: silence bogus compiler warning
- ASoC: rt5650: fix the wrong result of key button
- drm/ttm: Reorder sys manager cleanup step
- fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit()
- scsi: mpt3sas: Fix in error path
- platform/mellanox: mlxbf-tmfifo: Fix a warning message
- net: chelsio: cxgb4: add an error code check in t4_load_phy_fw
- r8152: Check for unplug in rtl_phy_patch_request()
- r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en()
- powerpc/mm: Fix boot crash with FLATMEM
- can: isotp: set max PDU size to 64 kByte
- can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting
- can: isotp: check CAN address family in isotp_bind()
- can: isotp: handle wait_event_interruptible() return values
- can: isotp: add local echo tx processing and tx without FC
- can: isotp: isotp_bind(): do not validate unused address information
- can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior
- drm/amd: Move helper for dynamic speed switch check out of smu13
- drm/amd: Disable ASPM for VI w/ all Intel systems
- PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device
- usb: storage: set 1.50 as the lower bcdDevice for older "Super Top"
compatibility
- usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm()
- usb: raw-gadget: properly handle interrupted requests
- tty: n_gsm: fix race condition in status line change on dead connections
- tty: 8250: Remove UC-257 and UC-431
- tty: 8250: Add support for additional Brainboxes UC cards
- tty: 8250: Add support for Brainboxes UP cards
- tty: 8250: Add support for Intashield IS-100
- tty: 8250: Fix port count of PX-257
- tty: 8250: Fix up PX-803/PX-857
- tty: 8250: Add support for additional Brainboxes PX cards
- tty: 8250: Add support for Intashield IX cards
- tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks
- misc: pci_endpoint_test: Add deviceID for J721S2 PCIe EP device support
- ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection
- Linux 5.15.138
* Jammy update: v5.15.137 upstream stable release (LP: #2049350)
- lib/Kconfig.debug: do not enable DEBUG_PREEMPT by default
- Documentation: sysctl: align cells in second content column
- xfs: don't expose internal symlink metadata buffers to the vfs
- Bluetooth: hci_event: Ignore NULL link key
- Bluetooth: Reject connection with the device which has same BD_ADDR
- Bluetooth: Fix a refcnt underflow problem for hci_conn
- Bluetooth: vhci: Fix race when opening vhci device
- Bluetooth: hci_event: Fix coding style
- Bluetooth: avoid memcmp() out of bounds warning
- ice: fix over-shifted variable
- ice: reset first in crash dump kernels
- nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
- regmap: fix NULL deref on lookup
- KVM: x86: Mask LVTPC when handling a PMI
- tcp: check mptcp-level constraints for backlog coalescing
- fs/ntfs3: Fix possible null-pointer dereference in hdr_find_e()
- fs/ntfs3: fix panic about slab-out-of-bounds caused by ntfs_list_ea()
- fs/ntfs3: fix deadlock in mark_as_free_ex
- netfilter: nft_payload: fix wrong mac header matching
- drm/i915: Retry gtt fault when out of fence registers
- ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind
- ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors
- ASoC: codecs: wcd938x: drop bogus bind error handling
- ASoC: codecs: wcd938x: fix unbind tear down order
- qed: fix LL2 RX buffer allocation
- xfrm: fix a data-race in xfrm_gen_index()
- xfrm: interface: use DEV_STATS_INC()
- net: ipv4: fix return value check in esp_remove_trailer
- net: ipv6: fix return value check in esp_remove_trailer
- net: rfkill: gpio: prevent value glitch during probe
- tcp: fix excessive TLP and RACK timeouts from HZ rounding
- tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb
- tun: prevent negative ifindex
- ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset()
- i40e: prevent crash on probe if hw registers have invalid values
- net: dsa: bcm_sf2: Fix possible memory leak in bcm_sf2_mdio_register()
- bonding: Return pointer to data after pull on skb
- net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve
- neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section
- netfilter: nft_set_rbtree: .deactivate fails if element has expired
- netfilter: nf_tables: do not remove elements if set backend implements
.abort
- netfilter: nf_tables: revert do not remove elements if set backend
implements .abort
- net: pktgen: Fix interface flags printing
- selftests/mm: fix awk usage in charge_reserved_hugetlb.sh and
hugetlb_reparenting_test.sh that may cause error
- serial: 8250: omap: Fix imprecise external abort for omap_8250_pm()
- serial: 8250_omap: Fix errors with no_console_suspend
- iio: Un-inline iio_buffer_enabled()
- iio: core: Hide read accesses to iio_dev->currentmode
- iio: core: introduce iio_device_{claim|release}_buffer_mode() APIs
- iio: cros_ec: fix an use-after-free in cros_ec_sensors_push_data()
- iio: adc: ad7192: Correct reference voltage
- perf: Add irq and exception return branch types
- perf/x86: Move branch classifier
- perf/x86/lbr: Filter vsyscall addresses
- drm/atomic-helper: relax unregistered connector check
- powerpc/32s: Remove capability to disable KUEP at boottime
- powerpc/32s: Do kuep_lock() and kuep_unlock() in assembly
- powerpc/47x: Fix 47x syscall return crash
- mctp: Allow local delivery to the null EID
- mctp: perform route lookups under a RCU read-side lock
- nfp: flower: avoid rmmod nfp crash issues
- ksmbd: not allow to open file if delelete on close bit is set
- ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone
- fs-writeback: do not requeue a clean inode having skipped pages
- btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1
- btrfs: initialize start_slot in btrfs_log_prealloc_extents
- i2c: mux: Avoid potential false error message in i2c_mux_add_adapter
- overlayfs: set ctime when setting mtime and atime
- gpio: timberdale: Fix potential deadlock on &tgpio->lock
- ata: libata-core: Fix compilation warning in ata_dev_config_ncq()
- ata: libata-eh: Fix compilation warning in ata_eh_link_report()
- tracing: relax trace_event_eval_update() execution with cond_resched()
- wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len
- wifi: iwlwifi: Ensure ack flag is properly cleared.
- HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event
- Bluetooth: btusb: add shutdown function for QCA6174
- Bluetooth: Avoid redundant authentication
- Bluetooth: hci_core: Fix build warnings
- wifi: cfg80211: Fix 6GHz scan configuration
- wifi: mac80211: allow transmitting EAPOL frames with tainted key
- wifi: cfg80211: avoid leaking stack data into trace
- regulator/core: Revert "fix kobject release warning and memory leak in
regulator_register()"
- sky2: Make sure there is at least one frag_addr available
- ipv4/fib: send notify when delete source address routes
- drm: panel-orientation-quirks: Add quirk for One Mix 2S
- btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c
- btrfs: error out when COWing block using a stale transaction
- btrfs: error when COWing block from a root that is being deleted
- btrfs: error out when reallocating block for defrag using a stale
transaction
- HID: multitouch: Add required quirk for Synaptics 0xcd7e device
- platform/x86: touchscreen_dmi: Add info for the Positivo C4128B
- net/mlx5: Handle fw tracer change ownership event based on MTRC
- Bluetooth: hci_event: Fix using memcmp when comparing keys
- net: introduce a function to check if a netdev name is in use
- net: move from strlcpy with unused retval to strscpy
- net: fix ifname in netlink ntf during netns move
- mtd: rawnand: qcom: Unmap the right resource upon probe failure
- mtd: rawnand: pl353: Ensure program page operations are successful
- mtd: rawnand: marvell: Ensure program page operations are successful
- mtd: rawnand: arasan: Ensure program page operations are successful
- mtd: spinand: micron: correct bitmask for ecc status
- mtd: physmap-core: Restore map_rom fallback
- mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw
- mmc: core: sdio: hold retuning if sdio in 1-bit mode
- pNFS: Fix a hang in nfs4_evict_inode()
- NFSv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server
- ACPI: irq: Fix incorrect return value in acpi_register_gsi()
- nvme-pci: add BOGUS_NID for Intel 0a54 device
- nvme-rdma: do not try to stop unallocated queues
- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition
- USB: serial: option: add entry for Sierra EM9191 with new firmware
- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL
- s390/pci: fix iommu bitmap allocation
- selftests/ftrace: Add new test case which checks non unique symbol
- s390/cio: fix a memleak in css_alloc_subchannel
- platform/surface: platform_profile: Propagate error if profile registration
fails
- platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
- platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events
- gpio: vf610: set value before the direction to avoid a glitch
- ASoC: pxa: fix a memory leak in probe()
- serial: 8250: omap: Move uart_write() inside PM section
- phy: mapphone-mdm6600: Fix runtime disable on probe
- phy: mapphone-mdm6600: Fix runtime PM for remove
- phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event
- Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
- xfrm6: fix inet6_dev refcount underflow problem
- Linux 5.15.137
* CVE-2023-51782
- net/rose: Fix Use-After-Free in rose_ioctl
* CVE-2023-51779
- Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
* CVE-2023-22995
- usb: dwc3: dwc3-qcom: Add missing platform_device_put() in
dwc3_qcom_acpi_register_core
* CVE-2023-4134
- Input: cyttsp4_core - change del_timer_sync() to timer_shutdown_sync()
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
Date: 2024-03-12 12:38:10.008750+00:00
Changed-By: Kuba Pawlak <kuba.pawlak at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1053.58
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list