[ubuntu/lunar-security] linux-raspi 6.2.0-1010.12 (Accepted)

Andy Whitcroft apw at canonical.com
Fri Aug 11 08:19:14 UTC 2023


linux-raspi (6.2.0-1010.12) lunar; urgency=medium

  * lunar/linux-raspi: 6.2.0-1010.12 -proposed tracker (LP: #2026484)

  [ Ubuntu: 6.2.0-27.28 ]

  * lunar/linux: 6.2.0-27.28 -proposed tracker (LP: #2026488)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] update annotations scripts
  * CVE-2023-2640 // CVE-2023-32629
    - Revert "UBUNTU: SAUCE: overlayfs: handle idmapped mounts in
      ovl_do_(set|remove)xattr"
    - Revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for
      trusted.overlayfs.* xattrs"
    - SAUCE: overlayfs: default to userxattr when mounted from non initial user
      namespace
  * UNII-4 5.9G Band support request on 8852BE (LP: #2023952)
    - wifi: rtw89: 8851b: add 8851B basic chip_info
    - wifi: rtw89: introduce realtek ACPI DSM method
    - wifi: rtw89: regd: judge UNII-4 according to BIOS and chip
    - wifi: rtw89: support U-NII-4 channels on 5GHz band
  * Disable hv-kvp-daemon if /dev/vmbus/hv_kvp is not present (LP: #2024900)
    - [Packaging] disable hv-kvp-daemon if needed
  * A deadlock issue in scsi rescan task while resuming from S3 (LP: #2018566)
    - ata: libata-scsi: Avoid deadlock on rescan after device resume
  * [SRU] Intel Sapphire Rapids HBM support needs CONFIG_NUMA_EMU (LP: #2008745)
    - [Config] Intel Sapphire Rapids HBM support needs CONFIG_NUMA_EMU
  * Lunar update: v6.2.15 upstream stable release (LP: #2025067)
    - ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15
    - ASoC: Intel: soc-acpi: add table for Intel 'Rooks County' NUC M15
    - ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm
    - x86/hyperv: Block root partition functionality in a Confidential VM
    - ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx
      (8A22)
    - iio: adc: palmas_gpadc: fix NULL dereference on rmmod
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750
    - ASoC: da7213.c: add missing pm_runtime_disable()
    - net: wwan: t7xx: do not compile with -Werror
    - wifi: mt76: mt7921: Fix use-after-free in fw features query.
    - selftests mount: Fix mount_setattr_test builds failed
    - scsi: mpi3mr: Handle soft reset in progress fault code (0xF002)
    - net: sfp: add quirk enabling 2500Base-x for HG MXPD-483II
    - platform/x86: thinkpad_acpi: Add missing T14s Gen1 type to s2idle quirk list
    - wifi: ath11k: reduce the MHI timeout to 20s
    - tracing: Error if a trace event has an array for a __field()
    - asm-generic/io.h: suppress endianness warnings for readq() and writeq()
    - asm-generic/io.h: suppress endianness warnings for relaxed accessors
    - x86/cpu: Add model number for Intel Arrow Lake processor
    - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset
    - ASoC: amd: ps: update the acp clock source.
    - arm64: Always load shadow stack pointer directly from the task struct
    - arm64: Stash shadow stack pointer in the task struct on interrupt
    - powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU
    - PCI: kirin: Select REGMAP_MMIO
    - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock
    - PCI: qcom: Fix the incorrect register usage in v2.7.0 config
    - bus: mhi: host: pci_generic: Revert "Add a secondary AT port to Telit FN990"
    - phy: qcom-qmp-pcie: sc8180x PCIe PHY has 2 lanes
    - IMA: allow/fix UML builds
    - wifi: rtw88: usb: fix priority queue to endpoint mapping
    - usb: gadget: udc: core: Invoke usb_gadget_connect only when started
    - usb: gadget: udc: core: Prevent redundant calls to pullup
    - usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive
    - USB: dwc3: fix runtime pm imbalance on probe errors
    - USB: dwc3: fix runtime pm imbalance on unbind
    - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write
    - hwmon: (adt7475) Use device_property APIs when configuring polarity
    - tpm: Add !tpm_amd_is_rng_defective() to the hwrng_unregister() call site
    - posix-cpu-timers: Implement the missing timer_wait_running callback
    - media: ov8856: Do not check for for module version
    - drm/vmwgfx: Fix Legacy Display Unit atomic drm support
    - blk-stat: fix QUEUE_FLAG_STATS clear
    - blk-mq: release crypto keyslot before reporting I/O complete
    - blk-crypto: make blk_crypto_evict_key() return void
    - blk-crypto: make blk_crypto_evict_key() more robust
    - staging: iio: resolver: ads1210: fix config mode
    - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
    - xhci: fix debugfs register accesses while suspended
    - serial: fix TIOCSRS485 locking
    - serial: 8250: Fix serial8250_tx_empty() race with DMA Tx
    - serial: max310x: fix IO data corruption in batched operations
    - tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem
    - fs: fix sysctls.c built
    - MIPS: fw: Allow firmware to pass a empty env
    - ipmi:ssif: Add send_retries increment
    - ipmi: fix SSIF not responding under certain cond.
    - iio: addac: stx104: Fix race condition when converting analog-to-digital
    - iio: addac: stx104: Fix race condition for stx104_write_raw()
    - kheaders: Use array declaration instead of char
    - wifi: mt76: add missing locking to protect against concurrent rx/status
      calls
    - wifi: rtw89: correct 5 MHz mask setting
    - pwm: meson: Fix axg ao mux parents
    - pwm: meson: Fix g12a ao clk81 name
    - soundwire: qcom: correct setting ignore bit on v1.5.1
    - pinctrl: qcom: lpass-lpi: set output value before enabling output
    - ring-buffer: Ensure proper resetting of atomic variables in
      ring_buffer_reset_online_cpus
    - ring-buffer: Sync IRQ works before buffer destruction
    - crypto: api - Demote BUG_ON() in crypto_unregister_alg() to a WARN_ON()
    - crypto: safexcel - Cleanup ring IRQ workqueues on load failure
    - crypto: arm64/aes-neonbs - fix crash with CFI enabled
    - crypto: testmgr - fix RNG performance in fuzz tests
    - crypto: ccp - Don't initialize CCP for PSP 0x1649
    - rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-
      ed
    - reiserfs: Add security prefix to xattr name in reiserfs_security_write()
    - cpufreq: qcom-cpufreq-hw: fix double IO unmap and resource release on exit
    - KVM: x86/pmu: Disallow legacy LBRs if architectural LBRs are available
    - KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
    - KVM: arm64: Avoid vcpu->mutex v. kvm->lock inversion in CPU_ON
    - KVM: arm64: Avoid lock inversion when setting the VM register width
    - KVM: arm64: Use config_lock to protect data ordered against KVM_RUN
    - KVM: arm64: Use config_lock to protect vgic state
    - KVM: arm64: vgic: Don't acquire its_lock before config_lock
    - relayfs: fix out-of-bounds access in relay_file_read
    - drm/amd/display: Remove stutter only configurations
    - drm/amd/display: limit timing for single dimm memory
    - drm/amd/display: fix PSR-SU/DSC interoperability support
    - drm/amd/display: fix a divided-by-zero error
    - KVM: RISC-V: Retry fault if vma_lookup() results become invalid
    - ksmbd: fix racy issue under cocurrent smb2 tree disconnect
    - ksmbd: call rcu_barrier() in ksmbd_server_exit()
    - ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem()
    - ksmbd: fix memleak in session setup
    - ksmbd: not allow guest user on multichannel
    - ksmbd: fix deadlock in ksmbd_find_crypto_ctx()
    - ACPI: video: Remove acpi_backlight=video quirk for Lenovo ThinkPad W530
    - i2c: omap: Fix standard mode false ACK readings
    - riscv: mm: remove redundant parameter of create_fdt_early_page_table
    - tracing: Fix permissions for the buffer_percent file
    - drm/amd/pm: re-enable the gfx imu when smu resume
    - iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE
    - RISC-V: Align SBI probe implementation with spec
    - Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path"
    - ubifs: Fix memleak when insert_old_idx() failed
    - ubi: Fix return value overwrite issue in try_write_vid_and_data()
    - ubifs: Free memory for tmpfile name
    - ubifs: Fix memory leak in do_rename
    - ceph: fix potential use-after-free bug when trimming caps
    - fs: dlm: fix DLM_IFL_CB_PENDING gets overwritten
    - xfs: don't consider future format versions valid
    - cxl/hdm: Fail upon detecting 0-sized decoders
    - bus: mhi: host: Remove duplicate ee check for syserr
    - bus: mhi: host: Use mhi_tryset_pm_state() for setting fw error state
    - bus: mhi: host: Range check CHDBOFF and ERDBOFF
    - ASoC: dt-bindings: qcom,lpass-rx-macro: correct minItems for clocks
    - kunit: fix bug in the order of lines in debugfs logs
    - rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check
    - selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem
    - selftests/resctrl: Move ->setup() call outside of test specific branches
    - selftests/resctrl: Allow ->setup() to return errors
    - selftests/resctrl: Check for return value after write_schemata()
    - selinux: fix Makefile dependencies of flask.h
    - selinux: ensure av_permissions.h is built when needed
    - tpm, tpm_tis: Do not skip reset of original interrupt vector
    - tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register
    - tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed
    - tpm, tpm_tis: Claim locality before writing interrupt registers
    - tpm, tpm: Implement usage counter for locality
    - tpm, tpm_tis: Claim locality when interrupts are reenabled on resume
    - erofs: stop parsing non-compact HEAD index if clusterofs is invalid
    - erofs: initialize packed inode after root inode is assigned
    - erofs: fix potential overflow calculating xattr_isize
    - drm/rockchip: Drop unbalanced obj unref
    - drm/i915/dg2: Drop one PCI ID
    - drm/vgem: add missing mutex_destroy
    - drm/probe-helper: Cancel previous job before starting new one
    - drm/amdgpu: register a vga_switcheroo client for MacBooks with apple-gmux
    - tools/x86/kcpuid: Fix avx512bw and avx512lvl fields in Fn00000007
    - soc: ti: k3-ringacc: Add try_module_get() to k3_dmaring_request_dual_ring()
    - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe
    - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table
    - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table
    - arm64: dts: renesas: r9a07g044: Update IRQ numbers for SSI channels
    - arm64: dts: renesas: r9a07g054: Update IRQ numbers for SSI channels
    - arm64: dts: renesas: r9a07g043: Update IRQ numbers for SSI channels
    - drm/mediatek: dp: Only trigger DRM HPD events if bridge is attached
    - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release
      shared resources
    - EDAC/skx: Fix overflows on the DRAM row address mapping arrays
    - ARM: dts: qcom-apq8064: Fix opp table child name
    - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since
      booted
    - arm64: dts: ti: k3-am62-main: Fix GPIO numbers in DT
    - arm64: dts: ti: k3-am62a7-sk: Fix DDR size to full 4GB
    - arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property
    - arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name
    - arm64: dts: broadcom: bcmbca: bcm4908: fix LED nodenames
    - arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename
    - arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name
    - arm64: dts: qcom: sc7280: fix EUD port properties
    - arm64: dts: qcom: sdm845: correct dynamic power coefficients
    - arm64: dts: qcom: sdm845: Fix the PCI I/O port range
    - arm64: dts: qcom: msm8998: Fix the PCI I/O port range
    - arm64: dts: qcom: sc7280: Fix the PCI I/O port range
    - arm64: dts: qcom: ipq8074: Fix the PCI I/O port range
    - arm64: dts: qcom: ipq6018: Add/remove some newlines
    - arm64: dts: qcom: ipq6018: Fix the PCI I/O port range
    - arm64: dts: qcom: msm8996: Fix the PCI I/O port range
    - arm64: dts: qcom: sm8250: Fix the PCI I/O port range
    - arm64: dts: qcom: sc8280xp: Fix the PCI I/O port range
    - arm64: dts: qcom: sm8150: Fix the PCI I/O port range
    - arm64: dts: qcom: sm8450: Fix the PCI I/O port range
    - ARM: dts: qcom: ipq4019: Fix the PCI I/O port range
    - ARM: dts: qcom: ipq8064: Fix the PCI I/O port range
    - arm64: dts: qcom: msm8976: Add and provide xo clk to rpmcc
    - ARM: dts: qcom: sdx55: Fix the unit address of PCIe EP node
    - x86/MCE/AMD: Use an u64 for bank_map
    - media: bdisp: Add missing check for create_workqueue
    - media: platform: mtk-mdp3: Add missing check and free for ida_alloc
    - media: amphion: decoder implement display delay enable
    - media: av7110: prevent underflow in write_ts_to_decoder()
    - firmware: qcom_scm: Clear download bit during reboot
    - drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535
    - media: max9286: Free control handler
    - accel: Link to compute accelerator subsystem intro
    - arm64: dts: ti: k3-am625: Correct L2 cache size to 512KB
    - arm64: dts: ti: k3-am62a7: Correct L2 cache size to 512KB
    - drm/msm/adreno: drop bogus pm_runtime_set_active()
    - drm: msm: adreno: Disable preemption on Adreno 510
    - virt/coco/sev-guest: Double-buffer messages
    - arm64: dts: qcom: sm8350-microsoft-surface: fix USB dual-role mode property
    - drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known
      override-init warnings
    - ACPI: processor: Fix evaluating _PDC method when running as Xen dom0
    - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data
    - arm64: dts: qcom: sm8450: fix pcie1 gpios properties name
    - drm: rcar-du: Fix a NULL vs IS_ERR() bug
    - ARM: dts: gta04: fix excess dma channel usage
    - firmware: arm_scmi: Fix xfers allocation on Rx channel
    - perf/arm-cmn: Move overlapping wp_combine field
    - perf/amlogic: Fix config1/config2 parsing issue
    - ARM: dts: stm32: fix spi1 pin assignment on stm32mp15
    - arm64: dts: apple: t8103: Disable unused PCIe ports
    - cpufreq: mediatek: fix passing zero to 'PTR_ERR'
    - cpufreq: mediatek: fix KP caused by handler usage after
      regulator_put/clk_put
    - cpufreq: mediatek: raise proc/sram max voltage for MT8516
    - cpufreq: mediatek: Raise proc and sram max voltage for MT7622/7623
    - cpufreq: qcom-cpufreq-hw: Revert adding cpufreq qos
    - arm64: dts: mediatek: mt8192-asurada: Fix voltage constraint for Vgpu
    - ACPI: VIOT: Initialize the correct IOMMU fwspec
    - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe()
    - drm/mediatek: dp: Change the aux retries times when receiving AUX_DEFER
    - mailbox: mpfs: switch to txdone_poll
    - soc: bcm: brcmstb: biuctrl: fix of_iomap leak
    - soc: renesas: renesas-soc: Release 'chipid' from ioremap()
    - gpu: host1x: Fix potential double free if IOMMU is disabled
    - gpu: host1x: Fix memory leak of device names
    - arm64: dts: qcom: sc7280-herobrine-villager: correct trackpad supply
    - arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply
    - arm64: dts: qcom: sc7180-trogdor-pazquel: correct trackpad supply
    - arm64: dts: qcom: msm8998-oneplus-cheeseburger: revert "fix backlight pin
      function"
    - arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator
    - arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994
      regulator
    - arm64: dts: qcom: apq8096-db820c: drop unit address from PMI8994 regulator
    - drm/ttm/pool: Fix ttm_pool_alloc error path
    - regulator: core: Consistently set mutex_owner when using
      ww_mutex_lock_slow()
    - regulator: core: Avoid lockdep reports when resolving supplies
    - x86/apic: Fix atomic update of offset in reserve_eilvt_offset()
    - soc: qcom: rpmh-rsc: Support RSC v3 minor versions
    - arm64: dts: qcom: msm8994-angler: Fix cont_splash_mem mapping
    - arm64: dts: qcom: msm8994-angler: removed clash with smem_region
    - arm64: dts: sc7180: Rename qspi data12 as data23
    - arm64: dts: sc7280: Rename qspi data12 as data23
    - arm64: dts: sdm845: Rename qspi data12 as data23
    - media: mtk-jpeg: Fixes jpeghw multi-core judgement
    - media: mtk-jpeg: Fixes jpeg enc&dec worker sw flow
    - media: mediatek: vcodec: Use 4K frame size when supported by stateful
      decoder
    - media: mediatek: vcodec: Make MM21 the default capture format
    - media: mediatek: vcodec: Force capture queue format to MM21
    - media: mediatek: vcodec: add params to record lat and core lat_buf count
    - media: mediatek: vcodec: using each instance lat_buf count replace core
      ready list
    - media: mediatek: vcodec: move lat_buf to the top of core list
    - media: mediatek: vcodec: add core decode done event
    - media: mediatek: vcodec: remove unused lat_buf
    - media: mediatek: vcodec: making sure queue_work successfully
    - media: mediatek: vcodec: change lat thread decode error condition
    - media: cedrus: fix use after free bug in cedrus_remove due to race condition
    - media: rkvdec: fix use after free bug in rkvdec_remove
    - platform/x86/amd/pmf: Move out of BIOS SMN pair for driver probe
    - platform/x86/amd: pmc: Don't try to read SMU version on Picasso
    - platform/x86/amd: pmc: Hide SMU version and program attributes for Picasso
    - platform/x86/amd: pmc: Don't dump data after resume from s0i3 on picasso
    - platform/x86/amd: pmc: Move idlemask check into `amd_pmc_idlemask_read`
    - platform/x86/amd: pmc: Utilize SMN index 0 for driver probe
    - platform/x86/amd: pmc: Move out of BIOS SMN pair for STB init
    - media: dm1105: Fix use after free bug in dm1105_remove due to race condition
    - media: saa7134: fix use after free bug in saa7134_finidev due to race
      condition
    - media: platform: mtk-mdp3: fix potential frame size overflow in
      mdp_try_fmt_mplane()
    - media: vsp1: Replace vb2_is_streaming() with vb2_start_streaming_called()
    - platform: Provide a remove callback that returns no value
    - media: rcar_fdp1: Convert to platform remove callback returning void
    - media: rcar_fdp1: Fix refcount leak in probe and remove function
    - media: v4l: async: Return async sub-devices to subnotifier list
    - media: hi846: Fix memleak in hi846_init_controls()
    - drm/amd/display: Fix potential null dereference
    - media: rc: gpio-ir-recv: Fix support for wake-up
    - media: venus: dec: Fix handling of the start cmd
    - media: venus: dec: Fix capture formats enumeration order
    - regulator: stm32-pwr: fix of_iomap leak
    - x86/ioapic: Don't return 0 from arch_dynirq_lower_bound()
    - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
    - perf/arm-cmn: Fix port detection for CMN-700
    - media: mediatek: vcodec: fix decoder disable pm crash
    - media: mediatek: vcodec: add remove function for decoder platform driver
    - debugobject: Prevent init race with static objects
    - drm/i915: Make intel_get_crtc_new_encoder() less oopsy
    - tick/common: Align tick period with the HZ tick.
    - ACPI: bus: Ensure that notify handlers are not running after removal
    - cpufreq: use correct unit when verify cur freq
    - rpmsg: glink: Propagate TX failures in intentless mode as well
    - hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E
    - platform/chrome: cros_typec_switch: Add missing fwnode_handle_put()
    - wifi: ath6kl: minor fix for allocation size
    - wifi: ath9k: hif_usb: fix memory leak of remain_skbs
    - wifi: ath11k: Use platform_get_irq() to get the interrupt
    - wifi: ath5k: Use platform_get_irq() to get the interrupt
    - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list()
    - wifi: ath11k: fix SAC bug on peer addition with sta band migration
    - wifi: rtl8xxxu: Remove always true condition in rtl8xxxu_print_chipinfo
    - wifi: brcmfmac: support CQM RSSI notification with older firmware
    - wifi: ath6kl: reduce WARN to dev_dbg() in callback
    - tools: bpftool: Remove invalid \' json escape
    - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser()
    - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch()
    - bpf: take into account liveness when propagating precision
    - bpf: fix precision propagation verbose logging
    - crypto: qat - fix concurrency issue when device state changes
    - scm: fix MSG_CTRUNC setting condition for SO_PASSSEC
    - wifi: ath11k: fix deinitialization of firmware resources
    - selftests/bpf: Fix a fd leak in an error path in network_helpers.c
    - bpf: Remove misleading spec_v1 check on var-offset stack read
    - net: pcs: xpcs: remove double-read of link state when using AN
    - vlan: partially enable SIOCSHWTSTAMP in container
    - net/packet: annotate accesses to po->xmit
    - net/packet: convert po->origdev to an atomic flag
    - net/packet: convert po->auxdata to an atomic flag
    - libbpf: Fix ld_imm64 copy logic for ksym in light skeleton.
    - net: dsa: qca8k: remove assignment of an_enabled in pcs_get_state()
    - netfilter: keep conntrack reference until IPsecv6 policy checks are done
    - bpf: return long from bpf_map_ops funcs
    - bpf: Fix __reg_bound_offset 64->32 var_off subreg propagation
    - scsi: target: Move sess cmd counter to new struct
    - scsi: target: Move cmd counter allocation
    - scsi: target: Pass in cmd counter to use during cmd setup
    - scsi: target: iscsit: isert: Alloc per conn cmd counter
    - scsi: target: iscsit: Stop/wait on cmds during conn close
    - scsi: target: Fix multiple LUN_RESET handling
    - scsi: target: iscsit: Fix TAS handling during conn cleanup
    - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS
    - net: sunhme: Fix uninitialized return code
    - f2fs: handle dqget error in f2fs_transfer_project_quota()
    - f2fs: fix uninitialized skipped_gc_rwsem
    - f2fs: apply zone capacity to all zone type
    - f2fs: compress: fix to call f2fs_wait_on_page_writeback() in
      f2fs_write_raw_pages()
    - f2fs: fix scheduling while atomic in decompression path
    - crypto: caam - Clear some memory in instantiate_rng
    - crypto: sa2ul - Select CRYPTO_DES
    - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg()
    - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg()
    - scsi: hisi_sas: Handle NCQ error when IPTT is valid
    - wifi: rt2x00: Fix memory leak when handling surveys
    - bpf: rename list_head -> graph_root in field info types
    - bpf: Add __bpf_kfunc tag for marking kernel functions as kfuncs
    - bpf: Migrate release_on_unlock logic to non-owning ref semantics
    - bpf: Add basic bpf_rb_{root,node} support
    - bpf: Add bpf_rbtree_{add,remove,first} kfuncs
    - bpf: Add support for bpf_rb_root and bpf_rb_node in kfunc args
    - bpf: Add callback validation to kfunc verifier logic
    - bpf: factor out fetching basic kfunc metadata
    - bpf: Fix struct_meta lookup for bpf_obj_free_fields kfunc call
    - f2fs: fix iostat lock protection
    - net: qrtr: correct types of trace event parameters
    - selftests: xsk: Use correct UMEM size in testapp_invalid_desc
    - selftests: xsk: Disable IPv6 on VETH1
    - selftests: xsk: Deflakify STATS_RX_DROPPED test
    - selftests/bpf: Wait for receive in cg_storage_multi test
    - bpftool: Fix bug for long instructions in program CFG dumps
    - crypto: drbg - Only fail when jent is unavailable in FIPS mode
    - xsk: Fix unaligned descriptor validation
    - f2fs: fix to avoid use-after-free for cached IPU bio
    - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table
    - bpf/btf: Fix is_int_ptr()
    - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()
    - net: ethernet: stmmac: dwmac-rk: rework optional clock handling
    - net: ethernet: stmmac: dwmac-rk: fix optional phy regulator handling
    - wifi: ath11k: fix writing to unintended memory region
    - bpf, sockmap: fix deadlocks in the sockhash and sockmap
    - nvmet: fix error handling in nvmet_execute_identify_cns_cs_ns()
    - nvmet: fix Identify Namespace handling
    - nvmet: fix Identify Controller handling
    - nvmet: fix Identify Active Namespace ID list handling
    - nvmet: fix I/O Command Set specific Identify Controller
    - nvme: fix async event trace event
    - nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage"
    - selftests/bpf: Use read_perf_max_sample_freq() in perf_event_stackmap
    - selftests/bpf: Fix leaked bpf_link in get_stackid_cannot_attach
    - blk-mq: don't plug for head insertions in blk_execute_rq_nowait
    - wifi: iwlwifi: debug: fix crash in __iwl_err()
    - wifi: iwlwifi: mvm: fix A-MSDU checks
    - wifi: iwlwifi: trans: don't trigger d3 interrupt twice
    - wifi: iwlwifi: mvm: don't set CHECKSUM_COMPLETE for unsupported protocols
    - bpf, sockmap: Revert buggy deadlock fix in the sockhash and sockmap
    - f2fs: fix to check return value of f2fs_do_truncate_blocks()
    - f2fs: fix to check return value of inc_valid_block_count()
    - md/raid10: fix task hung in raid10d
    - md/raid10: fix leak of 'r10bio->remaining' for recovery
    - md/raid10: fix memleak for 'conf->bio_split'
    - md/raid10: fix memleak of md thread
    - md/raid10: don't call bio_start_io_acct twice for bio which experienced read
      error
    - wifi: iwlwifi: mvm: don't drop unencrypted MCAST frames
    - wifi: iwlwifi: yoyo: skip dump correctly on hw error
    - wifi: iwlwifi: yoyo: Fix possible division by zero
    - wifi: iwlwifi: mvm: initialize seq variable
    - wifi: iwlwifi: fw: move memset before early return
    - jdb2: Don't refuse invalidation of already invalidated buffers
    - io_uring/rsrc: use nospec'ed indexes
    - wifi: iwlwifi: make the loop for card preparation effective
    - wifi: mt76: remove redundent MCU_UNI_CMD_* definitions
    - wifi: mt76: mt7921: fix wrong command to set STA channel
    - wifi: mt76: mt7921: fix PCI DMA hang after reboot
    - wifi: mt76: mt7915: unlock on error in mt7915_thermal_temp_store()
    - wifi: mt76: mt7996: fix radiotap bitfield
    - wifi: mt76: mt7915: expose device tree match table
    - wifi: mt76: mt7915: add error message in
      mt7915_thermal_set_cur_throttle_state()
    - wifi: mt76: mt7915: rework init flow in mt7915_thermal_init()
    - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work
    - wifi: mt76: mt7996: let non-bufferable MMPDUs use correct hw queue
    - wifi: mt76: mt7996: fix pointer calculation in ie countdown event
    - wifi: mt76: mt7996: fix eeprom tx path bitfields
    - wifi: mt76: add flexible polling wait-interval support
    - wifi: mt76: mt7921e: fix probe timeout after reboot
    - wifi: mt76: fix 6GHz high channel not be scanned
    - mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data
    - wifi: mt76: mt7921: fix missing unwind goto in `mt7921u_probe`
    - wifi: mt76: mt7921e: improve reliability of dma reset
    - wifi: mt76: mt7921e: stop chip reset worker in unregister hook
    - wifi: mt76: connac: fix txd multicast rate setting
    - wifi: iwlwifi: mvm: check firmware response size
    - netfilter: conntrack: restore IPS_CONFIRMED out of
      nf_conntrack_hash_check_insert()
    - wifi: mt76: mt7996: rely on mt76_connac_txp_common structure
    - wifi: mt76: mt7996: fill txd by host driver
    - netfilter: conntrack: fix wrong ct->timeout value
    - wifi: iwlwifi: fw: fix memory leak in debugfs
    - ixgbe: Allow flow hash to be set via ethtool
    - ixgbe: Enable setting RSS table to default values
    - net/mlx5e: Don't clone flow post action attributes second time
    - net/mlx5: E-switch, Create per vport table based on devlink encap mode
    - net/mlx5: E-switch, Don't destroy indirect table in split rule
    - net/mlx5e: Fix error flow in representor failing to add vport rx rule
    - net/mlx5: Remove "recovery" arg from mlx5_load_one() function
    - net/mlx5: Suspend auxiliary devices only in case of PCI device suspend
    - Revert "net/mlx5: Remove "recovery" arg from mlx5_load_one() function"
    - net/mlx5: Use recovery timeout on sync reset flow
    - net/mlx5e: Nullify table pointer when failing to create
    - Revert "net/mlx5e: Don't use termination table when redundant"
    - net: stmmac:fix system hang when setting up tag_8021q VLAN for DSA ports
    - bpf: Fix race between btf_put and btf_idr walk.
    - bpf: Don't EFAULT for getsockopt with optval=NULL
    - netfilter: nf_tables: don't write table validation state without mutex
    - net: dpaa: Fix uninitialized variable in dpaa_stop()
    - net/sched: sch_fq: fix integer overflow of "credit"
    - ipv4: Fix potential uninit variable access bug in __ip_make_skb()
    - rxrpc: Fix error when reading rxrpc tokens
    - Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to
      unfinished work"
    - netlink: Use copy_to_user() for optval in netlink_getsockopt().
    - net: amd: Fix link leak when verifying config failed
    - tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.
    - ipmi: ASPEED_BT_IPMI_BMC: select REGMAP_MMIO instead of depending on it
    - ASoC: cs35l41: Only disable internal boost
    - drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler()
    - drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler()
    - pstore: Revert pmsg_lock back to a normal mutex
    - usb: host: xhci-rcar: remove leftover quirk handling
    - usb: dwc3: gadget: Change condition for processing suspend event
    - serial: stm32: Re-assert RTS/DE GPIO in RS485 mode only if more data are
      transmitted
    - fpga: bridge: fix kernel-doc parameter description
    - iommufd/selftest: Catch overflow of uptr and length
    - iio: light: max44009: add missing OF device matching
    - serial: 8250_bcm7271: Fix arbitration handling
    - spi: atmel-quadspi: Don't leak clk enable count in pm resume
    - spi: atmel-quadspi: Free resources even if runtime resume failed in
      .remove()
    - spi: imx: Don't skip cleanup in remove's error path
    - interconnect: qcom: drop obsolete OSM_L3/EPSS defines
    - interconnect: qcom: osm-l3: drop unuserd header inclusion
    - spi: f_ospi: Add missing spi_mem_default_supports_op() helper
    - module/decompress: Never use kunmap() for local un-mappings
    - usb: gadget: udc: renesas_usb3: Fix use after free bug in
      renesas_usb3_remove due to race condition
    - ASoC: soc-compress: Inherit atomicity from DAI link for Compress FE
    - PCI: imx6: Install the fault handler only on compatible match
    - ASoC: es8316: Handle optional IRQ assignment
    - linux/vt_buffer.h: allow either builtin or modular for macros
    - spi: qup: Don't skip cleanup in remove's error path
    - interconnect: qcom: rpm: drop bogus pm domain attach
    - spi: mchp-pci1xxxx: Fix length of SPI transactions not set properly in
      driver
    - spi: mchp-pci1xxxx: Fix SPI transactions not working after suspend and
      resume
    - spi: fsl-spi: Fix CPM/QE mode Litte Endian
    - vmci_host: fix a race condition in vmci_host_poll() causing GPF
    - of: Fix modalias string generation
    - PCI/EDR: Clear Device Status after EDR error recovery
    - ia64: mm/contig: fix section mismatch warning/error
    - ia64: salinfo: placate defined-but-not-used warning
    - scripts/gdb: bail early if there are no clocks
    - scripts/gdb: bail early if there are no generic PD
    - HID: amd_sfh: Correct the structure fields
    - HID: amd_sfh: Correct the sensor enable and disable command
    - HID: amd_sfh: Fix illuminance value
    - HID: amd_sfh: Add support for shutdown operation
    - HID: amd_sfh: Correct the stop all command
    - HID: amd_sfh: Increase sensor command timeout for SFH1.1
    - HID: amd_sfh: Handle "no sensors" enabled for SFH1.1
    - cacheinfo: Check sib_leaf in cache_leaves_are_shared()
    - coresight: etm_pmu: Set the module field
    - drm/panel: novatek-nt35950: Improve error handling
    - ASoC: fsl_mqs: move of_node_put() to the correct location
    - PCI/PM: Extend D3hot delay for NVIDIA HDA controllers
    - drm/panel: novatek-nt35950: Only unregister DSI1 if it exists
    - spi: cadence-quadspi: fix suspend-resume implementations
    - i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path
    - i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path
    - scripts/gdb: raise error with reduced debugging information
    - uapi/linux/const.h: prefer ISO-friendly __typeof__
    - sh: sq: Fix incorrect element size for allocating bitmap buffer
    - usb: gadget: tegra-xudc: Fix crash in vbus_draw
    - usb: chipidea: fix missing goto in `ci_hdrc_probe`
    - usb: mtu3: fix kernel panic at qmu transfer done irq handler
    - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
    - tty: serial: fsl_lpuart: adjust buffer length to the intended size
    - serial: 8250: Add missing wakeup event reporting
    - spi: cadence-quadspi: use macro DEFINE_SIMPLE_DEV_PM_OPS
    - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
    - spmi: Add a check for remove callback when removing a SPMI driver
    - virtio_ring: don't update event idx on get_buf
    - fbdev: mmp: Fix deferred clk handling in mmphw_probe()
    - selftests/powerpc/pmu: Fix sample field check in the
      mmcra_thresh_marked_sample_test
    - macintosh/windfarm_smu_sat: Add missing of_node_put()
    - powerpc/perf: Properly detect mpc7450 family
    - powerpc/mpc512x: fix resource printk format warning
    - powerpc/wii: fix resource printk format warnings
    - powerpc/sysdev/tsi108: fix resource printk format warnings
    - macintosh: via-pmu-led: requires ATA to be set
    - powerpc/rtas: use memmove for potentially overlapping buffer copy
    - sched/fair: Fix inaccurate tally of ttwu_move_affine
    - perf/core: Fix hardlockup failure caused by perf throttle
    - Revert "objtool: Support addition to set CFA base"
    - riscv: Fix ptdump when KASAN is enabled
    - sched/rt: Fix bad task migration for rt tasks
    - rv: Fix addition on an uninitialized variable 'run'
    - tracing/user_events: Ensure write index cannot be negative
    - clk: at91: clk-sam9x60-pll: fix return value check
    - IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init
    - RDMA/siw: Fix potential page_array out of range access
    - clk: mediatek: mt2712: Add error handling to clk_mt2712_apmixed_probe()
    - clk: mediatek: Consistently use GATE_MTK() macro
    - clk: mediatek: mt7622: Properly use CLK_IS_CRITICAL flag
    - clk: mediatek: mt8135: Properly use CLK_IS_CRITICAL flag
    - RDMA/rdmavt: Delete unnecessary NULL check
    - clk: mediatek: clk-pllfh: fix missing of_node_put() in fhctl_parse_dt()
    - clk: qcom: gcc-qcm2290: Fix up gcc_sdcc2_apps_clk_src
    - workqueue: Fix hung time report of worker pools
    - rtc: omap: include header for omap_rtc_power_off_program prototype
    - RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
    - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time
    - rtc: k3: handle errors while enabling wake irq
    - RDMA/rxe: Replace exists by rxe in rxe.c
    - RDMA/erdma: Use fixed hardware page size
    - fs/ntfs3: Fix memory leak if ntfs_read_mft failed
    - fs/ntfs3: Add check for kmemdup
    - fs/ntfs3: Fix OOB read in indx_insert_into_buffer
    - fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()
    - iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN
    - RDMA/rxe: Remove tasklet call from rxe_cq.c
    - power: supply: generic-adc-battery: fix unit scaling
    - clk: add missing of_node_put() in "assigned-clocks" property parsing
    - RDMA/siw: Remove namespace check from siw_netdev_event()
    - clk: qcom: gcc-sm6115: Mark RCGs shared where applicable
    - power: supply: rk817: Fix low SOC bugs
    - RDMA/cm: Trace icm_send_rej event before the cm state is reset
    - RDMA/srpt: Add a check for valid 'mad_agent' pointer
    - IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order
    - IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests
    - clk: imx: fracn-gppll: fix the rate table
    - clk: imx: fracn-gppll: disable hardware select control
    - clk: imx: imx8ulp: Fix XBAR_DIVBUS and AD_SLOW clock parents
    - NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
    - iommu/amd: Set page size bitmap during V2 domain allocation
    - s390/checksum: always use cksm instruction
    - clk: qcom: lpasscc-sc7280: Skip qdsp6ss clock registration
    - clk: qcom: lpassaudiocc-sc7280: Add required gdsc power domain clks in
      lpass_cc_sc7280_desc
    - clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling
    - clk: qcom: dispcc-qcm2290: get rid of test clock
    - clk: qcom: dispcc-qcm2290: Remove inexistent DSI1PHY clk
    - Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe
    - swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup
    - swiotlb: fix debugfs reporting of reserved memory pools
    - RDMA/rxe: Convert tasklet args to queue pairs
    - RDMA/rxe: Remove __rxe_do_task()
    - RDMA/rxe: Fix the error "trying to register non-static key in
      rxe_cleanup_task"
    - RDMA/mlx5: Check pcie_relaxed_ordering_enabled() in UMR
    - RDMA/mlx5: Fix flow counter query via DEVX
    - SUNRPC: remove the maximum number of retries in call_bind_status
    - RDMA/mlx5: Use correct device num_ports when modify DC
    - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when
      init fails
    - openrisc: Properly store r31 to pt_regs on unhandled exceptions
    - timekeeping: Fix references to nonexistent ktime_get_fast_ns()
    - SMB3: Add missing locks to protect deferred close file list
    - SMB3: Close deferred file handles in case of handle lease break
    - ext4: fix i_disksize exceeding i_size problem in paritally written case
    - ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline
    - pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration
    - pinctrl: renesas: r8a779f0: Fix tsn1_avtp_pps pin group
    - pinctrl: renesas: r8a779g0: Fix Group 4/5 pin functions
    - pinctrl: renesas: r8a779g0: Fix Group 6/7 pin functions
    - pinctrl: renesas: r8a779g0: Fix ERROROUTC function names
    - leds: TI_LMU_COMMON: select REGMAP instead of depending on it
    - pinctrl: ralink: reintroduce ralink,rt2880-pinmux compatible string
    - dmaengine: mv_xor_v2: Fix an error code.
    - leds: tca6507: Fix error handling of using fwnode_property_read_string
    - pwm: mtk-disp: Disable shadow registers before setting backlight values
    - pwm: mtk-disp: Configure double buffering before reading in .get_state()
    - soundwire: intel: don't save hw_params for use in prepare
    - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and
      ulpi_port
    - phy: ti: j721e-wiz: Fix unreachable code in wiz_mode_select()
    - dma: gpi: remove spurious unlock in gpi_ch_init
    - dmaengine: dw-edma: Fix to change for continuous transfer
    - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing
    - dmaengine: at_xdmac: do not enable all cyclic channels
    - pinctrl-bcm2835.c: fix race condition when setting gpio dir
    - thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in
      mtk_thermal_probe
    - mfd: tqmx86: Do not access I2C_DETECT register through io_base
    - mfd: tqmx86: Specify IO port register range more precisely
    - mfd: tqmx86: Correct board names for TQMxE39x
    - mfd: ocelot-spi: Fix unsupported bulk read
    - mfd: arizona-spi: Add missing MODULE_DEVICE_TABLE
    - hte: tegra: fix 'struct of_device_id' build error
    - hte: tegra-194: Fix off by one in tegra_hte_map_to_line_id()
    - ACPI: PM: Do not turn of unused power resources on the Toshiba Click Mini
    - PM: hibernate: Turn snapshot_test into global variable
    - PM: hibernate: Do not get block device exclusively in test_resume mode
    - afs: Fix updating of i_size with dv jump from server
    - afs: Fix getattr to report server i_size on dirs, not local size
    - afs: Avoid endless loop if file is larger than expected
    - parisc: Fix argument pointer in real64_call_asm()
    - parisc: Ensure page alignment in flush functions
    - ALSA: usb-audio: Add quirk for Pioneer DDJ-800
    - ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41
    - ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED
    - nilfs2: do not write dirty data after degenerating to read-only
    - nilfs2: fix infinite loop in nilfs_mdt_get_block()
    - mm: do not reclaim private data from pinned page
    - drbd: correctly submit flush bio on barrier
    - md/raid10: fix null-ptr-deref in raid10_sync_request
    - md/raid5: Improve performance for sequential IO
    - kasan: hw_tags: avoid invalid virt_to_page()
    - mtd: core: provide unique name for nvmem device, take two
    - mtd: core: fix nvmem error reporting
    - mtd: core: fix error path for nvmem provider
    - mtd: spi-nor: core: Update flash's current address mode when changing
      address mode
    - drivers: remoteproc: xilinx: Fix carveout names
    - mailbox: zynqmp: Fix IPI isr handling
    - kcsan: Avoid READ_ONCE() in read_instrumented_memory()
    - mailbox: zynqmp: Fix typo in IPI documentation
    - nfp: fix incorrect pointer deference when offloading IPsec with bonding
    - wifi: rtl8xxxu: RTL8192EU always needs full init
    - wifi: rtw88: rtw8821c: Fix rfe_option field width
    - wifi: rtw89: fix potential race condition between napi_init and napi_enable
    - clk: microchip: fix potential UAF in auxdev release callback
    - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent
    - scripts/gdb: fix lx-timerlist for Python3
    - btrfs: scrub: reject unsupported scrub flags
    - s390/dasd: fix hanging blockdevice after request requeue
    - ia64: fix an addr to taddr in huge_pte_offset()
    - mm/mempolicy: correctly update prev when policy is equal on mbind
    - vhost_vdpa: fix unmap process in no-batch mode
    - dm verity: fix error handling for check_at_most_once on FEC
    - dm clone: call kmem_cache_destroy() in dm_clone_init() error path
    - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
    - dm flakey: fix a crash with invalid table line
    - dm ioctl: fix nested locking in table_clear() to remove deadlock concern
    - dm: don't lock fs when the map is NULL in process of resume
    - blk-iocost: avoid 64-bit division in ioc_timer_fn
    - cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname
    - cifs: protect session status check in smb2_reconnect()
    - cifs: fix sharing of DFS connections
    - cifs: fix potential race when tree connecting ipc
    - cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath
    - thunderbolt: Use correct type in tb_port_is_clx_enabled() prototype
    - perf auxtrace: Fix address filter entire kernel size
    - perf intel-pt: Fix CYC timestamps after standalone CBR
    - i40e: Remove unused i40e status codes
    - i40e: Remove string printing for i40e_status
    - i40e: use int for i40e_status
    - debugobject: Ensure pool refill (again)
    - Linux 6.2.15
  * Lunar update: v6.2.14 upstream stable release (LP: #2025066)
    - rust: arch/um: Disable FP/SIMD instruction to match x86
    - um: Only disable SSE on clang to work around old GCC bugs
    - rcu/kvfree: Avoid freeing new kfree_rcu() memory after old grace period
    - mm/mempolicy: fix use-after-free of VMA iterator
    - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var
    - gpiolib: acpi: Add a ignore wakeup quirk for Clevo NL5xNU
    - bluetooth: Perform careful capability checks in hci_sock_ioctl()
    - wifi: brcmfmac: add Cypress 43439 SDIO ids
    - btrfs: fix uninitialized variable warnings
    - USB: serial: option: add UNISOC vendor and TOZED LT70C product
    - driver core: Don't require dynamic_debug for initcall_debug probe timing
    - riscv: Move early dtb mapping into the fixmap region
    - riscv: Do not set initial_boot_params to the linear address of the dtb
    - riscv: No need to relocate the dtb as it lies in the fixmap region
    - Linux 6.2.14
  * CVE-2023-35001
    - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
  * CVE-2023-31248
    - netfilter: nf_tables: do not ignore genmask when looking up chain by id
  * CVE-2023-3389
    - io_uring/poll: serialize poll linked timer start with poll removal
  * CVE-2023-3269
    - mm: introduce new 'lock_mm_and_find_vma()' page fault helper
    - mm: make the page fault mmap locking killable
    - arm64/mm: Convert to using lock_mm_and_find_vma()
    - powerpc/mm: Convert to using lock_mm_and_find_vma()
    - mips/mm: Convert to using lock_mm_and_find_vma()
    - riscv/mm: Convert to using lock_mm_and_find_vma()
    - arm/mm: Convert to using lock_mm_and_find_vma()
    - mm/fault: convert remaining simple cases to lock_mm_and_find_vma()
    - powerpc/mm: convert coprocessor fault to lock_mm_and_find_vma()
    - mm: make find_extend_vma() fail if write lock not held
    - execve: expand new process stack manually ahead of time
    - mm: always expand the stack with the mmap write lock held
    - [CONFIG]: Set CONFIG_LOCK_MM_AND_FIND_VMA
  * CVE-2023-3390
    - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
  * CVE-2023-3141
    - memstick: r592: Fix UAF bug in r592_remove due to race condition
  * CVE-2023-3090
    - ipvlan:Fix out-of-bounds caused by unclear skb->cb

Date: 2023-07-18 07:42:08.480800+00:00
Changed-By: Juerg Haefliger <juerg.haefliger at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-raspi/6.2.0-1010.12
-------------- next part --------------
Sorry, changesfile not available.


More information about the lunar-changes mailing list