Package linux-cloud-tools-common🔗
Version |
Arch |
MTime |
Size |
|---|---|---|---|
5.4.0-200.220 |
all |
November 11th, 2024 12:26 |
78.63 KiB |
linux (5.4.0-200.220) focal; urgency=medium
* focal/linux: 5.4.0-200.220 -proposed tracker (LP: #2082937)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2024.09.30)
* CVE-2024-26800
- tls: rx: coalesce exit paths in tls_decrypt_sg()
- tls: separate no-async decryption request handling from async
- tls: fix use-after-free on failed backlog decryption
* CVE-2024-26641
- ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
* CVE-2021-47212
- net/mlx5: Update error handler for UCTX and UMEM
* wbt:wbt_* trace event NULL pointer dereference with GENHD_FL_HIDDEN disks
(LP: #2081085)
- bdi: use bdi_dev_name() to get device name
* Focal update: v5.4.284 upstream stable release (LP: #2081278)
- drm: panel-orientation-quirks: Add quirk for OrangePi Neo
- i2c: Fix conditional for substituting empty ACPI functions
- net: usb: qmi_wwan: add MeiG Smart SRM825L
- drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr
- drm/amdgpu: fix overflowed array index read warning
- drm/amd/display: Check gpio_id before used as array index
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within
dal_gpio_service_create
- drm/amdgpu: fix ucode out-of-bounds read warning
- drm/amdgpu: fix mc_data out-of-bounds read warning
- drm/amdkfd: Reconcile the definition and use of oem_id in struct
kfd_topology_device
- apparmor: fix possible NULL pointer dereference
- ionic: fix potential irq name truncation
- usbip: Don't submit special requests twice
- usb: typec: ucsi: Fix null pointer dereference in trace
- smack: tcp: ipv4, fix incorrect labeling
- wifi: cfg80211: make hash table duplicates more survivable
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
- media: uvcvideo: Enforce alignment of frame and interval
- block: initialize integrity buffer to zero before writing it to media
- net: set SOCK_RCU_FREE before inserting socket into hashtable
- virtio_net: Fix napi_skb_cache_put warning
- udf: Limit file size to 4TB
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions
- sch/netem: fix use after free in netem_dequeue
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius
devices
- ata: libata: Fix memory leak for error path in ata_host_alloc()
- irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init()
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
- mmc: sdhci-of-aspeed: fix module autoloading
- fuse: update stats for pages in dropped aux writeback list
- fuse: use unsigned type for getxattr/listxattr size truncation
- reset: hi6220: Add support for AO reset controller
- clk: hi6220: use CLK_OF_DECLARE_DRIVER
- clk: qcom: clk-alpha-pll: Fix the pll post div mask
- clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API
- ila: call nf_unregister_net_hooks() sooner
- sched: sch_cake: fix bulk flow accounting logic for host fairness
- nilfs2: fix missing cleanup on rollforward recovery error
- nilfs2: fix state management in error path of log writing function
- ALSA: hda: Add input value sanity checks to HDMI channel map controls
- smack: unix sockets: fix accept()ed socket label
- irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1
- af_unix: Remove put_pid()/put_cred() in copy_peercred().
- netfilter: nf_conncount: fix wrong variable type
- udf: Avoid excessive partition lengths
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
- usb: uas: set host status byte on data completion error
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
- pcmcia: Use resource_size function on resource object
- can: bcm: Remove proc entry when dev is unregistered.
- igb: Fix not clearing TimeSync interrupts for 82580
- platform/x86: dell-smbios: Fix error path in dell_smbios_init()
- tcp_bpf: fix return value of tcp_bpf_sendmsg()
- cx82310_eth: re-enable ethernet mode after router reboot
- drivers/net/usb: Remove all strcpy() uses
- net: usb: don't write directly to netdev->dev_addr
- usbnet: modern method to get random MAC
- net: bridge: fdb: convert is_local to bitops
- net: bridge: fdb: convert is_static to bitops
- net: bridge: fdb: convert is_sticky to bitops
- net: bridge: fdb: convert added_by_user to bitops
- net: bridge: fdb: convert added_by_external_learn to use bitops
- net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN
- net: dsa: vsc73xx: fix possible subblocks range of CAPT block
- ASoC: topology: Properly initialize soc_enum values
- dm init: Handle minors larger than 255
- iommu/vt-d: Handle volatile descriptor status read
- cgroup: Protect css->cgroup write under css_set_lock
- um: line: always fill *error_out in setup_one_line()
- devres: Initialize an uninitialized struct member
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes
- hwmon: (lm95234) Fix underflows seen when writing limit attributes
- hwmon: (nct6775-core) Fix underflows seen when writing limit attributes
- hwmon: (w83627ehf) Fix underflows seen when writing limit attributes
- libbpf: Add NULL checks to bpf_object__{prev_map,next_map}
- wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
- smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu()
- btrfs: replace BUG_ON with ASSERT in walk_down_proc()
- btrfs: clean up our handling of refs == 0 in snapshot delete
- PCI: Add missing bridge lock to pci_bus_lock()
- btrfs: initialize location to fix -Wmaybe-uninitialized in
btrfs_lookup_dentry()
- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
- Input: uinput - reject requests with unreasonable number of slots
- usbnet: ipheth: race between ipheth_close and error handling
- Squashfs: sanity check symbolic link size
- of/irq: Prevent device address out-of-bounds read in interrupt map walk
- lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
- ata: pata_macio: Use WARN instead of BUG
- NFSv4: Add missing rescheduling points in
nfs_client_return_marked_delegations
- staging: iio: frequency: ad9834: Validate frequency parameter value
- iio: buffer-dmaengine: fix releasing dma channel on error
- iio: fix scale application in iio_convert_raw_to_processed_unlocked
- binder: fix UAF caused by offsets overwrite
- nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc
- uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
- VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
- clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX
- clocksource/drivers/imx-tpm: Fix next event not taking effect sometime
- clocksource/drivers/timer-of: Remove percpu irq related code
- uprobes: Use kzalloc to allocate xol area
- ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance()
- tracing: Avoid possible softlockup in tracing_iter_reset()
- nilfs2: replace snprintf in show functions with sysfs_emit
- nilfs2: protect references to superblock parameters exposed in sysfs
- ACPI: processor: Return an error if acpi_processor_get_info() fails in
processor_add()
- ACPI: processor: Fix memory leaks in error paths of processor_add()
- arm64: acpi: Move get_cpu_for_acpi_id() to a header
- arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry
- nvmet-tcp: fix kernel crash if commands allocation fails
- drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused
- rtmutex: Drop rt_mutex::wait_lock before scheduling
- net, sunrpc: Remap EPERM in case of connection failure in
xs_tcp_setup_socket
- cx82310_eth: fix error return code in cx82310_bind()
- Linux 5.4.284
* CVE-2024-42244
- USB: serial: mos7840: fix crash on resume
* CVE-2024-40929
- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
* CVE-2024-41073
- nvme: avoid double free special payload
* CVE-2024-41071
- wifi: mac80211: Avoid address calculations via out of bounds array indexing
* CVE-2024-42229
- crypto: aead, cipher - zeroize key buffer after use
* CVE-2024-38611
- media: i2c: et8ek8: Don't strip remove function when driver is builtin
* CVE-2024-38602
- ax25: Fix reference count leak issues of ax25_dev
* CVE-2024-35848
- misc: eeprom: at24: fix regulator underflow
- misc: eeprom: at24: register nvmem only after eeprom is ready to use
- eeprom: at24: fix memory corruption race condition
* CVE-2024-26669
- net/sched: flower: Fix chain template offload
* CVE-2024-26668
- netfilter: nft_limit: rename stateful structure
- netfilter: nft_limit: reject configurations that cause integer overflow
* CVE-2024-26640
- net-zerocopy: Refactor frag-is-remappable test.
- tcp: add sanity checks to rx zerocopy
* CVE-2024-26607
- drm/bridge: sii902x: Fix probing race issue
* CVE-2023-52614
- PM / devfreq: Fix buffer overflow in trans_stat_show
* CVE-2023-52531
- wifi: iwlwifi: mvm: Fix a memory corruption issue
* CVE-2022-36402
- drm/vmwgfx: Use enum to represent graphics context capabilities
- drm/vmwgfx: Fix shader stage validation
* Focal update: v5.4.283 upstream stable release (LP: #2080595)
- fuse: Initialize beyond-EOF page contents before setting uptodate
- ALSA: usb-audio: Support Yamaha P-125 quirk entry
- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration
- s390/dasd: fix error recovery leading to data corruption on ESE devices
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to
NUMA_NO_NODE
- dm resume: don't return EINVAL when signalled
- dm persistent data: fix memory allocation failure
- vfs: Don't evict inode under the inode lru traversing context
- bitmap: introduce generic optimized bitmap_size()
- fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
- selinux: fix potential counting error in avc_add_xperms_decision()
- drm/amdgpu: Actually check flags for all context ops.
- memcg_write_event_control(): fix a user-triggerable oops
- overflow.h: Add flex_array_size() helper
- overflow: Implement size_t saturating arithmetic helpers
- s390/cio: rename bitmap_size() -> idset_bitmap_size()
- btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits()
- s390/uv: Panic for set and remove shared access UVC errors
- net/mlx5e: Correctly report errors for ethtool rx flows
- atm: idt77252: prevent use after free in dequeue_rx()
- net: axienet: Fix DMA descriptor cleanup path
- net: axienet: Improve DMA error handling
- net: axienet: Factor out TX descriptor chain cleanup
- net: axienet: Check for DMA mapping errors
- net: axienet: Drop MDIO interrupt registers from ethtools dump
- net: axienet: Wrap DMA pointer writes to prepare for 64 bit
- net: axienet: Upgrade descriptors to hold 64-bit addresses
- net: axienet: Autodetect 64-bit DMA capability
- net: axienet: Fix register defines comment description
- net: dsa: vsc73xx: pass value in phy_write operation
- net: hns3: fix a deadlock problem when config TC during resetting
- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7
- ssb: Fix division by zero issue in ssb_calc_clock_rate
- wifi: cw1200: Avoid processing an invalid TIM IE
- i2c: riic: avoid potential division by zero
- media: radio-isa: use dev_name to fill in bus_info
- staging: ks7010: disable bh on tx_dev_lock
- binfmt_misc: cleanup on filesystem umount
- scsi: spi: Fix sshdr use
- gfs2: setattr_chown: Add missing initialization
- wifi: iwlwifi: abort scan when rfkill on but device enabled
- IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu
- nvmet-trace: avoid dereferencing pointer too early
- ext4: do not trim the group with corrupted block bitmap
- quota: Remove BUG_ON from dqget()
- media: pci: cx23885: check cx23885_vdev_init() return
- fs: binfmt_elf_efpic: don't use missing interpreter's properties
- scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list()
- net/sun3_82586: Avoid reading past buffer in debug output
- drm/lima: set gp bus_stop bit before hard reset
- virtiofs: forbid newlines in tags
- md: clean up invalid BUG_ON in md_ioctl
- x86: Increase brk randomness entropy for 64-bit systems
- powerpc/boot: Handle allocation failure in simple_realloc()
- powerpc/boot: Only free if realloc() succeeds
- btrfs: change BUG_ON to assertion when checking for delayed_node root
- btrfs: handle invalid root reference found in may_destroy_subvol()
- btrfs: send: handle unexpected data in header buffer in begin_cmd()
- btrfs: delete pointless BUG_ON check on quota root in
btrfs_qgroup_account_extent()
- f2fs: fix to do sanity check in update_sit_entry
- usb: gadget: fsl: Increase size of name buffer for endpoints
- nvme: clear caller pointer on identify failure
- Bluetooth: bnep: Fix out-of-bound access
- nvmet-tcp: do not continue for invalid icreq
- NFS: avoid infinite loop in pnfs_update_layout.
- openrisc: Call setup_memory() earlier in the init sequence
- s390/iucv: fix receive buffer virtual vs physical address confusion
- usb: dwc3: core: Skip setting event buffers for host only controllers
- irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc
- ext4: set the type of max_zeroout to unsigned int to avoid overflow
- nvmet-rdma: fix possible bad dereference when freeing rsps
- hrtimer: Prevent queuing of hrtimer without a function callback
- gtp: pull network headers in gtp_dev_xmit()
- block: use "unsigned long" for blk_validate_block_size().
- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c)
- dm mpath: pass IO start time to path selector
- dm: do not use waitqueue for request-based DM
- dm suspend: return -ERESTARTSYS instead of -EINTR
- Bluetooth: Make use of __check_timeout on hci_sched_le
- Bluetooth: hci_core: Fix not handling link timeouts propertly
- Bluetooth: hci_core: Fix LE quote calculation
- tc-testing: don't access non-existent variable on exception
- kcm: Serialise kcm_sendmsg() for the same socket.
- netfilter: nft_counter: Synchronize nft_counter_reset() against reader.
- net: dsa: mv88e6xxx: global2: Expose ATU stats register
- net: dsa: mv88e6xxx: global1_atu: Add helper for get next
- net: dsa: mv88e6xxx: read FID when handling ATU violations
- net: dsa: mv88e6xxx: replace ATU violation prints with trace points
- net: dsa: mv88e6xxx: Fix out-of-bound access
- ipv6: prevent UAF in ip6_send_skb()
- net: xilinx: axienet: Always disable promiscuous mode
- net: xilinx: axienet: Fix dangling multicast addresses
- drm/msm: use drm_debug_enabled() to check for debug categories
- drm/msm/dpu: don't play tricks with debug macros
- mmc: mmc_test: Fix NULL dereference on allocation failure
- Bluetooth: MGMT: Add error handling to pair_device()
- HID: wacom: Defer calculation of resolution until resolution_code is known
- HID: microsoft: Add rumble support to latest xbox controllers
- cxgb4: add forgotten u64 ivlan cast before shift
- mmc: dw_mmc: allow biu and ciu clocks to defer
- ALSA: timer: Relax start tick time check for slave timer elements
- Input: MT - limit max slots
- tools: move alignment-related macros to new <linux/align.h>
- pinctrl: single: fix potential NULL dereference in pcs_get_function()
- wifi: mwifiex: duplicate static structs used in driver instances
- drm/amdkfd: don't allow mapping the MMIO HDP page with large pages
- filelock: Correct the filelock owner in fcntl_setlk/fcntl_setlk64
- media: uvcvideo: Fix integer overflow calculating timestamp
- ata: libata-core: Fix null pointer dereference on error
- cgroup/cpuset: Prevent UAF in proc_cpuset_show()
- net:rds: Fix possible deadlock in rds_message_put
- soundwire: stream: fix programming slave ports for non-continous port maps
- r8152: Factor out OOB link list waits
- ethtool: check device is present when getting link settings
- gtp: fix a potential NULL pointer dereference
- net: busy-poll: use ktime_get_ns() instead of local_clock()
- nfc: pn533: Add dev_up/dev_down hooks to phy_ops
- nfc: pn533: Add autopoll capability
- nfc: pn533: Add poll mod list filling check
- soc: qcom: cmd-db: Map shared memory as WC, not WB
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller
- USB: serial: option: add MeiG Smart SRM825L
- usb: dwc3: omap: add missing depopulate in probe error path
- usb: dwc3: core: Prevent USB core invalid event buffer address access
- usb: dwc3: st: fix probed platform device ref count on probe error path
- usb: dwc3: st: add missing depopulate in probe error path
- usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in
remove_power_attributes()
- net: dsa: mv8e6xxx: Fix stub function parameters
- scsi: aacraid: Fix double-free on probe failure
- Linux 5.4.283
* CVE-2024-27051
- cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
- cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations
* CVE-2024-26891
- PCI: Make pci_dev_is_disconnected() helper public for other drivers
- iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected
* Focal update: v5.4.282 upstream stable release (LP: #2078388)
- EDAC, skx_common: Refactor so that we initialize "dev" in result of adxl
decode.
- EDAC, skx: Retrieve and print retry_rd_err_log registers
- EDAC/skx_common: Add new ADXL components for 2-level memory
- EDAC, i10nm: make skx_common.o a separate module
- platform/chrome: cros_ec_debugfs: fix wrong EC message version
- hfsplus: fix to avoid false alarm of circular locking
- x86/of: Return consistent error type from x86_of_pci_irq_enable()
- x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling
- x86/pci/xen: Fix PCIBIOS_* return code handling
- x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos
- hwmon: (adt7475) Fix default duty on fan is disabled
- pwm: stm32: Always do lazy disabling
- hwmon: (max6697) Fix underflow when writing limit attributes
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms
- arm64: dts: qcom: sdm845: add power-domain to UFS PHY
- arm64: dts: qcom: msm8996: specify UFS core_clk frequencies
- arm64: dts: rockchip: Increase VOP clk rate on RK3328
- ARM: dts: imx6qdl-kontron-samx6i: move phy reset into phy-node
- ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset
- ARM: dts: imx6qdl-kontron-samx6i: fix board reset
- ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity
- arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux
- arm64: dts: amlogic: gx: correct hdmi clocks
- m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages
- x86/xen: Convert comma to semicolon
- m68k: cmpxchg: Fix return value for default case in __arch_xchg()
- firmware: turris-mox-rwtm: Fix checking return value of
wait_for_completion_timeout()
- firmware: turris-mox-rwtm: Initialize completion before mailbox
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device
- net/smc: Allow SMC-D 1MB DMB allocations
- net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when
CONFIG_ARCH_NO_SG_CHAIN is defined
- selftests/bpf: Check length of recv in test_sockmap
- lib: objagg: Fix general protection fault
- mlxsw: spectrum_acl_erp: Fix object nesting warning
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he()
- wifi: cfg80211: handle 2x996 RU allocation in
cfg80211_calculate_bitrate_he()
- net: fec: Refactor: #define magic constants
- net: fec: Fix FEC_ECR_EN1588 being cleared on link-down
- ipvs: Avoid unnecessary calls to skb_is_gso_sctp
- netfilter: nf_tables: rise cap on SELinux secmark context
- perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation
- perf: Fix perf_aux_size() for greater-than 32-bit size
- perf: Prevent passing zero nr_pages to rb_alloc_aux()
- qed: Improve the stack space of filter_config()
- wifi: virt_wifi: avoid reporting connection success with wrong SSID
- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey
- wifi: virt_wifi: don't use strlen() in const context
- bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
- selftests: forwarding: devlink_lib: Wait for udev events after reloading
- media: dvb-usb: Fix unexpected infinite loop in
dvb_usb_read_remote_control()
- media: imon: Fix race getting ictx->lock
- saa7134: Unchecked i2c_transfer function result fixed
- media: uvcvideo: Allow entity-defined get_info and get_cur
- media: uvcvideo: Override default flags
- media: renesas: vsp1: Fix _irqsave and _irq mix
- media: renesas: vsp1: Store RPF partition configuration per RPF instance
- leds: trigger: Unregister sysfs attributes before calling deactivate()
- perf report: Fix condition in sort__sym_cmp()
- drm/etnaviv: fix DMA direction handling for cached RW buffers
- drm/qxl: Add check for drm_cvt_mode
- mfd: omap-usb-tll: Use struct_size to allocate tll
- SUNRPC: avoid soft lockup when transmitting UDP to reachable server.
- ext4: avoid writing unitialized memory to disk in EA inodes
- sparc64: Fix incorrect function signature and add prototype for
prom_cif_init
- SUNRPC: Fixup gss_status tracepoint error output
- PCI: Fix resource double counting on remove & rescan
- Input: qt1050 - handle CHIP_ID reading error
- RDMA/mlx4: Fix truncated output warning in mad.c
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c
- RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs
- ASoC: max98088: Check for clk_prepare_enable() error
- mtd: make mtd_test.c a separate module
- RDMA/device: Return error earlier if port in not valid
- Input: elan_i2c - do not leave interrupt disabled on suspend failure
- MIPS: Octeron: remove source file executable bit
- powerpc/xmon: Fix disassembly CPU feature checks
- macintosh/therm_windtunnel: fix module unload.
- bnxt_re: Fix imm_data endianness
- netfilter: ctnetlink: use helper function to calculate expect ID
- pinctrl: core: fix possible memory leak when pinctrl_enable() fails
- pinctrl: single: fix possible memory leak when pinctrl_enable() fails
- pinctrl: ti: ti-iodelay: Drop if block with always false condition
- pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable()
fails
- pinctrl: freescale: mxs: Fix refcount of child
- fs/nilfs2: remove some unused macros to tame gcc
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
- rtc: interface: Add RTC offset to alarm after fix-up
- tick/broadcast: Make takeover of broadcast hrtimer reliable
- net: netconsole: Disable target before netpoll cleanup
- af_packet: Handle outgoing VLAN packets without hardware offloading
- ipv6: take care of scope when choosing the src addr
- char: tpm: Fix possible memory leak in tpm_bios_measurements_open()
- media: venus: fix use after free in vdec_close
- hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
- drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
- drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes
- drm/amd/display: Check for NULL pointer
- udf: Avoid using corrupted block bitmap buffer
- m68k: amiga: Turn off Warp1260 interrupts during boot
- ext4: check dot and dotdot of dx_root before making dir indexed
- ext4: make sure the first directory block is not a hole
- wifi: mwifiex: Fix interface type change
- leds: ss4200: Convert PCIBIOS_* return codes to errnos
- tools/memory-model: Fix bug in lock.cat
- hwrng: amd - Convert PCIBIOS_* return codes to errnos
- PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN
- binder: fix hang of unregistered readers
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds
- f2fs: fix to don't dirty inode for readonly filesystem
- clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use
- ubi: eba: properly rollback inside self_check_eba
- decompress_bunzip2: fix rare decompression failure
- kobject_uevent: Fix OOB access within zap_modalias_env()
- rtc: cmos: Fix return value of nvmem callbacks
- scsi: qla2xxx: During vport delete send async logout explicitly
- scsi: qla2xxx: Fix for possible memory corruption
- scsi: qla2xxx: Complete command early within lock
- scsi: qla2xxx: validate nvme_local_port correctly
- perf/x86/intel/pt: Fix topa_entry base length
- perf/x86/intel/pt: Fix a topa_entry base address calculation
- rtc: isl1208: Fix return value of nvmem callbacks
- watchdog/perf: properly initialize the turbo mode timestamp and rearm
counter
- platform: mips: cpu_hwmon: Disable driver on unsupported hardware
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs
- selftests/sigaltstack: Fix ppc64 GCC build
- rbd: don't assume rbd_is_lock_owner() for exclusive mappings
- drm/panfrost: Mark simple_ondemand governor as softdep
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait
- rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings
- Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591
- nilfs2: handle inconsistent state in nilfs_btnode_create_block()
- kdb: address -Wformat-security warnings
- kdb: Use the passed prompt in kdb_position_cursor()
- jfs: Fix array-index-out-of-bounds in diFree
- um: time-travel: fix time-travel-start option
- libbpf: Fix no-args func prototype BTF dumping syntax
- dma: fix call order in dmam_free_coherent
- MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later
- ipv4: Fix incorrect source address in Record Route option
- net: bonding: correctly annotate RCU in bond_should_notify_peers()
- tipc: Return non-zero value from tipc_udp_addr2str() on error
- net: nexthop: Initialize all fields in dumped nexthops
- bpf: Fix a segment issue when downgrading gso_size
- mISDN: Fix a use after free in hfcmulti_tx()
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
- ASoC: Intel: Convert to new X86 CPU match macros
- ASoC: Intel: Move soc_intel_is_foo() helpers to a generic header
- ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable
- nvme-pci: add missing condition check for existence of mapped data
- mm: avoid overflows in dirty throttling logic
- PCI: rockchip: Make 'ep-gpios' DT property optional
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
- parport: Convert printk(KERN_<LEVEL> to pr_<level>(
- parport: Standardize use of printmode
- dev/parport: fix the array out-of-bounds risk
- driver core: Cast to (void *) with __force for __percpu pointer
- devres: Fix memory leakage caused by driver API devm_free_percpu()
- genirq: Allow the PM device to originate from irq domain
- irqchip/imx-irqsteer: Constify irq_chip struct
- irqchip/imx-irqsteer: Add runtime PM support
- irqchip/imx-irqsteer: Handle runtime power management correctly
- remoteproc: imx_rproc: ignore mapping vdev regions
- remoteproc: imx_rproc: Fix ignoring mapping vdev regions
- remoteproc: imx_rproc: Skip over memory region when node value is NULL
- drm/nouveau: prime: fix refcount underflow
- drm/vmwgfx: Fix overlay when using Screen Targets
- net/iucv: fix use after free in iucv_sock_close()
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys
- ipv6: fix ndisc_is_useropt() handling for PIO
- HID: wacom: Modify pen IDs
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions
- ALSA: usb-audio: Correct surround channels in UAC1 channel map
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
- netfilter: ipset: Add list flush to cancel_gc
- genirq: Allow irq_chip registration functions to take a const irq_chip
- irqchip/mbigen: Fix mbigen node address layout
- x86/mm: Fix pti_clone_pgtable() alignment assumption
- sctp: move hlist_node and hashent out of sctp_ep_common
- sctp: Fix null-ptr-deref in reuseport_add_sock().
- net: usb: qmi_wwan: fix memory leak for not ip packets
- net: linkwatch: use system_unbound_wq
- Bluetooth: l2cap: always unlock channel in l2cap_conless_channel()
- net: fec: Stop PPS on driver remove
- md/raid5: avoid BUG_ON() while continue reshape after reassembling
- clocksource/drivers/sh_cmt: Address race condition for clock events
- ACPI: battery: create alarm sysfs attribute atomically
- ACPI: SBS: manage alarm sysfs attribute through psy core
- selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT
- PCI: Add Edimax Vendor ID to pci_ids.h
- udf: prevent integer overflow in udf_bitmap_free_blocks()
- wifi: nl80211: don't give key data to userspace
- btrfs: fix bitmap leak when loading free space cache on duplicate entry
- drm/amdgpu: Fix the null pointer dereference to ras_manager
- media: uvcvideo: Ignore empty TS packets
- media: uvcvideo: Fix the bandwdith quirk on USB 3.x
- jbd2: avoid memleak in jbd2_journal_write_metadata_buffer
- s390/sclp: Prevent release of buffer in I/O
- SUNRPC: Fix a race to wake a sync task
- ext4: fix wrong unit use in ext4_mb_find_by_goal
- arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-
space
- arm64: Add Neoverse-V2 part
- arm64: cputype: Add Cortex-X4 definitions
- arm64: cputype: Add Neoverse-V3 definitions
- arm64: errata: Add workaround for Arm errata 3194386 and 3312417
- [Config] Set ARM64_ERRATUM_3194386=y
- arm64: cputype: Add Cortex-X3 definitions
- arm64: cputype: Add Cortex-A720 definitions
- arm64: cputype: Add Cortex-X925 definitions
- arm64: errata: Unify speculative SSBS errata logic
- arm64: errata: Expand speculative SSBS workaround
- arm64: cputype: Add Cortex-X1C definitions
- arm64: cputype: Add Cortex-A725 definitions
- arm64: errata: Expand speculative SSBS workaround (again)
- i2c: smbus: Don't filter out duplicate alerts
- i2c: smbus: Improve handling of stuck alerts
- i2c: smbus: Send alert notifications to all devices if source not found
- bpf: kprobe: remove unused declaring of bpf_kprobe_override
- spi: fsl-lpspi: remove unneeded array
- spi: spi-fsl-lpspi: Fix scldiv calculation
- drm/client: fix null pointer dereference in drm_client_modeset_probe
- ALSA: line6: Fix racy access to midibuf
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4
- usb: vhci-hcd: Do not drop references before new references are gained
- USB: serial: debug: do not echo input by default
- usb: gadget: core: Check for unset descriptor
- scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic
- tick/broadcast: Move per CPU pointer access into the atomic section
- ntp: Clamp maxerror and esterror to operating range
- driver core: Fix uevent_show() vs driver detach race
- ntp: Safeguard against time_constant overflow
- scsi: mpt3sas: Remove scsi_dma_map() error messages
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES
- serial: core: check uartclk for zero to avoid divide by zero
- genirq/irqdesc: Honor caller provided affinity in alloc_desc()
- power: supply: axp288_charger: Fix constant_charge_voltage writes
- power: supply: axp288_charger: Round constant_charge_voltage writes down
- tracing: Fix overflow in get_free_elt()
- x86/mtrr: Check if fixed MTRRs exist before saving them
- drm/bridge: analogix_dp: properly handle zero sized AUX transactions
- drm/mgag200: Set DDC timeout in milliseconds
- Fix gcc 4.9 build issue in 5.4.y
- kbuild: Fix '-S -c' in x86 stack protector scripts
- netfilter: nf_tables: set element extended ACK reporting support
- netfilter: nf_tables: prefer nft_chain_validate
- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
- arm64: cpufeature: Fix the visibility of compat hwcaps
- media: uvcvideo: Use entity get_cur in uvc_ctrl_set
- exec: Fix ToCToU between perm check and set-uid/gid usage
- nvme/pci: Add APST quirk for Lenovo N60z laptop
- ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode
- media: Revert "media: dvb-usb: Fix unexpected infinite loop in
dvb_usb_read_remote_control()"
- Linux 5.4.282
* CVE-2024-26885
- bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
* Focal update: v5.4.281 upstream stable release (LP: #2076097)
- gcc-plugins: Rename last_stmt() for GCC 14+
- filelock: Remove locks reliably when fcntl/close race is detected
- scsi: qedf: Set qed_slowpath_params to zero before use
- ACPI: EC: Abort address space access upon error
- ACPI: EC: Avoid returning AE_OK on errors in address space handler
- wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan()
- Input: silead - Always support 10 fingers
- ila: block BH in ila_output()
- kconfig: gconf: give a proper initial state to the Save button
- kconfig: remove wrong expr_trans_bool()
- fs/file: fix the check in find_next_fd()
- mei: demote client disconnect warning on suspend to debug
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
- KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()
- ALSA: hda/realtek: Add more codec ID to no shutup pins list
- mips: fix compat_sys_lseek syscall
- Input: elantech - fix touchpad state on resume for Lenovo N24
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium
- ASoC: ti: davinci-mcasp: Set min period size using FIFO config
- ASoC: ti: omap-hdmi: Fix too long driver name
- can: kvaser_usb: fix return value for hif_usb_send_regout
- s390/sclp: Fix sclp_init() cleanup on failure
- ALSA: dmaengine_pcm: terminate dmaengine before synchronize
- net: usb: qmi_wwan: add Telit FN912 compositions
- net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and
DEV_STATS_ADD()
- powerpc/pseries: Whitelist dtl slub object for copying to userspace
- powerpc/eeh: avoid possible crash when edev->pdev changes
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in
again after probe failed
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
- fs: better handle deep ancestor chains in is_subdir()
- spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices
- selftests/vDSO: fix clang build errors and warnings
- hfsplus: fix uninit-value in copy_name
- ARM: 9324/1: fix get_user() broken with veneer
- ACPI: processor_idle: Fix invalid comparison with insertion sort for latency
- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()
- net: relax socket state check at accept time.
- ocfs2: add bounds checking to ocfs2_check_dir_entry()
- jfs: don't walk off the end of ealist
- ALSA: hda/realtek: Enable headset mic on Positivo SU C1400
- filelock: Fix fcntl/close race recovery compat path
- tun: add missing verification for short frame
- tap: add missing verification for short frame
- Linux 5.4.281
* Focal update: v5.4.283 upstream stable release (LP: #2080595) //
CVE-2024-45016
- netem: fix return value if duplicate enqueue fails
* CVE-2024-38630
- watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger
* CVE-2024-27397
- netfilter: nf_tables: use timestamp to check for set element timeout
* CVE-2024-26960
- mm: swap: fix race between free_swap_and_cache() and swapoff()
-- Stefan Bader <stefan.bader@canonical.com> Fri, 27 Sep 2024 14:40:47 +0200
linux (5.4.0-196.216) focal; urgency=medium
* focal/linux: 5.4.0-196.216 -proposed tracker (LP: #2078205)
* CVE-2024-39494
- ima: Fix use-after-free on a dentry's dname.name
* CVE-2024-42160
- f2fs: check validation of fault attrs in f2fs_build_fault_attr()
- f2fs: Add inline to f2fs_build_fault_attr() stub
* CVE-2024-38570
- gfs2: Rename sd_{ glock => kill }_wait
- gfs2: Fix potential glock use-after-free on unmount
* CVE-2024-42228
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc
* CVE-2022-48791
- scsi: pm80xx: Fix TMF task completion race condition
- scsi: pm8001: Fix use-after-free for aborted TMF sas_task
* CVE-2024-26787
- mmc: mmci_sdmmc: Rename sdmmc_priv struct to sdmmc_idma
- mmc: mmci: stm32: use a buffer for unaligned DMA requests
- mmc: mmci: stm32: fix DMA API overlapping mappings warning
* CVE-2024-27012
- netfilter: nf_tables: restore set elements when delete set fails
* CVE-2022-48863
- mISDN: Fix memory leak in dsp_pipeline_build()
* CVE-2021-47188
- scsi: ufs: core: Improve SCSI abort handling
* CVE-2024-26677
- rxrpc: Fix delayed ACKs to not set the reference serial number
-- Manuel Diewald <manuel.diewald@canonical.com> Thu, 29 Aug 2024 14:06:16 +0200
linux (5.4.0-195.215) focal; urgency=medium
* focal/linux: 5.4.0-195.215 -proposed tracker (LP: #2075954)
* Focal update: v5.4.280 upstream stable release (LP: #2075175)
- Compiler Attributes: Add __uninitialized macro
- drm/lima: fix shared irq handling on driver remove
- media: dvb: as102-fe: Fix as10x_register_addr packing
- media: dvb-usb: dib0700_devices: Add missing release_firmware()
- IB/core: Implement a limit on UMAD receive List
- scsi: qedf: Make qedf_execute_tmf() non-preemptible
- drm/amdgpu: Initialize timestamp for some legacy SOCs
- drm/amd/display: Skip finding free audio for unknown engine_id
- media: dw2102: Don't translate i2c read into write
- sctp: prefer struct_size over open coded arithmetic
- firmware: dmi: Stop decoding on broken entry
- Input: ff-core - prefer struct_size over open coded arithmetic
- net: dsa: mv88e6xxx: Correct check for empty list
- media: dvb-frontends: tda18271c2dd: Remove casting during div
- media: s2255: Use refcount_t instead of atomic_t for num_channels
- media: dvb-frontends: tda10048: Fix integer overflow
- i2c: i801: Annotate apanel_addr as __ro_after_init
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n
- orangefs: fix out-of-bounds fsid access
- powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"
- jffs2: Fix potential illegal address access in jffs2_free_inode
- s390/pkey: Wipe sensitive data on failure
- tcp: tcp_mark_head_lost is only valid for sack-tcp
- tcp: add ece_ack flag to reno sack functions
- net: tcp better handling of reordering then loss cases
- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open()
- tcp_metrics: validate source addr length
- wifi: wilc1000: fix ies_len type in connect path
- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
- selftests: fix OOM in msg_zerocopy selftest
- selftests: make order checking verbose in msg_zerocopy selftest
- inet_diag: Initialize pad field in struct inet_diag_req_v2
- nilfs2: fix inode number range checks
- nilfs2: add missing check for inode numbers on directory entries
- mm: optimize the redundant loop of mm_update_owner_next()
- can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct
- fsnotify: Do not generate events for O_PATH file descriptors
- Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(),
again"
- drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes
- drm/amdgpu/atomfirmware: silence UBSAN warning
- media: dw2102: fix a potential buffer overflow
- i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr
- ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897
- nvme-multipath: find NUMA path only for online numa-node
- nilfs2: fix incorrect inode allocation from reserved inodes
- filelock: fix potential use-after-free in posix_lock_inode
- fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading
- vfs: don't mod negative dentry count when on shrinker list
- tcp: add TCP_INFO status for failed client TFO
- tcp: fix incorrect undo caused by DSACK of TLP retransmit
- octeontx2-af: Fix incorrect value output on error path in
rvu_check_rsrc_availability()
- net: lantiq_etop: add blank line after declaration
- net: ethernet: lantiq_etop: fix double free in detach
- ppp: reject claimed-as-LCP but actually malformed packets
- udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().
- s390: Mark psw in __load_psw_mask() as __unitialized
- ARM: davinci: Convert comma to semicolon
- octeontx2-af: fix detection of IP layer
- USB: serial: option: add Telit generic core-dump composition
- USB: serial: option: add Telit FN912 rmnet compositions
- USB: serial: option: add Fibocom FM350-GL
- USB: serial: option: add support for Foxconn T99W651
- USB: serial: option: add Netprisma LCUK54 series modules
- USB: serial: option: add Rolling RW350-GL variants
- USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k
- usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()
- USB: core: Fix duplicate endpoint bug by clearing reserved bits in the
descriptor
- hpet: Support 32-bit userspace
- nvmem: meson-efuse: Fix return value of nvmem callbacks
- ALSA: hda/realtek: Limit mic boost on VAIO PRO PX
- libceph: fix race between delayed_work() and ceph_monc_stop()
- SUNRPC: Fix RPC client cleaned up the freed pipefs dentries
- tcp: refactor tcp_retransmit_timer()
- net: tcp: fix unexcepted socket die when snd_wnd is 0
- tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
- tcp: avoid too many retransmit packets
- nilfs2: fix kernel bug on rename operation of broken directory
- i2c: rcar: bring hardware to known state when probing
- Linux 5.4.280
* [SRU] UBSAN warnings in bnx2x kernel driver (LP: #2074215) // Focal update:
v5.4.280 upstream stable release (LP: #2075175)
- bnx2x: Fix multiple UBSAN array-index-out-of-bounds
* Focal update: v5.4.279 upstream stable release (LP: #2073621)
- wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
- wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
- wifi: cfg80211: pmsr: use correct nla_get_uX functions
- wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64
- wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef
- wifi: iwlwifi: mvm: don't read past the mfuart notifcation
- ipv6: sr: block BH in seg6_output_core() and seg6_input_core()
- net: sched: sch_multiq: fix possible OOB write in multiq_tune()
- vxlan: Fix regression when dropping packets due to invalid src addresses
- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB
- net/mlx5: Stop waiting for PCI if pci channel is offline
- net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
- ptp: Fix error message on failed pin verification
- af_unix: Annotate data-race of sk->sk_state in unix_inq_len().
- af_unix: Annotate data-races around sk->sk_state in unix_write_space() and
poll().
- af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg().
- af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG.
- af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen.
- af_unix: Use unix_recvq_full_lockless() in unix_stream_connect().
- af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen().
- af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill().
- ipv6: fix possible race in __fib6_drop_pcpu_from()
- usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete
- ASoC: ti: davinci-mcasp: remove redundant assignment to variable ret
- ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params
- ASoC: ti: davinci-mcasp: Use platform_get_irq_byname_optional
- ASoC: ti: davinci-mcasp: Remove legacy dma_request parsing
- ASoC: ti: davinci-mcasp: Simplify the configuration parameter handling
- ASoC: ti: davinci-mcasp: Handle missing required DT properties
- ASoC: ti: davinci-mcasp: Fix race condition during probe
- drm/amd/display: Handle Y carry-over in VCP X.Y calculation
- serial: sc16is7xx: replace hardcoded divisor value with BIT() macro
- serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler
- selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages
- selftests/mm: conform test to TAP format output
- selftests/mm: compaction_test: fix bogus test success on Aarch64
- nilfs2: Remove check for PageError
- nilfs2: return the mapped address from nilfs_get_page()
- nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
- mei: me: release irq in mei_me_pci_resume error path
- jfs: xattr: fix buffer overflow for invalid xattr
- xhci: Set correct transferred length for cancelled bulk transfers
- xhci: Apply reset resume quirk to Etron EJ188 xHCI host
- xhci: Apply broken streams quirk to Etron EJ188 xHCI host
- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory
- Input: try trimming too long modalias strings
- SUNRPC: return proper error from gss_wrap_req_priv
- gpio: tqmx86: fix typo in Kconfig label
- HID: core: remove unnecessary WARN_ON() in implement()
- iommu/amd: Fix sysfs leak in iommu init
- iommu: Return right value in iommu_sva_bind_device()
- HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()
- liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet
- drm/komeda: check for error-valued pointer
- drm/bridge/panel: Fix runtime warning on panel bridge release
- tcp: fix race in tcp_v6_syn_recv_sock()
- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN)
packets
- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ
- netfilter: ipset: Fix race between namespace cleanup and gc in the list:set
type
- net/ipv6: Fix the RT cache flush via sysctl using a previous delay
- ionic: fix use after netif_napi_del()
- drivers: core: synchronize really_probe() and dev_uevent()
- drm/exynos/vidi: fix memory leak in .get_modes()
- drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found
- tracing/selftests: Fix kprobe event name test for .isra. functions
- vmci: prevent speculation leaks by sanitizing event in event_deliver()
- fs/proc: fix softlockup in __read_vmcore
- ocfs2: use coarse time for new created files
- ocfs2: fix races between hole punching and AIO+DIO
- PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id
- dmaengine: axi-dmac: fix possible race in remove()
- intel_th: pci: Add Granite Rapids support
- intel_th: pci: Add Granite Rapids SOC support
- intel_th: pci: Add Sapphire Rapids SOC support
- intel_th: pci: Add Meteor Lake-S support
- intel_th: pci: Add Lunar Lake support
- nilfs2: fix potential kernel bug due to lack of writeback flag waiting
- tick/nohz_full: Don't abuse smp_call_function_single() in
tick_setup_device()
- hv_utils: drain the timesync packets on onchannelcallback
- hugetlb_encode.h: fix undefined behaviour (34 << 26)
- greybus: Fix use-after-free bug in gb_interface_release due to race
condition.
- usb-storage: alauda: Check whether the media is initialized
- i2c: at91: Fix the functionality flags of the slave-only interface
- rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment
- selftests/bpf: Prevent client connect before server bind in
test_tc_tunnel.sh
- batman-adv: bypass empty buckets in batadv_purge_orig_ref()
- drop_monitor: replace spin_lock by raw_spin_lock
- scsi: qedi: Fix crash while reading debugfs attribute
- Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl
- powerpc/pseries: Enforce hcall result buffer validity and size
- powerpc/io: Avoid clang null pointer arithmetic warnings
- usb: misc: uss720: check for incompatible versions of the Belkin F5U002
- udf: udftime: prevent overflow in udf_disk_stamp_to_time()
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
- MIPS: Octeon: Add PCIe link status check
- MIPS: Routerboard 532: Fix vendor retry check code
- mips: bmips: BCM6358: make sure CBR is correctly set
- cipso: fix total option length computation
- netrom: Fix a memory leak in nr_heartbeat_expiry()
- ipv6: prevent possible NULL deref in fib6_nh_init()
- ipv6: prevent possible NULL dereference in rt6_probe()
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
- netns: Make get_net_ns() handle zero refcount net
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc
- net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
- virtio_net: checksum offloading handling fix
- netfilter: ipset: Fix suspicious rcu_dereference_protected()
- net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings
- regulator: core: Fix modpost error "regulator_get_regmap" undefined
- dmaengine: ioatdma: Fix missing kmem_cache_destroy()
- ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is
fine."
- drm/radeon: fix UBSAN warning in kv_dpm.c
- gcov: add support for GCC 14
- i2c: ocores: set IACK bit after core is enabled
- ARM: dts: samsung: smdkv310: fix keypad no-autorepeat
- ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat
- ARM: dts: samsung: smdk4412: fix keypad no-autorepeat
- arm64: dts: qcom: qcs404: fix bluetooth device address
- tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test
- Revert "kheaders: substituting --sort in archive creation"
- kheaders: explicitly define file modes for archived headers
- perf/core: Fix missing wakeup when waiting for context reference
- PCI: Add PCI_ERROR_RESPONSE and related definitions
- x86/amd_nb: Check for invalid SMN reads
- iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock
- iio: dac: ad5592r: un-indent code-block for scale read
- iio: dac: ad5592r: fix temperature channel scaling value
- pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins
- pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set
- drm/amdgpu: fix UBSAN warning in kv_dpm.c
- netfilter: nf_tables: validate family when identifying table via handle
- ASoC: fsl-asoc-card: set priv->pdev before using it
- net: dsa: microchip: fix initial port flush problem
- net: phy: mchp: Add support for LAN8814 QUAD PHY
- net: phy: micrel: add Microchip KSZ 9477 to the device table
- sparc: fix old compat_sys_select()
- parisc: use correct compat recv/recvfrom syscalls
- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data
registers
- drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep
- mtd: partitions: redboot: Added conversion of operands to a larger type
- net/iucv: Avoid explicit cpumask var allocation on stack
- net/dpaa2: Avoid explicit cpumask var allocation on stack
- ALSA: emux: improve patch ioctl data validation
- media: dvbdev: Initialize sbuf
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message
- nvme: fixup comment for nvme RDMA Provider Type
- gpio: davinci: Validate the obtained number of IRQs
- x86: stop playing stack games in profile_pc()
- mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos
- mmc: sdhci: Do not invert write-protect twice
- mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro()
- iio: adc: ad7266: Fix variable checking bug
- iio: chemical: bme680: Fix pressure value output
- iio: chemical: bme680: Fix calibration data variable
- iio: chemical: bme680: Fix overflows in compensate() functions
- iio: chemical: bme680: Fix sensor data read operation
- net: usb: ax88179_178a: improve link status logs
- usb: gadget: printer: SS+ support
- usb: musb: da8xx: fix a resource leak in probe()
- usb: atm: cxacru: fix endpoint checking in cxacru_bind()
- tty: mcf: MCF54418 has 10 UARTS
- net: can: j1939: Initialize unused data in j1939_send_one()
- net: can: j1939: recover socket queue on CAN bus error during BAM
transmission
- net: can: j1939: enhanced error handling for tightly received RTS messages
in xtp_rx_rts_session_new
- csky, hexagon: fix broken sys_sync_file_range
- hexagon: fix fadvise64_64 calling conventions
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes
- batman-adv: Don't accept TT entries for out-of-spec VIDs
- ata: libata-core: Fix double free on error
- ftruncate: pass a signed offset
- mtd: spinand: macronix: Add support for serial NAND flash
- pwm: stm32: Refuse too small period requests
- nfs: Leave pages in the pagecache if readpage failed
- ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node
- arm64: dts: rockchip: Add sound-dai-cells for RK3368
- Linux 5.4.279
* CVE-2024-26921
- skbuff: introduce skb_expand_head()
- skb_expand_head() adjust skb->truesize incorrectly
- inet: inet_defrag: prevent sk release while still in use
* CVE-2024-26929
- scsi: qla2xxx: Fix double free of fcport
* CVE-2024-39484
- mmc: davinci: Don't strip remove function when driver is builtin
* CVE-2024-36901
- ipv6: prevent NULL dereference in ip6_output()
* CVE-2024-26830
- i40e: Refactoring VF MAC filters counting to make more reliable
- i40e: Fix MAC address setting for a VF via Host/VM
- i40e: Do not allow untrusted VF to remove administratively set MAC
* CVE-2024-24860
- Bluetooth: Fix atomicity violation in {min, max}_key_size_set
* CVE-2023-52760
- gfs2: Fix slab-use-after-free in gfs2_qd_dealloc
* CVE-2024-2201
- [Config] Set SPECTRE_BHI_ON=y
* CVE-2023-52629
- sh: push-switch: Reorder cleanup operations to avoid use-after-free bug
* CVE-2021-46926
- ALSA: hda: intel-sdw-acpi: harden detection of controller
-- Roxana Nicolescu <roxana.nicolescu@canonical.com> Fri, 02 Aug 2024 20:11:01 +0200
linux (5.4.0-192.212) focal; urgency=medium
* focal/linux: 5.4.0-192.212 -proposed tracker (LP: #2072305)
* Focal update: v5.4.278 upstream stable release (LP: #2071668)
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
- speakup: Fix sizeof() vs ARRAY_SIZE() bug
- ring-buffer: Fix a race between readers and resize checks
- net: smc91x: Fix m68k kernel compilation for ColdFire CPU
- nilfs2: fix unexpected freezing of nilfs_segctor_sync()
- nilfs2: fix potential hang in nilfs_detach_log_writer()
- wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt
class
- net: usb: qmi_wwan: add Telit FN920C04 compositions
- drm/amd/display: Set color_mgmt_changed to true on unsuspend
- ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating
- ASoC: dt-bindings: rt5645: add cbj sleeve gpio property
- ASoC: da7219-aad: fix usage of device_get_named_child_node()
- drm/amdkfd: Flush the process wq before creating a kfd_process
- nvme: find numa distance only if controller has valid numa id
- openpromfs: finish conversion to the new mount API
- crypto: bcm - Fix pointer arithmetic
- firmware: raspberrypi: Use correct device for DMA mappings
- ecryptfs: Fix buffer size for tag 66 packet
- nilfs2: fix out-of-range warning
- parisc: add missing export of __cmpxchg_u8()
- crypto: ccp - drop platform ifdef checks
- s390/cio: fix tracepoint subchannel type field
- jffs2: prevent xattr node from overflowing the eraseblock
- null_blk: Fix missing mutex_destroy() at module removal
- md: fix resync softlockup when bitmap size is less than array size
- wifi: ath10k: poll service ready message before failing
- x86/boot: Ignore relocations in .notes sections in walk_relocs() too
- qed: avoid truncating work queue length
- scsi: ufs: qcom: Perform read back after writing reset bit
- scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV
- scsi: ufs: core: Perform read back after disabling interrupts
- scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL
- irqchip/alpine-msi: Fix off-by-one in allocation error path
- ACPI: disable -Wstringop-truncation
- cpufreq: Reorganize checks in cpufreq_offline()
- cpufreq: Split cpufreq_offline()
- cpufreq: Rearrange locking in cpufreq_remove_dev()
- cpufreq: exit() callback is optional
- scsi: libsas: Fix the failure of adding phy with zero-address to port
- scsi: hpsa: Fix allocation size for Scsi_Host private data
- x86/purgatory: Switch to the position-independent small code model
- wifi: ath10k: Fix an error code problem in
ath10k_dbg_sta_write_peer_debug_trigger()
- wifi: ath10k: populate board data for WCN3990
- tcp: minor optimization in tcp_add_backlog()
- tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
- tcp: avoid premature drops in tcp_add_backlog()
- macintosh/via-macii: Fix "BUG: sleeping function called from invalid
context"
- wifi: carl9170: add a proper sanity check for endpoints
- wifi: ar5523: enable proper endpoint verification
- sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe()
- Revert "sh: Handle calling csum_partial with misaligned data"
- HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors
- scsi: bfa: Ensure the copied buf is NUL terminated
- scsi: qedf: Ensure the copied buf is NUL terminated
- wifi: mwl8k: initialize cmd->addr[] properly
- usb: aqc111: stop lying about skb->truesize
- net: usb: sr9700: stop lying about skb->truesize
- m68k: Fix spinlock race in kernel thread creation
- m68k: mac: Fix reboot hang on Mac IIci
- net: ethernet: cortina: Locking fixes
- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
- net: usb: smsc95xx: stop lying about skb->truesize
- net: openvswitch: fix overwriting ct original tuple for ICMPv6
- ipv6: sr: add missing seg6_local_exit
- ipv6: sr: fix incorrect unregister order
- ipv6: sr: fix invalid unregister error path
- drm/amd/display: Fix potential index out of bounds in color transformation
function
- mtd: rawnand: hynix: fixed typo
- fbdev: shmobile: fix snprintf truncation
- drm/mediatek: Add 0 size check to mtk_drm_gem_obj
- powerpc/fsl-soc: hide unused const variable
- fbdev: sisfb: hide unused variables
- media: ngene: Add dvb_ca_en50221_init return value check
- media: radio-shark2: Avoid led_names truncations
- platform/x86: wmi: Make two functions static
- fbdev: sh7760fb: allow modular build
- drm/arm/malidp: fix a possible null pointer dereference
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
- drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector
- RDMA/hns: Use complete parentheses in macros
- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map
- ext4: avoid excessive credit estimate in ext4_tmpfile()
- sunrpc: removed redundant procp check
- SUNRPC: Fix gss_free_in_token_pages()
- selftests/kcmp: Make the test output consistent and clear
- selftests/kcmp: remove unused open mode
- RDMA/IPoIB: Fix format truncation compilation errors
- netrom: fix possible dead-lock in nr_rt_ioctl()
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
- sched/topology: Don't set SD_BALANCE_WAKE on cpuset domain relax
- sched/fair: Allow disabling sched_balance_newidle with
sched_relax_domain_level
- greybus: lights: check return of get_channel_from_mode
- soundwire: cadence/intel: simplify PDI/port mapping
- soundwire: intel: don't filter out PDI0/1
- soundwire: cadence_master: improve PDI allocation
- soundwire: cadence: fix invalid PDI offset
- dmaengine: idma64: Add check for dma_set_max_seg_size
- firmware: dmi-id: add a release callback function
- serial: max3100: Lock port->lock when calling uart_handle_cts_change()
- serial: max3100: Update uart_driver_registered on driver removal
- serial: max3100: Fix bitwise types
- greybus: arche-ctrl: move device table to its right location
- iio: pressure: dps310: support negative temperature values
- microblaze: Remove gcc flag for non existing early_printk.c file
- microblaze: Remove early printk call from cpuinfo-static.c
- usb: gadget: u_audio: Clear uac pointer when freed.
- stm class: Fix a double free in stm_register_device()
- ppdev: Remove usage of the deprecated ida_simple_xx() API
- ppdev: Add an error check in register_device
- extcon: max8997: select IRQ_DOMAIN instead of depending on it
- f2fs: fix to release node block count in error path of f2fs_new_node_page()
- serial: sh-sci: protect invalidating RXDMA on shutdown
- libsubcmd: Fix parse-options memory leak
- Input: ims-pcu - fix printf string overflow
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
- drm/msm/dpu: Always flush the slave INTF on the CTL
- um: Fix return value in ubd_init()
- um: Add winch to winch_handlers before registering winch IRQ
- media: stk1160: fix bounds checking in stk1160_copy_video()
- scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy()
- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp
- um: Fix the -Wmissing-prototypes warning for __switch_mm
- media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
- media: cec: cec-api: add locking in cec_release()
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION()
- x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when
UNWINDER_FRAME_POINTER=y
- [Config] Update CONFIG_ARCH_WANT_FRAME_POINTERS
- nfc: nci: Fix uninit-value in nci_rx_work
- sunrpc: fix NFSACL RPC retry on soft mount
- ipv6: sr: fix memleak in seg6_hmac_init_algo
- params: lift param_set_uint_minmax to common code
- tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
- openvswitch: Set the skbuff pkt_type for proper pmtud support.
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
- virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
- net: fec: avoid lock evasion when reading pps_enable
- nfc: nci: Fix kcov check in nci_rx_work()
- nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in
instance_destroy_rcu()
- spi: Don't mark message DMA mapped when no transfer in it is
- nvmet: fix ns enable/disable possible hang
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer
exhaustion
- dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
- enic: Validate length of nl attributes in enic_set_vf_port
- smsc95xx: remove redundant function arguments
- smsc95xx: use usbnet->driver_priv
- net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM
- net:fec: Add fec_enet_deinit()
- netfilter: tproxy: bail out if IP has been disabled on the device
- kconfig: fix comparison to constant symbols, 'm', 'n'
- spi: stm32: Don't warn about spurious interrupts
- ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
- ALSA: timer: Set lower bound of start tick time
- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
- SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
- binder: fix max_thread type inconsistency
- mmc: core: Do not force a retune before RPMB switch
- io_uring: fail NOP if non-zero op flags is passed in
- afs: Don't cross .backup mountpoint from backup volume
- nilfs2: fix use-after-free of timer for log writer thread
- vxlan: Fix regression when dropping packets due to invalid src addresses
- x86/mm: Remove broken vsyscall emulation code from the page fault code
- f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
- media: lgdt3306a: Add a check against null-pointer-def
- drm/amdgpu: add error handle to avoid out-of-bounds
- ata: pata_legacy: make legacy_exit() work again
- ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx
- arm64: tegra: Correct Tegra132 I2C alias
- md/raid5: fix deadlock that raid5d() wait for itself to clear
MD_SB_CHANGE_PENDING
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
- arm64: dts: hi3798cv200: fix the size of GICR
- media: mc: mark the media devnode as registered from the, start
- media: mxl5xx: Move xpt structures off stack
- media: v4l2-core: hold videodev_lock until dev reg, finishes
- fbdev: savage: Handle err return when savagefb_check_var failed
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
- crypto: ecrdsa - Fix module auto-load on add_key
- crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
- net/ipv6: Fix route deleting failure when metric equals 0
- net/9p: fix uninit-value in p9_client_rpc()
- intel_th: pci: Add Meteor Lake-S CPU support
- sparc64: Fix number of online CPUs
- kdb: Fix buffer overflow during tab-complete
- kdb: Use format-strings rather than '0' injection in kdb_read()
- kdb: Fix console handling when editing and tab-completing commands
- kdb: Merge identical case statements in kdb_read()
- kdb: Use format-specifiers rather than memset() for padding in kdb_read()
- net: fix __dst_negative_advice() race
- xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
- sparc: move struct termio to asm/termios.h
- ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
- s390/ap: Fix crash in AP internal function modify_bitmap()
- nfs: fix undefined behavior in nfs_block_bits()
- Linux 5.4.278
* CVE-2024-27019
- netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
- netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
* CVE-2024-26886
- Bluetooth: af_bluetooth: Fix deadlock
* CVE-2023-52752
- smb: client: fix use-after-free bug in cifs_debug_data_proc_show()
* CVE-2022-48674
- erofs: fix pcluster use-after-free on UP platforms
* Focal update: v5.4.277 upstream stable release (LP: #2070179)
- pinctrl: core: handle radix_tree_insert() errors in
pinctrl_register_one_pin()
- ext4: fix bug_on in __es_tree_search
- Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"
- Revert "net: bcmgenet: use RGMII loopback for MAC reset"
- net: bcmgenet: keep MAC in reset until PHY is up
- net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access
- net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()
- net: bcmgenet: synchronize UMAC_CMD access
- smb: client: fix potential OOBs in smb2_parse_contexts()
- arm64: dts: qcom: Fix 'interrupt-map' parent address cells
- btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()
- drm/amdgpu: Fix possible NULL dereference in
amdgpu_ras_query_error_status_helper()
- usb: typec: ucsi: displayport: Fix potential deadlock
- serial: kgdboc: Fix NMI-safety problems from keyboard reset code
- docs: kernel_include.py: Cope with docutils 0.21
- Linux 5.4.277
* Focal update: v5.4.276 upstream stable release (LP: #2069758)
- dmaengine: pl330: issue_pending waits until WFP state
- dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state"
- wifi: nl80211: don't free NULL coalescing rule
- pinctrl: core: delete incorrect free in pinctrl_enable()
- pinctrl: mediatek: Check gpio pin number and use binary search in
mtk_hw_pin_field_lookup()
- pinctrl: mediatek: Supporting driving setting without mapping current to
register value
- pinctrl: mediatek: Refine mtk_pinconf_get() and mtk_pinconf_set()
- pinctrl: mediatek: Refine mtk_pinconf_get()
- pinctrl: mediatek: Backward compatible to previous Mediatek's bias-pull
usage
- pinctrl: mediatek: remove shadow variable declaration
- pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback
- pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic
- pinctrl: mediatek: paris: Rework support for
PIN_CONFIG_{INPUT,OUTPUT}_ENABLE
- sunrpc: add a struct rpc_stats arg to rpc_create_args
- nfs: expose /proc/net/sunrpc/nfs in net namespaces
- nfs: make the rpc_stat per net namespace
- nfs: Handle error of rpc_proc_register() in nfs_net_init().
- power: rt9455: hide unused rt9455_boost_voltage_values
- pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
- s390/mm: Fix storage key clearing for guest huge pages
- s390/mm: Fix clearing storage keys for huge pages
- bna: ensure the copied buf is NUL terminated
- nsh: Restore skb->{protocol,data,mac_header} for outer header in
nsh_gso_segment().
- net l2tp: drop flow hash on forward
- net: qede: use return from qede_parse_flow_attr() for flow_spec
- net: dsa: mv88e6xxx: Add number of MACs in the ATU
- net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341
- net: bridge: fix multicast-to-unicast with fraglist GSO
- tipc: fix a possible memleak in tipc_buf_append
- clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
- scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic
- gfs2: Fix invalid metadata access in punch_hole
- wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc
- wifi: cfg80211: fix rdev_dump_mpp() arguments order
- net: mark racy access on sk->sk_rcvbuf
- scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
- ALSA: line6: Zero-initialize message buffers
- net: bcmgenet: Reset RBUF on first open
- ata: sata_gemini: Check clk_enable() result
- firewire: ohci: mask bus reset interrupts between ISR and bottom half
- tools/power turbostat: Fix added raw MSR output
- tools/power turbostat: Fix Bzy_MHz documentation typo
- btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve
- btrfs: always clear PERTRANS metadata during commit
- scsi: target: Fix SELinux error when systemd-modules loads the target module
- gpu: host1x: Do not setup DMA for virtual devices
- MIPS: scall: Save thread_info.syscall unconditionally on entry
- selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior
- fs/9p: only translate RWX permissions for plain 9P2000
- fs/9p: translate O_TRUNC into OTRUNC
- 9p: explicitly deny setlease attempts
- gpio: wcove: Use -ENOTSUPP consistently
- gpio: crystalcove: Use -ENOTSUPP consistently
- clk: Don't hold prepare_lock when calling kref_put()
- fs/9p: drop inodes immediately on non-.L too
- net:usb:qmi_wwan: support Rolling modules
- pinctrl: mediatek: Fix fallback call path
- xfrm: Preserve vlan tags for transport mode software GRO
- tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
- rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
- phonet: fix rtm_phonet_notify() skb allocation
- net: bridge: fix corrupted ethernet header on multicast-to-unicast
- ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
- net: qede: sanitize 'rc' in qede_add_tc_flower_fltr()
- net: qede: use return from qede_parse_flow_attr() for flower
- firewire: nosy: ensure user_length is taken into account when fetching
packet contents
- usb: gadget: composite: fix OS descriptors w_value logic
- usb: gadget: f_fs: Fix a race condition when processing setup packets.
- tipc: fix UAF in error path
- dyndbg: fix old BUG_ON in >control parser
- drm/vmwgfx: Fix invalid reads in fence signaled events
- net: fix out-of-bounds access in ops_init
- regulator: core: fix debugfs creation regression
- pinctrl: mediatek: Fix fallback behavior for bias_set_combo
- pinctrl: mediatek: Fix some off by one bugs
- pinctrl: mediatek: remove set but not used variable 'e'
- pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback
- Linux 5.4.276
* Freezing user space processes failed after 20.008 seconds (1 tasks refusing
to freeze, wq_busy=0) (LP: #2061091)
- ALSA: Fix deadlocks with kctl removals at disconnection
* CVE-2024-36016
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
* CVE-2022-48655
- firmware: arm_scmi: Harden accesses to the reset domains
* CVE-2024-26907
- RDMA/mlx5: Fix fortify source warning while accessing Eth segment
* CVE-2024-26585
- tls: fix race between tx work scheduling and socket close
* CVE-2024-26584
- net: tls: handle backlogging of crypto requests
* CVE-2024-26583
- net/tls: Replace TLS_RX_SYNC_RUNNING with RCU
- net/tls: Fix use-after-free after the TLS device goes down and up
- tls: splice_read: fix record type check
- tls splice: remove inappropriate flags checking for MSG_PEEK
- tls: splice_read: fix accessing pre-processed records
- tls: Fix context leak on tls_device_down
- net/tls: Check for errors in tls_device_init
- net/tls: Remove the context from the list in tls_device_down
- net/tls: pass context to tls_device_decrypted()
- net/tls: Perform immediate device ctx cleanup when possible
- net/tls: Multi-threaded calls to TX tls_dev_del
- net: tls: avoid discarding data on record close
- tls: rx: don't store the record type in socket context
- tls: rx: don't store the decryption status in socket context
- tls: rx: don't issue wake ups when data is decrypted
- tls: rx: refactor decrypt_skb_update()
- tls: hw: rx: use return value of tls_device_decrypted() to carry status
- tls: rx: drop unnecessary arguments from tls_setup_from_iter()
- tls: rx: don't report text length from the bowels of decrypt
- tls: rx: wrap decryption arguments in a structure
- tls: rx: factor out writing ContentType to cmsg
- tls: rx: don't track the async count
- tls: rx: assume crypto always calls our callback
- tls: rx: use async as an in-out argument
- tls: decrement decrypt_pending if no async completion will be called
- net: tls: fix async vs NIC crypto offload
- tls: rx: simplify async wait
- tls: extract context alloc/initialization out of tls_set_sw_offload
- net: tls: factor out tls_*crypt_async_wait()
- tls: fix race between async notify and socket close
-- Stefan Bader <stefan.bader@canonical.com> Fri, 05 Jul 2024 11:00:53 +0200
linux (5.4.0-189.209) focal; urgency=medium
* focal/linux: 5.4.0-189.209 -proposed tracker (LP: #2068454)
* Focal update: v5.4.275 upstream stable release (LP: #2067865)
- batman-adv: Avoid infinite loop trying to resize local TT
- Bluetooth: Fix memory leak in hci_req_sync_complete()
- nouveau: fix function cast warning
- net: openvswitch: fix unwanted error log on timeout policy probing
- u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file
- geneve: fix header validation in geneve[6]_xmit_skb
- ipv6: fib: hide unused 'pn' variable
- ipv4/route: avoid unused-but-set-variable warning
- ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
- net/mlx5: Properly link new fs rules into the tree
- net: ena: Fix potential sign extension issue
- btrfs: qgroup: correctly model root qgroup rsv in convert
- drm/client: Fully protect modes[] with dev->mode_config.mutex
- vhost: Add smp_rmb() in vhost_vq_avail_empty()
- selftests: timers: Fix abs() warning in posix_timers test
- x86/apic: Force native_apic_mem_read() to use the MOV instruction
- btrfs: record delayed inode root in transaction
- selftests/ftrace: Limit length in subsystem-enable tests
- kprobes: Fix possible use-after-free issue on kprobe registration
- Revert "tracing/trigger: Fix to return error if failed to alloc snapshot"
- netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
- tun: limit printing rate when illegal packet received by tun dev
- RDMA/rxe: Fix the problem "mutex_destroy missing"
- RDMA/mlx5: Fix port number for counter query in multi-port configuration
- drm: nv04: Fix out of bounds access
- clk: Remove prepare_lock hold assertion in __clk_release()
- clk: Mark 'all_lists' as const
- clk: remove extra empty line
- clk: Print an info line before disabling unused clocks
- clk: Initialize struct clk_core kref earlier
- clk: Get runtime PM before walking tree during disable_unused
- x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ
- comedi: vmk80xx: fix incomplete endpoint checking
- serial/pmac_zilog: Remove flawed mitigation for rx irq flood
- USB: serial: option: add Fibocom FM135-GL variants
- USB: serial: option: add support for Fibocom FM650/FG650
- USB: serial: option: add Lonsung U8300/U9300 product
- USB: serial: option: support Quectel EM060K sub-models
- USB: serial: option: add Rolling RW101-GL and RW135-GL support
- USB: serial: option: add Telit FN920C04 rmnet compositions
- usb: dwc2: host: Fix dereference issue in DDMA completion flow.
- speakup: Avoid crash on very long word
- fs: sysfs: Fix reference leak in sysfs_break_active_protection()
- nouveau: fix instmem race condition around ptr stores
- nilfs2: fix OOB in nilfs_set_de_type
- KVM: async_pf: Cleanup kvm_setup_async_pf()
- arm64: dts: rockchip: fix alphabetical ordering RK3399 puma
- arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma
- arm64: dts: mediatek: mt7622: fix IR nodename
- arm64: dts: mediatek: mt7622: fix ethernet controller "compatible"
- arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block
- arm64: dts: mt2712: add ethernet device node
- arm64: dts: mediatek: mt2712: fix validation errors
- ARC: [plat-hsdk]: Remove misplaced interrupt-cells property
- vxlan: drop packets from invalid src-address
- mlxsw: core: Unregister EMAD trap using FORWARD action
- NFC: trf7970a: disable all regulators on removal
- net: usb: ax88179_178a: stop lying about skb->truesize
- net: gtp: Fix Use-After-Free in gtp_dellink
- ipvs: Fix checksumming on GSO of SCTP packets
- net: openvswitch: Fix Use-After-Free in ovs_ct_exit
- mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work
- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update
- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash
- mlxsw: spectrum_acl_tcam: Rate limit error message
- mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
- mlxsw: spectrum_acl_tcam: Fix warning during rehash
- mlxsw: spectrum_acl_tcam: Fix incorrect list API usage
- mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work
- i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
- iavf: Fix TC config comparison with existing adapter TC config
- af_unix: Suppress false-positive lockdep splat for spin_lock() in
__unix_gc().
- serial: core: Provide port lock wrappers
- serial: mxs-auart: add spinlock around changing cts state
- Revert "crypto: api - Disallow identical driver names"
- net/mlx5e: Fix a race in command alloc flow
- tracing: Show size of requested perf buffer
- tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker
together
- Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853
- btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
- arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma
- drm/amdgpu: Fix leak when GPU memory allocation fails
- irqchip/gic-v3-its: Prevent double free on error
- ethernet: Add helper for assigning packet type when dest address does not
match device address
- net: b44: set pause params only when interface is up
- stackdepot: respect __GFP_NOLOCKDEP allocation flag
- mtd: diskonchip: work around ubsan link failure
- tcp: Clean up kernel listener's reqsk in inet_twsk_purge()
- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()
- dmaengine: owl: fix register access functions
- idma64: Don't try to serve interrupts when device is powered off
- i2c: smbus: fix NULL function pointer dereference
- HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
- bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS
- udp: preserve the connected status if only UDP cmsg
- serial: core: fix kernel-doc for uart_port_unlock_irqrestore()
- Linux 5.4.275
* Focal update: v5.4.274 upstream stable release (LP: #2067857)
- amdkfd: use calloc instead of kzalloc to avoid integer overflow
- Documentation/hw-vuln: Update spectre doc
- x86/cpu: Support AMD Automatic IBRS
- x86/bugs: Use sysfs_emit()
- timers: Update kernel-doc for various functions
- timers: Use del_timer_sync() even on UP
- timers: Rename del_timer_sync() to timer_delete_sync()
- media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
- clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
- smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
- smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
- ARM: dts: mmp2-brownstone: Don't redeclare phandle references
- arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
- serial: max310x: fix NULL pointer dereference in I2C instantiation
- KVM: Always flush async #PF workqueue when vCPU is being destroyed
- sparc64: NMI watchdog: fix return value of __setup handler
- sparc: vDSO: fix return value of __setup handler
- crypto: qat - fix double free during reset
- crypto: qat - resolve race condition during AER recovery
- selftests/mqueue: Set timeout to 180 seconds
- ext4: correct best extent lstart adjustment logic
- fat: fix uninitialized field in nostale filehandles
- ubifs: Set page uptodate in the correct place
- ubi: Check for too small LEB size in VTBL code
- ubi: correct the calculation of fastmap size
- mtd: rawnand: meson: fix scrambling mode value in command macro
- parisc: Do not hardcode registers in checksum functions
- parisc: Fix ip_fast_csum
- parisc: Fix csum_ipv6_magic on 32-bit systems
- parisc: Fix csum_ipv6_magic on 64-bit systems
- parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
- PM: suspend: Set mem_sleep_current during kernel command line setup
- clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
- clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
- clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
- powerpc/fsl: Fix mfpmr build errors with newer binutils
- USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
- USB: serial: add device ID for VeriFone adapter
- USB: serial: cp210x: add ID for MGP Instruments PDS100
- USB: serial: option: add MeiG Smart SLM320 product
- USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
- PM: sleep: wakeirq: fix wake irq warning in system suspend
- mmc: tmio: avoid concurrent runs of mmc_request_done()
- fuse: don't unhash root
- btrfs: fix off-by-one chunk length calculation at contains_pending_extent()
- PCI: Drop pci_device_remove() test of pci_dev->driver
- PCI/PM: Drain runtime-idle callbacks before driver removal
- Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d""
- dm-raid: fix lockdep waring in "pers->hot_add_disk"
- mmc: core: Fix switch on gp3 partition
- hwmon: (amc6821) add of_match table
- ext4: fix corruption during on-line resize
- firmware: meson_sm: Rework driver as a proper platform driver
- nvmem: meson-efuse: fix function pointer type mismatch
- slimbus: core: Remove usage of the deprecated ida_simple_xx() API
- speakup: Fix 8bit characters from direct synth
- kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
- vfio/platform: Disable virqfds on cleanup
- ring-buffer: Fix resetting of shortest_full
- ring-buffer: Fix full_waiters_pending in poll
- soc: fsl: qbman: Always disable interrupts when taking cgr_lock
- soc: fsl: qbman: Add helper for sanity checking cgr ops
- soc: fsl: qbman: Add CGR update function
- soc: fsl: qbman: Use raw spinlock for cgr_lock
- s390/zcrypt: fix reference counting on zcrypt card objects
- drm/exynos: do not return negative values from .get_modes()
- drm/imx/ipuv3: do not return negative values from .get_modes()
- drm/vc4: hdmi: do not return negative values from .get_modes()
- memtest: use {READ,WRITE}_ONCE in memory scanning
- nilfs2: fix failure to detect DAT corruption in btree and direct mappings
- nilfs2: use a more common logging style
- nilfs2: prevent kernel bug at submit_bh_wbc()
- x86/CPU/AMD: Update the Zenbleed microcode revisions
- ahci: asm1064: correct count of reported ports
- ahci: asm1064: asm1166: don't limit reported ports
- dm snapshot: fix lockup in dm_exception_table_exit
- comedi: comedi_test: Prevent timers rescheduling during deletion
- netfilter: nf_tables: reject constant set with timeout
- xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
- ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897
platform
- USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
- usb: gadget: ncm: Fix handling of zero block length packets
- usb: port: Don't try to peer unused USB ports based on location
- tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
- vt: fix unicode buffer corruption when deleting characters
- fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
- objtool: is_fentry_call() crashes if call has no destination
- objtool: Add support for intra-function calls
- x86/speculation: Support intra-function call validation
- xen/events: close evtchn after mapping cleanup
- printk: Update @console_may_schedule in console_trylock_spinning()
- btrfs: allocate btrfs_ioctl_defrag_range_args on stack
- Revert "loop: Check for overflow while configuring loop"
- loop: Call loop_config_discard() only after new config is applied
- loop: Remove sector_t truncation checks
- loop: Factor out setting loop device size
- loop: Refactor loop_set_status() size calculation
- loop: Factor out configuring loop from status
- loop: Check for overflow while configuring loop
- loop: loop_set_status_from_info() check before assignment
- perf/core: Fix reentry problem in perf_output_read_group()
- efivarfs: Request at most 512 bytes for variable names
- powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
- bounds: support non-power-of-two CONFIG_NR_CPUS
- vt: fix memory overlapping when deleting chars in the buffer
- mm/memory-failure: fix an incorrect use of tail pages
- mm/migrate: set swap entry values of THP tail pages properly.
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
- exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
- mmc: core: Initialize mmc_blk_ioc_data
- mmc: core: Avoid negative index with array access
- ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
- scsi: core: Fix unremoved procfs host directory regression
- usb: dwc2: host: Fix remote wakeup from hibernation
- usb: dwc2: host: Fix hibernation flow
- usb: dwc2: host: Fix ISOC flow in DDMA mode
- usb: dwc2: gadget: LPM flow fix
- usb: udc: remove warning when queue disabled ep
- scsi: qla2xxx: Fix command flush on cable pull
- x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
- scsi: lpfc: Correct size for wqe for memset()
- USB: core: Fix deadlock in usb_deauthorize_interface()
- nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
- ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
- tcp: properly terminate timers for kernel sockets
- dm integrity: fix out-of-range warning
- r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
- Bluetooth: hci_event: set the conn encrypted before conn establishes
- Bluetooth: Fix TOCTOU in HCI debugfs implementation
- netfilter: nf_tables: disallow timeout for anonymous sets
- net/rds: fix possible cp null dereference
- vfio/pci: Disable auto-enable of exclusive INTx IRQ
- vfio/pci: Lock external INTx masking ops
- vfio: Introduce interface to flush virqfd inject workqueue
- vfio/pci: Create persistent INTx handler
- vfio/platform: Create persistent IRQ handlers
- Revert "x86/mm/ident_map: Use gbpages only where full GB page should be
mapped."
- mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL
allocations
- netfilter: nf_tables: flush pending destroy work before exit_net release
- netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
- bpf, sockmap: Prevent lock inversion deadlock in map delete elem
- net/sched: act_skbmod: prevent kernel-infoleak
- net: stmmac: fix rx queue priority assignment
- selftests: reuseaddr_conflict: add missing new line at the end of the output
- ipv6: Fix infinite recursion in fib6_dump_done().
- i40e: fix vf may be used uninitialized in this function warning
- staging: mmal-vchiq: Allocate and free components as required
- staging: mmal-vchiq: Fix client_component for 64 bit kernel
- staging: vc04_services: changen strncpy() to strscpy_pad()
- staging: vc04_services: fix information leak in create_component()
- fs: add a vfs_fchown helper
- fs: add a vfs_fchmod helper
- initramfs: switch initramfs unpacking to struct file based APIs
- init: open /initrd.image with O_LARGEFILE
- erspan: Add type I version 0 support.
- erspan: make sure erspan_base_hdr is present in skb->head
- net: ravb: Always process TX descriptor ring
- ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
- ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
- scsi: mylex: Fix sysfs buffer lengths
- ata: sata_mv: Fix PCI device ID table declaration compilation warning
- ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with
microphone
- x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()
- s390/entry: align system call table on 8 bytes
- wifi: ath9k: fix LNA selection in ath_ant_try_scan()
- VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
- panic: Flush kernel log buffer at the end
- arm64: dts: rockchip: fix rk3328 hdmi ports node
- arm64: dts: rockchip: fix rk3399 hdmi ports node
- ionic: set adminq irq affinity
- tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
- btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
- btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
- btrfs: send: handle path ref underflow in header iterate_inode_ref()
- Bluetooth: btintel: Fix null ptr deref in btintel_read_version
- Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
- sysv: don't call sb_bread() with pointers_lock held
- scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
- isofs: handle CDs with bad root inode but good Joliet root directory
- media: sta2x11: fix irq handler cast
- drm/amd/display: Fix nanosec stat overflow
- SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned
int
- Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
- block: prevent division by zero in blk_rq_stat_sum()
- Input: allocate keycode for Display refresh rate toggle
- ktest: force $buildonly = 1 for 'make_warnings_file' test type
- tools: iio: replace seekdir() in iio_generic_buffer
- usb: typec: tcpci: add generic tcpci fallback compatible
- usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
- fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
- fbmon: prevent division by zero in fb_videomode_from_videomode()
- netfilter: nf_tables: reject new basechain after table flag update
- netfilter: nf_tables: discard table flag update with pending basechain
deletion
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
- drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put()
- virtio: reenable config if freezing device failed
- x86/mm/pat: fix VM_PAT handling in COW mappings
- drm/i915/gt: Reset queue_priority_hint on parking
- x86/alternative: Don't call text_poke() in lazy TLB mode
- Bluetooth: btintel: Fixe build regression
- VMCI: Fix possible memcpy() run-time warning in
vmci_datagram_invoke_guest_handler()
- erspan: Check IFLA_GRE_ERSPAN_VER is set.
- ip_gre: do not report erspan version on GRE interface
- firmware: meson_sm: fix to avoid potential NULL pointer dereference
- Linux 5.4.274
* CVE-2024-26586
- mlxsw: spectrum_acl_tcam: Fix stack corruption
* CVE-2024-26923
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
- af_unix: Fix garbage collector racing against connect()
* Focal update: v5.4.273 upstream stable release (LP: #2064561)
- io_uring/unix: drop usage of io_uring socket
- io_uring: drop any code related to SCM_RIGHTS
- selftests: tls: use exact comparison in recv_partial
- ASoC: rt5645: Make LattePanda board DMI match more precise
- x86/xen: Add some null pointer checking to smp.c
- MIPS: Clear Cause.BD in instruction_pointer_set
- HID: multitouch: Add required quirk for Synaptics 0xcddc device
- RDMA/mlx5: Relax DEVX access upon modify commands
- net/iucv: fix the allocation size of iucv_path_table array
- parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check
- block: sed-opal: handle empty atoms when parsing response
- dm-verity, dm-crypt: align "struct bvec_iter" correctly
- btrfs: fix data race at btrfs_use_block_rsv() when accessing block reserve
- scsi: mpt3sas: Prevent sending diag_reset when the controller is ready
- Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
- firewire: core: use long bus reset on gap count error
- ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet
- Input: gpio_keys_polled - suppress deferred probe error for gpio
- ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC
- ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode
- ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll
- do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
- fs/select: rework stack allocation hack for clang
- timekeeping: Fix cross-timestamp interpolation on counter wrap
- timekeeping: Fix cross-timestamp interpolation corner case decision
- timekeeping: Fix cross-timestamp interpolation for non-x86
- wifi: ath10k: fix NULL pointer dereference in
ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()
- b43: dma: Fix use true/false for bool type variable
- wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
- wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled
- b43: main: Fix use true/false for bool type
- wifi: b43: Stop correct queue in DMA worker when QoS is disabled
- wifi: b43: Disable QoS for bcm4331
- wifi: wilc1000: fix declarations ordering
- wifi: wilc1000: fix RCU usage in connect path
- wifi: mwifiex: debugfs: Drop unnecessary error check for
debugfs_create_dir()
- sock_diag: annotate data-races around sock_diag_handlers[family]
- af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc().
- net: blackhole_dev: fix build warning for ethh set but not used
- wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
- arm64: dts: mediatek: mt7622: add missing "device_type" to memory nodes
- bpf: Add typecast to bpf helpers to help BTF generation
- bpf: Factor out bpf_spin_lock into helpers.
- bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly
- arm64: dts: qcom: db820c: Move non-soc entries out of /soc
- arm64: dts: qcom: msm8996: Use node references in db820c
- arm64: dts: qcom: msm8996: Move regulator consumers to db820c
- arm64: dts: qcom: msm8996: Pad addresses
- ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
- bus: tegra-aconnect: Update dependency to ARCH_TEGRA
- [Config]: Update tegra configs
- iommu/amd: Mark interrupt as managed
- wifi: brcmsmac: avoid function pointer casts
- net: ena: Remove ena_select_queue
- ARM: dts: arm: realview: Fix development chip ROM compatible value
- ARM: dts: imx6dl-yapp4: Move phy reset into switch node
- ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address
- ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node
- ACPI: scan: Fix device check notification handling
- x86, relocs: Ignore relocations in .notes section
- SUNRPC: fix some memleaks in gssx_dec_option_array
- mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove
function
- igb: move PEROUT and EXTTS isr logic to separate functions
- igb: Fix missing time sync events
- Bluetooth: Remove superfluous call to hci_conn_check_pending()
- sr9800: Add check for usbnet_get_endpoints
- bpf: Fix hashtab overflow check on 32-bit arches
- bpf: Fix stackmap overflow check on 32-bit arches
- ipv6: fib6_rules: flush route cache when rule is changed
- net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
- net: hns3: fix port duplex configure error in IMP reset
- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function
- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt()
function
- udp: fix incorrect parameter validation in the udp_lib_getsockopt() function
- net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function
- net/x25: fix incorrect parameter validation in the x25_getsockopt() function
- nfp: flower: handle acti_netdevs allocation failure
- dm raid: fix false positive for requeue needed during reshape
- dm: call the resume method on internal suspend
- drm/tegra: dsi: Add missing check for of_find_device_by_node
- gpu: host1x: mipi: Update tegra_mipi_request() to be node based
- drm/tegra: dsi: Make use of the helper function dev_err_probe()
- drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe()
- drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path
of tegra_dsi_probe()
- drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths
of tegra_output_probe()
- drm/rockchip: inno_hdmi: Fix video timing
- drm: Don't treat 0 as -1 in drm_fixp2int_ceil
- drm/rockchip: lvds: do not overwrite error code
- dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA
- media: tc358743: register v4l2 async device only after successful setup
- PCI/DPC: Print all TLP Prefixes, not just the first
- perf record: Fix possible incorrect free in record__switch_output()
- drm/amd/display: Fix potential NULL pointer dereferences in
'dcn10_set_output_transfer_func()'
- perf evsel: Fix duplicate initialization of data->id in
evsel__parse_sample()
- media: em28xx: annotate unchecked call to media_device_register()
- media: v4l2-tpg: fix some memleaks in tpg_alloc
- media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
- media: edia: dvbdev: fix a use-after-free
- clk: qcom: reset: Allow specifying custom reset delay
- clk: qcom: reset: support resetting multiple bits
- clk: qcom: reset: Commonize the de/assert functions
- clk: qcom: reset: Ensure write completion on reset de/assertion
- quota: simplify drop_dquot_ref()
- quota: Fix potential NULL pointer dereference
- quota: Fix rcu annotations of inode dquot pointers
- PCI: switchtec: Fix an error handling path in switchtec_pci_probe()
- perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str()
- drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode()
- ALSA: seq: fix function cast warnings
- perf stat: Avoid metric-only segv
- media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
- media: go7007: add check of return value of go7007_read_addr()
- media: pvrusb2: remove redundant NULL check
- media: pvrusb2: fix pvr2_stream_callback casts
- clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times
- drm/mediatek: dsi: Fix DSI RGB666 formats and definitions
- PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
- clk: hisilicon: hi3519: Release the correct number of gates in
hi3519_clk_unregister()
- drm/tegra: put drm_gem_object ref on error in tegra_fb_create
- mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref
- mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a
ref
- crypto: arm/sha - fix function cast warnings
- mtd: maps: physmap-core: fix flash size larger than 32-bit
- mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
- ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs
- drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int()
- media: pvrusb2: fix uaf in pvr2_context_set_notify
- media: dvb-frontends: avoid stack overflow warnings with clang
- media: go7007: fix a memleak in go7007_load_encoder
- media: v4l2-core: correctly validate video and metadata ioctls
- media: rename VFL_TYPE_GRABBER to _VIDEO
- media: media/pci: rename VFL_TYPE_GRABBER to _VIDEO
- media: ttpci: fix two memleaks in budget_av_attach
- drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip
- powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks
- drm/msm/dpu: add division of drm_display_mode's hskew parameter
- powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc.
- backlight: lm3630a: Initialize backlight_properties on init
- backlight: lm3630a: Don't set bl->props.brightness in get_brightness
- backlight: da9052: Fully initialize backlight_properties during probe
- backlight: lm3639: Fully initialize backlight_properties during probe
- backlight: lp8788: Fully initialize backlight_properties during probe
- sparc32: Fix section mismatch in leon_pci_grpci
- clk: Fix clk_core_get NULL dereference
- ALSA: usb-audio: Stop parsing channels bits when all channels are found.
- scsi: csiostor: Avoid function pointer casts
- RDMA/device: Fix a race between mad_client and cm_client init
- scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
- net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
- watchdog: stm32_iwdg: initialize default timeout
- NFS: Fix an off by one in root_nfs_cat()
- afs: Revert "afs: Hide silly-rename files from userspace"
- tty: vt: fix 20 vs 0x20 typo in EScsiignore
- serial: max310x: fix syntax error in IRQ error message
- tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
- kconfig: fix infinite loop when expanding a macro at the end of file
- rtc: mt6397: select IRQ_DOMAIN instead of depending on it
- serial: 8250_exar: Don't remove GPIO device on suspend
- staging: greybus: fix get_channel_from_mode() failure path
- usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin
- octeontx2-af: Use matching wake_up API variant in CGX command interface
- s390/vtime: fix average steal time calculation
- hsr: Fix uninit-value access in hsr_get_node()
- packet: annotate data-races around ignore_outgoing
- rds: introduce acquire/release ordering in acquire/release_in_xmit()
- hsr: Handle failures in module init
- net/bnx2x: Prevent access to a freed page in page_pool
- octeontx2-af: Use separate handlers for interrupts
- ARM: dts: sun8i-h2-plus-bananapi-m2-zero: add regulator nodes vcc-dram and
vcc1v2
- netfilter: nf_tables: do not compare internal table flags on updates
- rcu: add a helper to report consolidated flavor QS
- bpf: report RCU QS in cpumap kthread
- spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
- regmap: Add missing map->bus check
- Linux 5.4.273
* Focal update: v5.4.272 upstream stable release (LP: #2064555)
- lan78xx: Fix white space and style issues
- lan78xx: Add missing return code checks
- lan78xx: Fix partial packet errors on suspend/resume
- lan78xx: Fix race conditions in suspend/resume handling
- net: lan78xx: fix runtime PM count underflow on link stop
- ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able
- geneve: make sure to pull inner header in geneve_rx()
- net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
- net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
- net/rds: fix WARNING in rds_conn_connect_if_down
- netfilter: nft_ct: fix l3num expectations with inet pseudo family
- netfilter: nf_conntrack_h323: Add protection for bmp length out of range
- netrom: Fix a data-race around sysctl_netrom_default_path_quality
- netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser
- netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser
- netrom: Fix a data-race around sysctl_netrom_transport_timeout
- netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries
- netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay
- netrom: Fix a data-race around sysctl_netrom_transport_busy_delay
- netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size
- netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout
- netrom: Fix a data-race around sysctl_netrom_routing_control
- netrom: Fix a data-race around sysctl_netrom_link_fails_count
- netrom: Fix data-races around sysctl_net_busy_read
- selftests: mm: fix map_hugetlb failure on 64K page size systems
- um: allow not setting extra rpaths in the linux binary
- serial: max310x: Use devm_clk_get_optional() to get the input clock
- serial: max310x: Try to get crystal clock rate from property
- serial: max310x: fail probe if clock crystal is unstable
- serial: max310x: Make use of device properties
- serial: max310x: use regmap methods for SPI batch operations
- serial: max310x: use a separate regmap for each port
- serial: max310x: prevent infinite while() loop in port startup
- Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number
- hv_netvsc: use netif_is_bond_master() instead of open code
- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
- y2038: rusage: use __kernel_old_timeval
- getrusage: add the "signal_struct *sig" local variable
- getrusage: move thread_group_cputime_adjusted() outside of
lock_task_sighand()
- getrusage: use __for_each_thread()
- getrusage: use sig->stats_lock rather than lock_task_sighand()
- serial: max310x: Unprepare and disable clock in error path
- regmap: allow to define reg_update_bits for no bus configuration
- regmap: Add bulk read/write callbacks into regmap_config
- serial: max310x: make accessing revision id interface-agnostic
- serial: max310x: implement I2C support
- serial: max310x: fix IO data corruption in batched operations
- arm64: dts: qcom: add PDC interrupt controller for SDM845
- arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts
- Linux 5.4.272
* CVE-2024-23307
- md/raid5: fix atomicity violation in raid5_cache_count
* CVE-2024-26889
- Bluetooth: hci_core: Fix possible buffer overflow
* CVE-2024-26828
- cifs: fix underflow in parse_server_interfaces()
* CVE-2024-24861
- media: xc4000: Fix atomicity violation in xc4000_get_frequency
* CVE-2023-6270
- aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
* CVE-2024-26642
- netfilter: nf_tables: disallow anonymous set with timeout flag
* CVE-2024-26926
- binder: check offset alignment in binder_get_object()
* CVE-2024-26922
- drm/amdgpu: validate the parameters of bo mapping operations more clearly
* CVE-2024-26925
- netfilter: Cleanup nft_net->module_list from nf_tables_exit_net()
- netfilter: nf_tables: release batch on table validation from abort path
- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
* CVE-2024-26643
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with
timeout
* CVE-2024-2201
- x86/cpufeatures: Add new word for scattered features
- x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
- x86/bhi: Add support for clearing branch history at syscall entry
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S
- x86/bhi: Enumerate Branch History Injection (BHI) bug
- x86/bhi: Add BHI mitigation knob
- x86/bhi: Mitigate KVM by default
- [Config] updateconfigs for CONFIG_BHI_{AUTO|ON|OFF}
- x86/bugs: Fix BHI documentation
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES
- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr'
- x86/bugs: Fix BHI handling of RRSBA
- x86/bugs: Clarify that syscall hardening isn't a BHI mitigation
- x86/bugs: Fix BHI retpoline check
-- Stefan Bader <stefan.bader@canonical.com> Fri, 07 Jun 2024 15:07:46 +0200
linux (5.4.0-186.206) focal; urgency=medium
* focal/linux: 5.4.0-186.206 -proposed tracker (LP: #2063812)
* Mount CIFS fails with Permission denied (LP: #2061986)
- cifs: fix ntlmssp auth when there is no key exchange
* USB stick can't be detected (LP: #2040948)
- usb: Disable USB3 LPM at shutdown
* CVE-2024-26733
- net: dev: Convert sa_data to flexible array in struct sockaddr
- arp: Prevent overflow in arp_req_get().
- stddef: Introduce DECLARE_FLEX_ARRAY() helper
* CVE-2024-26712
- powerpc/kasan: Fix addr error caused by page alignment
* CVE-2023-52530
- wifi: mac80211: fix potential key use-after-free
* CVE-2021-47063
- drm: bridge/panel: Cleanup connector on bridge detach
* [Ubuntu 22.04.4/linux-image-6.5.0-26-generic] Kernel output "UBSAN: array-
index-out-of-bounds in /build/linux-hwe-6.5-34pCLi/linux-
hwe-6.5-6.5.0/drivers/net/hyperv/netvsc.c:1445:41" multiple times,
especially during boot. (LP: #2058477)
- hv: hyperv.h: Replace one-element array with flexible-array member
* CVE-2024-26614
- tcp: make sure init the accept_queue's spinlocks once
- ipv6: init the accept_queue's spinlocks in inet6_create
* Focal update: v5.4.271 upstream stable release (LP: #2060216)
- netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
- net: ip_tunnel: prevent perpetual headroom growth
- tun: Fix xdp_rxq_info's queue_index when detaching
- ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
- lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is
detected
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read
- Bluetooth: Avoid potential use-after-free in hci_error_reset
- Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
- Bluetooth: Enforce validation on max value of connection interval
- netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
- rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
- efi/capsule-loader: fix incorrect allocation size
- power: supply: bq27xxx-i2c: Do not free non existing IRQ
- ALSA: Drop leftover snd-rtctimer stuff from Makefile
- afs: Fix endless loop in directory parsing
- gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
- wifi: nl80211: reject iftype change with mesh ID change
- btrfs: dev-replace: properly validate device names
- dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
- dmaengine: fsl-qdma: init irq after reg initialization
- mmc: core: Fix eMMC initialization with 1-bit bus connection
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers
- cachefiles: fix memory leak in cachefiles_add_cache()
- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
- gpio: 74x164: Enable output pins after registers are reset
- Linux 5.4.271
* Focal update: v5.4.270 upstream stable release (LP: #2060019)
- KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table()
- KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
- net/sched: Retire CBQ qdisc
- [Config] updateconfigs for NET_SCH_CBQ
- net/sched: Retire ATM qdisc
- [Config] updateconfigs for NET_SCH_ATM
- net/sched: Retire dsmark qdisc
- [Config] updateconfigs for NET_SCH_DSMARK
- sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
- memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock()
- nilfs2: replace WARN_ONs for invalid DAT metadata block requests
- userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
- sched/rt: Fix sysctl_sched_rr_timeslice intial value
- sched/rt: Disallow writing invalid values to sched_rt_period_us
- scsi: target: core: Add TMF to tmr_list handling
- dmaengine: shdma: increase size of 'dev_id'
- dmaengine: fsl-qdma: increase size of 'irq_name'
- wifi: cfg80211: fix missing interfaces when dumping
- wifi: mac80211: fix race condition on enabling fast-xmit
- fbdev: savage: Error out if pixclock equals zero
- fbdev: sis: Error out if pixclock equals zero
- ahci: asm1166: correct count of reported ports
- ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers
- ext4: avoid allocating blocks from corrupted group in
ext4_mb_try_best_found()
- ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
- regulator: pwm-regulator: Add validity checks in continuous .get_voltage
- nvmet-tcp: fix nvme tcp ida memory leak
- ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
- netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in
sctp_new
- nvmet-fc: abort command when there is no binding
- hwmon: (coretemp) Enlarge per package core count limit
- scsi: lpfc: Use unsigned type for num_sge
- firewire: core: send bus reset promptly on gap count error
- virtio-blk: Ensure no requests in virtqueues before deleting vqs.
- s390/qeth: Fix potential loss of L3-IP@ in case of network issues
- pmdomain: renesas: r8a77980-sysc: CR7 must be always on
- tcp: factor out __tcp_close() helper
- tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit
- tcp: add annotations around sk->sk_shutdown accesses
- pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours
- pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
- spi: mt7621: Fix an error message in mt7621_spi_probe()
- net: bridge: clear bridge's private skb space on xmit
- selftests/bpf: Avoid running unprivileged tests with alignment requirements
- Revert "drm/sun4i: dsi: Change the start delay calculation"
- drm/amdgpu: Check for valid number of registers to read
- x86/alternatives: Disable KASAN in apply_alternatives()
- dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata()
- iomap: Set all uptodate bits for an Uptodate page
- drm/amdgpu: Fix type of second parameter in trans_msg() callback
- arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node
- PCI: tegra: Fix reporting GPIO error value
- PCI: tegra: Fix OF node reference leak
- IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
- dm-crypt: don't modify the data when using authenticated encryption
- gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
- PCI/MSI: Prevent MSI hardware interrupt number truncation
- l2tp: pass correct message length to ip6_append_data
- ARM: ep93xx: Add terminator to gpiod_lookup_table
- usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()
- usb: cdns3: fix memory double free when handle zero packet
- usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
- usb: roles: don't get/set_role() when usb_role_switch is unregistered
- IB/hfi1: Fix a memleak in init_credit_return
- RDMA/bnxt_re: Return error for SRQ resize
- RDMA/srpt: Make debug output more detailed
- RDMA/srpt: fix function pointer cast warnings
- scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions
- bpf, scripts: Correct GPL license name
- scsi: jazz_esp: Only build if SCSI core is builtin
- nouveau: fix function cast warnings
- ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid
- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
- afs: Increase buffer size in afs_update_volume_status()
- ipv6: sr: fix possible use-after-free and null-ptr-deref
- packet: move from strlcpy with unused retval to strscpy
- s390: use the correct count for __iowrite64_copy()
- tls: rx: jump to a more appropriate label
- tls: rx: drop pointless else after goto
- tls: stop recv() if initial process_rx_list gave us non-DATA
- netfilter: nf_tables: set dormant flag on hook register failure
- drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3
- drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set
- fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
- scripts/bpf: Fix xdp_md forward declaration typo
- Linux 5.4.270
* CVE-2023-47233
- wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
* CVE-2021-47070
- uio: uio_hv_generic: use devm_kzalloc() for private data alloc
- uio_hv_generic: Fix another memory leak in error handling paths
* CVE-2024-26622
- tomoyo: fix UAF write bug in tomoyo_write_control()
-- Roxana Nicolescu <roxana.nicolescu@canonical.com> Fri, 26 Apr 2024 14:01:17 +0200
linux (5.4.0-181.201) focal; urgency=medium
* focal/linux: 5.4.0-181.201 -proposed tracker (LP: #2059549)
* Packaging resync (LP: #1786013)
- [Packaging] drop getabis data
* Drop fips-checks script from trees (LP: #2055083)
- [Packaging] Remove fips-checks script
* Remove getabis scripts (LP: #2059143)
- [Packaging] Remove getabis
* Focal update: v5.4.269 upstream stable release (LP: #2058948)
- PCI: mediatek: Clear interrupt status before dispatching handler
- include/linux/units.h: add helpers for kelvin to/from Celsius conversion
- units: Add Watt units
- units: change from 'L' to 'UL'
- units: add the HZ macros
- serial: sc16is7xx: set safe default SPI clock frequency
- spi: introduce SPI_MODE_X_MASK macro
- serial: sc16is7xx: add check for unsupported SPI modes during probe
- ext4: allow for the last group to be marked as trimmed
- crypto: api - Disallow identical driver names
- PM: hibernate: Enforce ordering during image compression/decompression
- hwrng: core - Fix page fault dead lock on mmap-ed hwrng
- rpmsg: virtio: Free driver_override when rpmsg_remove()
- parisc/firmware: Fix F-extend for PDC addresses
- arm64: dts: qcom: sdm845: fix USB wakeup interrupt types
- mmc: core: Use mrq.sbc in close-ended ffu
- nouveau/vmm: don't set addr on the fail path to avoid warning
- ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
- rename(): fix the locking of subdirectories
- block: Remove special-casing of compound pages
- mtd: spinand: macronix: Fix MX35LFxGE4AD page size
- fs: add mode_strip_sgid() helper
- fs: move S_ISGID stripping into the vfs_*() helpers
- powerpc: Use always instead of always-y in for crtsavres.o
- x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum
- net/smc: fix illegal rmb_desc access in SMC-D connection dump
- vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
- llc: make llc_ui_sendmsg() more robust against bonding changes
- llc: Drop support for ETH_P_TR_802_2.
- net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
- tracing: Ensure visibility when inserting an element into tracing_map
- afs: Hide silly-rename files from userspace
- tcp: Add memory barrier to tcp_push()
- netlink: fix potential sleeping issue in mqueue_flush_file
- net/mlx5: DR, Use the right GVMI number for drop action
- net/mlx5: Use kfree(ft->g) in arfs_create_groups()
- net/mlx5e: fix a double-free in arfs_create_groups
- netfilter: nf_tables: restrict anonymous set and map names to 16 bytes
- netfilter: nf_tables: validate NFPROTO_* family
- fjes: fix memleaks in fjes_hw_setup
- net: fec: fix the unhandled context fault from smmu
- btrfs: ref-verify: free ref cache before clearing mount opt
- btrfs: tree-checker: fix inline ref size in error messages
- btrfs: don't warn if discard range is not aligned to sector
- btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args
- rbd: don't move requests to the running list on errors
- gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04
- drm: Don't unref the same fb many times by mistake due to deadlock handling
- drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking
- drm/bridge: nxp-ptn3460: simplify some error checking
- drm/exynos: fix accidental on-stack copy of exynos_drm_plane
- drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume
- gpio: eic-sprd: Clear interrupt after set the interrupt type
- spi: bcm-qspi: fix SFDP BFPT read by usig mspi read
- mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan
- tick/sched: Preserve number of idle sleeps across CPU hotplug events
- x86/entry/ia32: Ensure s32 is sign extended to s64
- powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
- powerpc: Fix build error due to is_valid_bugaddr()
- powerpc/mm: Fix build failures due to arch_reserved_kernel_pages()
- powerpc: pmd_move_must_withdraw() is only needed for
CONFIG_TRANSPARENT_HUGEPAGE
- powerpc/lib: Validate size for vector operations
- x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel
- perf/core: Fix narrow startup race when creating the perf nr_addr_filters
sysfs file
- regulator: core: Only increment use_count when enable_count changes
- audit: Send netlink ACK before setting connection in auditd_set
- ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
- PNP: ACPI: fix fortify warning
- ACPI: extlog: fix NULL pointer dereference check
- FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
- jfs: fix slab-out-of-bounds Read in dtSearch
- jfs: fix array-index-out-of-bounds in dbAdjTree
- pstore/ram: Fix crash when setting number of cpus to an odd number
- crypto: stm32/crc32 - fix parsing list of devices
- afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
- rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
- jfs: fix array-index-out-of-bounds in diNewExt
- s390/ptrace: handle setting of fpc register correctly
- KVM: s390: fix setting of fpc register
- SUNRPC: Fix a suspicious RCU usage warning
- ecryptfs: Reject casefold directory inodes
- ext4: fix inconsistent between segment fstrim and full fstrim
- ext4: unify the type of flexbg_size to unsigned int
- ext4: remove unnecessary check from alloc_flex_gd()
- ext4: avoid online resizing failures due to oversized flex bg
- wifi: rt2x00: restart beacon queue when hardware reset
- selftests/bpf: satisfy compiler by having explicit return in btf test
- selftests/bpf: Fix pyperf180 compilation failure with clang18
- scsi: lpfc: Fix possible file string name overflow when updating firmware
- PCI: Add no PM reset quirk for NVIDIA Spectrum devices
- bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
- ARM: dts: imx7d: Fix coresight funnel ports
- ARM: dts: imx7s: Fix lcdif compatible
- ARM: dts: imx7s: Fix nand-controller #size-cells
- wifi: ath9k: Fix potential array-index-out-of-bounds read in
ath9k_htc_txstatus()
- bpf: Add map and need_defer parameters to .map_fd_put_ptr()
- scsi: libfc: Don't schedule abort twice
- scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
- ARM: dts: rockchip: fix rk3036 hdmi ports node
- ARM: dts: imx25/27-eukrea: Fix RTC node name
- ARM: dts: imx: Use flash@0,0 pattern
- ARM: dts: imx27: Fix sram node
- ARM: dts: imx1: Fix sram node
- ARM: dts: imx25/27: Pass timing0
- ARM: dts: imx27-apf27dev: Fix LED name
- ARM: dts: imx23-sansa: Use preferred i2c-gpios properties
- ARM: dts: imx23/28: Fix the DMA controller node name
- block: prevent an integer overflow in bvec_try_merge_hw_page
- md: Whenassemble the array, consult the superblock of the freshest device
- arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property
- arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property
- wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
- wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
- wifi: cfg80211: free beacon_ies when overridden from hidden BSS
- f2fs: fix to check return value of f2fs_reserve_new_block()
- ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
- fast_dput(): handle underflows gracefully
- RDMA/IPoIB: Fix error code return in ipoib_mcast_join
- drm/drm_file: fix use of uninitialized variable
- drm/framebuffer: Fix use of uninitialized variable
- drm/mipi-dsi: Fix detach call without attach
- media: stk1160: Fixed high volume of stk1160_dbg messages
- media: rockchip: rga: fix swizzling for RGB formats
- PCI: add INTEL_HDA_ARL to pci_ids.h
- ALSA: hda: Intel: add HDA_ARL PCI ID support
- drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time
- IB/ipoib: Fix mcast list locking
- media: ddbridge: fix an error code problem in ddb_probe
- drm/msm/dpu: Ratelimit framedone timeout msgs
- clk: hi3620: Fix memory leak in hi3620_mmc_clk_init()
- clk: mmp: pxa168: Fix memory leak in pxa168_clk_init()
- drm/amdgpu: Let KFD sync with VM fences
- drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
- leds: trigger: panic: Don't register panic notifier if creating the trigger
failed
- um: Fix naming clash between UML and scheduler
- um: Don't use vfprintf() for os_info()
- um: net: Fix return type of uml_net_start_xmit()
- i3c: master: cdns: Update maximum prescaler value for i2c clock
- mfd: ti_am335x_tscadc: Fix TI SoC dependencies
- [Config] updateconfigs for MFD_TI_AM335X_TSCADC
- PCI: Only override AMD USB controller if required
- PCI: switchtec: Fix stdev_release() crash after surprise hot remove
- usb: hub: Replace hardcoded quirk value with BIT() macro
- fs/kernfs/dir: obey S_ISGID
- PCI/AER: Decode Requester ID when no error info found
- libsubcmd: Fix memory leak in uniq()
- virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region
of size 10" warnings
- blk-mq: fix IO hang from sbitmap wakeup race
- ceph: fix deadlock or deadcode of misusing dget()
- drm/amdgpu: Release 'adev->pm.fw' before return in
'amdgpu_device_need_post()'
- perf: Fix the nr_addr_filters fix
- wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
- scsi: isci: Fix an error code problem in isci_io_request_build()
- net: remove unneeded break
- ixgbe: Remove non-inclusive language
- ixgbe: Refactor returning internal error codes
- ixgbe: Refactor overtemp event handling
- ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
- llc: call sock_orphan() at release time
- netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
- netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom
expectations
- net: ipv4: fix a memleak in ip_setup_cork
- af_unix: fix lockdep positive in sk_diag_dump_icons()
- SAUCE: Sync apparmor copy of af_unix.c
- net: sysfs: Fix /sys/class/net/<iface> path
- HID: apple: Add support for the 2021 Magic Keyboard
- HID: apple: Swap the Fn and Left Control keys on Apple keyboards
- HID: apple: Add 2021 magic keyboard FN key mapping
- bonding: remove print in bond_verify_device_path
- dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA
- dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA
- phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
- dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
- net: stmmac: xgmac: fix handling of DPP safety error for DMA channels
- selftests: net: avoid just another constant wait
- atm: idt77252: fix a memleak in open_card_ubr0
- hwmon: (aspeed-pwm-tacho) mutex for tach reading
- hwmon: (coretemp) Fix out-of-bounds memory access
- hwmon: (coretemp) Fix bogus core_id to attr name mapping
- inet: read sk->sk_family once in inet_recv_error()
- rxrpc: Fix response to PING RESPONSE ACKs to a dead call
- tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
- ppp_async: limit MRU to 64K
- netfilter: nft_compat: reject unused compat flag
- netfilter: nft_compat: restrict match/target protocol to u16
- netfilter: nft_ct: reject direction for ct id
- net/af_iucv: clean up a try_then_request_module()
- USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
- USB: serial: option: add Fibocom FM101-GL variant
- USB: serial: cp210x: add ID for IMST iM871A-USB
- hrtimer: Report offline hrtimer enqueue
- Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
- net: stmmac: xgmac: use #define for string constants
- net: stmmac: xgmac: fix a typo of register name in DPP safety handling
- btrfs: forbid creating subvol qgroups
- btrfs: forbid deleting live subvol qgroup
- btrfs: send: return EOPNOTSUPP on unknown flags
- of: unittest: add overlay gpio test to catch gpio hog problem
- of: unittest: Fix compile in the non-dynamic case
- spi: ppc4xx: Drop write-only variable
- ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
- MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler
- i40e: Fix waiting for queues of all VSIs to be disabled
- tracing/trigger: Fix to return error if failed to alloc snapshot
- mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
- HID: wacom: generic: Avoid reporting a serial of '0' to userspace
- HID: wacom: Do not register input devices until after hid_hw_start
- USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
- usb: f_mass_storage: forbid async queue when shutdown happen
- i2c: i801: Remove i801_set_block_buffer_mode
- i2c: i801: Fix block process call transactions
- scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
- firewire: core: correct documentation of fw_csr_string() kernel API
- kbuild: Fix changing ELF file type for output of gen_btf for big endian
- nfc: nci: free rx_data_reassembly skb on NCI device cleanup
- xen-netback: properly sync TX responses
- ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
- binder: signal epoll threads of self-work
- misc: fastrpc: Mark all sessions as invalid in cb_remove
- ext4: fix double-free of blocks due to wrong extents moved_len
- tracing: Fix wasted memory in saved_cmdlines logic
- staging: iio: ad5933: fix type mismatch regression
- iio: magnetometer: rm3100: add boundary check for the value read from
RM3100_REG_TMRC
- ring-buffer: Clean ring_buffer_poll_wait() error return
- serial: max310x: set default value when reading clock ready bit
- serial: max310x: improve crystal stable clock detection
- x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6
- x86/mm/ident_map: Use gbpages only where full GB page should be mapped.
- mmc: slot-gpio: Allow non-sleeping GPIO ro
- ALSA: hda/conexant: Add quirk for SWS JS201D
- nilfs2: fix data corruption in dsync block recovery for small block sizes
- nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
- nfp: use correct macro for LengthSelect in BAR config
- nfp: flower: prevent re-adding mac index for bonded port
- irqchip/irq-brcmstb-l2: Add write memory barrier before exit
- can: j1939: Fix UAF in j1939_sk_match_filter during
setsockopt(SO_J1939_FILTER)
- pmdomain: core: Move the unused cleanup to a _sync initcall
- tracing: Inform kmemleak of saved_cmdlines allocation
- Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"
- bus: moxtet: Add spi device table
- arch, mm: remove stale mentions of DISCONIGMEM
- mips: Fix max_mapnr being uninitialized on early stages
- KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache
- netfilter: ipset: fix performance regression in swap operation
- netfilter: ipset: Missing gc cancellations fixed
- net: prevent mss overflow in skb_segment()
- sched/membarrier: reduce the ability to hammer on sys_membarrier
- nilfs2: fix potential bug in end_buffer_async_write
- PM: runtime: add devm_pm_runtime_enable helper
- PM: runtime: Have devm_pm_runtime_enable() handle
pm_runtime_dont_use_autosuspend()
- drm/msm/dsi: Enable runtime PM
- lsm: new security_file_ioctl_compat() hook
- Revert "Revert "mtd: rawnand: gpmi: Fix setting busy timeout setting""
- net: bcmgenet: Fix EEE implementation
- of: unittest: fix EXPECT text for gpio hog errors
- of: gpio unittest kfree() wrong object
- Linux 5.4.269
* Focal update: v5.4.269 upstream stable release (LP: #2058948) //
CVE-2023-52603
- UBSAN: array-index-out-of-bounds in dtSplitRoot
* CVE-2023-52600
- jfs: fix uaf in jfs_evict_inode
* CVE-2023-24023
- Bluetooth: Add more enc key size check
* CVE-2024-26581
- netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure
- netfilter: nft_set_rbtree: skip end interval element from gc
* CVE-2024-26589
- bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS
-- Roxana Nicolescu <roxana.nicolescu@canonical.com> Thu, 28 Mar 2024 15:36:38 +0100
linux (5.4.0-176.196) focal; urgency=medium
* focal/linux: 5.4.0-176.196 -proposed tracker (LP: #2058756)
* Problems with HVCS and hotplugging (LP: #2056373)
- powerpc/pseries: Fix bad drc_index_start value parsing of drc-info entry
- powerpc/pseries: Fix of_read_drc_info_cell() to point at next record
- hvcs: Fix hvcs port reference counting
- hvcs: Use dev_groups to manage hvcs device attributes
- hvcs: Use driver groups to manage driver attributes
- hvcs: Get reference to tty in remove
- hvcs: Use vhangup in hotplug remove
- hvcs: Synchronize hotplug remove with port free
-- Roxana Nicolescu <roxana.nicolescu@canonical.com> Fri, 22 Mar 2024 17:05:57 +0100
linux (5.4.0-175.195) focal; urgency=medium
* focal/linux: 5.4.0-175.195 -proposed tracker (LP: #2055684)
* Packaging resync (LP: #1786013)
- [Packaging] drop ABI data
- [Packaging] update annotations scripts
- debian.master/dkms-versions -- update from kernel-versions (main/2024.03.04)
* Drop ABI checks from kernel build (LP: #2055686)
- [Packaging] Remove in-tree abi checks
- [Packaging] Bring back install-<flavour> prerequisite for checks-<flavour>
- [Packaging] Remove abi-check from final-checks
* Cranky update-dkms-versions rollout (LP: #2055685)
- [Packaging] remove update-dkms-versions
- Move debian/dkms-versions to debian.master/dkms-versions
- [Packaging] Replace debian/dkms-versions with $(DEBIAN)/dkms-versions
- [Packaging] remove update-version-dkms
* linux-tools-common: man page of usbip[d] is misplaced (LP: #2054094)
- [Packaging] rules: Put usbip manpages in the correct directory
* CVE-2024-23851
- dm ioctl: log an error if the ioctl structure is corrupted
- dm: limit the number of targets and parameter size area
* Focal update: v5.4.268 upstream stable release (LP: #2055075)
- f2fs: explicitly null-terminate the xattr list
- pinctrl: lochnagar: Don't build on MIPS
- ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro
- ASoC: Intel: Skylake: Fix mem leak in few functions
- ASoC: nau8822: Fix incorrect type in assignment and cast to restricted
__be16
- ASoC: Intel: Skylake: mem leak in skl register function
- ASoC: cs43130: Fix the position of const qualifier
- ASoC: cs43130: Fix incorrect frame delay configuration
- ASoC: rt5650: add mutex to avoid the jack detection failure
- nouveau/tu102: flush all pdbs on vmm flush
- net/tg3: fix race condition in tg3_reset_task()
- ASoC: da7219: Support low DC impedance headset
- nvme: introduce helper function to get ctrl state
- drm/exynos: fix a potential error pointer dereference
- drm/exynos: fix a wrong error checking
- clk: rockchip: rk3128: Fix HCLK_OTG gate register
- jbd2: correct the printing of write_flags in jbd2_write_superblock()
- drm/crtc: Fix uninit-value bug in drm_mode_setcrtc
- neighbour: Don't let neigh_forced_gc() disable preemption for long
- tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing
- tracing: Add size check when printing trace_marker output
- ring-buffer: Do not record in NMI if the arch does not support cmpxchg in
NMI
- reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning
- Input: atkbd - skip ATKBD_CMD_GETID in translated mode
- Input: i8042 - add nomux quirk for Acer P459-G2-M
- s390/scm: fix virtual vs physical address confusion
- ARC: fix spare error
- Input: xpad - add Razer Wolverine V2 support
- ARM: sun9i: smp: fix return code check of of_property_match_string
- drm/crtc: fix uninitialized variable use
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx
- binder: use EPOLLERR from eventpoll.h
- binder: fix trivial typo of binder_free_buf_locked()
- binder: fix comment on binder_alloc_new_buf() return value
- uio: Fix use-after-free in uio_open
- parport: parport_serial: Add Brainboxes BAR details
- parport: parport_serial: Add Brainboxes device IDs and geometry
- coresight: etm4x: Fix width of CCITMIN field
- x86/lib: Fix overflow when counting digits
- EDAC/thunderx: Fix possible out-of-bounds string access
- powerpc: add crtsavres.o to always-y instead of extra-y
- powerpc/44x: select I2C for CURRITUCK
- powerpc/pseries/memhotplug: Quieten some DLPAR operations
- powerpc/pseries/memhp: Fix access beyond end of drmem array
- selftests/powerpc: Fix error handling in FPU/VMX preemption tests
- powerpc/powernv: Add a null pointer check to scom_debug_init_one()
- powerpc/powernv: Add a null pointer check in opal_event_init()
- powerpc/powernv: Add a null pointer check in opal_powercap_init()
- powerpc/imc-pmu: Add a null pointer check in update_events_in_group()
- mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response
- ACPI: video: check for error while searching for backlight device parent
- ACPI: LPIT: Avoid u32 multiplication overflow
- net: netlabel: Fix kerneldoc warnings
- netlabel: remove unused parameter in netlbl_netlink_auditinfo()
- calipso: fix memory leak in netlbl_calipso_add_pass()
- spi: sh-msiof: Enforce fixed DTDL for R-Car H3
- mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
- selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket
- crypto: virtio - Handle dataq logic with tasklet
- crypto: virtio - don't use 'default m'
- virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC
- crypto: ccp - fix memleak in ccp_init_dm_workarea
- crypto: af_alg - Disallow multiple in-flight AIO requests
- crypto: sahara - remove FLAGS_NEW_KEY logic
- crypto: sahara - fix ahash selftest failure
- crypto: sahara - fix processing requests with cryptlen < sg->length
- crypto: sahara - fix error handling in sahara_hw_descriptor_create()
- pstore: ram_core: fix possible overflow in persistent_ram_init_ecc()
- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
- crypto: virtio - Wait for tasklet to complete on device remove
- crypto: sahara - fix ahash reqsize
- crypto: sahara - fix wait_for_completion_timeout() error handling
- crypto: sahara - improve error handling in sahara_sha_process()
- crypto: sahara - fix processing hash requests with req->nbytes < sg->length
- crypto: sahara - do not resize req->src when doing hash operations
- crypto: scomp - fix req->dst buffer overflow
- blocklayoutdriver: Fix reference leak of pnfs_device_node
- NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT
- wifi: rtw88: fix RX filter in FIF_ALLMULTI flag
- bpf, lpm: Fix check prefixlen before walking trie
- wifi: libertas: stop selecting wext
- ARM: dts: qcom: apq8064: correct XOADC register address
- ncsi: internal.h: Fix a spello
- net/ncsi: Fix netlink major/minor version numbers
- firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create()
- rtlwifi: Use ffs in <foo>_phy_calculate_bit_shift
- wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior
- scsi: fnic: Return error if vmalloc() failed
- arm64: dts: qcom: sdm845-db845c: correct LED panic indicator
- scsi: hisi_sas: Replace with standard error code return value
- selftests/net: fix grep checking for fib_nexthop_multiprefix
- virtio/vsock: fix logic which reduces credit update messages
- dma-mapping: clear dev->dma_mem to NULL after freeing it
- wifi: rtlwifi: add calculate_bit_shift()
- wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift()
- wifi: rtlwifi: rtl8192c: using calculate_bit_shift()
- wifi: rtlwifi: rtl8192cu: using calculate_bit_shift()
- wifi: rtlwifi: rtl8192ce: using calculate_bit_shift()
- rtlwifi: rtl8192de: make arrays static const, makes object smaller
- wifi: rtlwifi: rtl8192de: using calculate_bit_shift()
- wifi: rtlwifi: rtl8192ee: using calculate_bit_shift()
- wifi: rtlwifi: rtl8192se: using calculate_bit_shift()
- netfilter: nf_tables: mark newset as dead on transaction abort
- Bluetooth: Fix bogus check for re-auth no supported with non-ssp
- Bluetooth: btmtkuart: fix recv_buf() return value
- ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
- ARM: davinci: always select CONFIG_CPU_ARM926T
- RDMA/usnic: Silence uninitialized symbol smatch warnings
- media: pvrusb2: fix use after free on context disconnection
- drm/bridge: Fix typo in post_disable() description
- f2fs: fix to avoid dirent corruption
- drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg()
- drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check()
- drm/radeon: check return value of radeon_ring_lock()
- ASoC: cs35l33: Fix GPIO name and drop legacy include
- ASoC: cs35l34: Fix GPIO name and drop legacy include
- drm/msm/mdp4: flush vblank event on disable
- drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks
- drm/drv: propagate errors from drm_modeset_register_all()
- drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
- drm/radeon/dpm: fix a memleak in sumo_parse_power_table
- drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table
- drm/bridge: tc358767: Fix return value on error case
- media: cx231xx: fix a memleak in cx231xx_init_isoc
- media: dvbdev: drop refcount on error path in dvb_device_open()
- drm/amdgpu/debugfs: fix error code when smc register accessors are NULL
- drm/amd/pm: fix a double-free in si_dpm_init
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table
- gpu/drm/radeon: fix two memleaks in radeon_vm_init
- drivers: clk: zynqmp: calculate closest mux rate
- watchdog: set cdev owner before adding
- watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO
- watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling
- clk: si5341: fix an error code problem in si5341_output_clk_set_rate
- mmc: sdhci_omap: Fix TI SoC dependencies
- [Config] update annotations for CONFIG_MMC_SDHCI_OMAP
- [Config] remove sdhci-omap module for arm64/ppc64el
- of: Fix double free in of_parse_phandle_with_args_map
- of: unittest: Fix of_count_phandle_with_args() expected value message
- binder: fix async space check for 0-sized buffers
- binder: fix use-after-free in shinker's callback
- Input: atkbd - use ab83 as id when skipping the getid command
- Revert "ASoC: atmel: Remove system clock tree configuration for
at91sam9g20ek"
- binder: fix race between mmput() and do_exit()
- binder: fix unused alloc->free_async_space
- tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug
- usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host()
- usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart
- Revert "usb: dwc3: Soft reset phy on probe for host"
- Revert "usb: dwc3: don't reset device side if dwc3 was configured as host-
only"
- usb: chipidea: wait controller resume finished for wakeup irq
- Revert "usb: typec: class: fix typec_altmode_put_partner to put plugs"
- usb: typec: class: fix typec_altmode_put_partner to put plugs
- usb: mon: Fix atomicity violation in mon_bin_vma_fault
- ALSA: oxygen: Fix right channel of capture volume mixer
- fbdev: flush deferred work in fb_deferred_io_fsync()
- rootfs: Fix support for rootfstype= when root= is given
- wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code
- wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors
- wifi: mwifiex: configure BSSID consistently when starting AP
- x86/kvm: Do not try to disable kvmclock if it was not enabled
- HID: wacom: Correct behavior when processing some confidence == false
touches
- mips: Fix incorrect max_low_pfn adjustment
- MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup()
- MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup()
- serial: 8250: omap: Don't skip resource freeing if
pm_runtime_resume_and_get() failed
- acpi: property: Let args be NULL in __acpi_node_get_property_reference
- software node: Let args be NULL in software_node_get_reference_args
- perf genelf: Set ELF program header addresses properly
- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length
- nvmet-tcp: fix a crash in nvmet_req_complete()
- perf env: Add perf_env__numa_node()
- perf record: Move sb_evlist to 'struct record'
- perf top: Move sb_evlist to 'struct perf_top'
- perf bpf: Decouple creating the evlist from adding the SB event
- perf env: Avoid recursively taking env->bpf_progs.lock
- apparmor: avoid crash when parsed profile name is empty
- serial: imx: Correct clock error message in function probe()
- nvmet-tcp: Fix the H2C expected PDU len calculation
- PCI: keystone: Fix race condition when initializing PHYs
- s390/pci: fix max size calculation in zpci_memcpy_toio()
- net: qualcomm: rmnet: fix global oob in rmnet_policy
- net: phy: micrel: populate .soft_reset for KSZ9131
- net: ravb: Fix dma_addr_t truncation in error case
- net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe
- netfilter: nf_tables: skip dead set elements in netlink dump
- ipvs: avoid stat macros calls from preemptible context
- kdb: Censor attempts to set PROMPT without ENABLE_MEM_READ
- kdb: Fix a potential buffer overflow in kdb_local()
- mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure
- i2c: s3c24xx: fix read transfers in polling mode
- i2c: s3c24xx: fix transferring more than one message in polling mode
- perf top: Skip side-band event setup if HAVE_LIBBPF_SUPPORT is not set
- arm64: dts: armada-3720-turris-mox: set irq type for RTC
- Linux 5.4.268
* CVE-2024-24855
- scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()
* Focal update: v5.4.267 upstream stable release (LP: #2054406)
- nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to
llcp_local
- i40e: Fix filter input checks to prevent config with invalid values
- net: sched: em_text: fix possible memory leak in em_text_destroy()
- can: raw: add support for SO_TXTIME/SCM_TXTIME
- can: raw: add support for SO_MARK
- net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps
- ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init
- net: bcmgenet: Fix FCS generation for fragmented skbuffs
- net: Save and restore msg_namelen in sock_sendmsg
- i40e: fix use-after-free in i40e_aqc_add_filters()
- ASoC: meson: g12a: extract codec-to-codec utils
- [Config] Update annotations for CONFIG_SND_MESON_CODEC_GLUE
- ASoC: meson: g12a-tohdmitx: Validate written enum values
- ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux
- i40e: Restore VF MSI-X state during PCI reset
- net/qla3xxx: switch from 'pci_' to 'dma_' API
- net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues
- asix: Add check for usbnet_get_endpoints
- bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters()
- net: Implement missing SO_TIMESTAMPING_NEW cmsg support
- mm/memory-failure: check the mapcount of the precise page
- firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and
ASM108x/VT630x PCIe cards
- i2c: core: Fix atomic xfer check for non-preempt config
- mm: fix unmap_mapping_range high bits shift bug
- mmc: rpmb: fixes pause retune on all RPMB partitions.
- mmc: core: Cancel delayed work before releasing host
- mmc: sdhci-sprd: Fix eMMC init failure after hw reset
- ath10k: Wait until copy complete is actually done before completing
- ath10k: Add interrupt summary based CE processing
- ath10k: Keep track of which interrupts fired, don't poll them
- ath10k: Get rid of "per_ce_irq" hw param
- PCI: Extract ATS disabling to a helper function
- PCI: Disable ATS for specific Intel IPU E2000 devices
- net/dst: use a smaller percpu_counter batch for dst entries accounting
- ipv6: make ip6_rt_gc_expire an atomic_t
- ipv6: remove max_size check inline with ipv4
- ASoC: meson: codec-glue: fix pcm format cast warning
- Linux 5.4.267
* CVE-2023-23000
- phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function
* CVE-2023-23004
- malidp: Fix NULL vs IS_ERR() checking
* CVE-2023-46838
- xen-netback: don't produce zero-size SKB frags
* CVE-2024-1086
- netfilter: nf_tables: reject QUEUE/DROP verdict parameters
* Focal update: v5.4.266 upstream stable release (LP: #2051655)
- ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5
- ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE
- ARM: OMAP2+: Fix null pointer dereference and memory leak in
omap_soc_device_init
- reset: Fix crash when freeing non-existent optional resets
- s390/vx: fix save/restore of fpu kernel context
- wifi: mac80211: mesh_plink: fix matches_local logic
- net/mlx5: improve some comments
- net/mlx5: Fix fw tracer first block check
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer used
by representors
- net: sched: ife: fix potential use-after-free
- ethernet: atheros: fix a memleak in atl1e_setup_ring_resources
- net/rose: fix races in rose_kill_by_device()
- net: check vlan filter feature in vlan_vids_add_by_dev() and
vlan_vids_del_by_dev()
- afs: Fix the dynamic root's d_delete to always delete unused dentries
- afs: Fix dynamic root lookup DNS check
- net: warn if gso_type isn't set for a GSO SKB
- net: check dev->gso_max_size in gso_features_check()
- afs: Fix overwriting of result of DNS query
- i2c: aspeed: Handle the coalesced stop conditions with the start conditions.
- pinctrl: at91-pio4: use dedicated lock class for IRQ
- ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10
- ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB
- smb: client: fix NULL deref in asn1_ber_decoder()
- btrfs: do not allow non subvolume root targets for snapshot
- interconnect: Treat xlate() returning NULL node as an error
- iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw
- Input: ipaq-micro-keys - add error handling for devm_kmemdup
- scsi: bnx2fc: Fix skb double free in bnx2fc_rcv()
- iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table
- iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma()
- wifi: cfg80211: Add my certificate
- wifi: cfg80211: fix certs build to not depend on file order
- USB: serial: ftdi_sio: update Actisense PIDs constant names
- USB: serial: option: add Quectel EG912Y module support
- USB: serial: option: add Foxconn T99W265 with new baseline
- USB: serial: option: add Quectel RM500Q R13 firmware support
- Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent
- net: 9p: avoid freeing uninit memory in p9pdu_vreadf
- net: rfkill: gpio: set GPIO direction
- x86/alternatives: Sync core before enabling interrupts
- usb: fotg210-hcd: delete an incorrect bounds test
- ring-buffer: Fix wake ups when buffer_percent is set to 100
- block: Don't invalidate pagecache for invalid falloc modes
- Linux 5.4.266
* CVE-2024-0607
- netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
-- Roxana Nicolescu <roxana.nicolescu@canonical.com> Thu, 07 Mar 2024 17:43:37 +0100
linux (5.4.0-173.191) focal; urgency=medium
* focal/linux: 5.4.0-173.191 -proposed tracker (LP: #2052135)
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2024.02.05)
* CVE-2023-0340
- vhost: use kzalloc() instead of kmalloc() followed by memset()
* CVE-2023-6915
- ida: Fix crash in ida_free when the bitmap is empty
* Focal update: v5.4.265 upstream stable release (LP: #2051644)
- afs: Fix refcount underflow from error handling race
- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX
- qca_debug: Prevent crash on TX ring changes
- qca_debug: Fix ethtool -G iface tx behavior
- qca_spi: Fix reset behavior
- atm: solos-pci: Fix potential deadlock on &cli_queue_lock
- atm: solos-pci: Fix potential deadlock on &tx_queue_lock
- atm: Fix Use-After-Free in do_vcc_ioctl
- qed: Fix a potential use-after-free in qed_cxt_tables_alloc
- net: Remove acked SYN flag from packet in the transmit queue correctly
- sign-file: Fix incorrect return values check
- vsock/virtio: Fix unsigned integer wrap around in
virtio_transport_has_space()
- net: stmmac: use dev_err_probe() for reporting mdio bus registration failure
- net: stmmac: Handle disabled MDIO busses from devicetree
- cred: switch to using atomic_long_t
- ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants
- usb: aqc111: check packet for fixup for true limit
- blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock
required!"
- bcache: avoid oversize memory allocation by small stripe_size
- bcache: add code comments for bch_btree_node_get() and
__bch_btree_node_alloc()
- bcache: avoid NULL checking to c->root in run_cache_set()
- platform/x86: intel_telemetry: Fix kernel doc descriptions
- HID: add ALWAYS_POLL quirk for Apple kb
- HID: hid-asus: reset the backlight brightness level on resume
- HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad
- asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation
- net: usb: qmi_wwan: claim interface 4 for ZTE MF290
- HID: hid-asus: add const to read-only outgoing usb buffer
- soundwire: stream: fix NULL pointer dereference for multi_link
- ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS
- arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify
- team: Fix use-after-free when an option instance allocation fails
- ring-buffer: Fix memory leak of free page
- mmc: block: Be sure to wait while busy in CQE error recovery
- powerpc/ftrace: Create a dummy stackframe to fix stack unwind
- powerpc/ftrace: Fix stack teardown in ftrace_no_trace
- Linux 5.4.265
* Focal update: v5.4.264 upstream stable release (LP: #2049935)
- hrtimers: Push pending hrtimers away from outgoing CPU earlier
- netfilter: ipset: fix race condition between swap/destroy and kernel side
add/del/test
- tg3: Move the [rt]x_dropped counters to tg3_napi
- tg3: Increment tx_dropped in tg3_tso_bug()
- kconfig: fix memory leak from range properties
- drm/amdgpu: correct chunk_ptr to a pointer to chunk.
- of: base: Add of_get_cpu_state_node() to get idle states for a CPU node
- ACPI/IORT: Make iort_get_device_domain IRQ domain agnostic
- ACPI/IORT: Make iort_msi_map_rid() PCI agnostic
- of/iommu: Make of_map_rid() PCI agnostic
- of/irq: make of_msi_map_get_device_domain() bus agnostic
- of/irq: Make of_msi_map_rid() PCI bus agnostic
- of: base: Fix some formatting issues and provide missing descriptions
- of: Fix kerneldoc output formatting
- of: Add missing 'Return' section in kerneldoc comments
- of: dynamic: Fix of_reconfig_get_state_change() return value documentation
- ipv6: fix potential NULL deref in fib6_add()
- hv_netvsc: rndis_filter needs to select NLS
- net: arcnet: Fix RESET flag handling
- net: arcnet: com20020 fix error handling
- arcnet: restoring support for multiple Sohard Arcnet cards
- ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit()
- net: hns: fix fake link up on xge port
- netfilter: xt_owner: Fix for unsafe access of sk->sk_socket
- tcp: do not accept ACK of bytes we never sent
- bpf: sockmap, updating the sg structure should also update curr
- RDMA/bnxt_re: Correct module description string
- hwmon: (acpi_power_meter) Fix 4.29 MW bug
- ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate
- tracing: Fix a warning when allocating buffered events fails
- scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle()
- ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init
- ARM: dts: imx: make gpt node name generic
- ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt
- ALSA: pcm: fix out-of-bounds in snd_pcm_state_names
- nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage()
- tracing: Always update snapshot buffer size
- tracing: Fix incomplete locking when disabling buffered events
- tracing: Fix a possible race when disabling buffered events
- packet: Move reference count in packet_sock to atomic_long_t
- arm64: dts: mediatek: mt7622: fix memory node warning check
- arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names
- gpiolib: sysfs: Fix error handling on failed export
- mmc: core: add helpers mmc_regulator_enable/disable_vqmmc
- mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled
- usb: gadget: f_hid: fix report descriptor allocation
- parport: Add support for Brainboxes IX/UC/PX parallel cards
- usb: typec: class: fix typec_altmode_put_partner to put plugs
- ARM: PL011: Fix DMA support
- serial: sc16is7xx: address RX timeout interrupt errata
- serial: 8250_omap: Add earlycon support for the AM654 UART controller
- x86/CPU/AMD: Check vendor in the AMD microcode callback
- KVM: s390/mm: Properly reset no-dat
- nilfs2: fix missing error check for sb_set_blocksize call
- io_uring/af_unix: disable sending io_uring over sockets
- netlink: don't call ->netlink_bind with table lock held
- genetlink: add CAP_NET_ADMIN test for multicast bind
- psample: Require 'CAP_NET_ADMIN' when joining "packets" group
- drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group
- tools headers UAPI: Sync linux/perf_event.h with the kernel sources
- cifs: Fix non-availability of dedup breaking generic/304
- smb: client: fix potential NULL deref in parse_dfs_referrals()
- devcoredump : Serialize devcd_del work
- devcoredump: Send uevent once devcd is ready
- Linux 5.4.264
* CVE-2024-0646
- net: tls, update curr on splice as well
* CVE-2024-0565
- smb: client: fix OOB in receive_encrypted_standard()
* CVE-2023-51781
- appletalk: Fix Use-After-Free in atalk_ioctl
* CVE-2023-51782
- net/rose: Fix Use-After-Free in rose_ioctl
* Focal update: v5.4.263 upstream stable release (LP: #2049084)
- driver core: Release all resources during unbind before updating device
links
- RDMA/irdma: Prevent zero-length STAG registration
- PCI: keystone: Drop __init from ks_pcie_add_pcie_{ep,port}()
- afs: Make error on cell lookup failure consistent with OpenAFS
- drm/panel: simple: Fix Innolux G101ICE-L01 bus flags
- drm/panel: simple: Fix Innolux G101ICE-L01 timings
- ata: pata_isapnp: Add missing error check for devm_ioport_map()
- drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full
- HID: core: store the unique system identifier in hid_device
- HID: fix HID device resource race between HID core and debugging support
- ipv4: Correct/silence an endian warning in __ip_do_redirect
- net: usb: ax88179_178a: fix failed operations during ax88179_reset
- arm/xen: fix xen_vcpu_info allocation alignment
- amd-xgbe: handle corner-case during sfp hotplug
- amd-xgbe: handle the corner-case during tx completion
- amd-xgbe: propagate the correct speed and duplex status
- net: axienet: Fix check for partial TX checksum
- afs: Return ENOENT if no cell DNS record can be found
- afs: Fix file locking on R/O volumes to operate in local mode
- nvmet: remove unnecessary ctrl parameter
- nvmet: nul-terminate the NQNs passed in the connect command
- MIPS: KVM: Fix a build warning about variable set but not used
- ext4: add a new helper to check if es must be kept
- ext4: factor out __es_alloc_extent() and __es_free_extent()
- ext4: use pre-allocated es in __es_insert_extent()
- ext4: use pre-allocated es in __es_remove_extent()
- ext4: using nofail preallocation in ext4_es_remove_extent()
- ext4: using nofail preallocation in ext4_es_insert_delayed_block()
- ext4: using nofail preallocation in ext4_es_insert_extent()
- ext4: fix slab-use-after-free in ext4_es_insert_extent()
- ext4: make sure allocate pending entry not fail
- arm64: cpufeature: Extract capped perfmon fields
- KVM: arm64: limit PMU version to PMUv3 for ARMv8.1
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in
btree_gc_coalesce()
- s390/dasd: protect device queue against concurrent access
- USB: serial: option: add Luat Air72*U series products
- hv_netvsc: Fix race of register_netdevice_notifier and VF register
- hv_netvsc: Mark VF as slave before exposing it to user-mode
- dm-delay: fix a race between delay_presuspend and delay_bio
- bcache: check return value from btree_node_alloc_replacement()
- bcache: prevent potential division by zero error
- USB: serial: option: add Fibocom L7xx modules
- USB: serial: option: fix FM101R-GL defines
- USB: serial: option: don't claim interface 4 for ZTE MF290
- USB: dwc2: write HCINT with INTMASK applied
- usb: dwc3: set the dma max_seg_size
- USB: dwc3: qcom: fix resource leaks on probe deferral
- USB: dwc3: qcom: fix wakeup after probe deferral
- io_uring: fix off-by one bvec index
- pinctrl: avoid reload of p state in list iteration
- firewire: core: fix possible memory leak in create_units()
- mmc: block: Do not lose cache flush during CQE error recovery
- ALSA: hda: Disable power-save on KONTRON SinglePC
- ALSA: hda/realtek: Headset Mic VREF to 100%
- ALSA: hda/realtek: Add supported ALC257 for ChromeOS
- dm-verity: align struct dm_verity_fec_io properly
- dm verity: don't perform FEC for failed readahead IO
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR
- powerpc: Don't clobber f0/vs0 during fp|altivec register save
- btrfs: fix off-by-one when checking chunk map includes logical address
- btrfs: send: ensure send_fd is writable
- btrfs: make error messages more clear when getting a chunk map
- Input: xpad - add HyperX Clutch Gladiate Support
- net: stmmac: xgmac: Disable FPE MMC interrupts
- ravb: Fix races between ravb_tx_timeout_work() and net related ops
- net: ravb: Use pm_runtime_resume_and_get()
- net: ravb: Start TX queues after HW initialization succeeded
- smb3: fix touch -h of symlink
- s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family
- s390/cmma: fix detection of DAT pages
- mtd: cfi_cmdset_0001: Support the absence of protection registers
- mtd: cfi_cmdset_0001: Byte swap OTP info
- fbdev: stifb: Make the STI next font pointer a 32-bit signed offset
- ima: annotate iint mutex to avoid lockdep false positive warnings
- ovl: skip overlayfs superblocks at global sync
- ima: detect changes to the backing overlay file
- scsi: qla2xxx: Simplify the code for aborting SCSI commands
- scsi: core: Introduce the scsi_cmd_to_rq() function
- scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
- scsi: qla2xxx: Fix system crash due to bad pointer access
- cpufreq: imx6q: don't warn for disabling a non-existing frequency
- cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily
- mmc: cqhci: Increase recovery halt timeout
- mmc: cqhci: Warn of halt or task clear failure
- mmc: cqhci: Fix task clearing in CQE error recovery
- mmc: core: convert comma to semicolon
- mmc: block: Retry commands in CQE error recovery
- Linux 5.4.263
* Focal update: v5.4.262 upstream stable release (LP: #2049069)
- locking/ww_mutex/test: Fix potential workqueue corruption
- perf/core: Bail out early if the request AUX area is out of bound
- clocksource/drivers/timer-imx-gpt: Fix potential memory leak
- clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
- x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
- wifi: mac80211_hwsim: fix clang-specific fortify warning
- wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
- wifi: ath9k: fix clang-specific fortify warnings
- wifi: ath10k: fix clang-specific fortify warning
- net: annotate data-races around sk->sk_tx_queue_mapping
- net: annotate data-races around sk->sk_dst_pending_confirm
- wifi: ath10k: Don't touch the CE interrupt registers after power up
- Bluetooth: Fix double free in hci_conn_cleanup
- platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
- drm/komeda: drop all currently held locks if deadlock happens
- drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
- drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
- drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
- selftests/efivarfs: create-read: fix a resource leak
- crypto: pcrypt - Fix hungtask for PADATA_RESET
- RDMA/hfi1: Use FIELD_GET() to extract Link Width
- fs/jfs: Add check for negative db_l2nbperpage
- fs/jfs: Add validity check for db_maxag and db_agpref
- jfs: fix array-index-out-of-bounds in dbFindLeaf
- jfs: fix array-index-out-of-bounds in diAlloc
- ARM: 9320/1: fix stack depot IRQ stack filter
- ALSA: hda: Fix possible null-ptr-deref when assigning a stream
- PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields
- atm: iphase: Do PCI error checks on own line
- scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
- HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W
- tty: vcc: Add check for kstrdup() in vcc_probe()
- usb: gadget: f_ncm: Always set current gadget in ncm_bind()
- i2c: sun6i-p2wi: Prevent potential division by zero
- media: gspca: cpia1: shift-out-of-bounds in set_flicker
- media: vivid: avoid integer overflow
- gfs2: ignore negated quota changes
- media: cobalt: Use FIELD_GET() to extract Link Width
- drm/amd/display: Avoid NULL dereference of timing generator
- kgdb: Flush console before entering kgdb on panic
- ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings
- pwm: Fix double shift bug
- wifi: iwlwifi: Use FW rate for non-data frames
- NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO
- ipvlan: add ipvlan_route_v6_outbound() helper
- tty: Fix uninit-value access in ppp_sync_receive()
- net: hns3: fix variable may not initialized problem in hns3_init_mac_addr()
- tipc: Fix kernel-infoleak due to uninitialized TLV value
- ppp: limit MRU to 64K
- xen/events: fix delayed eoi list handling
- ptp: annotate data-race around q->head and q->tail
- bonding: stop the device in bond_setup_by_slave()
- net: ethernet: cortina: Fix max RX frame define
- net: ethernet: cortina: Handle large frames
- net: ethernet: cortina: Fix MTU max setting
- netfilter: nf_conntrack_bridge: initialize err to 0
- net: stmmac: Rework stmmac_rx()
- net: stmmac: fix rx budget limit check
- net/mlx5_core: Clean driver version and name
- net/mlx5e: Check return value of snprintf writing to fw_version buffer for
representors
- macvlan: Don't propagate promisc change to lower dev in passthru
- tools/power/turbostat: Fix a knl bug
- cifs: spnego: add ';' in HOST_KEY_LEN
- media: venus: hfi: add checks to perform sanity on queue pointers
- randstruct: Fix gcc-plugin performance mode to stay in group
- bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END
- scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for
selected registers
- x86/cpu/hygon: Fix the CPU topology evaluation for real
- KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space
- KVM: x86: Ignore MSR_AMD64_TW_CFG access
- audit: don't take task_lock() in audit_exe_compare() code path
- audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()
- hvc/xen: fix error path in xen_hvc_init() to always register frontend driver
- PCI/sysfs: Protect driver's D3cold preference from user space
- ACPI: resource: Do IRQ override on TongFang GMxXGxx
- mmc: meson-gx: Remove setting of CMD_CFG_ERROR
- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware
- PCI: keystone: Don't discard .remove() callback
- PCI: keystone: Don't discard .probe() callback
- parisc/pdc: Add width field to struct pdc_model
- clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks
- mmc: vub300: fix an error code
- PM: hibernate: Use __get_safe_page() rather than touching the list
- PM: hibernate: Clean up sync_read handling in snapshot_write_next()
- btrfs: don't arbitrarily slow down delalloc if we're committing
- jbd2: fix potential data lost in recovering journal raced with synchronizing
fs bdev
- quota: explicitly forbid quota files from being encrypted
- kernel/reboot: emergency_restart: Set correct system_state
- i2c: core: Run atomic i2c xfer when !preemptible
- mcb: fix error handling for different scenarios when parsing
- dmaengine: stm32-mdma: correct desc prep when channel running
- mm/cma: use nth_page() in place of direct struct page manipulation
- i3c: master: cdns: Fix reading status register
- parisc: Prevent booting 64-bit kernels on PA1.x machines
- parisc/pgtable: Do not drop upper 5 address bits of physical address
- ALSA: info: Fix potential deadlock at disconnection
- ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC
- serial: meson: remove redundant initialization of variable id
- tty: serial: meson: retrieve port FIFO size from DT
- serial: meson: Use platform_get_irq() to get the interrupt
- tty: serial: meson: fix hard LOCKUP on crtscts mode
- Bluetooth: btusb: add Realtek 8822CE to usb_device_id table
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559
- bluetooth: Add device 0bda:887b to device tables
- bluetooth: Add device 13d3:3571 to device tables
- Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables
- Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE
- Revert ncsi: Propagate carrier gain/loss events to the NCSI controller
- net: dsa: lan9303: consequently nested-lock physical MDIO
- i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
- media: lirc: drop trailing space from scancode transmit
- media: sharp: fix sharp encoding
- media: venus: hfi_parser: Add check to keep the number of codecs within
range
- media: venus: hfi: fix the check to handle session buffer requirement
- media: venus: hfi: add checks to handle capabilities from firmware
- nfsd: fix file memleak on client_opens_release
- ext4: apply umask if ACL support is disabled
- ext4: correct offset of gdb backup in non meta_bg group to update_backups
- ext4: correct return value of ext4_convert_meta_bg
- ext4: correct the start block of counting reserved clusters
- ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
- drm/amdgpu: fix error handling in amdgpu_bo_list_get()
- tracing: Have trace_event_file have ref counters
- netfilter: nf_tables: pass context to nft_set_destroy()
- netfilter: nftables: rename set element data activation/deactivation
functions
- netfilter: nf_tables: drop map element references from preparation phase
- netfilter: nft_set_rbtree: Switch to node list walk for overlap detection
- netfilter: nft_set_rbtree: fix null deref on element insertion
- netfilter: nft_set_rbtree: fix overlap expiration walk
- netfilter: nf_tables: don't skip expired elements during walk
- netfilter: nf_tables: GC transaction API to avoid race with control plane
- netfilter: nf_tables: adapt set backend to use GC transaction API
- netfilter: nft_set_hash: mark set element as dead when deleting from packet
path
- netfilter: nf_tables: remove busy mark and gc batch API
- netfilter: nf_tables: fix GC transaction races with netns and netlink event
exit path
- netfilter: nf_tables: GC transaction race with netns dismantle
- netfilter: nf_tables: GC transaction race with abort path
- netfilter: nf_tables: use correct lock to protect gc_list
- netfilter: nf_tables: defer gc run if previous batch is still pending
- netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
- netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention
- netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration
- netfilter: nf_tables: fix memleak when more than 255 elements expired
- netfilter: nf_tables: unregister flowtable hooks on netns exit
- netfilter: nf_tables: double hook unregistration in netns path
- netfilter: nftables: update table flags from the commit phase
- netfilter: nf_tables: fix table flag updates
- netfilter: nf_tables: disable toggling dormant table state more than once
- netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for
5.4)
- Linux 5.4.262
* Focal update: v5.4.261 upstream stable release (LP: #2049049)
- vfs: fix readahead(2) on block devices
- genirq/matrix: Exclude managed interrupts in irq_matrix_allocated()
- i40e: fix potential memory leaks in i40e_remove()
- tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed
- wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
- wifi: mt76: mt7603: rework/fix rx pse hang check
- tcp_metrics: add missing barriers on delete
- tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics()
- tcp_metrics: do not create an entry from tcp_init_metrics()
- wifi: rtlwifi: fix EDCA limit set by BT coexistence
- can: dev: can_restart(): don't crash kernel if carrier is OK
- can: dev: can_restart(): fix race condition between controller restart and
netif_carrier_on()
- thermal: core: prevent potential string overflow
- r8169: use tp_to_dev instead of open code
- r8169: fix rare issue with broken rx after link-down on RTL8125
- chtls: fix tp->rcv_tstamp initialization
- tcp: Remove one extra ktime_get_ns() from cookie_init_timestamp
- tcp: fix cookie_init_timestamp() overflows
- ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias()
- ipv6: avoid atomic fragment on GSO packets
- net: add DEV_STATS_READ() helper
- ipvlan: properly track tx_errors
- regmap: debugfs: Fix a erroneous check after snprintf()
- clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
- clk: qcom: gcc-sm8150: use ARRAY_SIZE instead of specifying num_parents
- clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src
- clk: imx: Select MXC_CLK for CLK_IMX8QXP
- clk: keystone: pll: fix a couple NULL vs IS_ERR() checks
- clk: npcm7xx: Fix incorrect kfree
- clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data
- clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
- clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data
- clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data
- clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
- platform/x86: wmi: Fix probe failure when failing to register WMI devices
- platform/x86: wmi: remove unnecessary initializations
- platform/x86: wmi: Fix opening of char device
- hwmon: (coretemp) Fix potentially truncated sysfs attribute name
- drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs
- drm/rockchip: vop: Fix call to crtc reset helper
- drm/radeon: possible buffer overflow
- drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe()
- arm64: dts: qcom: sdm845-mtp: fix WiFi configuration
- ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator
- soc: qcom: llcc cleanup to get rid of sdm845 specific driver file
- [Config] remove CONFIG_QCOM_SDM845_LLCC
- soc: qcom: Rename llcc-slice to llcc-qcom
- [Config] remove llcc-slice module
- soc: qcom: llcc: Handle a second device without data corruption
- firmware: ti_sci: Replace HTTP links with HTTPS ones
- firmware: ti_sci: Mark driver as non removable
- clk: scmi: Free scmi_clk allocated when the clocks with invalid info are
skipped
- hwrng: geode - fix accessing registers
- libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return
value
- sched/rt: Provide migrate_disable/enable() inlines
- nd_btt: Make BTT lanes preemptible
- crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure
- crypto: caam/jr - fix Chacha20 + Poly1305 self test failure
- HID: cp2112: Use irqchip template
- hid: cp2112: Fix duplicate workqueue initialization
- ARM: 9321/1: memset: cast the constant byte to unsigned char
- ext4: move 'ix' sanity check to corrent position
- scsi: ufs: core: Leave space for '0' in utf8 desc string
- RDMA/hfi1: Workaround truncation compilation error
- sh: bios: Revive earlyprintk support
- ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails
- ASoC: ams-delta.c: use component after check
- mfd: dln2: Fix double put in dln2_probe
- leds: pwm: simplify if condition
- leds: pwm: convert to atomic PWM API
- leds: pwm: Don't disable the PWM when the LED should be off
- ledtrig-cpu: Limit to 8 CPUs
- leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
- tty: tty_jobctrl: fix pid memleak in disassociate_ctty()
- usb: dwc2: fix possible NULL pointer dereference caused by driver
concurrency
- dmaengine: ti: edma: handle irq_of_parse_and_map() errors
- misc: st_core: Do not call kfree_skb() under spin_lock_irqsave()
- tools: iio: privatize globals and functions in iio_generic_buffer.c file
- tools: iio: iio_generic_buffer: Fix some integer type and calculation
- tools: iio: iio_generic_buffer ensure alignment
- USB: usbip: fix stub_dev hub disconnect
- dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc()
- f2fs: fix to initialize map.m_pblk in f2fs_precache_extents()
- modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host
- powerpc/xive: Fix endian conversion size
- powerpc/imc-pmu: Use the correct spinlock initializer.
- powerpc/pseries: fix potential memory leak in init_cpu_associativity()
- i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs
- rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call
- pcmcia: cs: fix possible hung task and memory leak pccardd()
- pcmcia: ds: fix refcount leak in pcmcia_device_add()
- pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
- media: bttv: fix use after free error due to btv->timeout timer
- media: s3c-camif: Avoid inappropriate kfree()
- media: dvb-usb-v2: af9035: fix missing unlock
- regmap: prevent noinc writes from clobbering cache
- pwm: sti: Avoid conditional gotos
- pwm: sti: Reduce number of allocations and drop usage of chip_data
- pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume
- Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
- llc: verify mac len before reading mac header
- tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
- inet: shrink struct flowi_common
- dccp: Call security_inet_conn_request() after setting IPv4 addresses.
- dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses.
- Fix termination state for idr_for_each_entry_ul()
- net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs
- net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT
- tg3: power down device only on SYSTEM_POWER_OFF
- r8169: respect userspace disabling IFF_MULTICAST
- netfilter: xt_recent: fix (increase) ipv6 literal buffer length
- netfilter: nft_redir: use `struct nf_nat_range2` throughout and deduplicate
eval call-backs
- netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses
- drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE
- spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies
- fbdev: imsttfb: Fix error path of imsttfb_probe()
- fbdev: imsttfb: fix a resource leak in probe
- fbdev: fsl-diu-fb: mark wr_reg_wa() static
- Revert "mmc: core: Capture correct oemid-bits for eMMC cards"
- btrfs: use u64 for buffer sizes in the tree search ioctls
- Linux 5.4.261
* Focal update: v5.4.260 upstream stable release (LP: #2049024)
- mtd: rawnand: marvell: Ensure program page operations are successful
- selftests/ftrace: Add new test case which checks non unique symbol
- mcb: Return actual parsed size when reading chameleon table
- mcb-lpc: Reallocate memory region to avoid memory overlapping
- virtio_balloon: Fix endless deflation and inflation on arm64
- virtio-mmio: fix memory leak of vm_dev
- r8169: fix the KCSAN reported data-race in rtl_tx while reading
TxDescArray[entry].opts1
- r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1
- treewide: Spelling fix in comment
- igb: Fix potential memory leak in igb_add_ethtool_nfc_entry
- neighbour: fix various data-races
- igc: Fix ambiguity in the ethtool advertising
- net: ieee802154: adf7242: Fix some potential buffer overflow in
adf7242_stats_show()
- r8152: Increase USB control msg timeout to 5000ms as per spec
- r8152: Run the unload routine if we have errors during probe
- r8152: Cancel hw_phy_work if we have an error in probe
- tcp: fix wrong RTO timeout when received SACK reneging
- gtp: uapi: fix GTPA_MAX
- gtp: fix fragmentation needed check with gso
- iio: exynos-adc: request second interupt only when touchscreen mode is used
- i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node()
- i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node()
- i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node()
- i2c: stm32f7: Fix PEC handling in case of SMBUS transfers
- i2c: aspeed: Fix i2c bus hang in slave read
- nvmem: imx: correct nregs for i.MX6ULL
- nvmem: imx: correct nregs for i.MX6SLL
- nvmem: imx: correct nregs for i.MX6UL
- perf/core: Fix potential NULL deref
- clk: Sanitize possible_parent_show to Handle Return Value of
of_clk_get_parent_name
- i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR
- x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility
- drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper()
- arm64: fix a concurrency issue in emulation_proc_handler()
- smbdirect: missing rc checks while waiting for rdma events
- f2fs: fix to do sanity check on inode type during garbage collection
- nfsd: lock_rename() needs both directories to live on the same fs
- x86/mm: Simplify RESERVE_BRK()
- x86/mm: Fix RESERVE_BRK() for older binutils
- ext4: add two helper functions extent_logical_end() and pa_logical_end()
- ext4: avoid overlapping preallocations due to overflow
- ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
- driver: platform: Add helper for safer setting of driver_override
- rpmsg: Constify local variable in field store macro
- rpmsg: Fix kfree() of static memory on setting driver_override
- rpmsg: Fix calling device_lock() on non-initialized device
- rpmsg: glink: Release driver_override
- rpmsg: Fix possible refcount leak in rpmsg_register_device_override()
- x86: Fix .brk attribute in linker script
- Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table
- irqchip/stm32-exti: add missing DT IRQ flag translation
- dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe
- Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport
- fbdev: atyfb: only use ioremap_uc() on i386 and ia64
- spi: npcm-fiu: Fix UMA reads when dummy.nbytes == 0
- netfilter: nfnetlink_log: silence bogus compiler warning
- ASoC: rt5650: fix the wrong result of key button
- fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit()
- scsi: mpt3sas: Fix in error path
- platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
- platform/mellanox: mlxbf-tmfifo: Fix a warning message
- net: chelsio: cxgb4: add an error code check in t4_load_phy_fw
- ata: ahci: fix enum constants for gcc-13
- remove the sx8 block driver
- [Config] remove CONFIG_BLK_DEV_SX8
- Revert "ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver"
- PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device
- usb: storage: set 1.50 as the lower bcdDevice for older "Super Top"
compatibility
- tty: 8250: Remove UC-257 and UC-431
- tty: 8250: Add support for additional Brainboxes UC cards
- tty: 8250: Add support for Brainboxes UP cards
- tty: 8250: Add support for Intashield IS-100
- Linux 5.4.260
* CVE-2023-51779
- Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
* CVE-2023-22995
- usb: dwc3: dwc3-qcom: Add missing platform_device_put() in
dwc3_qcom_acpi_register_core
-- Stefan Bader <stefan.bader@canonical.com> Fri, 02 Feb 2024 14:22:27 +0100
# For older changelog entries, run 'apt-get changelog linux-cloud-tools-common'