Focal update: v5.4.118 upstream stable release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Medium
|
Kamal Mostafa |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
v5.4.118 upstream stable release
from git://git.
s390/disassembler: increase ebpf disasm buffer size
ACPI: custom_method: fix potential use-after-free issue
ACPI: custom_method: fix a possible memory leak
ftrace: Handle commands when closing set_ftrace_filter file
ARM: 9056/1: decompressor: fix BSS size calculation for LLVM ld.lld
arm64: dts: marvell: armada-37xx: add syscon compatible to NB clk node
arm64: dts: mt8173: fix property typo of 'phys' in dsi node
ecryptfs: fix kernel panic with null dev_name
mtd: spinand: core: add missing MODULE_
mtd: rawnand: atmel: Update ecc_stats.corrected counter
erofs: add unsupported inode i_format check
spi: spi-ti-qspi: Free DMA resources
scsi: qla2xxx: Fix crash in qla2xxx_
scsi: mpt3sas: Block PCI config access from userspace during reset
mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe()
mmc: uniphier-sd: Fix a resource leak in the remove function
mmc: sdhci: Check for reset prior to DMA address unmap
mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers
mmc: block: Update ext_csd.cache_ctrl if it was written
mmc: block: Issue a cache flush only when it's enabled
mmc: core: Do a power cycle when the CMD11 fails
mmc: core: Set read only for SD cards with permanent write protect bit
mmc: core: Fix hanging on I/O during system suspend for removable cards
modules: mark ref_module static
modules: mark find_symbol static
modules: mark each_symbol_section static
modules: unexport __module_
modules: unexport __module_address
modules: rename the licence field in struct symsearch to license
modules: return licensing information from find_symbol
modules: inherit TAINT_PROPRIETA
irqchip/gic-v3: Do not enable irqs when handling spurious interrups
cifs: Return correct error code from smb2_get_enc_key
btrfs: fix metadata extent leak after failure to create subvolume
intel_th: pci: Add Rocket Lake CPU support
posix-timers: Preserve return value in clock_adjtime32()
fbdev: zero-fill colormap in fbcmap.c
bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first
staging: wimax/i2400m: fix byte-order issue
spi: ath79: always call chipselect function
spi: ath79: remove spi-master setup and cleanup assignment
crypto: api - check for ERR pointers in crypto_
crypto: qat - fix unmap invalid dma address
usb: gadget: uvc: add bInterval checking for HS mode
usb: webcam: Invalid size of Processing Unit Descriptor
genirq/matrix: Prevent allocation counter corruption
usb: gadget: f_uac2: validate input parameters
usb: gadget: f_uac1: validate input parameters
usb: dwc3: gadget: Ignore EP queue requests during bus reset
usb: xhci: Fix port minor revision
PCI: PM: Do not read power state in pci_enable_
x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS)
tee: optee: do not check memref size on return from Secure World
perf/arm_
usb: xhci-mtk: support quirk to disable usb2 lpm
xhci: check control context is valid before dereferencing it.
xhci: fix potential array out of bounds with several interrupters
spi: dln2: Fix reference leak to master
spi: omap-100k: Fix reference leak to master
spi: qup: fix PM reference leak in spi_qup_remove()
usb: musb: fix PM reference leak in musb_irq_work()
usb: core: hub: Fix PM reference leak in usb_port_resume()
tty: n_gsm: check error while registering tty devices
intel_th: Consistency and off-by-one fix
phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_
crypto: stm32/hash - Fix PM reference leak on stm32-hash.c
crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c
crypto: omap-aes - Fix PM reference leak on omap-aes.c
platform/x86: intel_pmc_core: Don't use global pmcdev in quirks
btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s
drm: Added orientation quirk for OneGX1 Pro
drm/qxl: release shadow on shutdown
drm/amd/display: Check for DSC support instead of ASIC revision
drm/amd/display: Don't optimize bandwidth before disabling planes
scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe
scsi: lpfc: Fix pt2pt connection does not recover after LOGO
scsi: target: pscsi: Fix warning in pscsi_complete_
media: ite-cir: check for receive overflow
media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB
media: imx: capture: Return -EPIPE from __capture_
power: supply: bq27xxx: fix power_avg for newer ICs
extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged
extcon: arizona: Fix various races on driver unbind
media: media/saa7164: fix saa7164_
media: gspca/sq905.c: fix uninitialized variable
power: supply: Use IRQF_ONESHOT
drm/amdgpu: mask the xgmi number of hops reported from psp to kfd
drm/amdkfd: Fix UBSAN shift-out-of-bounds warning
drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f
drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool'
drm/amd/display: fix dml prefetch validation
scsi: qla2xxx: Always check the return value of qla24xx_
drm/vkms: fix misuse of WARN_ON
scsi: qla2xxx: Fix use after free in bsg
mmc: sdhci-pci: Add PCI IDs for Intel LKF
ata: ahci: Disable SXS for Hisilicon Kunpeng920
scsi: smartpqi: Correct request leakage during reset operations
scsi: smartpqi: Add new PCI IDs
scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
media: em28xx: fix memory leak
media: vivid: update EDID
clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return
power: supply: generic-
power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_
media: tc358743: fix possible use-after-free in tc358743_remove()
media: adv7604: fix possible use-after-free in adv76xx_remove()
media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove()
media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove()
media: i2c: adv7842: fix possible use-after-free in adv7842_remove()
media: platform: sti: Fix runtime PM imbalance in regs_show
media: dvb-usb: fix memory leak in dvb_usb_
media: gscpa/stv06xx: fix memory leak
sched/fair: Ignore percpu threads for imbalance pulls
drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal
drm/msm/mdp5: Do not multiply vclk line count by 100
drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug
amdgpu: avoid incorrect %hu format string
drm/amdgpu: fix NULL pointer dereference
scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response
scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode
scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic
mfd: arizona: Fix rumtime PM imbalance on error
scsi: libfc: Fix a format specifier
s390/archrandom: add parameter check for s390_arch_
ALSA: emu8000: Fix a use after free in snd_emu8000_
ALSA: hda/conexant: Re-order CX5066 quirk table entries
ALSA: sb: Fix two use after free in snd_sb_qsound_build
ALSA: usb-audio: Explicitly set up the clock selector
ALSA: usb-audio: More constifications
ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8
ALSA: hda/realtek: GA503 use same quirks as GA401
ALSA: hda/realtek: fix mic boost on Intel NUC 8
ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops
ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx
btrfs: fix race when picking most recent mod log operation for an old root
arm64/vdso: Discard .note.gnu.property sections in vDSO
Makefile: Move -Wno-unused-
virtiofs: fix memory leak in virtio_fs_probe()
ubifs: Only check replay with inode type to judge if inode linked
f2fs: fix to avoid out-of-bounds memory access
mlxsw: spectrum_mr: Update egress RIF list before route's action
openvswitch: fix stack OOB read while fragmenting IPv4 packets
ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure
NFS: Don't discard pNFS layout segments that are marked for return
NFSv4: Don't discard segments marked for return in _pnfs_return_
Input: ili210x - add missing negation for touch indication on ili210x
jffs2: Fix kasan slab-out-of-bounds problem
powerpc/eeh: Fix EEH handling for hugepages in ioremap space.
powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h
intel_th: pci: Add Alder Lake-M support
tpm: efi: Use local variable for calculating final log size
tpm: vtpm_proxy: Avoid reading host log when using a virtual device
crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS
md/raid1: properly indicate failure when ending a failed write request
dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences
fuse: fix write deadlock
security: commoncap: fix -Wstringop-overread warning
Fix misc new gcc warnings
jffs2: check the validity of dstlen in jffs2_zlib_
Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_
x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported
kbuild: update config_data.gz only when the content of .config is changed
ext4: fix check to prevent false positive report of incorrect used inodes
ext4: do not set SB_ACTIVE in ext4_orphan_
ext4: fix error code in ext4_commit_super
media: dvbdev: Fix memory leak in dvb_media_
media: dvb-usb: Fix use-after-free access
media: dvb-usb: Fix memory leak at error in dvb_usb_
media: staging/intel-ipu3: Fix memory leak in imu_fmt
media: staging/intel-ipu3: Fix set_fmt error handling
media: staging/intel-ipu3: Fix race condition during set_fmt
usb: gadget: dummy_hcd: fix gpf in gadget_setup
usb: gadget: Fix double free of device descriptor pointers
usb: gadget/
usb: dwc3: gadget: Fix START_TRANSFER link state check
usb: dwc2: Fix session request interrupt handler
tty: fix memory leak in vc_deallocate
rsi: Use resume_noirq for SDIO
tracing: Map all PIDs to command lines
tracing: Restructure trace_clock_
dm persistent data: packed struct should have an aligned() attribute too
dm space map common: fix division bug in sm_ll_find_
dm integrity: fix missing goto in bitmap_
dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails
Linux 5.4.118
UBUNTU: upstream stable to v5.4.118
CVE References
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
tags: | added: kernel-stable-tracking-bug |
Changed in linux (Ubuntu Focal): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
Changed in linux (Ubuntu): | |
status: | Confirmed → Invalid |
description: | updated |
Changed in linux (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
This bug was fixed in the package linux - 5.4.0-77.86
---------------
linux (5.4.0-77.86) focal; urgency=medium
* UAF on CAN J1939 j1939_can_recv (LP: #1932209)
- SAUCE: can: j1939: delay release of j1939_priv after synchronize_rcu
* UAF on CAN BCM bcm_rx_handler (LP: #1931855)
- SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu
linux (5.4.0-76.85) focal; urgency=medium
* focal/linux: 5.4.0-76.85 -proposed tracker (LP: #1932123)
* Upstream v5.9 introduced 'module' patches that removed exported symbols RY_MODULE" text_address"
(LP: #1932065)
- SAUCE: Revert "modules: inherit TAINT_PROPRIETA
- SAUCE: Revert "modules: return licensing information from find_symbol"
- SAUCE: Revert "modules: rename the licence field in struct symsearch to
license"
- SAUCE: Revert "modules: unexport __module_address"
- SAUCE: Revert "modules: unexport __module_
- SAUCE: Revert "modules: mark each_symbol_section static"
- SAUCE: Revert "modules: mark find_symbol static"
- SAUCE: Revert "modules: mark ref_module static"
linux (5.4.0-75.84) focal; urgency=medium
* focal/linux: 5.4.0-75.84 -proposed tracker (LP: #1930032)
* Packaging resync (LP: #1786013)
- update dkms package versions
* CVE-2021-33200
- bpf: Wrap aux data inside bpf_sanitize_info container
- bpf: Fix mask direction swap upon off reg sign change
- bpf: No need to simulate speculative domain for immediates
* Realtek USB hubs in Dell WD19SC/DC/TB fail to work after exiting s2idle
(LP: #1928242)
- USB: Verify the port status when timeout happens during port suspend
* CVE-2020-26145
- ath10k: drop fragments with multicast DA for SDIO
- ath10k: add CCMP PN replay protection for fragmented frames for PCIe
- ath10k: drop fragments with multicast DA for PCIe
* CVE-2020-26141
- ath10k: Fix TKIP Michael MIC verification for PCIe
* CVE-2020-24588
- mac80211: properly handle A-MSDUs that start with an RFC 1042 header
- cfg80211: mitigate A-MSDU aggregation attacks
- mac80211: drop A-MSDUs on old ciphers
- ath10k: drop MPDU which has discard flag set by firmware for SDIO
* CVE-2020-26139
- mac80211: do not accept/forward invalid EAPOL frames
* CVE-2020-24586 // CVE-2020-24587 // CVE-2020-24587 for such cases.
- mac80211: extend protection against mixed key and fragment cache attacks
* CVE-2020-24586 // CVE-2020-24587
- mac80211: prevent mixed key and fragment cache attacks
- mac80211: add fragment cache to sta_info
- mac80211: check defrag PN against current frame
- mac80211: prevent attacks on TKIP/WEP as well
* CVE-2020-26147
- mac80211: assure all fragments are encrypted
* raid10: Block discard is very slow, causing severe delays for mkfs and discard_ bio() for submitting discard bio
fstrim operations (LP: #1896578)
- md: add md_submit_
- md/raid10: extend r10bio devs to raid disks
- md/raid10: pull the code that wait for blocked dev into one function
- md/raid10: improve raid10 discard request
- md/raid10: improve discard request for far layout
- dm raid: remove unnecessary discard limi...