Bug #1959173 “Vulnerability in af_packet handling” : Bugs : linux-gke package : Ubuntu

Khaled El Mously (kmously) on 2022-01-27

no longer affects:

klibc (Ubuntu)

Stefan Bader (smb) on 2022-01-27

Changed in linux-gke (Ubuntu):
status:	New → Invalid
Changed in linux-gke (Ubuntu Focal):
assignee:	nobody → Khaled El Mously (kmously)
importance:	Undecided → Medium
status:	New → In Progress

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-01-28:

#1

This bug is awaiting verification that the linux-gke/5.4.0-1061.64 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Khaled El Mously (kmously) on 2022-01-31

tags:

added: verification-done-focal
removed: verification-needed-focal

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-01-31:

#2

Download full text (32.2 KiB)

This bug was fixed in the package linux-gke - 5.4.0-1061.64

---------------
linux-gke (5.4.0-1061.64) focal; urgency=medium

* focal/linux-gke: 5.4.0-1061.64 -proposed tracker (LP: #1959355)

* Vulnerability in af_packet handling (LP: #1959173)
- net/packet: rx_owner_map depends on pg_vec

linux-gke (5.4.0-1060.63) focal; urgency=medium

* focal/linux-gke: 5.4.0-1060.63 -proposed tracker (LP: #1955227)

[ Ubuntu: 5.4.0-97.110 ]

  * icmp_redirect from selftests fails on F/kvm (unary operator expected)
    (LP: #1938964)
    - selftests: icmp_redirect: pass xfail=0 to log_test()
  * Focal: CIFS stable updates (LP: #1954926)
    - cifs: use the expiry output of dns_query to schedule next resolution
    - cifs: set a minimum of 120s for next dns resolution
    - cifs: To match file servers, make sure the server hostname matches
  * seccomp_bpf in seccomp from ubuntu_kernel_selftests failed to build on B-5.4
    (LP: #1896420)
    - SAUCE: selftests/seccomp: fix "storage size of 'md' isn't known" build issue
    - SAUCE: selftests/seccomp: Fix s390x regs not defined issue
  * system crash when removing ipmi_msghandler module (LP: #1950666)
    - ipmi: Move remove_work to dedicated workqueue
    - ipmi: msghandler: Make symbol 'remove_work_wq' static
  * zcrypt DD: Toleration for new IBM Z Crypto Hardware - (Backport to Ubuntu
    20.04) (LP: #1954680)
    - s390/AP: support new dynamic AP bus size limit
  * [UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel -
    kernel part (LP: #1953334)
    - s390/setup: diag 318: refactor struct
    - s390/kvm: diagnose 0x318 sync and reset
    - KVM: s390: remove diag318 reset code
    - KVM: s390: add debug statement for diag 318 CPNC data
  * Updates to ib_peer_memory requested by Nvidia (LP: #1947206)
    - SAUCE: RDMA/core: Updated ib_peer_memory
  * Include Infiniband Peer Memory interface (LP: #1923104)
    - IB: Allow calls to ib_umem_get from kernel ULPs
    - SAUCE: RDMA/core: Introduce peer memory interface
  * Focal update: v5.4.162 upstream stable release (LP: #1954834)
    - arm64: zynqmp: Do not duplicate flash partition label property
    - arm64: zynqmp: Fix serial compatible string
    - ARM: dts: NSP: Fix mpcore, mmc node names
    - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
    - arm64: dts: hisilicon: fix arm,sp805 compatible string
    - RDMA/bnxt_re: Check if the vlan is valid before reporting
    - usb: musb: tusb6010: check return value after calling
      platform_get_resource()
    - usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
    - arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency
    - arm64: dts: freescale: fix arm,sp805 compatible string
    - ASoC: SOF: Intel: hda-dai: fix potential locking issue
    - clk: imx: imx6ul: Move csi_sel mux to correct base register
    - ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect
    - scsi: advansys: Fix kernel pointer leak
    - firmware_loader: fix pre-allocated buf built-in firmware use
    - ARM: dts: omap: fix gpmc,mux-add-data type
    - usb: host: ohci-tmio: check return value after calling
      platform_get_resource()
    - ARM: dts:...

This bug was fixed in the package linux-gke - 5.4.0-1061.64

---------------
linux-gke (5.4.0-1061.64) focal; urgency=medium

* focal/linux-gke: 5.4.0-1061.64 -proposed tracker (LP: #1959355)

* Vulnerability in af_packet handling (LP: #1959173)
    - net/packet: rx_owner_map depends on pg_vec

linux-gke (5.4.0-1060.63) focal; urgency=medium

* focal/linux-gke: 5.4.0-1060.63 -proposed tracker (LP: #1955227)

[ Ubuntu: 5.4.0-97.110 ]

* icmp_redirect from selftests fails on F/kvm (unary operator expected)
    (LP: #1938964)
    - selftests: icmp_redirect: pass xfail=0 to log_test()
  * Focal: CIFS stable updates (LP: #1954926)
    - cifs: use the expiry output of dns_query to schedule next resolution
    - cifs: set a minimum of 120s for next dns resolution
    - cifs: To match file servers, make sure the server hostname matches
  * seccomp_bpf in seccomp from ubuntu_kernel_selftests failed to build on B-5.4
    (LP: #1896420)
    - SAUCE: selftests/seccomp: fix "storage size of 'md' isn't known" build issue
    - SAUCE: selftests/seccomp: Fix s390x regs not defined issue
  * system crash when removing ipmi_msghandler module (LP: #1950666)
    - ipmi: Move remove_work to dedicated workqueue
    - ipmi: msghandler: Make symbol 'remove_work_wq' static
  * zcrypt DD: Toleration for new IBM Z Crypto Hardware - (Backport to Ubuntu
    20.04) (LP: #1954680)
    - s390/AP: support new dynamic AP bus size limit
  * [UBUNTU 20.04] KVM hardware diagnose data improvements for guest kernel -
    kernel part (LP: #1953334)
    - s390/setup: diag 318: refactor struct
    - s390/kvm: diagnose 0x318 sync and reset
    - KVM: s390: remove diag318 reset code
    - KVM: s390: add debug statement for diag 318 CPNC data
  * Updates to ib_peer_memory requested by Nvidia (LP: #1947206)
    - SAUCE: RDMA/core: Updated ib_peer_memory
  * Include Infiniband Peer Memory interface (LP: #1923104)
    - IB: Allow calls to ib_umem_get from kernel ULPs
    - SAUCE: RDMA/core: Introduce peer memory interface
  * Focal update: v5.4.162 upstream stable release (LP: #1954834)
    - arm64: zynqmp: Do not duplicate flash partition label property
    - arm64: zynqmp: Fix serial compatible string
    - ARM: dts: NSP: Fix mpcore, mmc node names
    - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
    - arm64: dts: hisilicon: fix arm,sp805 compatible string
    - RDMA/bnxt_re: Check if the vlan is valid before reporting
    - usb: musb: tusb6010: check return value after calling
      platform_get_resource()
    - usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
    - arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency
    - arm64: dts: freescale: fix arm,sp805 compatible string
    - ASoC: SOF: Intel: hda-dai: fix potential locking issue
    - clk: imx: imx6ul: Move csi_sel mux to correct base register
    - ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect
    - scsi: advansys: Fix kernel pointer leak
    - firmware_loader: fix pre-allocated buf built-in firmware use
    - ARM: dts: omap: fix gpmc,mux-add-data type
    - usb: host: ohci-tmio: check return value after calling
      platform_get_resource()
    - ARM: dts: ls1021a: move thermal-zones node out of soc/
    - ARM: dts: ls1021a-tsn: use generic "jedec,spi-nor" compatible for flash
    - ALSA: ISA: not for M68K
    - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
    - MIPS: sni: Fix the build
    - scsi: target: Fix ordered tag handling
    - scsi: target: Fix alua_tg_pt_gps_count tracking
    - iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr()
    - powerpc/5200: dts: fix memory node unit name
    - ALSA: gus: fix null pointer dereference on pointer block
    - powerpc/dcr: Use cmplwi instead of 3-argument cmpli
    - sh: check return code of request_irq
    - maple: fix wrong return value of maple_bus_init().
    - f2fs: fix up f2fs_lookup tracepoints
    - sh: fix kconfig unmet dependency warning for FRAME_POINTER
    - sh: math-emu: drop unused functions
    - sh: define __BIG_ENDIAN for math-emu
    - clk: ingenic: Fix bugs with divided dividers
    - clk/ast2600: Fix soc revision for AHB
    - clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk
    - mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
    - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
    - tracing: Save normal string variables
    - tracing/histogram: Do not copy the fixed-size char array field over the
      field size
    - RDMA/netlink: Add __maybe_unused to static inline in C file
    - perf bpf: Avoid memory leak from perf_env__insert_btf()
    - perf bench futex: Fix memory leak of perf_cpu_map__new()
    - perf tests: Remove bash construct from record+zstd_comp_decomp.sh
    - net: bnx2x: fix variable dereferenced before check
    - iavf: check for null in iavf_fix_features
    - iavf: free q_vectors before queues in iavf_disable_vf
    - iavf: Fix failure to exit out from last all-multicast mode
    - iavf: prevent accidental free of filter structure
    - iavf: validate pointers
    - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
    - MIPS: generic/yamon-dt: fix uninitialized variable error
    - mips: bcm63xx: add support for clk_get_parent()
    - mips: lantiq: add support for clk_get_parent()
    - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
    - scsi: core: sysfs: Fix hang when device state is set via sysfs
    - net: sched: act_mirred: drop dst for the direction from egress to ingress
    - net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove
    - net: virtio_net_hdr_to_skb: count transport header in UFO
    - i40e: Fix correct max_pkt_size on VF RX queue
    - i40e: Fix NULL ptr dereference on VSI filter sync
    - i40e: Fix changing previously set num_queue_pairs for PFs
    - i40e: Fix ping is lost after configuring ADq on VF
    - i40e: Fix creation of first queue by omitting it if is not power of two
    - i40e: Fix display error code in dmesg
    - NFC: reorganize the functions in nci_request
    - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame
    - NFC: reorder the logic in nfc_{un,}register_device
    - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()
    - perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
    - perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
    - s390/kexec: fix return code handling
    - arm64: vdso32: suppress error message for 'make mrproper'
    - tun: fix bonding active backup with arp monitoring
    - hexagon: export raw I/O routines for modules
    - ipc: WARN if trying to remove ipc object which is absent
    - mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
    - x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
    - s390/kexec: fix memory leak of ipl report buffer
    - udf: Fix crash after seekdir
    - btrfs: fix memory ordering between normal and ordered work functions
    - parisc/sticon: fix reverse colors
    - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
    - drm/udl: fix control-message timeout
    - drm/nouveau: use drm_dev_unplug() during device removal
    - drm/i915/dp: Ensure sink rate values are always valid
    - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga
      and dvi connectors
    - Revert "net: mvpp2: disable force link UP during port init procedure"
    - perf/core: Avoid put_page() when GUP fails
    - batman-adv: Consider fragmentation for needed_headroom
    - batman-adv: Reserve needed_*room for fragments
    - batman-adv: Don't always reallocate the fragmentation skb head
    - ASoC: DAPM: Cover regression by kctl change notification fix
    - usb: max-3421: Use driver data instead of maintaining a list of bound
      devices
    - ice: Delete always true check of PF pointer
    - ALSA: hda: hdac_ext_stream: fix potential locking issues
    - ALSA: hda: hdac_stream: fix potential locking issue in
      snd_hdac_stream_assign()
    - Linux 5.4.162
  * Focal update: v5.4.161 upstream stable release (LP: #1954828)
    - scsi: ufs: Fix interrupt error message for shared interrupts
    - MIPS: Fix assembly error from MIPSr2 code used within MIPS_ISA_ARCH_LEVEL
    - ext4: fix lazy initialization next schedule time computation in more
      granular unit
    - scsi: ufs: Fix tm request when non-fatal error happens
    - fortify: Explicitly disable Clang support
    - parisc/entry: fix trace test in syscall exit path
    - PCI/MSI: Destroy sysfs before freeing entries
    - PCI/MSI: Deal with devices lying about their MSI mask capability
    - PCI: Add MSI masking quirk for Nvidia ION AHCI
    - erofs: remove the occupied parameter from z_erofs_pagevec_enqueue()
    - erofs: fix unsafe pagevec reuse of hooked pclusters
    - Linux 5.4.161
  * Focal update: v5.4.160 upstream stable release (LP: #1953387)
    - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good
      delay
    - usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform
    - binder: use euid from cred instead of using task
    - binder: use cred instead of task for selinux checks
    - binder: use cred instead of task for getsecid
    - Input: iforce - fix control-message timeout
    - Input: elantench - fix misreporting trackpoint coordinates
    - Input: i8042 - Add quirk for Fujitsu Lifebook T725
    - libata: fix read log timeout value
    - ocfs2: fix data corruption on truncate
    - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
    - scsi: qla2xxx: Fix use after free in eh_abort path
    - mmc: dw_mmc: Dont wait for DRTO on Write RSP error
    - parisc: Fix ptrace check on syscall return
    - tpm: Check for integer overflow in tpm2_map_response_body()
    - firmware/psci: fix application of sizeof to pointer
    - crypto: s5p-sss - Add error handling in s5p_aes_probe()
    - media: ite-cir: IR receiver stop working after receive overflow
    - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers
    - media: v4l2-ioctl: Fix check_ext_ctrls
    - ALSA: hda/realtek: Add quirk for Clevo PC70HS
    - ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N
    - ALSA: hda/realtek: Add quirk for ASUS UX550VE
    - ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED
    - ALSA: ua101: fix division by zero at probe
    - ALSA: 6fire: fix control and bulk message timeouts
    - ALSA: line6: fix control and interrupt message timeouts
    - ALSA: usb-audio: Add registration quirk for JBL Quantum 400
    - ALSA: synth: missing check for possible NULL after the call to kstrdup
    - ALSA: timer: Fix use-after-free problem
    - ALSA: timer: Unconditionally unlink slave instances, too
    - fuse: fix page stealing
    - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c
    - x86/cpu: Fix migration safety with X86_BUG_NULL_SEL
    - x86/irq: Ensure PI wakeup handler is unregistered before module unload
    - cavium: Return negative value when pci_alloc_irq_vectors() fails
    - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails
    - scsi: qla2xxx: Fix unmap of already freed sgl
    - cavium: Fix return values of the probe function
    - sfc: Don't use netif_info before net_device setup
    - hyperv/vmbus: include linux/bitops.h
    - ARM: dts: sun7i: A20-olinuxino-lime2: Fix ethernet phy-mode
    - reset: socfpga: add empty driver allowing consumers to probe
    - mmc: winbond: don't build on M68K
    - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021
    - bpf: Define bpf_jit_alloc_exec_limit for arm64 JIT
    - bpf: Prevent increasing bpf_jit_limit above max
    - xen/netfront: stop tx queues during live migration
    - nvmet-tcp: fix a memory leak when releasing a queue
    - spi: spl022: fix Microwire full duplex mode
    - net: multicast: calculate csum of looped-back and forwarded packets
    - watchdog: Fix OMAP watchdog early handling
    - drm: panel-orientation-quirks: Add quirk for GPD Win3
    - nvmet-tcp: fix header digest verification
    - r8169: Add device 10ec:8162 to driver r8169
    - vmxnet3: do not stop tx queues after netif_device_detach()
    - nfp: bpf: relax prog rejection for mtu check through max_pkt_offset
    - net/smc: Correct spelling mistake to TCPF_SYN_RECV
    - btrfs: clear MISSING device status bit in btrfs_close_one_device
    - btrfs: fix lost error handling when replaying directory deletes
    - btrfs: call btrfs_check_rw_degradable only if there is a missing device
    - ia64: kprobes: Fix to pass correct trampoline address to the handler
    - hwmon: (pmbus/lm25066) Add offset coefficients
    - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is
      disabled
    - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-
      dvs-idx property
    - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
    - mwifiex: fix division by zero in fw download path
    - ath6kl: fix division by zero in send path
    - ath6kl: fix control-message timeout
    - ath10k: fix control-message timeout
    - ath10k: fix division by zero in send path
    - PCI: Mark Atheros QCA6174 to avoid bus reset
    - rtl8187: fix control-message timeouts
    - evm: mark evm_fixmode as __ro_after_init
    - wcn36xx: Fix HT40 capability for 2Ghz band
    - mwifiex: Read a PCI register after writing the TX ring write pointer
    - libata: fix checking of DMA state
    - wcn36xx: handle connection loss indication
    - rsi: fix occasional initialisation failure with BT coex
    - rsi: fix key enabled check causing unwanted encryption for vap_id > 0
    - rsi: fix rate mask set leading to P2P failure
    - rsi: Fix module dev_oper_mode parameter description
    - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
    - signal: Remove the bogus sigkill_pending in ptrace_stop
    - signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
    - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
    - power: supply: max17042_battery: use VFSOC for capacity when no rsns
    - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use
    - can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport
    - can: j1939: j1939_can_recv(): ignore messages with invalid source address
    - powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found
    - serial: core: Fix initializing and restoring termios speed
    - ALSA: mixer: oss: Fix racy access to slots
    - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
    - xen/balloon: add late_initcall_sync() for initial ballooning done
    - PCI: pci-bridge-emul: Fix emulation of W1C bits
    - PCI: aardvark: Do not clear status bits of masked interrupts
    - PCI: aardvark: Fix checking for link up via LTSSM state
    - PCI: aardvark: Do not unmask unused interrupts
    - PCI: aardvark: Fix reporting Data Link Layer Link Active
    - PCI: aardvark: Fix return value of MSI domain .alloc() method
    - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
    - quota: check block number when reading the block in quota file
    - quota: correct error number in free_dqentry()
    - pinctrl: core: fix possible memory leak in pinctrl_enable()
    - iio: dac: ad5446: Fix ad5622_write() return value
    - USB: serial: keyspan: fix memleak on probe errors
    - USB: iowarrior: fix control-message timeouts
    - USB: chipidea: fix interrupt deadlock
    - dma-buf: WARN on dmabuf release with pending attachments
    - drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2)
    - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1
    - drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6
    - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
    - Bluetooth: fix use-after-free error in lock_sock_nested()
    - drm/panel-orientation-quirks: add Valve Steam Deck
    - platform/x86: wmi: do not fail if disabling fails
    - MIPS: lantiq: dma: add small delay after reset
    - MIPS: lantiq: dma: reset correct number of channel
    - locking/lockdep: Avoid RCU-induced noinstr fail
    - net: sched: update default qdisc visibility after Tx queue cnt changes
    - smackfs: Fix use-after-free in netlbl_catmap_walk()
    - x86: Increase exception stack sizes
    - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type
    - mwifiex: Properly initialize private structure on interface type changes
    - ath10k: high latency fixes for beacon buffer
    - media: mt9p031: Fix corrupted frame after restarting stream
    - media: netup_unidvb: handle interrupt properly according to the firmware
    - media: stm32: Potential NULL pointer dereference in dcmi_irq_thread()
    - media: uvcvideo: Set capability in s_param
    - media: uvcvideo: Return -EIO for control errors
    - media: uvcvideo: Set unique vdev name based in type
    - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
    - media: s5p-mfc: Add checking to s5p_mfc_probe().
    - media: imx: set a media_device bus_info string
    - media: mceusb: return without resubmitting URB in case of -EPROTO error.
    - ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
    - brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet
    - media: rcar-csi2: Add checking to rcsi2_start_receiver()
    - ipmi: Disable some operations during a panic
    - ACPICA: Avoid evaluating methods too early during system resume
    - media: ipu3-imgu: imgu_fmt: Handle properly try
    - media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info
    - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
    - net-sysfs: try not to restart the syscall if it will fail eventually
    - tracefs: Have tracefs directories not set OTH permission bits by default
    - ath: dfs_pattern_detector: Fix possible null-pointer dereference in
      channel_detector_create()
    - iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value
    - ACPI: battery: Accept charges over the design capacity as full
    - leaking_addresses: Always print a trailing newline
    - memstick: r592: Fix a UAF bug when removing the driver
    - lib/xz: Avoid overlapping memcpy() with invalid input with in-place
      decompression
    - lib/xz: Validate the value before assigning it to an enum variable
    - workqueue: make sysfs of unbound kworker cpumask more clever
    - tracing/cfi: Fix cmp_entries_* functions signature mismatch
    - mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
    - block: remove inaccurate requeue check
    - nvmet: fix use-after-free when a port is removed
    - nvmet-tcp: fix use-after-free when a port is removed
    - nvme: drop scan_lock and always kick requeue list when removing namespaces
    - PM: hibernate: Get block device exclusively in swsusp_check()
    - selftests: kvm: fix mismatched fclose() after popen()
    - iwlwifi: mvm: disable RX-diversity in powersave
    - smackfs: use __GFP_NOFAIL for smk_cipso_doi()
    - ARM: clang: Do not rely on lr register for stacktrace
    - gre/sit: Don't generate link-local addr if addr_gen_mode is
      IN6_ADDR_GEN_MODE_NONE
    - ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
    - vrf: run conntrack only in context of lower/physdev for locally generated
      packets
    - net: annotate data-race in neigh_output()
    - btrfs: do not take the uuid_mutex in btrfs_rm_device
    - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in
      bcm_qspi_probe()
    - x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted
    - parisc: fix warning in flush_tlb_all
    - task_stack: Fix end_of_stack() for architectures with upwards-growing stack
    - parisc/unwind: fix unwinder when CONFIG_64BIT is enabled
    - parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
    - netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream
      state
    - selftests/bpf: Fix strobemeta selftest regression
    - Bluetooth: fix init and cleanup of sco_conn.timeout_work
    - rcu: Fix existing exp request check in sync_sched_exp_online_cleanup()
    - drm/v3d: fix wait for TMU write combiner flush
    - virtio-gpu: fix possible memory allocation failure
    - net: net_namespace: Fix undefined member in key_remove_domain()
    - cgroup: Make rebind_subsystems() disable v2 controllers all at once
    - wilc1000: fix possible memory leak in cfg_scan_result()
    - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync
    - crypto: caam - disable pkc for non-E SoCs
    - rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies()
    - net: dsa: rtl8366rb: Fix off-by-one bug
    - ath10k: Fix missing frame timestamp for beacon/probe-resp
    - drm/amdgpu: fix warning for overflow check
    - media: em28xx: add missing em28xx_close_extension
    - media: cxd2880-spi: Fix a null pointer dereference on error handling path
    - media: dvb-usb: fix ununit-value in az6027_rc_query
    - media: TDA1997x: handle short reads of hdmi info frame.
    - media: mtk-vpu: Fix a resource leak in the error handling path of
      'mtk_vpu_probe()'
    - media: radio-wl1273: Avoid card name truncation
    - media: si470x: Avoid card name truncation
    - media: tm6000: Avoid card name truncation
    - media: cx23885: Fix snd_card_free call on null card pointer
    - kprobes: Do not use local variable when creating debugfs file
    - crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency
    - cpuidle: Fix kobject memory leaks in error paths
    - media: em28xx: Don't use ops->suspend if it is NULL
    - ath9k: Fix potential interrupt storm on queue reset
    - EDAC/amd64: Handle three rank interleaving mode
    - netfilter: nft_dynset: relax superfluous check on set updates
    - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable()
    - crypto: qat - detect PFVF collision after ACK
    - crypto: qat - disregard spurious PFVF interrupts
    - hwrng: mtk - Force runtime pm ops for sleep ops
    - b43legacy: fix a lower bounds test
    - b43: fix a lower bounds test
    - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured
    - memstick: avoid out-of-range warning
    - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
    - net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE
    - hwmon: Fix possible memleak in __hwmon_device_register()
    - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of
      lm25066_coeff
    - ath10k: fix max antenna gain unit
    - drm/msm: uninitialized variable in msm_gem_import()
    - net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
    - mmc: mxs-mmc: disable regulator on error and in the remove function
    - block: ataflop: fix breakage introduced at blk-mq refactoring
    - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
    - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c
    - rsi: stop thread firstly in rsi_91x_init() error handling
    - mwifiex: Send DELBA requests according to spec
    - phy: micrel: ksz8041nl: do not use power down mode
    - nvme-rdma: fix error code in nvme_rdma_setup_ctrl
    - PM: hibernate: fix sparse warnings
    - clocksource/drivers/timer-ti-dm: Select TIMER_OF
    - drm/msm: Fix potential NULL dereference in DPU SSPP
    - smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
    - libbpf: Fix BTF data layout checks and allow empty BTF
    - s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()
    - irq: mips: avoid nested irq_enter()
    - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb()
    - samples/kretprobes: Fix return value if register_kretprobe() failed
    - KVM: s390: Fix handle_sske page fault handling
    - libertas_tf: Fix possible memory leak in probe and disconnect
    - libertas: Fix possible memory leak in probe and disconnect
    - wcn36xx: add proper DMA memory barriers in rx path
    - drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits
    - net: amd-xgbe: Toggle PLL settings during rate change
    - net: phylink: avoid mvneta warning when setting pause parameters
    - crypto: pcrypt - Delay write to padata->info
    - selftests/bpf: Fix fclose/pclose mismatch in test_progs
    - udp6: allow SO_MARK ctrl msg to affect routing
    - ibmvnic: don't stop queue in xmit
    - ibmvnic: Process crqs after enabling interrupts
    - RDMA/rxe: Fix wrong port_cap_flags
    - clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling paths
    - ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
    - arm64: dts: rockchip: Fix GPU register width for RK3328
    - ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY
    - RDMA/bnxt_re: Fix query SRQ failure
    - arm64: dts: meson-g12a: Fix the pwm regulator supply properties
    - ARM: dts: at91: tse850: the emac<->phy interface is rmii
    - scsi: dc395: Fix error case unwinding
    - MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
    - JFS: fix memleak in jfs_mount
    - ALSA: hda: Reduce udelay() at SKL+ position reporting
    - arm: dts: omap3-gta04a4: accelerometer irq fix
    - soc/tegra: Fix an error handling path in tegra_powergate_power_up()
    - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
    - clk: at91: check pmc node status before registering syscore ops
    - video: fbdev: chipsfb: use memset_io() instead of memset()
    - serial: 8250_dw: Drop wrong use of ACPI_PTR()
    - usb: gadget: hid: fix error code in do_config()
    - power: supply: rt5033_battery: Change voltage values to µV
    - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
    - RDMA/mlx4: Return missed an error if device doesn't support steering
    - staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC
    - ARM: dts: stm32: fix SAI sub nodes register range
    - ASoC: cs42l42: Correct some register default values
    - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER
    - phy: qcom-qusb2: Fix a memory leak on probe
    - serial: xilinx_uartps: Fix race condition causing stuck TX
    - HID: u2fzero: clarify error check and length calculations
    - HID: u2fzero: properly handle timeouts in usb_submit_urb
    - powerpc/44x/fsp2: add missing of_node_put
    - mips: cm: Convert to bitfield API to fix out-of-bounds access
    - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
    - apparmor: fix error check
    - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined
    - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
    - drm/plane-helper: fix uninitialized variable reference
    - PCI: aardvark: Don't spam about PIO Response Status
    - PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on emulated bridge
    - opp: Fix return in _opp_add_static_v2()
    - NFS: Fix deadlocks in nfs_scan_commit_list()
    - fs: orangefs: fix error return code of orangefs_revalidate_lookup()
    - mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
    - mtd: core: don't remove debugfs directory if device is in use
    - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
    - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
    - auxdisplay: ht16k33: Connect backlight to fbdev
    - auxdisplay: ht16k33: Fix frame buffer device blanking
    - soc: fsl: dpaa2-console: free buffer before returning from
      dpaa2_console_read
    - netfilter: nfnetlink_queue: fix OOB when mac header was cleared
    - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
    - signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL)
    - m68k: set a default value for MEMORY_RESERVE
    - watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
    - ar7: fix kernel builds for compiler test
    - scsi: qla2xxx: Fix gnl list corruption
    - scsi: qla2xxx: Turn off target reset during issue_lip
    - NFSv4: Fix a regression in nfs_set_open_stateid_locked()
    - i2c: xlr: Fix a resource leak in the error handling path of
      'xlr_i2c_probe()'
    - xen-pciback: Fix return in pm_ctrl_init()
    - net: davinci_emac: Fix interrupt pacing disable
    - net: vlan: fix a UAF in vlan_dev_real_dev()
    - ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
    - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
    - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and
      zs_unregister_migration()
    - zram: off by one in read_block_state()
    - perf bpf: Add missing free to bpf_event__print_bpf_prog_info()
    - llc: fix out-of-bound array index in llc_sk_dev_hash()
    - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
    - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions
    - bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
    - net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any
    - net: hns3: allow configure ETS bandwidth of all TCs
    - vsock: prevent unnecessary refcnt inc for nonblocking connect
    - net/smc: fix sk_refcnt underflow on linkdown and fallback
    - cxgb4: fix eeprom len when diagnostics not implemented
    - selftests/net: udpgso_bench_rx: fix port argument
    - ARM: 9155/1: fix early early_iounmap()
    - ARM: 9156/1: drop cc-option fallbacks for architecture selection
    - parisc: Fix set_fixmap() on PA1.x CPUs
    - irqchip/sifive-plic: Fixup EOI failed when masked
    - f2fs: should use GFP_NOFS for directory inodes
    - net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE
    - 9p/net: fix missing error check in p9_check_errors
    - ovl: fix deadlock in splice write
    - powerpc/lib: Add helper to check if offset is within conditional branch
      range
    - powerpc/bpf: Validate branch ranges
    - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000
    - powerpc/security: Add a helper to query stf_barrier type
    - powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC
    - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
    - mm, oom: do not trigger out_of_memory from the #PF
    - video: backlight: Drop maximum brightness override for brightness zero
    - s390/cio: check the subchannel validity for dev_busid
    - s390/tape: fix timer initialization in tape_std_assign()
    - s390/cio: make ccw_device_dma_* more robust
    - powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during module unload
    - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
    - SUNRPC: Partial revert of commit 6f9f17287e78
    - ath10k: fix invalid dma_addr_t token assignment
    - selftests/bpf: Fix also no-alu32 strobemeta selftest
    - Linux 5.4.160
    - soc/tegra: pmc: Fix imbalanced clock disabling in error code path
  * Focal update: v5.4.159 upstream stable release (LP: #1953071)
    - Revert "x86/kvm: fix vcpu-id indexed array sizes"
    - usb: ehci: handshake CMD_RUN instead of STS_HALT
    - usb: gadget: Mark USB_FSL_QE broken on 64-bit
    - usb: musb: Balance list entry in musb_gadget_queue
    - usb-storage: Add compatibility quirk flags for iODD 2531/2541
    - binder: don't detect sender/target during buffer cleanup
    - printk/console: Allow to disable console output by using console="" or
      console=null
    - isofs: Fix out of bound access for corrupted isofs image
    - comedi: dt9812: fix DMA buffers on stack
    - comedi: ni_usb6501: fix NULL-deref in command paths
    - comedi: vmk80xx: fix transfer-buffer overflows
    - comedi: vmk80xx: fix bulk-buffer overflow
    - comedi: vmk80xx: fix bulk and interrupt message timeouts
    - staging: r8712u: fix control-message timeout
    - staging: rtl8192u: fix control-message timeouts
    - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init
    - rsi: fix control-message timeout
    - Linux 5.4.159
  * Focal update: v5.4.158 upstream stable release (LP: #1953066)
    - scsi: core: Put LLD module refcnt after SCSI device is released
    - vrf: Revert "Reset skb conntrack connection..."
    - net: ethernet: microchip: lan743x: Fix skb allocation failure
    - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
    - Revert "xhci: Set HCD flag to defer primary roothub registration"
    - Revert "usb: core: hcd: Add support for deferring roothub registration"
    - sfc: Fix reading non-legacy supported link modes
    - ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
    - Linux 5.4.158
  * [Ubuntu 20.04] Problem leading IUCV service down (on s390x) (LP: #1913442)
    - usercopy: mark dma-kmalloc caches as usercopy caches

-- Khalid Elmously <khalid.elmously@canonical.com>  Thu, 27 Jan 2022 22:39:01 -0500

Changed in linux-gke (Ubuntu Focal):
status:	In Progress → Fix Released

Ubuntu
linux-gke package

Vulnerability in af_packet handling

Bug Description

Other bug subscribers

Remote bug watches

Affects		Status	Importance	Assigned to	Milestone
	linux-gke (Ubuntu)	Invalid	Undecided	Unassigned
	Focal	Fix Released	Medium	Khaled El Mously

Ubuntulinux-gke package

Vulnerability in af_packet handling

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
linux-gke package