Jammy update: v5.15.26 upstream stable release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
v5.15.26 upstream stable release
from git://git.
Linux 5.15.26
ice: fix concurrent reset and removal of VFs
ice: Fix race conditions between virtchnl handling and VF ndo ops
memblock: use kfree() to release kmalloced memblock regions
gpio: tegra186: Fix chip_data type confusion
pinctrl: k210: Fix bias-pull-up
pinctrl: fix loop in k210_pinconf_
tty: n_gsm: fix deadlock in gsmtty_open()
tty: n_gsm: fix wrong modem processing in convergence layer type 2
tty: n_gsm: fix wrong tty control line for flow control
tty: n_gsm: fix NULL pointer access due to DLCI release
tty: n_gsm: fix proper link termination after failed open
tty: n_gsm: fix encoding of control signal octet bit DV
riscv: fix oops caused by irqsoff latency tracer
riscv: fix nommu_k210_
IB/qib: Fix duplicate sysfs directory name
tps6598x: clear int mask on probe failure
staging: fbtft: fb_st7789v: reset display before initialization
thermal: int340x: fix memory leak in int3400_notify()
RDMA/cma: Do not change route.addr.src_addr outside state checks
btrfs: prevent copying too big compressed lzo segment
driver core: Free DMA range map when device is released
mtd: core: Fix a conflict between MTD and NVMEM on wp-gpios property
nvmem: core: Fix a conflict between MTD and NVMEM on wp-gpios property
xhci: Prevent futile URB re-submissions due to incorrect return value.
xhci: re-initialize the HC during resume if HCE was set
usb: dwc3: gadget: Let the interrupt handler disable bottom halves.
usb: dwc3: pci: Fix Bay Trail phy GPIO mappings
usb: dwc3: pci: Add "snps,dis_
usb: dwc2: drd: fix soft connect when gadget is unconfigured
USB: serial: option: add Telit LE910R1 compositions
USB: serial: option: add support for DW5829e
tracefs: Set the group ownership in apply_options() not parse_options()
USB: gadget: validate endpoint index for xilinx udc
usb: gadget: rndis: add spinlock for rndis response list
Revert "USB: serial: ch341: add new Product ID for CH341A"
ata: pata_hpt37x: disable primary channel on HPT371
sc16is7xx: Fix for incorrect data being transmitted
iio: Fix error handling for PM
iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_
iio: accel: fxls8962af: add padding to regmap for SPI
iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits
iio: adc: tsc2046: fix memory corruption by preventing array overflow
iio: adc: men_z188_adc: Fix a resource leak in an error handling path
iio:imu:adis16480: fix buffering for devices with no burst mode
tracing: Have traceon and traceoff trigger honor the instance
tracing: Dump stacktrace trigger to the corresponding instance
RDMA/ib_srp: Fix a deadlock
configfs: fix a race in configfs_
bnxt_en: Increase firmware message response DMA wait time
RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close
RDMA/rtrs-clt: Fix possible double free in error case
net-timestamp: convert sk->sk_tskey to atomic_t
regmap-irq: Update interrupt clear register for proper reset
gpio: rockchip: Reset int_bothedge when changing trigger
spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_
net/mlx5: Update log_max_qp value to be 17 at most
net/mlx5e: kTLS, Use CHECKSUM_
net/mlx5e: MPLSoUDP decap, fix check for unsupported matches
net/mlx5: DR, Fix the threshold that defines when pool sync is initiated
net/mlx5: Fix wrong limitation of metadata match on ecpf
net/mlx5: Fix possible deadlock on rule deletion
net/mlx5: DR, Don't allow match on IP w/o matching on full ethertype/
ibmvnic: schedule failover only if vioctl fails
net/mlx5: DR, Cache STE shadow memory
udp_tunnel: Fix end of loop test in udp_tunnel_
surface: surface3_power: Fix battery readings on batteries without a serial number
net/smc: Use a mutex for locking "struct smc_pnettable"
netfilter: nf_tables: fix memory leak during stateful obj update
net: mdio-ipq4019: add delay after clock enable
nfp: flower: Fix a potential leak in nfp_tunnel_
netfilter: nf_tables: unregister flowtable hooks on netns exit
net: Force inlining of checksum functions in net/checksum.h
net: ll_temac: check the return value of devm_kmalloc()
net/sched: act_ct: Fix flow table lookup after ct clear or switching zones
drm/i915/dg2: Print PHY name properly on calibration error
drm/vc4: crtc: Fix runtime_pm reference counting
net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
drm/edid: Always set RGB444
openvswitch: Fix setting ipv6 fields causing hw csum failure
net: mv643xx_eth: process retval from of_get_mac_address
gso: do not skip outer ip header in case of ipip and net_failover
tipc: Fix end of loop tests for list_for_
nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info
net: __pskb_pull_tail() & pskb_carve_
io_uring: add a schedule point in io_add_buffers()
bpf: Add schedule points in batch ops
bpf: Fix a bpf_timer initialization issue
selftests: bpf: Check bpf_msg_push_data return value
bpf: Do not try bpf_msg_push_data with len 0
bpf: Fix crash due to incorrect copy_map_value
net/mlx5: Update the list of the PCI supported devices
ice: initialize local variable 'tlv'
ice: check the return of ice_ptp_gettimex64
net/mlx5: Fix tc max supported prio for nic mode
hwmon: Handle failure to register sensor with thermal zone correctly
bnxt_en: Fix incorrect multicast rx mask setting when not requested
bnxt_en: Fix offline ethtool selftest with RDMA enabled
bnxt_en: Fix active FEC reporting to ethtool
bnx2x: fix driver load from initrd
selftests: mptcp: be more conservative with cookie MPJ limits
selftests: mptcp: fix diag instability
mptcp: add mibs counter for ignored incoming options
mptcp: fix race in incoming ADD_ADDR option processing
perf data: Fix double free in perf_session_
perf evlist: Fix failed to use cpu list for uncore events
gpu: host1x: Always return syncpoint value when waiting
Revert "i40e: Fix reset bw limit when DCB enabled with 1 TC"
ping: remove pr_err from ping_lookup
optee: use driver internal tee_context for some rpc
tee: export teedev_open() and teedev_
netfilter: nf_tables_offload: incorrect flow offload action array size
netfilter: xt_socket: missing ifdef CONFIG_
netfilter: xt_socket: fix a typo in socket_mt_destroy()
CDC-NCM: avoid overflow in sanity checking
USB: zaurus: support another broken Zaurus
sr9700: sanity check for packet length
drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV
drm/i915: Correctly populate use_sagv_wm for all pipes
drm/i915: Widen the QGV point mask
drm/amdgpu: do not enable asic reset for raven2
drm/amdgpu: disable MMHUB PG for Picasso
drm/amd: Check if ASPM is enabled from PCIe subsystem
drm/amd/pm: fix some OEM SKU specific stability issues
drm/amd/display: Protect update_
KVM: x86/mmu: make apf token non-zero to fix bug
parisc/unaligned: Fix ldw() and stw() unalignment handlers
parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
selinux: fix misuse of mutex_is_locked()
io_uring: disallow modification of rsrc_data during quiesce
io_uring: don't convert to jiffies for waiting on timeouts
clk: jz4725b: fix mmc0 clock gating
btrfs: tree-checker: check item_size for dev_item
btrfs: tree-checker: check item_size for inode_item
x86/ptrace: Fix xfpregs_set()'s incorrect xmm clearing
cgroup-v1: Correct privileges check in release_agent writes
cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
mm/filemap: Fix handling of THPs in generic_
CVE References
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
tags: | added: kernel-stable-tracking-bug |
This bug was fixed in the package linux - 5.15.0-23.23
---------------
linux (5.15.0-23.23) jammy; urgency=medium
* jammy/linux: 5.15.0-23.23 -proposed tracker (LP: #1964573)
* Packaging resync (LP: #1786013) ,--nvidia- N} from LRMv5 dkms-versions -- update from kernel-versions (main/master)
- [Packaging] resync dkms-build{
- debian/
* [22.04 FEAT] KVM: Enable GISA support for Secure Execution guests
(LP: #1959977)
- KVM: s390: pv: make use of ultravisor AIV support
* intel_iommu breaks Intel IPU6 camera: isys port open ready failed -16
(LP: #1958004)
- SAUCE: iommu: intel-ipu: use IOMMU passthrough mode for Intel IPUs
* CVE-2022-23960 v4_patch_ fw_mitigation_ conduit el1_vectors for mitigations WORKAROUND_ 3 to be discovered and migrated
- ARM: report Spectre v2 status through sysfs
- ARM: early traps initialisation
- ARM: use LOADADDR() to get load address of sections
- ARM: Spectre-BHB workaround
- ARM: include unprivileged BPF status in Spectre V2 reporting
- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
- arm64: Add HWCAP for self-synchronising virtual counter
- arm64: Add Cortex-X2 CPU part definition
- arm64: add ID_AA64ISAR2_EL1 sys register
- arm64: cpufeature: add HWCAP for FEAT_AFP
- arm64: cpufeature: add HWCAP for FEAT_RPRES
- arm64: entry.S: Add ventry overflow sanity checks
- arm64: spectre: Rename spectre_
- KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A
- arm64: entry: Make the trampoline cleanup optional
- arm64: entry: Free up another register on kpti's tramp_exit path
- arm64: entry: Move the trampoline data page before the text page
- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary
- arm64: entry: Don't assume tramp_vectors is the start of the vectors
- arm64: entry: Move trampoline macros out of ifdef'd section
- arm64: entry: Make the kpti trampoline's kpti sequence optional
- arm64: entry: Allow the trampoline text to occupy multiple pages
- arm64: entry: Add non-kpti __bp_harden_
- arm64: entry: Add vectors that have the bhb mitigation sequences
- arm64: entry: Add macro for reading symbol addresses from the trampoline
- arm64: Add percpu vectors for EL1
- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2
- arm64: Mitigate spectre style branch history side channels
- KVM: arm64: Allow SMCCC_ARCH_
- arm64: Use the clearbhb instruction in mitigations
- arm64: proton-pack: Include unprivileged eBPF status in Spectre v2
mitigation reporting
- ARM: fix build error when BPF_SYSCALL is disabled
* CVE-2021-26401
- x86/speculation: Use generic retpoline by default on AMD
- x86/speculation: Update link to AMD speculation whitepaper
- x86/speculation: Warn about Spectre v2 LFENCE mitigation
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
* CVE-2022-0001 v2=retpoline, amd
- x86,bugs: Unconditionally allow spectre_
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
- x86/speculation: Add eIBRS + Retpoline options
- Document...