Ubuntu
linux package

Jammy update: v5.15.84 upstream stable release

Bug #2003137 reported by Kamal Mostafa on 2023-01-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Jammy	Fix Released	Medium	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

v5.15.84 upstream stable release
from git://git.kernel.org/

x86/vdso: Conditionally export __vdso_sgx_enter_enclave()
vfs: fix copy_file_range() averts filesystem freeze protection
ASoC: fsl_micfil: explicitly clear software reset bit
ASoC: fsl_micfil: explicitly clear CHnF flags
ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
libbpf: Use page size as max_entries when probing ring buffer map
pinctrl: meditatek: Startup with the IRQs disabled
can: sja1000: fix size of OCR_MODE_MASK define
can: mcba_usb: Fix termination command argument
net: fec: don't reset irq coalesce settings to defaults on "ip link up"
ASoC: cs42l51: Correct PGA Volume minimum value
perf: Fix perf_pending_task() UaF
nvme-pci: clear the prp2 field when not used
ASoC: ops: Correct bounds check for second channel on SX controls
net: fec: properly guard irq coalesce setup
Linux 5.15.84
UBUNTU: Upstream stable to v5.15.84

See original description

Tags:

CVE References

Kamal Mostafa (kamalmostafa) on 2023-01-17

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status:	Confirmed → Invalid
Changed in linux (Ubuntu Jammy):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Kamal Mostafa (kamalmostafa)
description:	updated

Stefan Bader (smb) on 2023-01-26

Changed in linux (Ubuntu Jammy):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-03-01:

Download full text (51.4 KiB)

This bug was fixed in the package linux - 5.15.0-67.74

---------------
linux (5.15.0-67.74) jammy; urgency=medium

* jammy/linux: 5.15.0-67.74 -proposed tracker (LP: #2008074)

  * [Inspiron 7590, Realtek ALC3254, Speaker, Internal] fails after a while
    (LP: #2007798)
    - Revert "ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open()"

linux (5.15.0-66.73) jammy; urgency=medium

* jammy/linux: 5.15.0-66.73 -proposed tracker (LP: #2004636)

* CVE-2023-0461
- SAUCE: Fix inet_csk_listen_start after CVE-2023-0461

linux (5.15.0-65.72) jammy; urgency=medium

* jammy/linux: 5.15.0-65.72 -proposed tracker (LP: #2004344)

  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - debian/dkms-versions -- update from kernel-versions (main/2023.01.30)

  * NFS: client permission error after adding user to permissible group
    (LP: #2003053)
    - NFS: Clear the file access cache upon login
    - NFS: Judge the file access cache's timestamp in rcu path
    - NFS: Fix up a sparse warning

* Fix W6400 hang after resume of S3 stress (LP: #2000299)
- drm/amd/display: Manually adjust strobe for DCN303

  * Rear Audio port sometimes has no audio output after reboot(Cirrus Logic)
    (LP: #1998905)
    - ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock.

* CVE-2022-20369
- NFSD: fix use-after-free in __nfs42_ssc_open()

  * CVE-2023-0461
    - net/ulp: prevent ULP without clone op from entering the LISTEN status
    - net/ulp: use consistent error code when blocking ULP

* CVE-2023-0179
- netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits

  * Jammy update: v5.15.85 upstream stable release (LP: #2003139)
    - udf: Discard preallocation before extending file with a hole
    - udf: Fix preallocation discarding at indirect extent boundary
    - udf: Do not bother looking for prealloc extents if i_lenExtents matches
      i_size
    - udf: Fix extending file within last block
    - usb: gadget: uvc: Prevent buffer overflow in setup handler
    - USB: serial: option: add Quectel EM05-G modem
    - USB: serial: cp210x: add Kamstrup RF sniffer PIDs
    - USB: serial: f81232: fix division by zero on line-speed change
    - USB: serial: f81534: fix division by zero on line-speed change
    - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N
    - igb: Initialize mailbox message for VF reset
    - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system
      for Raptor Lake
    - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk
    - selftests: net: Use "grep -E" instead of "egrep"
    - net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
    - Linux 5.15.85

This bug was fixed in the package linux - 5.15.0-67.74

---------------
linux (5.15.0-67.74) jammy; urgency=medium

* jammy/linux: 5.15.0-67.74 -proposed tracker (LP: #2008074)

* [Inspiron 7590, Realtek ALC3254, Speaker, Internal] fails after a while
    (LP: #2007798)
    - Revert "ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open()"

linux (5.15.0-66.73) jammy; urgency=medium

* jammy/linux: 5.15.0-66.73 -proposed tracker (LP: #2004636)

* CVE-2023-0461
    - SAUCE: Fix inet_csk_listen_start after CVE-2023-0461

linux (5.15.0-65.72) jammy; urgency=medium

* jammy/linux: 5.15.0-65.72 -proposed tracker (LP: #2004344)

* Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - debian/dkms-versions -- update from kernel-versions (main/2023.01.30)

* Fix W6400 hang after resume of S3 stress (LP: #2000299)
    - drm/amd/display: Manually adjust strobe for DCN303

* Rear Audio port sometimes has no audio output after reboot(Cirrus Logic)
    (LP: #1998905)
    - ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock.

* CVE-2022-20369
    - NFSD: fix use-after-free in __nfs42_ssc_open()

* CVE-2023-0461
    - net/ulp: prevent ULP without clone op from entering the LISTEN status
    - net/ulp: use consistent error code when blocking ULP

* CVE-2023-0179
    - netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits

* Jammy update: v5.15.84 upstream stable release (LP: #2003137)
    - x86/vdso: Conditionally export __vdso_sgx_enter_enclave()
    - vfs: fix copy_file_range() averts filesystem freeze protection
    - ASoC: fsl_micfil: explicitly clear software reset bit
    - ASoC: fsl_micfil: explicitly clear CHnF flags
    - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
    - libbpf: Use page size as max_entries when probing ring buffer map
    - pinctrl: meditatek: Startup with the IRQs disabled
    - can: sja1000: fix size of OCR_MODE_MASK define
    - can: mcba_usb: Fix termination command argument
    - net: fec: don't reset irq coalesce settings to defaults on "ip link up"
    - ASoC: cs42l51: Correct PGA Volume minimum value
    - perf: Fix perf_pending_task() UaF
    - nvme-pci: clear the prp2 field when not used
    - ASoC: ops: Correct bounds check for second channel on SX controls
    - net: fec: properly guard irq coalesce setup
    - Linux 5.15.84

* Jammy update: v5.15.83 upstream stable release (LP: #2003134)
    - clk: generalize devm_clk_get() a bit
    - clk: Provide new devm_clk helpers for prepared and enabled clocks
    - mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse()
    - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4
      series
    - arm: dts: rockchip: fix node name for hym8563 rtc
    - arm: dts: rockchip: remove clock-frequency from rtc
    - ARM: dts: rockchip: fix ir-receiver node names
    - arm64: dts: rockchip: fix ir-receiver node names
    - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name
    - fs: use acquire ordering in __fget_light()
    - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels
    - ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation
    - ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register
    - spi: mediatek: Fix DEVAPC Violation at KO Remove
    - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188
    - ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine
      transitions
    - 9p/fd: Use P9_HDRSZ for header size
    - regulator: slg51000: Wait after asserting CS pin
    - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
    - selftests/net: Find nettest in current directory
    - btrfs: send: avoid unaligned encoded writes when attempting to clone range
    - ASoC: soc-pcm: Add NULL check in BE reparenting
    - regulator: twl6030: fix get status of twl6032 regulators
    - fbcon: Use kzalloc() in fbcon_prepare_logo()
    - usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer
    - 9p/xen: check logical size for buffer size
    - net: usb: qmi_wwan: add u-blox 0x1342 composition
    - mm/khugepaged: take the right locks for page table retraction
    - mm/khugepaged: fix GUP-fast interaction by sending IPI
    - mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
    - rtc: mc146818-lib: extract mc146818_avoid_UIP
    - rtc: cmos: avoid UIP when writing alarm time
    - rtc: cmos: avoid UIP when reading alarm time
    - cifs: fix use-after-free caused by invalid pointer `hostname`
    - drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read()
    - xen/netback: do some code cleanup
    - xen/netback: don't call kfree_skb() with interrupts disabled
    - media: videobuf2-core: take mmap_lock in vb2_get_unmapped_area()
    - soundwire: intel: Initialize clock stop timeout
    - media: v4l2-dv-timings.c: fix too strict blanking sanity checks
    - memcg: fix possible use-after-free in memcg_write_event_control()
    - mm/gup: fix gup_pud_range() for dax
    - Bluetooth: btusb: Add debug message for CSR controllers
    - Bluetooth: Fix crash when replugging CSR fake controllers
    - net: mana: Fix race on per-CQ variable napi work_done
    - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
    - drm/vmwgfx: Don't use screen objects when SEV is active
    - drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend
    - drm/shmem-helper: Remove errant put in error path
    - drm/shmem-helper: Avoid vm_open error paths
    - net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing()
    - HID: usbhid: Add ALWAYS_POLL quirk for some mice
    - HID: hid-lg4ff: Add check for empty lbuf
    - HID: core: fix shift-out-of-bounds in hid_report_raw_event
    - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10
    - can: af_can: fix NULL pointer dereference in can_rcv_filter
    - clk: Fix pointer casting to prevent oops in devm_clk_release()
    - gpiolib: improve coding style for local variables
    - gpiolib: check the 'ngpios' property in core gpiolib code
    - gpiolib: fix memory leak in gpiochip_setup_dev()
    - netfilter: nft_set_pipapo: Actually validate intervals in fields after the
      first one
    - drm/vmwgfx: Fix race issue calling pin_user_pages
    - ieee802154: cc2520: Fix error return code in cc2520_hw_init()
    - ca8210: Fix crash by zero initializing data
    - netfilter: ctnetlink: fix compilation warning after data race fixes in ct
      mark
    - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug
    - gpio: amd8111: Fix PCI device reference count leak
    - e1000e: Fix TX dispatch condition
    - igb: Allocate MSI-X vector when testing
    - net: broadcom: Add PTP_1588_CLOCK_OPTIONAL dependency for BCMGENET under
      ARCH_BCM2835
    - drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420
    - af_unix: Get user_ns from in_skb in unix_diag_get_exact().
    - vmxnet3: correctly report encapsulated LRO packet
    - vmxnet3: use correct intrConf reference when using extended queues
    - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn()
    - Bluetooth: Fix not cleanup led when bt_init fails
    - net: dsa: ksz: Check return value
    - net: dsa: hellcreek: Check return value
    - net: dsa: sja1105: Check return value
    - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload
    - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
    - net: encx24j600: Add parentheses to fix precedence
    - net: encx24j600: Fix invalid logic in reading of MISTAT register
    - net: mdiobus: fwnode_mdiobus_register_phy() rework error handling
    - net: mdiobus: fix double put fwnode in the error path
    - octeontx2-pf: Fix potential memory leak in otx2_init_tc()
    - xen-netfront: Fix NULL sring after live migration
    - net: mvneta: Prevent out of bounds read in mvneta_config_rss()
    - i40e: Fix not setting default xps_cpus after reset
    - i40e: Fix for VF MAC address 0
    - i40e: Disallow ip4 and ip6 l4_4_bytes
    - NFC: nci: Bounds check struct nfc_target arrays
    - nvme initialize core quirks before calling nvme_init_subsystem
    - gpio/rockchip: fix refcount leak in rockchip_gpiolib_register()
    - net: stmmac: fix "snps,axi-config" node property parsing
    - ip_gre: do not report erspan version on GRE interface
    - net: microchip: sparx5: Fix missing destroy_workqueue of mact_queue
    - net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq
    - net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
    - net: mdio: fix unbalanced fwnode reference count in mdio_device_release()
    - net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
    - tipc: Fix potential OOB in tipc_link_proto_rcv()
    - ipv4: Fix incorrect route flushing when source address is deleted
    - ipv4: Fix incorrect route flushing when table ID 0 is used
    - net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions()
    - tipc: call tipc_lxc_xmit without holding node_read_lock
    - ethernet: aeroflex: fix potential skb leak in greth_init_rings()
    - dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and
      dpaa2_switch_acl_entry_remove()
    - net: phy: mxl-gpy: fix version reporting
    - net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq()
    - ipv6: avoid use-after-free in ip6_fragment()
    - net: thunderbolt: fix memory leak in tbnet_open()
    - net: mvneta: Fix an out of bounds check
    - macsec: add missing attribute validation for offload
    - s390/qeth: fix various format strings
    - s390/qeth: fix use-after-free in hsci
    - can: esd_usb: Allow REC and TEC to return to zero
    - block: move CONFIG_BLOCK guard to top Makefile
    - io_uring: move to separate directory
    - io_uring: Fix a null-ptr-deref in io_tctx_exit_cb()
    - Linux 5.15.83

* 5.15.0-58.64 breaks xen bridge networking (pvh domU) (LP: #2002889) // Jammy
    update: v5.15.83 upstream stable release (LP: #2003134)
    - xen/netback: fix build warning

* Jammy update: v5.15.82 upstream stable release (LP: #2003132)
    - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored
    - drm/i915: Create a dummy object for gen6 ppgtt
    - drm/i915/gt: Use i915_vm_put on ppgtt_create error paths
    - erofs: fix order >= MAX_ORDER warning due to crafted negative i_size
    - btrfs: sink iterator parameter to btrfs_ioctl_logical_to_ino
    - btrfs: free btrfs_path before copying inodes to userspace
    - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock
    - btrfs: move QUOTA_ENABLED check to rescan_should_stop from
      btrfs_qgroup_rescan_worker
    - btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
    - drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code
    - drm/amdgpu: update drm_display_info correctly when the edid is read
    - drm/amdgpu: Partially revert "drm/amdgpu: update drm_display_info correctly
      when the edid is read"
    - iio: health: afe4403: Fix oob read in afe4403_read_raw
    - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
    - iio: light: rpr0521: add missing Kconfig dependencies
    - bpf, perf: Use subprog name when reporting subprog ksymbol
    - scripts/faddr2line: Fix regression in name resolution on ppc64le
    - ARM: at91: rm9200: fix usb device clock id
    - libbpf: Handle size overflow for ringbuf mmap
    - hwmon: (ltc2947) fix temperature scaling
    - hwmon: (ina3221) Fix shunt sum critical calculation
    - hwmon: (i5500_temp) fix missing pci_disable_device()
    - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
    - bpf: Do not copy spin lock field from user in bpf_selem_alloc
    - nvmem: rmem: Fix return value check in rmem_read()
    - of: property: decrement node refcount in of_fwnode_get_reference_args()
    - ixgbevf: Fix resource leak in ixgbevf_init_module()
    - i40e: Fix error handling in i40e_init_module()
    - fm10k: Fix error handling in fm10k_init_module()
    - iavf: remove redundant ret variable
    - iavf: Fix error handling in iavf_init_module()
    - e100: Fix possible use after free in e100_xmit_prepare
    - net/mlx5: DR, Fix uninitialized var warning
    - net/mlx5: Fix uninitialized variable bug in outlen_write()
    - net/mlx5e: Fix use-after-free when reverting termination table
    - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
    - can: cc770: cc770_isa_probe(): add missing free_cc770dev()
    - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev()
    - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods
    - can: m_can: Add check for devm_clk_get
    - qlcnic: fix sleep-in-atomic-context bugs caused by msleep
    - aquantia: Do not purge addresses when setting the number of rings
    - wifi: cfg80211: fix buffer overflow in elem comparison
    - wifi: cfg80211: don't allow multi-BSSID in S1G
    - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration
    - net: phy: fix null-ptr-deref while probe() failed
    - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe()
    - net: net_netdev: Fix error handling in ntb_netdev_init_module()
    - net/9p: Fix a potential socket leak in p9_socket_open
    - net: ethernet: nixge: fix NULL dereference
    - net: wwan: iosm: fix kernel test robot reported error
    - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type
    - dsa: lan9303: Correct stat name
    - tipc: re-fetch skb cb after tipc_msg_validate
    - net: hsr: Fix potential use-after-free
    - net: mdiobus: fix unbalanced node reference count
    - afs: Fix fileserver probe RTT handling
    - net: tun: Fix use-after-free in tun_detach()
    - packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
    - sctp: fix memory leak in sctp_stream_outq_migrate()
    - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
    - hwmon: (coretemp) Check for null before removing sysfs attrs
    - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
    - riscv: vdso: fix section overlapping under some conditions
    - riscv: mm: Proper page permissions after initmem free
    - ALSA: dice: fix regression for Lexicon I-ONIX FW810S
    - error-injection: Add prompt for function error injection
    - tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep"
    - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
    - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3
    - pinctrl: intel: Save and restore pins in "direct IRQ" mode
    - v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails
    - net: stmmac: Set MAC's flow control register to reflect current settings
    - mmc: mmc_test: Fix removal of debugfs file
    - mmc: core: Fix ambiguous TRIM and DISCARD arg
    - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check
    - mmc: sdhci-sprd: Fix no reset data and command after voltage switch
    - mmc: sdhci: Fix voltage switch delay
    - drm/amdgpu: temporarily disable broken Clang builds due to blown stack-frame
    - drm/amdgpu: enable Vangogh VCN indirect sram mode
    - drm/i915: Fix negative value passed as remaining time
    - drm/i915: Never return 0 if not all requests retired
    - tracing/osnoise: Fix duration type
    - tracing: Fix race where histograms can be called before the event
    - tracing: Free buffers when a used dynamic event is removed
    - io_uring: update res mask in io_poll_check_events
    - io_uring: fix tw losing poll events
    - io_uring: cmpxchg for poll arm refs release
    - io_uring: make poll refs more robust
    - io_uring/poll: fix poll_refs race with cancelation
    - KVM: x86/mmu: Fix race condition in direct_page_fault
    - ASoC: ops: Fix bounds check for _sx controls
    - pinctrl: single: Fix potential division by zero
    - riscv: Sync efi page table's kernel mappings before switching
    - riscv: fix race when vmap stack overflow
    - riscv: kexec: Fixup irq controller broken in kexec crash path
    - nvme: fix SRCU protection of nvme_ns_head list
    - iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
    - iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
    - mm: __isolate_lru_page_prepare() in isolate_migratepages_block()
    - mm: migrate: fix THP's mapcount on isolation
    - parisc: Increase FRAME_WARN to 2048 bytes on parisc
    - Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is
      enabled
    - selftests: net: add delete nexthop route warning test
    - selftests: net: fix nexthop warning cleanup double ip typo
    - ipv4: Handle attempt to delete multipath route when fib_info contains an nh
      reference
    - ipv4: Fix route deletion when nexthop info is not specified
    - serial: stm32: Factor out GPIO RTS toggling into separate function
    - serial: stm32: Use TC interrupt to deassert GPIO RTS in RS485 mode
    - serial: stm32: Deassert Transmit Enable on ->rs485_config()
    - i2c: npcm7xx: Fix error handling in npcm_i2c_init()
    - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set
    - ACPI: HMAT: remove unnecessary variable initialization
    - ACPI: HMAT: Fix initiator registration for single-initiator systems
    - Revert "clocksource/drivers/riscv: Events are stopped during CPU suspend"
    - char: tpm: Protect tpm_pm_suspend with locks
    - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send()
    - ipc/sem: Fix dangling sem_array access in semtimedop race
    - Linux 5.15.82

* Jammy update: v5.15.81 upstream stable release (LP: #2003130)
    - ASoC: fsl_sai: use local device pointer
    - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N
    - serial: Add rs485_supported to uart_port
    - serial: fsl_lpuart: Fill in rs485_supported
    - tty: serial: fsl_lpuart: don't break the on-going transfer when global reset
    - sctp: remove the unnecessary sinfo_stream check in sctp_prsctp_prune_unsent
    - sctp: clear out_curr if all frag chunks of current msg are pruned
    - cifs: introduce new helper for cifs_reconnect()
    - cifs: split out dfs code from cifs_reconnect()
    - cifs: support nested dfs links over reconnect
    - cifs: Fix connections leak when tlink setup failed
    - ata: libata-scsi: simplify __ata_scsi_queuecmd()
    - ata: libata-core: do not issue non-internal commands once EH is pending
    - drm/display: Don't assume dual mode adaptors support i2c sub-addressing
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro
    - nvme-pci: disable namespace identifiers for the MAXIO MAP1001
    - nvme-pci: disable write zeroes on various Kingston SSD
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000
    - iio: ms5611: Simplify IO callback parameters
    - iio: pressure: ms5611: fixed value compensation bug
    - ceph: do not update snapshot context when there is no new snapshot
    - ceph: avoid putting the realm twice when decoding snaps fails
    - x86/sgx: Create utility to validate user provided offset and length
    - x86/sgx: Add overflow check in sgx_validate_offset_length()
    - binder: validate alloc->mm in ->mmap() handler
    - ceph: Use kcalloc for allocating multiple elements
    - ceph: fix NULL pointer dereference for req->r_session
    - wifi: mac80211: fix memory free error when registering wiphy fail
    - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
    - riscv: dts: sifive unleashed: Add PWM controlled LEDs
    - audit: fix undefined behavior in bit shift for AUDIT_BIT
    - wifi: airo: do not assign -1 to unsigned char
    - wifi: mac80211: Fix ack frame idr leak when mesh has no route
    - wifi: ath11k: Fix QCN9074 firmware boot on x86
    - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
    - selftests/bpf: Add verifier test for release_reference()
    - Revert "net: macsec: report real_dev features when HW offloading is enabled"
    - platform/x86: ideapad-laptop: Disable touchpad_switch
    - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1
    - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix
    - platform/x86/intel/hid: Add some ACPI device IDs
    - scsi: ibmvfc: Avoid path failures during live migration
    - scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC
    - drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
    - block, bfq: fix null pointer dereference in bfq_bio_bfqg()
    - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
    - nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked
    - Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10
      properly""
    - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue
    - RISC-V: vdso: Do not add missing symbols to version section in linker script
    - MIPS: pic32: treat port as signed integer
    - xfrm: fix "disable_policy" on ipv4 early demux
    - xfrm: replay: Fix ESN wrap around for GSO
    - af_key: Fix send_acquire race with pfkey_register
    - ARM: dts: am335x-pcm-953: Define fixed regulators in root node
    - ASoC: hdac_hda: fix hda pcm buffer overflow issue
    - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
    - ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open()
    - x86/hyperv: Restore VP assist page after cpu offlining/onlining
    - scsi: storvsc: Fix handling of srb_status and capacity change events
    - ASoC: max98373: Add checks for devm_kcalloc
    - regulator: core: fix kobject release warning and memory leak in
      regulator_register()
    - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld()
    - regulator: core: fix UAF in destroy_regulator()
    - bus: sunxi-rsb: Remove the shutdown callback
    - bus: sunxi-rsb: Support atomic transfers
    - tee: optee: fix possible memory leak in optee_register_device()
    - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
    - selftests: mptcp: more stable simult_flows tests
    - selftests: mptcp: fix mibit vs mbit mix up
    - net: liquidio: simplify if expression
    - rxrpc: Allow list of in-use local UDP endpoints to be viewed in /proc
    - rxrpc: Use refcount_t rather than atomic_t
    - rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-
      CAN-15975]
    - net: dsa: sja1105: disallow C45 transactions on the BASE-TX MDIO bus
    - nfc/nci: fix race with opening and closing
    - net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
    - 9p/fd: fix issue of list_del corruption in p9_fd_cancel()
    - netfilter: conntrack: Fix data-races around ct mark
    - netfilter: nf_tables: do not set up extensions for end interval
    - iavf: Fix a crash during reset task
    - iavf: Do not restart Tx queues after reset task failure
    - iavf: Fix race condition between iavf_shutdown and iavf_remove
    - ARM: mxs: fix memory leak in mxs_machine_init()
    - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties
    - net: ethernet: mtk_eth_soc: fix error handling in mtk_open()
    - net/mlx4: Check retval of mlx4_bitmap_init
    - net: mvpp2: fix possible invalid pointer dereference
    - net/qla3xxx: fix potential memleak in ql3xxx_send()
    - octeontx2-af: debugsfs: fix pci device refcount leak
    - net: pch_gbe: fix pci device refcount leak while module exiting
    - nfp: fill splittable of devlink_port_attrs correctly
    - nfp: add port from netdev validation for EEPROM access
    - macsec: Fix invalid error code set
    - Drivers: hv: vmbus: fix double free in the error path of
      vmbus_add_channel_work()
    - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
    - netfilter: ipset: regression in ip_set_hash_ip.c
    - net/mlx5: Do not query pci info while pci disabled
    - net/mlx5: Fix FW tracer timestamp calculation
    - net/mlx5: Fix handling of entry refcount when command is not issued to FW
    - tipc: set con sock in tipc_conn_alloc
    - tipc: add an extra conn_get in tipc_conn_alloc
    - tipc: check skb_linearize() return value in tipc_disc_rcv()
    - xfrm: Fix oops in __xfrm_state_delete()
    - xfrm: Fix ignored return value in xfrm6_init()
    - net: wwan: iosm: use ACPI_FREE() but not kfree() in ipc_pcie_read_bios_cfg()
    - sfc: fix potential memleak in __ef100_hard_start_xmit()
    - net: sparx5: fix error handling in sparx5_port_open()
    - net: sched: allow act_ct to be built without NF_NAT
    - NFC: nci: fix memory leak in nci_rx_data_packet()
    - regulator: twl6030: re-add TWL6032_SUBCLASS
    - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
    - dma-buf: fix racing conflict of dma_heap_add()
    - netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface
    - netfilter: flowtable_offload: add missing locking
    - fs: do not update freeing inode i_io_list
    - dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
    - ipv4: Fix error return code in fib_table_insert()
    - arcnet: fix potential memory leak in com20020_probe()
    - s390/dasd: fix no record found for raw_track_access
    - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
    - nfc: st-nci: fix memory leaks in EVT_TRANSACTION
    - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION
    - net: enetc: manage ENETC_F_QBV in priv->active_offloads only when enabled
    - net: enetc: cache accesses to &priv->si->hw
    - net: enetc: preserve TX ring priority across reconfiguration
    - octeontx2-pf: Add check for devm_kcalloc
    - octeontx2-af: Fix reference count issue in rvu_sdp_init()
    - net: thunderx: Fix the ACPI memory leak
    - s390/crashdump: fix TOD programmable field size
    - lib/vdso: use "grep -E" instead of "egrep"
    - [Config] updateconfigs for CC_HAS_ASM_GOTO_TIED_OUTPUT
    - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
    - nios2: add FORCE for vmlinuz.gz
    - mmc: sdhci-brcmstb: Re-organize flags
    - mmc: sdhci-brcmstb: Enable Clock Gating to save power
    - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI
    - KVM: arm64: pkvm: Fixup boot mode to reflect that the kernel resumes from
      EL1
    - usb: dwc3: exynos: Fix remove() function
    - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint
    - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1
    - ext4: fix use-after-free in ext4_ext_shift_extents
    - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
    - iio: light: apds9960: fix wrong register for gesture gain
    - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
    - bus: ixp4xx: Don't touch bit 7 on IXP42x
    - usb: dwc3: gadget: conditionally remove requests
    - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable
    - usb: dwc3: gadget: Clear ep descriptor last
    - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
    - gcov: clang: fix the buffer overflow issue
    - mm: vmscan: fix extreme overreclaim and swap floods
    - KVM: x86: nSVM: leave nested mode on vCPU free
    - KVM: x86: forcibly leave nested mode on vCPU reset
    - KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in
      use
    - KVM: x86: add kvm_leave_nested
    - KVM: x86: remove exit_int_info warning in svm_handle_exit
    - x86/tsx: Add a feature bit for TSX control MSR support
    - x86/pm: Add enumeration check before spec MSRs save/restore setup
    - x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
    - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
    - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
    - tools: iio: iio_generic_buffer: Fix read size
    - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
    - Input: goodix - try resetting the controller when no config is set
    - Input: soc_button_array - add use_low_level_irq module parameter
    - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[]
    - Input: i8042 - apply probe defer to more ASUS ZenBook models
    - ASoC: stm32: dfsdm: manage cb buffers cleanup
    - xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too
    - xen/platform-pci: add missing free_irq() in error path
    - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
    - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
    - drm/amdgpu: disable BACO support on more cards
    - zonefs: fix zone report size in __zonefs_io_error()
    - platform/x86: hp-wmi: Ignore Smart Experience App event
    - platform/x86: ideapad-laptop: Fix interrupt storm on fn-lock toggle on some
      Yoga laptops
    - [Config] updateconfigs for INET_TABLE_PERTURB_ORDER
    - tcp: configurable source port perturb table size
    - net: usb: qmi_wwan: add Telit 0x103a composition
    - scsi: iscsi: Fix possible memory leak when device_register() failed
    - gpu: host1x: Avoid trying to use GART on Tegra20
    - dm integrity: flush the journal on suspend
    - dm integrity: clear the journal on suspend
    - fuse: lock inode unconditionally in fuse_fallocate()
    - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute
    - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute
    - wifi: wilc1000: validate number of channels
    - genirq/msi: Shutdown managed interrupts with unsatifiable affinities
    - genirq: Always limit the affinity to online CPUs
    - irqchip/gic-v3: Always trust the managed affinity provided by the core code
    - genirq: Take the proposed affinity at face value if force==true
    - btrfs: free btrfs_path before copying root refs to userspace
    - btrfs: free btrfs_path before copying fspath to userspace
    - btrfs: free btrfs_path before copying subvol info to userspace
    - btrfs: zoned: fix missing endianness conversion in sb_write_pointer
    - btrfs: use kvcalloc in btrfs_get_dev_zone_info
    - btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs()
    - drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
    - drm/amd/display: No display after resume from WB/CB
    - drm/amdgpu: Enable Aldebaran devices to report CU Occupancy
    - drm/amdgpu: always register an MMU notifier for userptr
    - cifs: fix missed refcounting of ipc tcon
    - Linux 5.15.81

* Jammy update: v5.15.80 upstream stable release (LP: #2003122)
    - mm: hwpoison: refactor refcount check handling
    - mm: hwpoison: handle non-anonymous THP correctly
    - mm: shmem: don't truncate page if memory failure happens
    - ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in
      wm5102_probe"
    - ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in
      wm5110_probe"
    - ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in
      wm8997_probe"
    - ASoC: mt6660: Keep the pm_runtime enables before component stuff in
      mt6660_i2c_probe
    - ASoC: rt1019: Fix the TDM settings
    - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK
    - spi: intel: Fix the offset to get the 64K erase opcode
    - ASoC: codecs: jz4725b: add missed Line In power control bit
    - ASoC: codecs: jz4725b: fix reported volume for Master ctl
    - ASoC: codecs: jz4725b: use right control for Capture Volume
    - ASoC: codecs: jz4725b: fix capture selector naming
    - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15
    - selftests/futex: fix build for clang
    - selftests/intel_pstate: fix build for ARCH=x86_64
    - ASoC: rt1308-sdw: add the default value of some registers
    - drm/amd/display: Remove wrong pipe control lock
    - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[]
    - RDMA/efa: Add EFA 0xefa2 PCI ID
    - btrfs: raid56: properly handle the error when unable to find the missing
      stripe
    - NFSv4: Retry LOCK on OLD_STATEID during delegation return
    - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable
    - firmware: arm_scmi: Cleanup the core driver removal callback
    - i2c: tegra: Allocate DMA memory for DMA engine
    - i2c: i801: add lis3lv02d's I2C address for Vostro 5568
    - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
    - btrfs: remove pointless and double ulist frees in error paths of qgroup
      tests
    - x86/cpu: Add several Intel server CPU model numbers
    - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" ->
      "Route"
    - mtd: spi-nor: intel-spi: Disable write protection only if asked
    - spi: intel: Use correct mask for flash and protected regions
    - KVM: x86/pmu: Do not speculatively query Intel GP PMCs that don't exist yet
    - hugetlbfs: don't delete error page from pagecache
    - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed
    - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed
    - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed
    - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed
    - spi: stm32: Print summary 'callbacks suppressed' message
    - ARM: dts: at91: sama7g5: fix signal name of pin PB2
    - ASoC: core: Fix use-after-free in snd_soc_exit()
    - ASoC: tas2770: Fix set_tdm_slot in case of single slot
    - ASoC: tas2764: Fix set_tdm_slot in case of single slot
    - ARM: at91: pm: avoid soft resetting AC DLL
    - serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl()
    - serial: 8250_omap: remove wait loop from Errata i202 workaround
    - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove()
    - serial: 8250: omap: Flush PM QOS work on remove
    - serial: imx: Add missing .thaw_noirq hook
    - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
    - bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
    - ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
    - pinctrl: rockchip: list all pins in a possible mux route for PX30
    - scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
    - block: sed-opal: kmalloc the cmd/resp buffers
    - bpf: Fix memory leaks in __check_func_call
    - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro
    - siox: fix possible memory leak in siox_device_add()
    - parport_pc: Avoid FIFO port location truncation
    - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
    - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms
    - drm/panel: simple: set bpc field for logic technologies displays
    - drm/drv: Fix potential memory leak in drm_dev_init()
    - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()
    - arm64: dts: imx8mm: Fix NAND controller size-cells
    - arm64: dts: imx8mn: Fix NAND controller size-cells
    - ata: libata-transport: fix double ata_host_put() in ata_tport_add()
    - ata: libata-transport: fix error handling in ata_tport_add()
    - ata: libata-transport: fix error handling in ata_tlink_add()
    - ata: libata-transport: fix error handling in ata_tdev_add()
    - nfp: change eeprom length to max length enumerators
    - MIPS: fix duplicate definitions for exported symbols
    - MIPS: Loongson64: Add WARN_ON on kexec related kmalloc failed
    - bpf: Initialize same number of free nodes for each pcpu_freelist
    - net: bgmac: Drop free_netdev() from bgmac_enet_remove()
    - mISDN: fix possible memory leak in mISDN_dsp_element_register()
    - net: hinic: Fix error handling in hinic_module_init()
    - net: stmmac: ensure tx function is not running in stmmac_xdp_release()
    - soc: imx8m: Enable OCOTP clock before reading the register
    - net: liquidio: release resources when liquidio driver open failed
    - mISDN: fix misuse of put_device() in mISDN_register_device()
    - net: macvlan: Use built-in RCU list checking
    - net: caif: fix double disconnect client in chnl_net_open()
    - bnxt_en: Remove debugfs when pci_register_driver failed
    - net: mhi: Fix memory leak in mhi_net_dellink()
    - net: dsa: make dsa_master_ioctl() see through port_hwtstamp_get() shims
    - xen/pcpu: fix possible memory leak in register_pcpu()
    - net: ionic: Fix error handling in ionic_init_module()
    - net: ena: Fix error handling in ena_init()
    - net: hns3: fix setting incorrect phy link ksettings for firmware in
      resetting process
    - bridge: switchdev: Fix memory leaks when changing VLAN protocol
    - drbd: use after free in drbd_create_device()
    - platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when
      virtualized
    - platform/surface: aggregator: Do not check for repeated unsequenced packets
    - cifs: add check for returning value of SMB2_close_init
    - net: ag71xx: call phylink_disconnect_phy if ag71xx_hw_enable() fail in
      ag71xx_open()
    - net/x25: Fix skb leak in x25_lapb_receive_frame()
    - cifs: Fix wrong return value checking when GETFLAGS
    - net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init()
      and sparx5_start()
    - net: thunderbolt: Fix error handling in tbnet_init()
    - cifs: add check for returning value of SMB2_set_info_init
    - ftrace: Fix the possible incorrect kernel message
    - ftrace: Optimize the allocation for mcount entries
    - ftrace: Fix null pointer dereference in ftrace_add_mod()
    - ring_buffer: Do not deactivate non-existant pages
    - tracing: Fix memory leak in tracing_read_pipe()
    - tracing/ring-buffer: Have polling block on watermark
    - tracing: Fix memory leak in test_gen_synth_cmd() and
      test_empty_synth_event()
    - tracing: Fix wild-memory-access in register_synth_event()
    - tracing: Fix race where eprobes can be called before the event
    - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in
      kprobe_event_gen_test_exit()
    - tracing: kprobe: Fix potential null-ptr-deref on trace_array in
      kprobe_event_gen_test_exit()
    - drm/amd/display: Add HUBP surface flip interrupt handler
    - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
    - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro
    - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360
    - Revert "usb: dwc3: disable USB core PHY management"
    - slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y &&
      CONFIG_QCOM_RPROC_COMMON=m
    - slimbus: stream: correct presence rate frequencies
    - speakup: fix a segfault caused by switching consoles
    - USB: bcma: Make GPIO explicitly optional
    - USB: serial: option: add Sierra Wireless EM9191
    - USB: serial: option: remove old LARA-R6 PID
    - USB: serial: option: add u-blox LARA-R6 00B modem
    - USB: serial: option: add u-blox LARA-L6 modem
    - USB: serial: option: add Fibocom FM160 0x0111 composition
    - usb: add NO_LPM quirk for Realforce 87U Keyboard
    - usb: chipidea: fix deadlock in ci_otg_del_timer
    - usb: cdns3: host: fix endless superspeed hub port reset
    - usb: typec: mux: Enter safe mode only when pins need to be reconfigured
    - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
    - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
    - iio: adc: mp2629: fix wrong comparison of channel
    - iio: adc: mp2629: fix potential array out of bound access
    - iio: pressure: ms5611: changed hardcoded SPI speed to value limited
    - dm ioctl: fix misbehavior if list_versions races with module loading
    - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
    - serial: 8250: Flush DMA Rx on RLSI
    - serial: 8250_lpss: Configure DMA also w/o DMA filter
    - Input: iforce - invert valid length check when fetching device IDs
    - maccess: Fix writing offset in case of fault in
      strncpy_from_kernel_nofault()
    - net: phy: marvell: add sleep time after enabling the loopback bit
    - scsi: zfcp: Fix double free of FSF request when qdio send fails
    - iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries
    - iommu/vt-d: Set SRE bit only when hardware has SRS cap
    - firmware: coreboot: Register bus in module init
    - mmc: core: properly select voltage range without power cycle
    - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce
      timeout
    - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
    - docs: update mediator contact information in CoC doc
    - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
    - perf/x86/intel/pt: Fix sampling using single range output
    - nvme: restrict management ioctls to admin
    - nvme: ensure subsystem reset is single threaded
    - serial: 8250_lpss: Use 16B DMA burst with Elkhart Lake
    - perf: Improve missing SIGTRAP checking
    - ring-buffer: Include dropped pages in counting dirty patches
    - tracing: Fix warning on variable 'struct trace_array'
    - net: use struct_group to copy ip/ipv6 header addresses
    - scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
    - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
    - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case
    - Input: i8042 - fix leaking of platform device on module removal
    - macvlan: enforce a consistent minimal mtu
    - tcp: cdg: allow tcp_cdg_release() to be called multiple times
    - kcm: avoid potential race in kcm_tx_work
    - kcm: close race conditions on sk_receive_queue
    - 9p: trans_fd/p9_conn_cancel: drop client lock earlier
    - gfs2: Check sb_bsize_shift after reading superblock
    - gfs2: Switch from strlcpy to strscpy
    - 9p/trans_fd: always use O_NONBLOCK read/write
    - wifi: wext: use flex array destination for memcpy()
    - mm: fs: initialize fsdata passed to write_begin/write_end interface
    - net/9p: use a dedicated spinlock for trans_fd
    - ntfs: fix use-after-free in ntfs_attr_find()
    - ntfs: fix out-of-bounds read in ntfs_attr_find()
    - ntfs: check overflow when iterating ATTR_RECORDs
    - Linux 5.15.80

* CVE-2022-4139
    - drm/i915: fix TLB invalidation for Gen12 video and compute engines

* Jammy update: v5.15.79 upstream stable release (LP: #2001570)
    - fuse: fix readdir cache race
    - drm/amdkfd: avoid recursive lock in migrations back to RAM
    - drm/amdkfd: handle CPU fault on COW mapping
    - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram()
    - hwspinlock: qcom: correct MMIO max register for newer SoCs
    - phy: stm32: fix an error code in probe
    - wifi: cfg80211: silence a sparse RCU warning
    - wifi: cfg80211: fix memory leak in query_regdb_file()
    - soundwire: qcom: reinit broadcast completion
    - soundwire: qcom: check for outanding writes before doing a read
    - bpf, verifier: Fix memory leak in array reallocation for stack state
    - bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues
    - wifi: mac80211: Set TWT Information Frame Disabled bit as 1
    - bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without
      FILE
    - HID: hyperv: fix possible memory leak in mousevsc_probe()
    - bpf, sockmap: Fix sk->sk_forward_alloc warn_on in sk_stream_kill_queues
    - bpf: Fix sockmap calling sleepable function in teardown path
    - bpf, sock_map: Move cancel_work_sync() out of sock lock
    - bpf: Add helper macro bpf_for_each_reg_in_vstate
    - bpf: Fix wrong reg type conversion in release_reference()
    - net: gso: fix panic on frag_list with mixed head alloc types
    - macsec: delete new rxsc when offload fails
    - macsec: fix secy->n_rx_sc accounting
    - macsec: fix detection of RXSCs when toggling offloading
    - macsec: clear encryption keys from the stack after setting up offload
    - octeontx2-pf: Use hardware register for CQE count
    - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT]
    - net: tun: Fix memory leaks of napi_get_frags
    - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal()
    - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
    - net: fman: Unregister ethernet device on removal
    - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
    - phy: ralink: mt7621-pci: add sentinel to quirks table
    - KVM: s390: pv: don't allow userspace to set the clock under PV
    - net: lapbether: fix issue of dev reference count leakage in
      lapbeth_device_event()
    - hamradio: fix issue of dev reference count leakage in bpq_device_event()
    - net: wwan: iosm: fix memory leak in ipc_wwan_dellink
    - net: wwan: mhi: fix memory leak in mhi_mbim_dellink
    - drm/vc4: Fix missing platform_unregister_drivers() call in
      vc4_drm_register()
    - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent
    - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
    - can: af_can: fix NULL pointer dereference in can_rx_register()
    - net: stmmac: dwmac-meson8b: fix meson8b_devm_clk_prepare_enable()
    - net: broadcom: Fix BCMGENET Kconfig
    - tipc: fix the msg->req tlv len check in
      tipc_nl_compat_name_table_dump_header
    - dmaengine: pxa_dma: use platform_get_irq_optional
    - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
    - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail
    - net: lapbether: fix issue of invalid opcode in lapbeth_open()
    - drivers: net: xgene: disable napi when register irq failed in
      xgene_enet_open()
    - perf stat: Fix printing os->prefix in CSV metrics output
    - perf tools: Add the include/perf/ directory to .gitignore
    - netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
    - netfilter: Cleanup nft_net->module_list from nf_tables_exit_net()
    - net: marvell: prestera: fix memory leak in prestera_rxtx_switch_init()
    - net: nixge: disable napi when enable interrupts failed in nixge_open()
    - net: wwan: iosm: fix memory leak in ipc_pcie_read_bios_cfg
    - net/mlx5: Bridge, verify LAG state when adding bond to bridge
    - net/mlx5: Allow async trigger completion execution on single CPU systems
    - net/mlx5e: E-Switch, Fix comparing termination table instance
    - net: cpsw: disable napi in cpsw_ndo_open()
    - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
    - stmmac: intel: Enable 2.5Gbps for Intel AlderLake-S
    - stmmac: intel: Update PCH PTP clock rate from 200MHz to 204.8MHz
    - mctp: Fix an error handling path in mctp_init()
    - cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in
      cxgb4vf_open()
    - stmmac: dwmac-loongson: fix missing pci_disable_msi() while module exiting
    - stmmac: dwmac-loongson: fix missing pci_disable_device() in
      loongson_dwmac_probe()
    - stmmac: dwmac-loongson: fix missing of_node_put() while module exiting
    - net: phy: mscc: macsec: clear encryption keys when freeing a flow
    - net: atlantic: macsec: clear encryption keys from the stack
    - ethernet: s2io: disable napi when start nic failed in s2io_card_up()
    - net: mv643xx_eth: disable napi when init rxq or txq failed in
      mv643xx_eth_open()
    - ethernet: tundra: free irq when alloc ring failed in tsi108_open()
    - net: macvlan: fix memory leaks of macvlan_common_newlink
    - riscv: process: fix kernel info leakage
    - riscv: vdso: fix build with llvm
    - riscv: fix reserved memory setup
    - arm64: efi: Fix handling of misaligned runtime regions and drop warning
    - MIPS: jump_label: Fix compat branch range check
    - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
    - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI
    - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI
    - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI
    - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA
    - ALSA: hda/hdmi - enable runtime pm for more AMD display audio
    - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK
    - ALSA: hda: fix potential memleak in 'add_widget_node'
    - ALSA: hda/realtek: Add Positivo C6300 model quirk
    - ALSA: usb-audio: Yet more regression for for the delayed card registration
    - ALSA: usb-audio: Add quirk entry for M-Audio Micro
    - ALSA: usb-audio: Add DSD support for Accuphase DAC-60
    - vmlinux.lds.h: Fix placement of '.data..decrypted' section
    - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure
    - nilfs2: fix deadlock in nilfs_count_free_blocks()
    - nilfs2: fix use-after-free bug of ns_writer on remount
    - drm/i915/dmabuf: fix sg_table handling in map_dma_buf
    - drm/amdgpu: disable BACO on special BEIGE_GOBY card
    - btrfs: fix match incorrectly in dev_args_match_device
    - btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
    - btrfs: zoned: initialize device's zone info for seeding
    - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI
    - udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
    - mm/damon/dbgfs: check if rm_contexts input is for a real context
    - mm/memremap.c: map FS_DAX device memory as decrypted
    - mm/shmem: use page_mapping() to detect page cache for uffd continue
    - can: j1939: j1939_send_one(): fix missing CAN header initialization
    - cert host tools: Stop complaining about deprecated OpenSSL functions
    - dmaengine: at_hdmac: Fix at_lli struct definition
    - dmaengine: at_hdmac: Don't start transactions at tx_submit level
    - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending
    - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending
    - dmaengine: at_hdmac: Do not call the complete callback on
      device_terminate_all
    - dmaengine: at_hdmac: Protect atchan->status with the channel lock
    - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all()
    - dmaengine: at_hdmac: Fix concurrency over descriptor
    - dmaengine: at_hdmac: Free the memset buf without holding the chan lock
    - dmaengine: at_hdmac: Fix concurrency over the active list
    - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware
    - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
    - dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
    - dmaengine: at_hdmac: Fix impossible condition
    - dmaengine: at_hdmac: Check return code of dma_async_device_register
    - marvell: octeontx2: build error: unknown type name 'u64'
    - drm/amdkfd: Migrate in CPU page fault use current mm
    - net: tun: call napi_schedule_prep() to ensure we own a napi
    - x86/cpu: Restore AMD's DE_CFG MSR after resume
    - Linux 5.15.79

* CVE-2022-47520
    - wifi: wilc1000: validate pairwise and authentication suite offsets

* CVE-2022-3545
    - nfp: fix use-after-free in area_cache_get()

-- Stefan Bader <stefan.bader@canonical.com>  Wed, 22 Feb 2023 15:01:11 +0100

Changed in linux (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package