Ubuntu
linux package

Focal update: v5.4.229 upstream stable release

Bug #2003914 reported by Kamal Mostafa on 2023-01-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Focal	Fix Released	Medium	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

v5.4.229 upstream stable release
from git://git.kernel.org/

tracing/ring-buffer: Only do full wait when cpu != RING_BUFFER_ALL_CPUS
udf: Discard preallocation before extending file with a hole
udf: Fix preallocation discarding at indirect extent boundary
udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size
udf: Fix extending file within last block
usb: gadget: uvc: Prevent buffer overflow in setup handler
USB: serial: option: add Quectel EM05-G modem
USB: serial: cp210x: add Kamstrup RF sniffer PIDs
USB: serial: f81232: fix division by zero on line-speed change
USB: serial: f81534: fix division by zero on line-speed change
igb: Initialize mailbox message for VF reset
xen-netback: move removal of "hotplug-status" to the right place
HID: ite: Add support for Acer S1002 keyboard-dock
HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch 10E
HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10
HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk
net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
usb: musb: remove extra check in musb_gadget_vbus_draw
ARM: dts: qcom: apq8064: fix coresight compatible
arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias
drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
arm: dts: spear600: Fix clcd interrupt
soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync
soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe
soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init()
perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init()
arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators
arm64: dts: mt2712e: Fix unit address for pinctrl node
arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names
arm64: dts: mt2712-evb: Fix usb vbus regulators unit names
arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: turris-omnia: Add ethernet aliases
ARM: dts: turris-omnia: Add switch port 6 node
arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC
pstore/ram: Fix error return code in ramoops_probe()
ARM: mmp: fix timer_read delay
pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
cpuidle: dt: Return the correct numbers of parsed idle states
alpha: fix syscall entry in !AUDUT_SYSCALL case
PM: hibernate: Fix mistake in kerneldoc comment
fs: don't audit the capability check in simple_xattr_list()
selftests/ftrace: event_triggers: wait longer for test_event_enable
perf: Fix possible memleak in pmu_dev_alloc()
timerqueue: Use rb_entry_safe() in timerqueue_getnext()
proc: fixup uptime selftest
lib/fonts: fix undefined behavior in bit shift for get_default_font
ocfs2: fix memory leak in ocfs2_stack_glue_init()
MIPS: vpe-mt: fix possible memory leak while module exiting
MIPS: vpe-cmp: fix possible memory leak while module exiting
selftests/efivarfs: Add checking of the test return value
PNP: fix name memory leak in pnp_alloc_dev()
perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
EDAC/i10nm: fix refcount leak in pci_get_dev_wrapper()
nfsd: don't call nfsd_file_put from client states seqfile display
genirq/irqdesc: Don't try to remove non-existing sysfs files
cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()
libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
lib/notifier-error-inject: fix error when writing -errno to debugfs file
docs: fault-injection: fix non-working usage of negative values
debugfs: fix error when writing negative value to atomic_t debugfs file
ocfs2: ocfs2_mount_volume does cleanup job before return error
ocfs2: rewrite error handling of ocfs2_fill_super
ocfs2: fix memory leak in ocfs2_mount_volume()
rapidio: fix possible name leaks when rio_add_device() fails
rapidio: rio: fix possible name leak in rio_register_mport()
clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled
ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
xen/events: only register debug interrupt for 2-level events
x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
x86/xen: Fix memory leak in xen_init_lock_cpu()
xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
PM: runtime: Improve path in rpm_idle() when no callback
PM: runtime: Do not call __rpm_callback() from rpm_idle()
platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
MIPS: BCM63xx: Add check for NULL for clk in clk_enable
MIPS: OCTEON: warn only once if deprecated link status is being used
fs: sysv: Fix sysv_nblocks() returns wrong value
rapidio: fix possible UAF when kfifo_alloc() fails
eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
relay: fix type mismatch when allocating memory in relay_create_buf()
hfs: Fix OOB Write in hfs_asc2mac
rapidio: devices: fix missing put_device in mport_cdev_open
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
wifi: rtl8xxxu: Fix reading the vendor of combo chips
pata_ipx4xx_cf: Fix unsigned comparison with less than zero
media: i2c: ad5820: Fix error path
can: kvaser_usb: do not increase tx statistics when sending error message frames
can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event
can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
can: kvaser_usb_leaf: Set Warning state even without bus errors
can: kvaser_usb_leaf: Fix improved state not being reported
can: kvaser_usb_leaf: Fix wrong CAN state after stopping
can: kvaser_usb_leaf: Fix bogus restart events
can: kvaser_usb: Add struct kvaser_usb_busparams
can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming
clk: renesas: r9a06g032: Repair grave increment error
spi: Update reference to struct spi_controller
drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure
ima: Rename internal filter rule functions
ima: Fix fall-through warnings for Clang
ima: Handle -ESTALE returned by ima_filter_rule_match()
media: vivid: fix compose size exceed boundary
bpf: propagate precision in ALU/ALU64 operations
mtd: Fix device name leak when register device failed in add_mtd_device()
wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port
media: camss: Clean up received buffers on failed start of streaming
net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write()
rxrpc: Fix ack.bufferSize to be 0 when generating an ack
drm/radeon: Add the missed acpi_put_table() to fix memory leak
drm/mediatek: Modify dpi power on/off sequence.
ASoC: pxa: fix null-pointer dereference in filter()
regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table()
integrity: Fix memory leakage in keyring allocation error path
ima: Fix misuse of dereference of pointer in template_desc_init_fields()
wifi: ath10k: Fix return value in ath10k_pci_init()
mtd: lpddr2_nvm: Fix possible null-ptr-deref
Input: elants_i2c - properly handle the reset GPIO when power is off
media: solo6x10: fix possible memory leak in solo_sysfs_init()
media: platform: exynos4-is: Fix error handling in fimc_md_init()
media: videobuf-dma-contig: use dma_mmap_coherent
bpf: Move skb->len == 0 checks into __bpf_redirect
HID: hid-sensor-custom: set fixed size for custom attributes
ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT
ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
regulator: core: use kfree_const() to free space conditionally
clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
bonding: Export skip slave logic to function
bonding: Rename slave_arr to usable_slaves
bonding: fix link recovery in mode 2 when updelay is nonzero
mtd: maps: pxa2xx-flash: fix memory leak in probe
media: imon: fix a race condition in send_packet()
clk: imx8mn: correct the usb1_ctrl parent to be usb_bus
clk: imx: replace osc_hdmi with dummy
pinctrl: pinconf-generic: add missing of_node_put()
media: dvb-core: Fix ignored return value in dvb_register_frontend()
media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC
drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe()
ASoC: dt-bindings: wcd9335: fix reset line polarity in example
ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd
NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
NFSv4.2: Fix a memory stomp in decode_attr_security_label
NFSv4.2: Fix initialisation of struct nfs4_label
NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
ALSA: asihpi: fix missing pci_disable_device()
wifi: iwlwifi: mvm: fix double free on tx path.
ASoC: mediatek: mt8173: Enable IRQ when pdata is ready
drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
netfilter: conntrack: set icmpv6 redirects as RELATED
bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data
bpf, sockmap: Fix data loss caused by using apply_bytes on ingress redirect
bonding: uninitialized variable in bond_miimon_inspect()
spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE
wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails
regulator: core: fix module refcount leak in set_supply()
clk: qcom: clk-krait: fix wrong div2 functions
hsr: Avoid double remove of a node.
configfs: fix possible memory leak in configfs_create_dir()
regulator: core: fix resource leak in regulator_register()
bpf, sockmap: fix race in sock_map_free()
media: saa7164: fix missing pci_disable_device()
ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
SUNRPC: Fix missing release socket in rpc_sockname()
NFSv4.x: Fail client initialisation if state manager thread can't run
mmc: alcor: fix return value check of mmc_add_host()
mmc: moxart: fix return value check of mmc_add_host()
mmc: mxcmmc: fix return value check of mmc_add_host()
mmc: pxamci: fix return value check of mmc_add_host()
mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
mmc: toshsd: fix return value check of mmc_add_host()
mmc: vub300: fix return value check of mmc_add_host()
mmc: wmt-sdmmc: fix return value check of mmc_add_host()
mmc: atmel-mci: fix return value check of mmc_add_host()
mmc: omap_hsmmc: fix return value check of mmc_add_host()
mmc: meson-gx: fix return value check of mmc_add_host()
mmc: via-sdmmc: fix return value check of mmc_add_host()
mmc: wbsd: fix return value check of mmc_add_host()
mmc: mmci: fix return value check of mmc_add_host()
media: c8sectpfe: Add of_node_put() when breaking out of loop
media: coda: Add check for dcoda_iram_alloc
media: coda: Add check for kmalloc
clk: samsung: Fix memory leak in _samsung_clk_register_pll()
spi: spi-gpio: Don't set MOSI as an input if not 3WIRE mode
wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
blktrace: Fix output non-blktrace event when blk_classic option enabled
clk: socfpga: clk-pll: Remove unused variable 'rc'
clk: socfpga: use clk_hw_register for a5/c5
clk: socfpga: Fix memory leak in socfpga_gate_init()
net: vmw_vsock: vmci: Check memcpy_from_msg()
net: defxx: Fix missing err handling in dfx_init()
net: stmmac: selftests: fix potential memleak in stmmac_test_arpoffload()
drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop()
ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
net: farsync: Fix kmemleak when rmmods farsync
net/tunnel: wait until all sk_user_data reader finish before releasing the sock
net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
net: amd-xgbe: Fix logic around active and passive cables
net: amd-xgbe: Check only the minimum speed for active/passive cables
can: tcan4x5x: Remove invalid write in clear_interrupts
net: lan9303: Fix read error execution path
ntb_netdev: Use dev_kfree_skb_any() in interrupt context
Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
stmmac: fix potential division by 0
apparmor: fix a memleak in multi_transaction_new()
apparmor: fix lockdep warning when removing a namespace
apparmor: Fix abi check to include v8 abi
apparmor: Use pointer to struct aa_label for lbs_cred
RDMA/core: Fix order of nldev_exit call
f2fs: fix normal discard process
RDMA/siw: Fix immediate work request flush to completion queue
RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port
RDMA/siw: Set defined status for work completion with undefined status
scsi: scsi_debug: Fix a warning in resp_write_scat()
crypto: ccree - swap SHA384 and SHA512 larval hashes at build time
crypto: ccree - Remove debugfs when platform_driver_register failed
PCI: Check for alloc failure in pci_request_irq()
RDMA/hfi: Decrease PCI device reference count in error path
crypto: ccree - Make cc_debugfs_global_fini() available for module init function
RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
scsi: hpsa: Fix possible memory leak in hpsa_init_one()
crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()
scsi: hpsa: Fix error handling in hpsa_add_sas_host()
scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
scsi: fcoe: Fix possible name leak when device_register() fails
scsi: ipr: Fix WARNING in ipr_init()
scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
scsi: snic: Fix possible UAF in snic_tgt_create()
RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps()
f2fs: avoid victim selection from previous victim section
crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe()
RDMA/hfi1: Fix error return code in parse_platform_config()
orangefs: Fix sysfs not cleanup when dev init failed
crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
hwrng: amd - Fix PCI device refcount leak
hwrng: geode - Fix PCI device refcount leak
IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
drivers: dio: fix possible memory leak in dio_init()
tty: serial: tegra: Activate RX DMA transfer by request
serial: tegra: Read DMA status before terminating
class: fix possible memory leak in __class_register()
vfio: platform: Do not pass return buffer to ACPI _RST method
uio: uio_dmem_genirq: Fix missing unlock in irq configuration
uio: uio_dmem_genirq: Fix deadlock between irq config and handling
usb: fotg210-udc: Fix ages old endianness issues
staging: vme_user: Fix possible UAF in tsi148_dma_list_add
usb: typec: Check for ops->exit instead of ops->enter in altmode_exit
usb: typec: tcpci: fix of node refcount leak in tcpci_register_port()
serial: amba-pl011: avoid SBSA UART accessing DMACR register
serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
serial: pch: Fix PCI device refcount leak in pch_request_dma()
tty: serial: clean up stop-tx part in altera_uart_tx_chars()
tty: serial: altera_uart_{r,t}x_chars() need only uart_port
serial: altera_uart: fix locking in polling mode
serial: sunsab: Fix error handling in sunsab_init()
test_firmware: fix memory leak in test_firmware_init()
misc: ocxl: fix possible name leak in ocxl_file_register_afu()
misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
counter: stm32-lptimer-cnt: fix the check on arr and cmp registers update
usb: roles: fix of node refcount leak in usb_role_switch_is_parent()
usb: gadget: f_hid: optional SETUP/SET_REPORT mode
usb: gadget: f_hid: fix f_hidg lifetime vs cdev
usb: gadget: f_hid: fix refcount leak on error path
drivers: mcb: fix resource leak in mcb_probe()
mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
chardev: fix error handling in cdev_device_add()
i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
staging: rtl8192u: Fix use after free in ieee80211_rx()
staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
vme: Fix error not catched in fake_init()
i2c: ismt: Fix an out-of-bounds bug in ismt_access()
usb: storage: Add check for kcalloc
tracing/hist: Fix issue of losting command info in error_log
samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe()
fbdev: ssd1307fb: Drop optional dependency
fbdev: pm2fb: fix missing pci_disable_device()
fbdev: via: Fix error in via_core_init()
fbdev: vermilion: decrease reference count in error path
fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
power: supply: fix residue sysfs file in error handle route of __power_supply_register()
perf trace: Return error if a system call doesn't exist
perf trace: Separate 'struct syscall_fmt' definition from syscall_fmts variable
perf trace: Factor out the initialization of syscal_arg_fmt->scnprintf
perf trace: Add the syscall_arg_fmt pointer to syscall_arg
perf trace: Allow associating scnprintf routines with well known arg names
perf trace: Add a strtoul() method to 'struct syscall_arg_fmt'
perf trace: Use macro RAW_SYSCALL_ARGS_NUM to replace number
perf trace: Handle failure when trace point folder is missed
perf symbol: correction while adjusting symbol
HSI: omap_ssi_core: Fix error handling in ssi_init()
power: supply: fix null pointer dereferencing in power_supply_get_battery_info
RDMA/siw: Fix pointer cast warning
include/uapi/linux/swab: Fix potentially missing __always_inline
rtc: snvs: Allow a time difference on clock register read
rtc: pcf85063: Fix reading alarm
iommu/amd: Fix pci device refcount leak in ppr_notifier()
iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
macintosh: fix possible memory leak in macio_add_one_device()
macintosh/macio-adb: check the return value of ioremap()
powerpc/52xx: Fix a resource leak in an error handling path
cxl: Fix refcount leak in cxl_calc_capp_routing
powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data()
powerpc/perf: callchain validate kernel stack pointer bounds
powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe()
powerpc/hv-gpci: Fix hv_gpci event list
selftests/powerpc: Fix resource leaks
pwm: sifive: Call pwm_sifive_update_clock() while mutex is held
remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev()
remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region()
rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe()
nfsd: Define the file access mode enum for tracing
NFSD: Add tracepoints to NFSD's duplicate reply cache
nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
nfc: pn533: Clear nfc_target before being used
r6040: Fix kmemleak in probe and remove
rtc: mxc_v2: Add missing clk_disable_unprepare()
openvswitch: Fix flow lookup to use unmasked key
skbuff: Account for tail adjustment during pull operations
mailbox: zynq-ipi: fix error handling while device_register() fails
net_sched: reject TCF_EM_SIMPLE case for complex ematch module
rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
myri10ge: Fix an error handling path in myri10ge_probe()
net: stream: purge sk_error_queue in sk_stream_kill_queues()
rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state()
binfmt_misc: fix shift-out-of-bounds in check_special_flags
fs: jfs: fix shift-out-of-bounds in dbAllocAG
udf: Avoid double brelse() in udf_rename()
fs: jfs: fix shift-out-of-bounds in dbDiscardAG
ACPICA: Fix error code path in acpi_ds_call_control_method()
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
acct: fix potential integer overflow in encode_comp_t()
hfs: fix OOB Read in __hfs_brec_find
drm/etnaviv: add missing quirks for GC300
brcmfmac: return error when getting invalid max_flowrings from dongle
wifi: ath9k: verify the expected usb_endpoints are present
wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
ipmi: fix memleak when unload ipmi driver
bpf: make sure skb->len != 0 when redirecting to a tunneling device
net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
hamradio: baycom_epp: Fix return type of baycom_send_packet()
wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
igb: Do not free q_vector unless new one was allocated
s390/ctcm: Fix return type of ctc{mp,}m_tx()
s390/netiucv: Fix return type of netiucv_tx()
s390/lcs: Fix return type of lcs_start_xmit()
drm/rockchip: Use drm_mode_copy()
drm/sti: Use drm_mode_copy()
drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
md/raid1: stop mdx_raid1 thread when raid1 array run failed
net: add atomic_long_t to net_device_stats fields
mrp: introduce active flags to prevent UAF when applicant uninit
ppp: associate skb with a device at tx
bpf: Prevent decl_tag from being referenced in func_proto arg
media: dvb-frontends: fix leak of memory fw
media: dvbdev: adopts refcnt to avoid UAF
media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
blk-mq: fix possible memleak when register 'hctx' failed
regulator: core: fix use_count leakage when handling boot-on
mmc: f-sdh30: Add quirks for broken timeout clock capability
media: si470x: Fix use-after-free in si470x_int_in_callback()
clk: st: Fix memory leak in st_of_quadfs_setup()
hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
ALSA/ASoC: hda: move/rename snd_hdac_ext_stop_streams to hdac_stream.c
ALSA: hda: add snd_hdac_stop_streams() helper
ASoC: Intel: Skylake: Fix driver hang during shutdown
ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe()
ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link()
ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume()
ASoC: wm8994: Fix potential deadlock
ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume()
ASoC: rt5670: Remove unbalanced pm_runtime_put()
pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion
pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB
ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list
usb: dwc3: core: defer probe on ulpi_read_id timeout
HID: wacom: Ensure bootloader PID is usable in hidraw mode
reiserfs: Add missing calls to reiserfs_security_free()
iio: adc: ad_sigma_delta: do not use internal iio_dev lock
iio: adc128s052: add proper .data members in adc128_of_match table
regulator: core: fix deadlock on regulator enable
gcov: add support for checksum field
media: dvbdev: fix build warning due to comments
media: dvbdev: fix refcnt bug
cifs: fix oops during encryption
nvme-pci: fix doorbell buffer value endianness
ata: ahci: Fix PCS quirk application for suspend
nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition
objtool: Fix SEGFAULT
powerpc/rtas: avoid device tree lookups in rtas_os_term()
powerpc/rtas: avoid scheduling in rtas_os_term()
HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint
HID: plantronics: Additional PIDs for double volume key presses quirk
hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount
ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
ALSA: line6: correct midi status byte when receiving data from podxt
ALSA: line6: fix stack overflow in line6_midi_transmit
pnode: terminate at peers of source
md: fix a crash in mempool_free
mm, compaction: fix fast_isolate_around() to stay within boundaries
f2fs: should put a page when checking the summary info
mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO
net/af_packet: make sure to pull mac header
media: stv0288: use explicitly signed char
soc: qcom: Select REMAP_MMIO for LLCC driver
kest.pl: Fix grub2 menu handling for rebooting
ktest.pl minconfig: Unset configs instead of just removing them
mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K
btrfs: fix resolving backrefs for inline extent followed by prealloc
ARM: ux500: do not directly dereference __iomem
arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength
selftests: Use optional USERCFLAGS and USERLDFLAGS
cpufreq: Init completion before kobject_init_and_add()
binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf
binfmt: Fix error return code in load_elf_fdpic_binary()
dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata
dm thin: Use last transaction's pmd->root when commit failed
dm thin: Fix UAF in run_timer_softirq()
dm integrity: Fix UAF in dm_integrity_dtr()
dm clone: Fix UAF in clone_dtr()
dm cache: Fix UAF in destroy()
dm cache: set needs_check flag after aborting metadata
tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx'
x86/microcode/intel: Do not retry microcode reloading on the APs
tracing/hist: Fix wrong return value in parse_action_params()
tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
media: dvb-core: Fix double free in dvb_register_device()
media: dvb-core: Fix UAF due to refcount races at releasing
cifs: fix confusing debug message
cifs: fix missing display of three mount options
md/bitmap: Fix bitmap chunk size overflow issues
efi: Add iMac Pro 2017 to uefi skip cert quirk
ipmi: fix long wait in unload when IPMI disconnect
mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type()
ima: Fix a potential NULL pointer access in ima_restore_measurement_list
ipmi: fix use after free in _ipmi_destroy_user()
PCI: Fix pci_device_is_present() for VFs by checking PF
PCI/sysfs: Fix double free in error path
crypto: n2 - add missing hash statesize
iommu/amd: Fix ivrs_acpihid cmdline parsing code
parisc: led: Fix potential null-ptr-deref in start_task()
device_cgroup: Roll back to original exceptions after copy failure
drm/connector: send hotplug uevent on connector cleanup
drm/vmwgfx: Validate the box size for the snooped cursor
ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop
ext4: fix undefined behavior in bit shift for ext4_check_flag_values
ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
ext4: add helper to check quota inums
ext4: fix reserved cluster accounting in __es_remove_extent()
ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
ext4: init quota for 'old.inode' in 'ext4_rename'
ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
ext4: fix corruption when online resizing a 1K bigalloc fs
ext4: fix error code return to user-space in ext4_get_branch()
ext4: avoid BUG_ON when creating xattrs
ext4: fix inode leak in ext4_xattr_inode_create() on an error path
ext4: initialize quota before expanding inode in setproject ioctl
ext4: avoid unaccounted block allocation when expanding inode
ext4: allocate extended attribute value in vmalloc area
btrfs: replace strncpy() with strscpy()
PM/devfreq: governor: Add a private governor_data for governor
media: s5p-mfc: Fix to handle reference queue during finishing
media: s5p-mfc: Clear workbit to handle error condition
media: s5p-mfc: Fix in register read and write for H264
dm thin: resume even if in FAIL mode
perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data
KVM: x86: optimize more exit handlers in vmx.c
KVM: retpolines: x86: eliminate retpoline from vmx.c exit handlers
KVM: VMX: Rename INTERRUPT_PENDING to INTERRUPT_WINDOW
KVM: VMX: Rename NMI_PENDING to NMI_WINDOW
KVM: VMX: Fix the spelling of CPU_BASED_USE_TSC_OFFSETTING
KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1
ravb: Fix "failed to switch device to config mode" message during unbind
ext4: goto right label 'failed_mount3a'
ext4: correct inconsistent error msg in nojournal mode
mm/highmem: Lift memcpy_[to|from]_page to core
ext4: use memcpy_to_page() in pagecache_write()
fs: ext4: initialize fsdata in pagecache_write()
ext4: use kmemdup() to replace kmalloc + memcpy
mbcache: don't reclaim used entries
mbcache: add functions to delete entry if unused
ext4: remove EA inode entry from mbcache on inode eviction
ext4: unindent codeblock in ext4_xattr_block_set()
ext4: fix race when reusing xattr blocks
mbcache: automatically delete entries from cache on freeing
ext4: fix deadlock due to mbcache entry corruption
SUNRPC: ensure the matching upcall is in-flight upon downcall
bpf: pull before calling skb_postpull_rcsum()
nfsd: shut down the NFSv4 state objects before the filecache
net: hns3: add interrupts re-initialization while doing VF FLR
net: sched: fix memory leak in tcindex_set_parms
qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
nfc: Fix potential resource leaks
vhost: fix range used in translate_desc()
net: amd-xgbe: add missed tasklet_kill
net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
RDMA/uverbs: Silence shiftTooManyBitsSigned warning
RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
net: sched: atm: dont intepret cls results when asked to drop
net: sched: cbq: dont intepret cls results when asked to drop
perf tools: Fix resources leak in perf_data__open_dir()
drivers/net/bonding/bond_3ad: return when there's no aggregator
usb: rndis_host: Secure rndis_query check against int overflow
drm/i915: unpin on error in intel_vgpu_shadow_mm_pin()
caif: fix memory leak in cfctrl_linkup_request()
udf: Fix extension of the last extent in the file
ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet
x86/bugs: Flush IBP in ib_prctl_set()
nfsd: fix handling of readdir in v4root vs. mount upcall timeout
riscv: uaccess: fix type of 0 variable on error in get_user()
ext4: don't allow journal inode to have encrypt flag
hfs/hfsplus: use WARN_ON for sanity check
hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
mbcache: Avoid nesting of cache->c_list_lock under bit locks
parisc: Align parisc MADV_XXX constants with all other architectures
selftests: Fix kselftest O=objdir build from cluttering top level objdir
selftests: set the BUILD variable to absolute path
driver core: Fix bus_type.match() error handling in __driver_attach()
net: sched: disallow noqueue for qdisc classes
KVM: arm64: Fix S1PTW handling on RO memslots
efi: tpm: Avoid READ_ONCE() for accessing the event log
docs: Fix the docs build with Sphinx 6.0
perf auxtrace: Fix address filter duplicate symbol selection
s390/kexec: fix ipl report address for kdump
s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
net/ulp: prevent ULP without clone op from entering the LISTEN status
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list
cifs: Fix uninitialized memory read for smb311 posix symlink create
drm/msm/adreno: Make adreno quirks not overwrite each other
platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe
ixgbe: fix pci device refcount leak
ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
wifi: wilc1000: sdio: fix module autoloading
usb: ulpi: defer ulpi_register on ulpi_read_id timeout
jbd2: use the correct print format
quota: Factor out setup of quota inode
ext4: fix bug_on in __es_tree_search caused by bad quota inode
ext4: lost matching-pair of trace in ext4_truncate
ext4: fix use-after-free in ext4_orphan_cleanup
ext4: fix uninititialized value in 'ext4_evict_inode'
netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
powerpc/imc-pmu: Fix use of mutex in IRQs disabled section
x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
EDAC/device: Fix period calculation in edac_device_reset_delay_period()
regulator: da9211: Use irq handler when ready
tipc: improve throughput between nodes in netns
tipc: eliminate checking netns if node established
tipc: fix unexpected link reset due to discovery messages
hvc/xen: lock console list traversal
nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
net/sched: act_mpls: Fix warning during failed attribute validation
net/mlx5: Rename ptp clock info
net/mlx5: Fix ptp max frequency adjustment range
iommu/mediatek-v1: Add error handle for mtk_iommu_probe
iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe()
x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent unnecessary IPI
x86/resctrl: Fix task CLOSID/RMID update race
drm/virtio: Fix GEM handle creation UAF
arm64: atomics: format whitespace consistently
arm64: atomics: remove LL/SC trampolines
arm64: cmpxchg_double*: hazard against entire exchange variable
efi: fix NULL-deref in init error path
mm: Always release pages to the buddy allocator in memblock_free_late().
Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout"
tipc: fix use-after-free in tipc_disc_rcv()
tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasn't started
tipc: Add a missing case of TIPC_DIRECT_MSG type
ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown
tipc: call tipc_lxc_xmit without holding node_read_lock
Linux 5.4.229
UBUNTU: Upstream stable to v5.4.229

See original description

Tags:

CVE References

Kamal Mostafa (kamalmostafa) on 2023-01-25

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status:	Confirmed → Invalid
Changed in linux (Ubuntu Focal):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Kamal Mostafa (kamalmostafa)
description:	updated

Stefan Bader (smb) on 2023-01-26

Changed in linux (Ubuntu Focal):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-03-02:

Download full text (64.6 KiB)

This bug was fixed in the package linux - 5.4.0-144.161

---------------
linux (5.4.0-144.161) focal; urgency=medium

* focal/linux: 5.4.0-144.161 -proposed tracker (LP: #2004653)

* CVE-2023-0461
- SAUCE: Fix inet_csk_listen_start after CVE-2023-0461

linux (5.4.0-143.160) focal; urgency=medium

* focal/linux: 5.4.0-143.160 -proposed tracker (LP: #2004385)

  * NFS: client permission error after adding user to permissible group
    (LP: #2003053)
    - NFS: Clear the file access cache upon login
    - NFS: Judge the file access cache's timestamp in rcu path
    - NFS: Fix up a sparse warning

This bug was fixed in the package linux - 5.4.0-144.161

---------------
linux (5.4.0-144.161) focal; urgency=medium

* focal/linux: 5.4.0-144.161 -proposed tracker (LP: #2004653)

* CVE-2023-0461
    - SAUCE: Fix inet_csk_listen_start after CVE-2023-0461

linux (5.4.0-143.160) focal; urgency=medium

* focal/linux: 5.4.0-143.160 -proposed tracker (LP: #2004385)

* Focal update: v5.4.229 upstream stable release (LP: #2003914)
    - tracing/ring-buffer: Only do full wait when cpu != RING_BUFFER_ALL_CPUS
    - udf: Discard preallocation before extending file with a hole
    - udf: Fix preallocation discarding at indirect extent boundary
    - udf: Do not bother looking for prealloc extents if i_lenExtents matches
      i_size
    - udf: Fix extending file within last block
    - usb: gadget: uvc: Prevent buffer overflow in setup handler
    - USB: serial: option: add Quectel EM05-G modem
    - USB: serial: cp210x: add Kamstrup RF sniffer PIDs
    - USB: serial: f81232: fix division by zero on line-speed change
    - USB: serial: f81534: fix division by zero on line-speed change
    - igb: Initialize mailbox message for VF reset
    - xen-netback: move removal of "hotplug-status" to the right place
    - HID: ite: Add support for Acer S1002 keyboard-dock
    - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch 10E
    - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10
    - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk
    - net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
    - usb: musb: remove extra check in musb_gadget_vbus_draw
    - ARM: dts: qcom: apq8064: fix coresight compatible
    - arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias
    - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
    - arm: dts: spear600: Fix clcd interrupt
    - soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of
      pm_runtime_get_sync
    - soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe
    - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
    - perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init()
    - perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init()
    - arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators
    - arm64: dts: mt2712e: Fix unit address for pinctrl node
    - arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names
    - arm64: dts: mt2712-evb: Fix usb vbus regulators unit names
    - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
    - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: turris-omnia: Add ethernet aliases
    - ARM: dts: turris-omnia: Add switch port 6 node
    - arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC
    - pstore/ram: Fix error return code in ramoops_probe()
    - ARM: mmp: fix timer_read delay
    - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
    - tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
    - cpuidle: dt: Return the correct numbers of parsed idle states
    - alpha: fix syscall entry in !AUDUT_SYSCALL case
    - PM: hibernate: Fix mistake in kerneldoc comment
    - fs: don't audit the capability check in simple_xattr_list()
    - selftests/ftrace: event_triggers: wait longer for test_event_enable
    - perf: Fix possible memleak in pmu_dev_alloc()
    - timerqueue: Use rb_entry_safe() in timerqueue_getnext()
    - proc: fixup uptime selftest
    - lib/fonts: fix undefined behavior in bit shift for get_default_font
    - ocfs2: fix memory leak in ocfs2_stack_glue_init()
    - MIPS: vpe-mt: fix possible memory leak while module exiting
    - MIPS: vpe-cmp: fix possible memory leak while module exiting
    - selftests/efivarfs: Add checking of the test return value
    - PNP: fix name memory leak in pnp_alloc_dev()
    - perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
    - irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
    - EDAC/i10nm: fix refcount leak in pci_get_dev_wrapper()
    - nfsd: don't call nfsd_file_put from client states seqfile display
    - genirq/irqdesc: Don't try to remove non-existing sysfs files
    - cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()
    - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
    - lib/notifier-error-inject: fix error when writing -errno to debugfs file
    - docs: fault-injection: fix non-working usage of negative values
    - debugfs: fix error when writing negative value to atomic_t debugfs file
    - ocfs2: ocfs2_mount_volume does cleanup job before return error
    - ocfs2: rewrite error handling of ocfs2_fill_super
    - ocfs2: fix memory leak in ocfs2_mount_volume()
    - rapidio: fix possible name leaks when rio_add_device() fails
    - rapidio: rio: fix possible name leak in rio_register_mport()
    - clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled
    - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
    - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
    - xen/events: only register debug interrupt for 2-level events
    - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
    - x86/xen: Fix memory leak in xen_init_lock_cpu()
    - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
    - PM: runtime: Improve path in rpm_idle() when no callback
    - PM: runtime: Do not call __rpm_callback() from rpm_idle()
    - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
    - MIPS: BCM63xx: Add check for NULL for clk in clk_enable
    - MIPS: OCTEON: warn only once if deprecated link status is being used
    - fs: sysv: Fix sysv_nblocks() returns wrong value
    - rapidio: fix possible UAF when kfifo_alloc() fails
    - eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
    - relay: fix type mismatch when allocating memory in relay_create_buf()
    - hfs: Fix OOB Write in hfs_asc2mac
    - rapidio: devices: fix missing put_device in mport_cdev_open
    - wifi: ath9k: hif_usb: fix memory leak of urbs in
      ath9k_hif_usb_dealloc_tx_urbs()
    - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
    - wifi: rtl8xxxu: Fix reading the vendor of combo chips
    - pata_ipx4xx_cf: Fix unsigned comparison with less than zero
    - media: i2c: ad5820: Fix error path
    - can: kvaser_usb: do not increase tx statistics when sending error message
      frames
    - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
    - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to
      {leaf,usbcan}_cmd_can_error_event
    - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
    - can: kvaser_usb_leaf: Set Warning state even without bus errors
    - can: kvaser_usb_leaf: Fix improved state not being reported
    - can: kvaser_usb_leaf: Fix wrong CAN state after stopping
    - can: kvaser_usb_leaf: Fix bogus restart events
    - can: kvaser_usb: Add struct kvaser_usb_busparams
    - can: kvaser_usb: Compare requested bittiming parameters with actual
      parameters in do_set_{,data}_bittiming
    - clk: renesas: r9a06g032: Repair grave increment error
    - spi: Update reference to struct spi_controller
    - drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure
    - ima: Rename internal filter rule functions
    - ima: Fix fall-through warnings for Clang
    - ima: Handle -ESTALE returned by ima_filter_rule_match()
    - media: vivid: fix compose size exceed boundary
    - bpf: propagate precision in ALU/ALU64 operations
    - mtd: Fix device name leak when register device failed in add_mtd_device()
    - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port
    - media: camss: Clean up received buffers on failed start of streaming
    - net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write()
    - rxrpc: Fix ack.bufferSize to be 0 when generating an ack
    - drm/radeon: Add the missed acpi_put_table() to fix memory leak
    - drm/mediatek: Modify dpi power on/off sequence.
    - ASoC: pxa: fix null-pointer dereference in filter()
    - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
    - amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table()
    - integrity: Fix memory leakage in keyring allocation error path
    - ima: Fix misuse of dereference of pointer in template_desc_init_fields()
    - wifi: ath10k: Fix return value in ath10k_pci_init()
    - mtd: lpddr2_nvm: Fix possible null-ptr-deref
    - Input: elants_i2c - properly handle the reset GPIO when power is off
    - media: solo6x10: fix possible memory leak in solo_sysfs_init()
    - media: platform: exynos4-is: Fix error handling in fimc_md_init()
    - media: videobuf-dma-contig: use dma_mmap_coherent
    - bpf: Move skb->len == 0 checks into __bpf_redirect
    - HID: hid-sensor-custom: set fixed size for custom attributes
    - ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT
    - ALSA: seq: fix undefined behavior in bit shift for
      SNDRV_SEQ_FILTER_USE_EVENT
    - regulator: core: use kfree_const() to free space conditionally
    - clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
    - bonding: Export skip slave logic to function
    - bonding: Rename slave_arr to usable_slaves
    - bonding: fix link recovery in mode 2 when updelay is nonzero
    - mtd: maps: pxa2xx-flash: fix memory leak in probe
    - media: imon: fix a race condition in send_packet()
    - clk: imx8mn: correct the usb1_ctrl parent to be usb_bus
    - clk: imx: replace osc_hdmi with dummy
    - pinctrl: pinconf-generic: add missing of_node_put()
    - media: dvb-core: Fix ignored return value in dvb_register_frontend()
    - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
    - media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC
    - drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe()
    - ASoC: dt-bindings: wcd9335: fix reset line polarity in example
    - ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd
    - NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
    - NFSv4.2: Fix a memory stomp in decode_attr_security_label
    - NFSv4.2: Fix initialisation of struct nfs4_label
    - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
    - ALSA: asihpi: fix missing pci_disable_device()
    - wifi: iwlwifi: mvm: fix double free on tx path.
    - ASoC: mediatek: mt8173: Enable IRQ when pdata is ready
    - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
    - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
    - ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
    - netfilter: conntrack: set icmpv6 redirects as RELATED
    - bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data
    - bpf, sockmap: Fix data loss caused by using apply_bytes on ingress redirect
    - bonding: uninitialized variable in bond_miimon_inspect()
    - spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE
    - wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys()
      fails
    - regulator: core: fix module refcount leak in set_supply()
    - clk: qcom: clk-krait: fix wrong div2 functions
    - hsr: Avoid double remove of a node.
    - configfs: fix possible memory leak in configfs_create_dir()
    - regulator: core: fix resource leak in regulator_register()
    - bpf, sockmap: fix race in sock_map_free()
    - media: saa7164: fix missing pci_disable_device()
    - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
    - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
    - SUNRPC: Fix missing release socket in rpc_sockname()
    - NFSv4.x: Fail client initialisation if state manager thread can't run
    - mmc: alcor: fix return value check of mmc_add_host()
    - mmc: moxart: fix return value check of mmc_add_host()
    - mmc: mxcmmc: fix return value check of mmc_add_host()
    - mmc: pxamci: fix return value check of mmc_add_host()
    - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
    - mmc: toshsd: fix return value check of mmc_add_host()
    - mmc: vub300: fix return value check of mmc_add_host()
    - mmc: wmt-sdmmc: fix return value check of mmc_add_host()
    - mmc: atmel-mci: fix return value check of mmc_add_host()
    - mmc: omap_hsmmc: fix return value check of mmc_add_host()
    - mmc: meson-gx: fix return value check of mmc_add_host()
    - mmc: via-sdmmc: fix return value check of mmc_add_host()
    - mmc: wbsd: fix return value check of mmc_add_host()
    - mmc: mmci: fix return value check of mmc_add_host()
    - media: c8sectpfe: Add of_node_put() when breaking out of loop
    - media: coda: Add check for dcoda_iram_alloc
    - media: coda: Add check for kmalloc
    - clk: samsung: Fix memory leak in _samsung_clk_register_pll()
    - spi: spi-gpio: Don't set MOSI as an input if not 3WIRE mode
    - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
    - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
    - blktrace: Fix output non-blktrace event when blk_classic option enabled
    - clk: socfpga: clk-pll: Remove unused variable 'rc'
    - clk: socfpga: use clk_hw_register for a5/c5
    - clk: socfpga: Fix memory leak in socfpga_gate_init()
    - net: vmw_vsock: vmci: Check memcpy_from_msg()
    - net: defxx: Fix missing err handling in dfx_init()
    - net: stmmac: selftests: fix potential memleak in stmmac_test_arpoffload()
    - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
    - of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry()
      and find_dup_cset_prop()
    - ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
    - net: farsync: Fix kmemleak when rmmods farsync
    - net/tunnel: wait until all sk_user_data reader finish before releasing the
      sock
    - net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
    - net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
    - net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
    - net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
    - hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
    - net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
    - net: amd-xgbe: Fix logic around active and passive cables
    - net: amd-xgbe: Check only the minimum speed for active/passive cables
    - can: tcan4x5x: Remove invalid write in clear_interrupts
    - net: lan9303: Fix read error execution path
    - ntb_netdev: Use dev_kfree_skb_any() in interrupt context
    - Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
    - Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
    - Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave()
    - Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
    - Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
    - Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
    - Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
    - stmmac: fix potential division by 0
    - apparmor: fix a memleak in multi_transaction_new()
    - apparmor: fix lockdep warning when removing a namespace
    - apparmor: Fix abi check to include v8 abi
    - apparmor: Use pointer to struct aa_label for lbs_cred
    - RDMA/core: Fix order of nldev_exit call
    - f2fs: fix normal discard process
    - RDMA/siw: Fix immediate work request flush to completion queue
    - RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port
    - RDMA/siw: Set defined status for work completion with undefined status
    - scsi: scsi_debug: Fix a warning in resp_write_scat()
    - crypto: ccree - swap SHA384 and SHA512 larval hashes at build time
    - crypto: ccree - Remove debugfs when platform_driver_register failed
    - PCI: Check for alloc failure in pci_request_irq()
    - RDMA/hfi: Decrease PCI device reference count in error path
    - crypto: ccree - Make cc_debugfs_global_fini() available for module init
      function
    - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create
      failed
    - scsi: hpsa: Fix possible memory leak in hpsa_init_one()
    - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
    - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()
    - scsi: hpsa: Fix error handling in hpsa_add_sas_host()
    - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
    - scsi: fcoe: Fix possible name leak when device_register() fails
    - scsi: ipr: Fix WARNING in ipr_init()
    - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
    - scsi: snic: Fix possible UAF in snic_tgt_create()
    - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps()
    - f2fs: avoid victim selection from previous victim section
    - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe()
    - RDMA/hfi1: Fix error return code in parse_platform_config()
    - orangefs: Fix sysfs not cleanup when dev init failed
    - crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
    - hwrng: amd - Fix PCI device refcount leak
    - hwrng: geode - Fix PCI device refcount leak
    - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
    - drivers: dio: fix possible memory leak in dio_init()
    - tty: serial: tegra: Activate RX DMA transfer by request
    - serial: tegra: Read DMA status before terminating
    - class: fix possible memory leak in __class_register()
    - vfio: platform: Do not pass return buffer to ACPI _RST method
    - uio: uio_dmem_genirq: Fix missing unlock in irq configuration
    - uio: uio_dmem_genirq: Fix deadlock between irq config and handling
    - usb: fotg210-udc: Fix ages old endianness issues
    - staging: vme_user: Fix possible UAF in tsi148_dma_list_add
    - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit
    - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port()
    - serial: amba-pl011: avoid SBSA UART accessing DMACR register
    - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
    - serial: pch: Fix PCI device refcount leak in pch_request_dma()
    - tty: serial: clean up stop-tx part in altera_uart_tx_chars()
    - tty: serial: altera_uart_{r,t}x_chars() need only uart_port
    - serial: altera_uart: fix locking in polling mode
    - serial: sunsab: Fix error handling in sunsab_init()
    - test_firmware: fix memory leak in test_firmware_init()
    - misc: ocxl: fix possible name leak in ocxl_file_register_afu()
    - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
    - misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault
      and gru_handle_user_call_os
    - cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
    - cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
    - counter: stm32-lptimer-cnt: fix the check on arr and cmp registers update
    - usb: roles: fix of node refcount leak in usb_role_switch_is_parent()
    - usb: gadget: f_hid: optional SETUP/SET_REPORT mode
    - usb: gadget: f_hid: fix f_hidg lifetime vs cdev
    - usb: gadget: f_hid: fix refcount leak on error path
    - drivers: mcb: fix resource leak in mcb_probe()
    - mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
    - chardev: fix error handling in cdev_device_add()
    - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
    - staging: rtl8192u: Fix use after free in ieee80211_rx()
    - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
    - vme: Fix error not catched in fake_init()
    - i2c: ismt: Fix an out-of-bounds bug in ismt_access()
    - usb: storage: Add check for kcalloc
    - tracing/hist: Fix issue of losting command info in error_log
    - samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe()
    - fbdev: ssd1307fb: Drop optional dependency
    - fbdev: pm2fb: fix missing pci_disable_device()
    - fbdev: via: Fix error in via_core_init()
    - fbdev: vermilion: decrease reference count in error path
    - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
    - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
    - HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
    - power: supply: fix residue sysfs file in error handle route of
      __power_supply_register()
    - perf trace: Return error if a system call doesn't exist
    - perf trace: Separate 'struct syscall_fmt' definition from syscall_fmts
      variable
    - perf trace: Factor out the initialization of syscal_arg_fmt->scnprintf
    - perf trace: Add the syscall_arg_fmt pointer to syscall_arg
    - perf trace: Allow associating scnprintf routines with well known arg names
    - perf trace: Add a strtoul() method to 'struct syscall_arg_fmt'
    - perf trace: Use macro RAW_SYSCALL_ARGS_NUM to replace number
    - perf trace: Handle failure when trace point folder is missed
    - perf symbol: correction while adjusting symbol
    - HSI: omap_ssi_core: Fix error handling in ssi_init()
    - power: supply: fix null pointer dereferencing in
      power_supply_get_battery_info
    - RDMA/siw: Fix pointer cast warning
    - include/uapi/linux/swab: Fix potentially missing __always_inline
    - rtc: snvs: Allow a time difference on clock register read
    - rtc: pcf85063: Fix reading alarm
    - iommu/amd: Fix pci device refcount leak in ppr_notifier()
    - iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
    - macintosh: fix possible memory leak in macio_add_one_device()
    - macintosh/macio-adb: check the return value of ioremap()
    - powerpc/52xx: Fix a resource leak in an error handling path
    - cxl: Fix refcount leak in cxl_calc_capp_routing
    - powerpc/xive: add missing iounmap() in error path in
      xive_spapr_populate_irq_data()
    - powerpc/perf: callchain validate kernel stack pointer bounds
    - powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in
      of_fsl_spi_probe()
    - powerpc/hv-gpci: Fix hv_gpci event list
    - selftests/powerpc: Fix resource leaks
    - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held
    - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev()
    - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in
      adsp_alloc_memory_region()
    - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
    - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe()
    - nfsd: Define the file access mode enum for tracing
    - NFSD: Add tracepoints to NFSD's duplicate reply cache
    - nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
    - mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under
      spin_lock_irqsave()
    - mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under
      spin_lock_irqsave()
    - mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under
      spin_lock_irqsave()
    - nfc: pn533: Clear nfc_target before being used
    - r6040: Fix kmemleak in probe and remove
    - rtc: mxc_v2: Add missing clk_disable_unprepare()
    - openvswitch: Fix flow lookup to use unmasked key
    - skbuff: Account for tail adjustment during pull operations
    - mailbox: zynq-ipi: fix error handling while device_register() fails
    - net_sched: reject TCF_EM_SIMPLE case for complex ematch module
    - rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
    - myri10ge: Fix an error handling path in myri10ge_probe()
    - net: stream: purge sk_error_queue in sk_stream_kill_queues()
    - rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state()
    - binfmt_misc: fix shift-out-of-bounds in check_special_flags
    - fs: jfs: fix shift-out-of-bounds in dbAllocAG
    - udf: Avoid double brelse() in udf_rename()
    - fs: jfs: fix shift-out-of-bounds in dbDiscardAG
    - ACPICA: Fix error code path in acpi_ds_call_control_method()
    - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
    - acct: fix potential integer overflow in encode_comp_t()
    - hfs: fix OOB Read in __hfs_brec_find
    - drm/etnaviv: add missing quirks for GC300
    - brcmfmac: return error when getting invalid max_flowrings from dongle
    - wifi: ath9k: verify the expected usb_endpoints are present
    - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
    - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
    - ipmi: fix memleak when unload ipmi driver
    - bpf: make sure skb->len != 0 when redirecting to a tunneling device
    - net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
    - hamradio: baycom_epp: Fix return type of baycom_send_packet()
    - wifi: brcmfmac: Fix potential shift-out-of-bounds in
      brcmf_fw_alloc_request()
    - igb: Do not free q_vector unless new one was allocated
    - s390/ctcm: Fix return type of ctc{mp,}m_tx()
    - s390/netiucv: Fix return type of netiucv_tx()
    - s390/lcs: Fix return type of lcs_start_xmit()
    - drm/rockchip: Use drm_mode_copy()
    - drm/sti: Use drm_mode_copy()
    - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
    - md/raid1: stop mdx_raid1 thread when raid1 array run failed
    - net: add atomic_long_t to net_device_stats fields
    - mrp: introduce active flags to prevent UAF when applicant uninit
    - ppp: associate skb with a device at tx
    - bpf: Prevent decl_tag from being referenced in func_proto arg
    - media: dvb-frontends: fix leak of memory fw
    - media: dvbdev: adopts refcnt to avoid UAF
    - media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
    - blk-mq: fix possible memleak when register 'hctx' failed
    - regulator: core: fix use_count leakage when handling boot-on
    - mmc: f-sdh30: Add quirks for broken timeout clock capability
    - media: si470x: Fix use-after-free in si470x_int_in_callback()
    - clk: st: Fix memory leak in st_of_quadfs_setup()
    - hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
    - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
    - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
    - orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
    - orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
    - ALSA/ASoC: hda: move/rename snd_hdac_ext_stop_streams to hdac_stream.c
    - ALSA: hda: add snd_hdac_stop_streams() helper
    - ASoC: Intel: Skylake: Fix driver hang during shutdown
    - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in
      mt8173_rt5650_rt5514_dev_probe()
    - ASoC: audio-graph-card: fix refcount leak of cpu_ep in
      __graph_for_each_link()
    - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in
      rockchip_pdm_runtime_resume()
    - ASoC: wm8994: Fix potential deadlock
    - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in
      rk_spdif_runtime_resume()
    - ASoC: rt5670: Remove unbalanced pm_runtime_put()
    - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion
    - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
    - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB
    - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list
    - usb: dwc3: core: defer probe on ulpi_read_id timeout
    - HID: wacom: Ensure bootloader PID is usable in hidraw mode
    - reiserfs: Add missing calls to reiserfs_security_free()
    - iio: adc: ad_sigma_delta: do not use internal iio_dev lock
    - iio: adc128s052: add proper .data members in adc128_of_match table
    - regulator: core: fix deadlock on regulator enable
    - gcov: add support for checksum field
    - media: dvbdev: fix build warning due to comments
    - media: dvbdev: fix refcnt bug
    - cifs: fix oops during encryption
    - nvme-pci: fix doorbell buffer value endianness
    - ata: ahci: Fix PCS quirk application for suspend
    - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition
    - objtool: Fix SEGFAULT
    - powerpc/rtas: avoid device tree lookups in rtas_os_term()
    - powerpc/rtas: avoid scheduling in rtas_os_term()
    - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint
    - HID: plantronics: Additional PIDs for double volume key presses quirk
    - hfsplus: fix bug causing custom uid and gid being unable to be assigned with
      mount
    - ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
    - ALSA: line6: correct midi status byte when receiving data from podxt
    - ALSA: line6: fix stack overflow in line6_midi_transmit
    - pnode: terminate at peers of source
    - md: fix a crash in mempool_free
    - mm, compaction: fix fast_isolate_around() to stay within boundaries
    - f2fs: should put a page when checking the summary info
    - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
    - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
    - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
    - SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
    - net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO
    - net/af_packet: make sure to pull mac header
    - media: stv0288: use explicitly signed char
    - soc: qcom: Select REMAP_MMIO for LLCC driver
    - kest.pl: Fix grub2 menu handling for rebooting
    - ktest.pl minconfig: Unset configs instead of just removing them
    - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K
    - btrfs: fix resolving backrefs for inline extent followed by prealloc
    - ARM: ux500: do not directly dereference __iomem
    - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength
    - selftests: Use optional USERCFLAGS and USERLDFLAGS
    - cpufreq: Init completion before kobject_init_and_add()
    - binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf
    - binfmt: Fix error return code in load_elf_fdpic_binary()
    - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
    - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata
    - dm thin: Use last transaction's pmd->root when commit failed
    - dm thin: Fix UAF in run_timer_softirq()
    - dm integrity: Fix UAF in dm_integrity_dtr()
    - dm clone: Fix UAF in clone_dtr()
    - dm cache: Fix UAF in destroy()
    - dm cache: set needs_check flag after aborting metadata
    - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx'
    - x86/microcode/intel: Do not retry microcode reloading on the APs
    - tracing/hist: Fix wrong return value in parse_action_params()
    - tracing: Fix infinite loop in tracing_read_pipe on overflowed
      print_trace_line
    - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
    - media: dvb-core: Fix double free in dvb_register_device()
    - cifs: fix confusing debug message
    - cifs: fix missing display of three mount options
    - md/bitmap: Fix bitmap chunk size overflow issues
    - efi: Add iMac Pro 2017 to uefi skip cert quirk
    - ipmi: fix long wait in unload when IPMI disconnect
    - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type()
    - ima: Fix a potential NULL pointer access in ima_restore_measurement_list
    - ipmi: fix use after free in _ipmi_destroy_user()
    - PCI: Fix pci_device_is_present() for VFs by checking PF
    - PCI/sysfs: Fix double free in error path
    - crypto: n2 - add missing hash statesize
    - iommu/amd: Fix ivrs_acpihid cmdline parsing code
    - parisc: led: Fix potential null-ptr-deref in start_task()
    - device_cgroup: Roll back to original exceptions after copy failure
    - drm/connector: send hotplug uevent on connector cleanup
    - drm/vmwgfx: Validate the box size for the snooped cursor
    - ext4: add inode table check in __ext4_get_inode_loc to aovid possible
      infinite loop
    - ext4: fix undefined behavior in bit shift for ext4_check_flag_values
    - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
    - ext4: add helper to check quota inums
    - ext4: fix reserved cluster accounting in __es_remove_extent()
    - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
    - ext4: init quota for 'old.inode' in 'ext4_rename'
    - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
    - ext4: fix corruption when online resizing a 1K bigalloc fs
    - ext4: fix error code return to user-space in ext4_get_branch()
    - ext4: avoid BUG_ON when creating xattrs
    - ext4: fix inode leak in ext4_xattr_inode_create() on an error path
    - ext4: initialize quota before expanding inode in setproject ioctl
    - ext4: avoid unaccounted block allocation when expanding inode
    - ext4: allocate extended attribute value in vmalloc area
    - btrfs: replace strncpy() with strscpy()
    - PM/devfreq: governor: Add a private governor_data for governor
    - media: s5p-mfc: Fix to handle reference queue during finishing
    - media: s5p-mfc: Clear workbit to handle error condition
    - media: s5p-mfc: Fix in register read and write for H264
    - dm thin: resume even if in FAIL mode
    - perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
    - perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged
      data
    - KVM: x86: optimize more exit handlers in vmx.c
    - KVM: retpolines: x86: eliminate retpoline from vmx.c exit handlers
    - KVM: VMX: Rename INTERRUPT_PENDING to INTERRUPT_WINDOW
    - KVM: VMX: Rename NMI_PENDING to NMI_WINDOW
    - KVM: VMX: Fix the spelling of CPU_BASED_USE_TSC_OFFSETTING
    - KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1
    - ravb: Fix "failed to switch device to config mode" message during unbind
    - ext4: goto right label 'failed_mount3a'
    - ext4: correct inconsistent error msg in nojournal mode
    - mm/highmem: Lift memcpy_[to|from]_page to core
    - ext4: use memcpy_to_page() in pagecache_write()
    - fs: ext4: initialize fsdata in pagecache_write()
    - ext4: use kmemdup() to replace kmalloc + memcpy
    - mbcache: don't reclaim used entries
    - mbcache: add functions to delete entry if unused
    - ext4: remove EA inode entry from mbcache on inode eviction
    - ext4: unindent codeblock in ext4_xattr_block_set()
    - ext4: fix race when reusing xattr blocks
    - mbcache: automatically delete entries from cache on freeing
    - ext4: fix deadlock due to mbcache entry corruption
    - SUNRPC: ensure the matching upcall is in-flight upon downcall
    - bpf: pull before calling skb_postpull_rcsum()
    - nfsd: shut down the NFSv4 state objects before the filecache
    - net: hns3: add interrupts re-initialization while doing VF FLR
    - net: sched: fix memory leak in tcindex_set_parms
    - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
    - nfc: Fix potential resource leaks
    - vhost: fix range used in translate_desc()
    - net: amd-xgbe: add missed tasklet_kill
    - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
    - RDMA/uverbs: Silence shiftTooManyBitsSigned warning
    - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
    - net: sched: atm: dont intepret cls results when asked to drop
    - net: sched: cbq: dont intepret cls results when asked to drop
    - perf tools: Fix resources leak in perf_data__open_dir()
    - drivers/net/bonding/bond_3ad: return when there's no aggregator
    - usb: rndis_host: Secure rndis_query check against int overflow
    - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin()
    - caif: fix memory leak in cfctrl_linkup_request()
    - udf: Fix extension of the last extent in the file
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet
    - x86/bugs: Flush IBP in ib_prctl_set()
    - nfsd: fix handling of readdir in v4root vs. mount upcall timeout
    - riscv: uaccess: fix type of 0 variable on error in get_user()
    - ext4: don't allow journal inode to have encrypt flag
    - hfs/hfsplus: use WARN_ON for sanity check
    - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
    - mbcache: Avoid nesting of cache->c_list_lock under bit locks
    - parisc: Align parisc MADV_XXX constants with all other architectures
    - selftests: Fix kselftest O=objdir build from cluttering top level objdir
    - selftests: set the BUILD variable to absolute path
    - driver core: Fix bus_type.match() error handling in __driver_attach()
    - net: sched: disallow noqueue for qdisc classes
    - KVM: arm64: Fix S1PTW handling on RO memslots
    - efi: tpm: Avoid READ_ONCE() for accessing the event log
    - docs: Fix the docs build with Sphinx 6.0
    - perf auxtrace: Fix address filter duplicate symbol selection
    - s390/kexec: fix ipl report address for kdump
    - s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
    - net/ulp: prevent ULP without clone op from entering the LISTEN status
    - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list
    - cifs: Fix uninitialized memory read for smb311 posix symlink create
    - drm/msm/adreno: Make adreno quirks not overwrite each other
    - platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during
      probe
    - ixgbe: fix pci device refcount leak
    - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
    - wifi: wilc1000: sdio: fix module autoloading
    - usb: ulpi: defer ulpi_register on ulpi_read_id timeout
    - jbd2: use the correct print format
    - quota: Factor out setup of quota inode
    - ext4: fix bug_on in __es_tree_search caused by bad quota inode
    - ext4: lost matching-pair of trace in ext4_truncate
    - ext4: fix use-after-free in ext4_orphan_cleanup
    - ext4: fix uninititialized value in 'ext4_evict_inode'
    - netfilter: ipset: Fix overflow before widen in the bitmap_ip_create()
      function.
    - powerpc/imc-pmu: Fix use of mutex in IRQs disabled section
    - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
    - EDAC/device: Fix period calculation in edac_device_reset_delay_period()
    - regulator: da9211: Use irq handler when ready
    - tipc: improve throughput between nodes in netns
    - tipc: eliminate checking netns if node established
    - tipc: fix unexpected link reset due to discovery messages
    - hvc/xen: lock console list traversal
    - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
    - net/sched: act_mpls: Fix warning during failed attribute validation
    - net/mlx5: Rename ptp clock info
    - net/mlx5: Fix ptp max frequency adjustment range
    - iommu/mediatek-v1: Add error handle for mtk_iommu_probe
    - iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe()
    - x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent
      unnecessary IPI
    - x86/resctrl: Fix task CLOSID/RMID update race
    - drm/virtio: Fix GEM handle creation UAF
    - arm64: atomics: format whitespace consistently
    - arm64: atomics: remove LL/SC trampolines
    - arm64: cmpxchg_double*: hazard against entire exchange variable
    - efi: fix NULL-deref in init error path
    - mm: Always release pages to the buddy allocator in memblock_free_late().
    - Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout"
    - tipc: fix use-after-free in tipc_disc_rcv()
    - tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasn't started
    - tipc: Add a missing case of TIPC_DIRECT_MSG type
    - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown
    - tipc: call tipc_lxc_xmit without holding node_read_lock
    - Linux 5.4.229

* Focal update: v5.4.229 upstream stable release (LP: #2003914) //
    CVE-2023-0266 was assigned for this issue.
    - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

* Focal update: v5.4.229 upstream stable release (LP: #2003914) //
    CVE-2022-41218 is assigned to those bugs above.
    - media: dvb-core: Fix UAF due to refcount races at releasing

* Focal update: v5.4.228 upstream stable release (LP: #2003904)
    - x86/smpboot: Move rcu_cpu_starting() earlier
    - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
    - block: unhash blkdev part inode when the part is deleted
    - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
    - pinctrl: meditatek: Startup with the IRQs disabled
    - can: sja1000: fix size of OCR_MODE_MASK define
    - can: mcba_usb: Fix termination command argument
    - ASoC: ops: Correct bounds check for second channel on SX controls
    - Linux 5.4.228

* Focal update: v5.4.227 upstream stable release (LP: #2003901)
    - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4
      series
    - arm: dts: rockchip: fix node name for hym8563 rtc
    - ARM: dts: rockchip: fix ir-receiver node names
    - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name
    - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels
    - ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation
    - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188
    - 9p/fd: Use P9_HDRSZ for header size
    - regulator: slg51000: Wait after asserting CS pin
    - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
    - btrfs: send: avoid unaligned encoded writes when attempting to clone range
    - ASoC: soc-pcm: Add NULL check in BE reparenting
    - regulator: twl6030: fix get status of twl6032 regulators
    - fbcon: Use kzalloc() in fbcon_prepare_logo()
    - 9p/xen: check logical size for buffer size
    - net: usb: qmi_wwan: add u-blox 0x1342 composition
    - mm/khugepaged: take the right locks for page table retraction
    - mm/khugepaged: fix GUP-fast interaction by sending IPI
    - mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
    - xen/netback: do some code cleanup
    - xen/netback: don't call kfree_skb() with interrupts disabled
    - Revert "net: dsa: b53: Fix valid setting for MDB entries"
    - media: v4l2-dv-timings.c: fix too strict blanking sanity checks
    - memcg: fix possible use-after-free in memcg_write_event_control()
    - mm/gup: fix gup_pud_range() for dax
    - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
    - drm/shmem-helper: Remove errant put in error path
    - HID: usbhid: Add ALWAYS_POLL quirk for some mice
    - HID: hid-lg4ff: Add check for empty lbuf
    - HID: core: fix shift-out-of-bounds in hid_report_raw_event
    - can: af_can: fix NULL pointer dereference in can_rcv_filter
    - ieee802154: cc2520: Fix error return code in cc2520_hw_init()
    - ca8210: Fix crash by zero initializing data
    - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug
    - gpio: amd8111: Fix PCI device reference count leak
    - e1000e: Fix TX dispatch condition
    - igb: Allocate MSI-X vector when testing
    - af_unix: Get user_ns from in_skb in unix_diag_get_exact().
    - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn()
    - Bluetooth: Fix not cleanup led when bt_init fails
    - net: dsa: ksz: Check return value
    - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload
    - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
    - net: encx24j600: Add parentheses to fix precedence
    - net: encx24j600: Fix invalid logic in reading of MISTAT register
    - xen-netfront: Fix NULL sring after live migration
    - net: mvneta: Prevent out of bounds read in mvneta_config_rss()
    - i40e: Fix not setting default xps_cpus after reset
    - i40e: Fix for VF MAC address 0
    - i40e: Disallow ip4 and ip6 l4_4_bytes
    - NFC: nci: Bounds check struct nfc_target arrays
    - nvme initialize core quirks before calling nvme_init_subsystem
    - net: stmmac: fix "snps,axi-config" node property parsing
    - net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq
    - net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
    - net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
    - tipc: Fix potential OOB in tipc_link_proto_rcv()
    - ipv4: Fix incorrect route flushing when source address is deleted
    - ipv4: Fix incorrect route flushing when table ID 0 is used
    - ethernet: aeroflex: fix potential skb leak in greth_init_rings()
    - net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq()
    - ipv6: avoid use-after-free in ip6_fragment()
    - net: mvneta: Fix an out of bounds check
    - can: esd_usb: Allow REC and TEC to return to zero
    - Linux 5.4.227

* 5.15.0-58.64 breaks xen bridge networking (pvh domU) (LP: #2002889) // Focal
    update: v5.4.227 upstream stable release (LP: #2003901)
    - xen/netback: fix build warning

* Focal update: v5.4.226 upstream stable release (LP: #2003896)
    - wifi: mac80211: fix memory free error when registering wiphy fail
    - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
    - audit: fix undefined behavior in bit shift for AUDIT_BIT
    - wifi: mac80211: Fix ack frame idr leak when mesh has no route
    - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
    - drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
    - block, bfq: fix null pointer dereference in bfq_bio_bfqg()
    - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
    - RISC-V: vdso: Do not add missing symbols to version section in linker script
    - MIPS: pic32: treat port as signed integer
    - af_key: Fix send_acquire race with pfkey_register
    - ARM: dts: am335x-pcm-953: Define fixed regulators in root node
    - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
    - regulator: core: fix kobject release warning and memory leak in
      regulator_register()
    - regulator: core: fix UAF in destroy_regulator()
    - bus: sunxi-rsb: Support atomic transfers
    - tee: optee: fix possible memory leak in optee_register_device()
    - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
    - net: liquidio: simplify if expression
    - nfc/nci: fix race with opening and closing
    - net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
    - 9p/fd: fix issue of list_del corruption in p9_fd_cancel()
    - ARM: mxs: fix memory leak in mxs_machine_init()
    - net/mlx4: Check retval of mlx4_bitmap_init
    - net/qla3xxx: fix potential memleak in ql3xxx_send()
    - net: pch_gbe: fix pci device refcount leak while module exiting
    - nfp: add port from netdev validation for EEPROM access
    - Drivers: hv: vmbus: fix double free in the error path of
      vmbus_add_channel_work()
    - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
    - net/mlx5: Fix FW tracer timestamp calculation
    - tipc: set con sock in tipc_conn_alloc
    - tipc: add an extra conn_get in tipc_conn_alloc
    - tipc: check skb_linearize() return value in tipc_disc_rcv()
    - xfrm: Fix ignored return value in xfrm6_init()
    - NFC: nci: fix memory leak in nci_rx_data_packet()
    - regulator: twl6030: re-add TWL6032_SUBCLASS
    - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
    - dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
    - s390/dasd: fix no record found for raw_track_access
    - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
    - nfc: st-nci: fix memory leaks in EVT_TRANSACTION
    - net: thunderx: Fix the ACPI memory leak
    - s390/crashdump: fix TOD programmable field size
    - lib/vdso: use "grep -E" instead of "egrep"
    - usb: dwc3: exynos: Fix remove() function
    - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
    - iio: light: apds9960: fix wrong register for gesture gain
    - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
    - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
    - nios2: add FORCE for vmlinuz.gz
    - iio: ms5611: Simplify IO callback parameters
    - iio: pressure: ms5611: fixed value compensation bug
    - ceph: do not update snapshot context when there is no new snapshot
    - ceph: avoid putting the realm twice when decoding snaps fails
    - firmware: google: Release devices before unregistering the bus
    - firmware: coreboot: Register bus in module init
    - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
    - gcov: clang: fix the buffer overflow issue
    - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
    - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
    - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
    - xen/platform-pci: add missing free_irq() in error path
    - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
    - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
    - platform/x86: hp-wmi: Ignore Smart Experience App event
    - [Config] updateconfigs for INET_TABLE_PERTURB_ORDER
    - tcp: configurable source port perturb table size
    - net: usb: qmi_wwan: add Telit 0x103a composition
    - dm integrity: flush the journal on suspend
    - binder: avoid potential data leakage when copying txn
    - binder: read pre-translated fds from sender buffer
    - binder: defer copies of pre-patched txn data
    - binder: fix pointer cast warning
    - binder: Address corner cases in deferred copy and fixup
    - binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0
    - btrfs: free btrfs_path before copying root refs to userspace
    - btrfs: free btrfs_path before copying fspath to userspace
    - btrfs: free btrfs_path before copying subvol info to userspace
    - btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs()
    - drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
    - drm/amdgpu: always register an MMU notifier for userptr
    - fuse: lock inode unconditionally in fuse_fallocate()
    - btrfs: free btrfs_path before copying inodes to userspace
    - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock
    - btrfs: move QUOTA_ENABLED check to rescan_should_stop from
      btrfs_qgroup_rescan_worker
    - drm/amdgpu: update drm_display_info correctly when the edid is read
    - drm/amdgpu: Partially revert "drm/amdgpu: update drm_display_info correctly
      when the edid is read"
    - btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
    - iio: health: afe4403: Fix oob read in afe4403_read_raw
    - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
    - iio: light: rpr0521: add missing Kconfig dependencies
    - scripts/faddr2line: Fix regression in name resolution on ppc64le
    - hwmon: (i5500_temp) fix missing pci_disable_device()
    - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
    - of: property: decrement node refcount in of_fwnode_get_reference_args()
    - net/mlx5: Fix uninitialized variable bug in outlen_write()
    - net/mlx5e: Fix use-after-free when reverting termination table
    - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
    - can: cc770: cc770_isa_probe(): add missing free_cc770dev()
    - qlcnic: fix sleep-in-atomic-context bugs caused by msleep
    - wifi: cfg80211: fix buffer overflow in elem comparison
    - net: phy: fix null-ptr-deref while probe() failed
    - net: net_netdev: Fix error handling in ntb_netdev_init_module()
    - net/9p: Fix a potential socket leak in p9_socket_open
    - net: ethernet: nixge: fix NULL dereference
    - dsa: lan9303: Correct stat name
    - net: hsr: Fix potential use-after-free
    - afs: Fix fileserver probe RTT handling
    - net: tun: Fix use-after-free in tun_detach()
    - packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
    - sctp: fix memory leak in sctp_stream_outq_migrate()
    - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
    - hwmon: (coretemp) Check for null before removing sysfs attrs
    - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
    - net/mlx5: DR, Fix uninitialized var warning
    - error-injection: Add prompt for function error injection
    - tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep"
    - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
    - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3
    - pinctrl: intel: Save and restore pins in "direct IRQ" mode
    - mmc: mmc_test: Fix removal of debugfs file
    - mmc: core: Fix ambiguous TRIM and DISCARD arg
    - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check
    - mmc: sdhci-sprd: Fix no reset data and command after voltage switch
    - tracing: Free buffers when a used dynamic event is removed
    - arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM
      vectors
    - arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72
    - mm: Fix '.data.once' orphan section warning
    - ASoC: ops: Fix bounds check for _sx controls
    - pinctrl: single: Fix potential division by zero
    - iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
    - parisc: Increase size of gcc stack frame check
    - xtensa: increase size of gcc stack frame check
    - parisc: Increase FRAME_WARN to 2048 bytes on parisc
    - Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is
      enabled
    - selftests: net: add delete nexthop route warning test
    - selftests: net: fix nexthop warning cleanup double ip typo
    - ipv4: Handle attempt to delete multipath route when fib_info contains an nh
      reference
    - ipv4: Fix route deletion when nexthop info is not specified
    - tracing/ring-buffer: Have polling block on watermark
    - nvme: restrict management ioctls to admin
    - nvme: ensure subsystem reset is single threaded
    - x86/tsx: Add a feature bit for TSX control MSR support
    - x86/pm: Add enumeration check before spec MSRs save/restore setup
    - x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
    - Revert "clocksource/drivers/riscv: Events are stopped during CPU suspend"
    - char: tpm: Protect tpm_pm_suspend with locks
    - mmc: sdhci: use FIELD_GET for preset value bit masks
    - mmc: sdhci: Fix voltage switch delay
    - proc: avoid integer type confusion in get_proc_long
    - proc: proc_skip_spaces() shouldn't think it is working on C strings
    - v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails
    - ipc/sem: Fix dangling sem_array access in semtimedop race
    - Linux 5.4.226

* CVE-2022-4139
    - drm/i915: fix TLB invalidation for Gen12 video and compute engines

* Focal update: v5.4.225 upstream stable release (LP: #2002347)
    - xfs: preserve rmapbt swapext block reservation from freed blocks
    - xfs: rename xfs_bmap_is_real_extent to is_written_extent
    - xfs: redesign the reflink remap loop to fix blkres depletion crash
    - xfs: use MMAPLOCK around filemap_map_pages()
    - xfs: preserve inode versioning across remounts
    - xfs: drain the buf delwri queue before xfsaild idles
    - phy: stm32: fix an error code in probe
    - wifi: cfg80211: silence a sparse RCU warning
    - wifi: cfg80211: fix memory leak in query_regdb_file()
    - bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues
    - HID: hyperv: fix possible memory leak in mousevsc_probe()
    - net: gso: fix panic on frag_list with mixed head alloc types
    - net: tun: Fix memory leaks of napi_get_frags
    - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal()
    - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
    - net: fman: Unregister ethernet device on removal
    - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
    - net: lapbether: fix issue of dev reference count leakage in
      lapbeth_device_event()
    - hamradio: fix issue of dev reference count leakage in bpq_device_event()
    - drm/vc4: Fix missing platform_unregister_drivers() call in
      vc4_drm_register()
    - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
    - can: af_can: fix NULL pointer dereference in can_rx_register()
    - tipc: fix the msg->req tlv len check in
      tipc_nl_compat_name_table_dump_header
    - dmaengine: pxa_dma: use platform_get_irq_optional
    - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
    - drivers: net: xgene: disable napi when register irq failed in
      xgene_enet_open()
    - perf stat: Fix printing os->prefix in CSV metrics output
    - net: nixge: disable napi when enable interrupts failed in nixge_open()
    - net/mlx5: Allow async trigger completion execution on single CPU systems
    - net: cpsw: disable napi in cpsw_ndo_open()
    - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
    - cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in
      cxgb4vf_open()
    - ethernet: s2io: disable napi when start nic failed in s2io_card_up()
    - net: mv643xx_eth: disable napi when init rxq or txq failed in
      mv643xx_eth_open()
    - ethernet: tundra: free irq when alloc ring failed in tsi108_open()
    - net: macvlan: fix memory leaks of macvlan_common_newlink
    - riscv: process: fix kernel info leakage
    - arm64: efi: Fix handling of misaligned runtime regions and drop warning
    - MIPS: jump_label: Fix compat branch range check
    - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
    - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI
    - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI
    - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK
    - ALSA: hda: fix potential memleak in 'add_widget_node'
    - ALSA: usb-audio: Add quirk entry for M-Audio Micro
    - ALSA: usb-audio: Add DSD support for Accuphase DAC-60
    - vmlinux.lds.h: Fix placement of '.data..decrypted' section
    - nilfs2: fix deadlock in nilfs_count_free_blocks()
    - nilfs2: fix use-after-free bug of ns_writer on remount
    - drm/i915/dmabuf: fix sg_table handling in map_dma_buf
    - btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
    - udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
    - can: j1939: j1939_send_one(): fix missing CAN header initialization
    - cert host tools: Stop complaining about deprecated OpenSSL functions
    - dmaengine: at_hdmac: Fix at_lli struct definition
    - dmaengine: at_hdmac: Don't start transactions at tx_submit level
    - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
    - dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
    - dmaengine: at_hdmac: Fix impossible condition
    - dmaengine: at_hdmac: Check return code of dma_async_device_register
    - net: tun: call napi_schedule_prep() to ensure we own a napi
    - x86/cpu: Restore AMD's DE_CFG MSR after resume
    - ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in
      wm5102_probe"
    - ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in
      wm5110_probe"
    - ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in
      wm8997_probe"
    - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK
    - spi: intel: Fix the offset to get the 64K erase opcode
    - ASoC: codecs: jz4725b: add missed Line In power control bit
    - ASoC: codecs: jz4725b: fix reported volume for Master ctl
    - ASoC: codecs: jz4725b: use right control for Capture Volume
    - ASoC: codecs: jz4725b: fix capture selector naming
    - selftests/futex: fix build for clang
    - selftests/intel_pstate: fix build for ARCH=x86_64
    - NFSv4: Retry LOCK on OLD_STATEID during delegation return
    - i2c: i801: add lis3lv02d's I2C address for Vostro 5568
    - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
    - btrfs: remove pointless and double ulist frees in error paths of qgroup
      tests
    - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" ->
      "Route"
    - spi: stm32: Print summary 'callbacks suppressed' message
    - ASoC: core: Fix use-after-free in snd_soc_exit()
    - serial: 8250_omap: remove wait loop from Errata i202 workaround
    - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove()
    - serial: 8250: omap: Flush PM QOS work on remove
    - serial: imx: Add missing .thaw_noirq hook
    - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
    - ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
    - block: sed-opal: kmalloc the cmd/resp buffers
    - siox: fix possible memory leak in siox_device_add()
    - parport_pc: Avoid FIFO port location truncation
    - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
    - arm64: dts: imx8mm: Fix NAND controller size-cells
    - arm64: dts: imx8mn: Fix NAND controller size-cells
    - ata: libata-transport: fix double ata_host_put() in ata_tport_add()
    - net: bgmac: Drop free_netdev() from bgmac_enet_remove()
    - mISDN: fix possible memory leak in mISDN_dsp_element_register()
    - net: liquidio: release resources when liquidio driver open failed
    - mISDN: fix misuse of put_device() in mISDN_register_device()
    - net: macvlan: Use built-in RCU list checking
    - net: caif: fix double disconnect client in chnl_net_open()
    - bnxt_en: Remove debugfs when pci_register_driver failed
    - xen/pcpu: fix possible memory leak in register_pcpu()
    - drbd: use after free in drbd_create_device()
    - platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when
      virtualized
    - net/x25: Fix skb leak in x25_lapb_receive_frame()
    - cifs: Fix wrong return value checking when GETFLAGS
    - net: thunderbolt: Fix error handling in tbnet_init()
    - cifs: add check for returning value of SMB2_set_info_init
    - ftrace: Fix the possible incorrect kernel message
    - ftrace: Optimize the allocation for mcount entries
    - ftrace: Fix null pointer dereference in ftrace_add_mod()
    - ring_buffer: Do not deactivate non-existant pages
    - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
    - Revert "usb: dwc3: disable USB core PHY management"
    - slimbus: stream: correct presence rate frequencies
    - speakup: fix a segfault caused by switching consoles
    - USB: serial: option: add Sierra Wireless EM9191
    - USB: serial: option: remove old LARA-R6 PID
    - USB: serial: option: add u-blox LARA-R6 00B modem
    - USB: serial: option: add u-blox LARA-L6 modem
    - USB: serial: option: add Fibocom FM160 0x0111 composition
    - usb: add NO_LPM quirk for Realforce 87U Keyboard
    - usb: chipidea: fix deadlock in ci_otg_del_timer
    - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
    - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
    - iio: pressure: ms5611: changed hardcoded SPI speed to value limited
    - dm ioctl: fix misbehavior if list_versions races with module loading
    - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
    - serial: 8250_lpss: Configure DMA also w/o DMA filter
    - Input: iforce - invert valid length check when fetching device IDs
    - scsi: zfcp: Fix double free of FSF request when qdio send fails
    - mmc: core: properly select voltage range without power cycle
    - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce
      timeout
    - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
    - docs: update mediator contact information in CoC doc
    - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
    - serial: 8250: Flush DMA Rx on RLSI
    - ring-buffer: Include dropped pages in counting dirty patches
    - scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
    - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case
    - Input: i8042 - fix leaking of platform device on module removal
    - macvlan: enforce a consistent minimal mtu
    - tcp: cdg: allow tcp_cdg_release() to be called multiple times
    - kcm: avoid potential race in kcm_tx_work
    - bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
    - kcm: close race conditions on sk_receive_queue
    - 9p: trans_fd/p9_conn_cancel: drop client lock earlier
    - gfs2: Check sb_bsize_shift after reading superblock
    - gfs2: Switch from strlcpy to strscpy
    - 9p/trans_fd: always use O_NONBLOCK read/write
    - mm: fs: initialize fsdata passed to write_begin/write_end interface
    - ntfs: fix use-after-free in ntfs_attr_find()
    - ntfs: fix out-of-bounds read in ntfs_attr_find()
    - ntfs: check overflow when iterating ATTR_RECORDs
    - Linux 5.4.225

* CVE-2022-47520
    - wifi: wilc1000: validate pairwise and authentication suite offsets

* CVE-2022-3545
    - nfp: fix use-after-free in area_cache_get()

-- Stefan Bader <stefan.bader@canonical.com>  Fri, 03 Feb 2023 15:30:55 +0100

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Revision history for this message

Brian Murray (brian-murray) wrote on 2023-06-05: [linux-azure-cvm/focal] verification still needed

The fix for this bug has been awaiting testing feedback in the -proposed repository for focal for more than 90 days. Please test this fix and update the bug appropriately with the results. In the event that the fix for this bug is still not verified 15 days from now, the package will be removed from the -proposed repository.

tags:

added: removal-candidate

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package