Bug #2004339 “jammy/linux-raspi: 5.15.0-1025.27 -proposed tracke...” : Bugs : Kernel SRU Workflow

Stefan Bader (smb) on 2023-01-31

tags:	added: kernel-release-tracking-bug-live
description:	updated
tags:	added: kernel-sru-cycle-2023.01.30-1
description:	updated
tags:	added: kernel-sru-derivative-of-2004344
Changed in kernel-sru-workflow:
status:	New → Confirmed
importance:	Undecided → Medium

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-01-31

Changed in linux-raspi (Ubuntu Jammy):
importance:	Undecided → Medium
Changed in kernel-sru-workflow:
status:	Confirmed → Triaged

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-01-31

description:	updated
Changed in kernel-sru-workflow:
status:	Triaged → In Progress

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-01-31

tags:	added: kernel-jira-issue-ksru-6456
description:	updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-03

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-03

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-07

description:

updated

Juerg Haefliger (juergh) on 2023-02-16

summary:

- jammy/linux-raspi: <version to be filled> -proposed tracker
+ jammy/linux-raspi: 5.15.0-1025.27 -proposed tracker

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-16

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-16

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-16

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-16

description:	updated
description:	updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-16

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-17

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-17

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-17

description:

updated

Andy Whitcroft (apw) on 2023-02-17

tags:

added: kernel-signing-bot

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-17

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-17

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-17

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-17

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-17

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-18

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-18

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-18

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-20

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-23

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-28

description:

updated

Revision history for this message

Devices Certification Bot (ce-certification-qa) wrote on 2023-03-01:

#1

Kernel deb testing completes, no regressions found. Ready for Updates. Results here: https://trello.com/c/CfI3w0WU/2888-jammy-raspi-linux-image-5150-1025-raspi-5150-102527

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-01

description:

updated

Revision history for this message

Juerg Haefliger (juergh) wrote on 2023-03-06:

#2

Signing key rotation doesn't affect raspi.

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-06

description:

updated

Juerg Haefliger (juergh) on 2023-03-06

tags:

added: verification-done-jammy

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-06

description:	updated
description:	updated

Juerg Haefliger (juergh) on 2023-03-06

tags:	removed: verification-done-jammy
tags:	added: verification-testing-passed

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-06

description:

updated

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-03-06:

#3

Download full text (51.6 KiB)

This bug was fixed in the package linux-raspi - 5.15.0-1025.27

---------------
linux-raspi (5.15.0-1025.27) jammy; urgency=medium

* jammy/linux-raspi: 5.15.0-1025.27 -proposed tracker (LP: #2004339)

  * Jammy update: v5.15.81 upstream stable release (LP: #2003130)
    - [Config] raspi: updateconfigs for CC_HAS_ASM_GOTO_TIED_OUTPUT
    - [Config] raspi: updateconfigs for INET_TABLE_PERTURB_ORDER

[ Ubuntu: 5.15.0-66.73 ]

  * jammy/linux: 5.15.0-66.73 -proposed tracker (LP: #2004636)
  * CVE-2023-0461
    - SAUCE: Fix inet_csk_listen_start after CVE-2023-0461

[ Ubuntu: 5.15.0-65.72 ]

  * jammy/linux: 5.15.0-65.72 -proposed tracker (LP: #2004344)
  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - debian/dkms-versions -- update from kernel-versions (main/2023.01.30)
  * NFS: client permission error after adding user to permissible group
    (LP: #2003053)
    - NFS: Clear the file access cache upon login
    - NFS: Judge the file access cache's timestamp in rcu path
    - NFS: Fix up a sparse warning
  * Fix W6400 hang after resume of S3 stress (LP: #2000299)
    - drm/amd/display: Manually adjust strobe for DCN303
  * Rear Audio port sometimes has no audio output after reboot(Cirrus Logic)
    (LP: #1998905)
    - ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock.
  * CVE-2022-20369
    - NFSD: fix use-after-free in __nfs42_ssc_open()
  * CVE-2023-0461
    - net/ulp: prevent ULP without clone op from entering the LISTEN status
    - net/ulp: use consistent error code when blocking ULP
  * CVE-2023-0179
    - netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
  * Jammy update: v5.15.85 upstream stable release (LP: #2003139)
    - udf: Discard preallocation before extending file with a hole
    - udf: Fix preallocation discarding at indirect extent boundary
    - udf: Do not bother looking for prealloc extents if i_lenExtents matches
      i_size
    - udf: Fix extending file within last block
    - usb: gadget: uvc: Prevent buffer overflow in setup handler
    - USB: serial: option: add Quectel EM05-G modem
    - USB: serial: cp210x: add Kamstrup RF sniffer PIDs
    - USB: serial: f81232: fix division by zero on line-speed change
    - USB: serial: f81534: fix division by zero on line-speed change
    - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N
    - igb: Initialize mailbox message for VF reset
    - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system
      for Raptor Lake
    - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk
    - selftests: net: Use "grep -E" instead of "egrep"
    - net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
    - Linux 5.15.85
  * Jammy update: v5.15.84 upstream stable release (LP: #2003137)
    - x86/vdso: Conditionally export __vdso_sgx_enter_enclave()
    - vfs: fix copy_file_range() averts filesystem freeze protection
    - ASoC: fsl_micfil: explicitly clear software reset bit
    - ASoC: fsl_micfil: explicitly clear CHnF flags
    - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
    - libbpf: Use page size as max_entries when probing ring buffer map
    - pinctrl: medit...

This bug was fixed in the package linux-raspi - 5.15.0-1025.27

---------------
linux-raspi (5.15.0-1025.27) jammy; urgency=medium

* jammy/linux-raspi: 5.15.0-1025.27 -proposed tracker (LP: #2004339)

* Jammy update: v5.15.81 upstream stable release (LP: #2003130)
    - [Config] raspi: updateconfigs for CC_HAS_ASM_GOTO_TIED_OUTPUT
    - [Config] raspi: updateconfigs for INET_TABLE_PERTURB_ORDER

[ Ubuntu: 5.15.0-66.73 ]

* jammy/linux: 5.15.0-66.73 -proposed tracker (LP: #2004636)
  * CVE-2023-0461
    - SAUCE: Fix inet_csk_listen_start after CVE-2023-0461

[ Ubuntu: 5.15.0-65.72 ]

* jammy/linux: 5.15.0-65.72 -proposed tracker (LP: #2004344)
  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - debian/dkms-versions -- update from kernel-versions (main/2023.01.30)
  * NFS: client permission error after adding user to permissible group
    (LP: #2003053)
    - NFS: Clear the file access cache upon login
    - NFS: Judge the file access cache's timestamp in rcu path
    - NFS: Fix up a sparse warning
  * Fix W6400 hang after resume of S3 stress (LP: #2000299)
    - drm/amd/display: Manually adjust strobe for DCN303
  * Rear Audio port sometimes has no audio output after reboot(Cirrus Logic)
    (LP: #1998905)
    - ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock.
  * CVE-2022-20369
    - NFSD: fix use-after-free in __nfs42_ssc_open()
  * CVE-2023-0461
    - net/ulp: prevent ULP without clone op from entering the LISTEN status
    - net/ulp: use consistent error code when blocking ULP
  * CVE-2023-0179
    - netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
  * Jammy update: v5.15.85 upstream stable release (LP: #2003139)
    - udf: Discard preallocation before extending file with a hole
    - udf: Fix preallocation discarding at indirect extent boundary
    - udf: Do not bother looking for prealloc extents if i_lenExtents matches
      i_size
    - udf: Fix extending file within last block
    - usb: gadget: uvc: Prevent buffer overflow in setup handler
    - USB: serial: option: add Quectel EM05-G modem
    - USB: serial: cp210x: add Kamstrup RF sniffer PIDs
    - USB: serial: f81232: fix division by zero on line-speed change
    - USB: serial: f81534: fix division by zero on line-speed change
    - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N
    - igb: Initialize mailbox message for VF reset
    - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system
      for Raptor Lake
    - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk
    - selftests: net: Use "grep -E" instead of "egrep"
    - net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
    - Linux 5.15.85
  * Jammy update: v5.15.84 upstream stable release (LP: #2003137)
    - x86/vdso: Conditionally export __vdso_sgx_enter_enclave()
    - vfs: fix copy_file_range() averts filesystem freeze protection
    - ASoC: fsl_micfil: explicitly clear software reset bit
    - ASoC: fsl_micfil: explicitly clear CHnF flags
    - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
    - libbpf: Use page size as max_entries when probing ring buffer map
    - pinctrl: meditatek: Startup with the IRQs disabled
    - can: sja1000: fix size of OCR_MODE_MASK define
    - can: mcba_usb: Fix termination command argument
    - net: fec: don't reset irq coalesce settings to defaults on "ip link up"
    - ASoC: cs42l51: Correct PGA Volume minimum value
    - perf: Fix perf_pending_task() UaF
    - nvme-pci: clear the prp2 field when not used
    - ASoC: ops: Correct bounds check for second channel on SX controls
    - net: fec: properly guard irq coalesce setup
    - Linux 5.15.84
  * Jammy update: v5.15.83 upstream stable release (LP: #2003134)
    - clk: generalize devm_clk_get() a bit
    - clk: Provide new devm_clk helpers for prepared and enabled clocks
    - mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse()
    - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4
      series
    - arm: dts: rockchip: fix node name for hym8563 rtc
    - arm: dts: rockchip: remove clock-frequency from rtc
    - ARM: dts: rockchip: fix ir-receiver node names
    - arm64: dts: rockchip: fix ir-receiver node names
    - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name
    - fs: use acquire ordering in __fget_light()
    - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels
    - ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation
    - ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register
    - spi: mediatek: Fix DEVAPC Violation at KO Remove
    - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188
    - ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine
      transitions
    - 9p/fd: Use P9_HDRSZ for header size
    - regulator: slg51000: Wait after asserting CS pin
    - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
    - selftests/net: Find nettest in current directory
    - btrfs: send: avoid unaligned encoded writes when attempting to clone range
    - ASoC: soc-pcm: Add NULL check in BE reparenting
    - regulator: twl6030: fix get status of twl6032 regulators
    - fbcon: Use kzalloc() in fbcon_prepare_logo()
    - usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer
    - 9p/xen: check logical size for buffer size
    - net: usb: qmi_wwan: add u-blox 0x1342 composition
    - mm/khugepaged: take the right locks for page table retraction
    - mm/khugepaged: fix GUP-fast interaction by sending IPI
    - mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
    - rtc: mc146818-lib: extract mc146818_avoid_UIP
    - rtc: cmos: avoid UIP when writing alarm time
    - rtc: cmos: avoid UIP when reading alarm time
    - cifs: fix use-after-free caused by invalid pointer `hostname`
    - drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read()
    - xen/netback: do some code cleanup
    - xen/netback: don't call kfree_skb() with interrupts disabled
    - media: videobuf2-core: take mmap_lock in vb2_get_unmapped_area()
    - soundwire: intel: Initialize clock stop timeout
    - media: v4l2-dv-timings.c: fix too strict blanking sanity checks
    - memcg: fix possible use-after-free in memcg_write_event_control()
    - mm/gup: fix gup_pud_range() for dax
    - Bluetooth: btusb: Add debug message for CSR controllers
    - Bluetooth: Fix crash when replugging CSR fake controllers
    - net: mana: Fix race on per-CQ variable napi work_done
    - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
    - drm/vmwgfx: Don't use screen objects when SEV is active
    - drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend
    - drm/shmem-helper: Remove errant put in error path
    - drm/shmem-helper: Avoid vm_open error paths
    - net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing()
    - HID: usbhid: Add ALWAYS_POLL quirk for some mice
    - HID: hid-lg4ff: Add check for empty lbuf
    - HID: core: fix shift-out-of-bounds in hid_report_raw_event
    - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10
    - can: af_can: fix NULL pointer dereference in can_rcv_filter
    - clk: Fix pointer casting to prevent oops in devm_clk_release()
    - gpiolib: improve coding style for local variables
    - gpiolib: check the 'ngpios' property in core gpiolib code
    - gpiolib: fix memory leak in gpiochip_setup_dev()
    - netfilter: nft_set_pipapo: Actually validate intervals in fields after the
      first one
    - drm/vmwgfx: Fix race issue calling pin_user_pages
    - ieee802154: cc2520: Fix error return code in cc2520_hw_init()
    - ca8210: Fix crash by zero initializing data
    - netfilter: ctnetlink: fix compilation warning after data race fixes in ct
      mark
    - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug
    - gpio: amd8111: Fix PCI device reference count leak
    - e1000e: Fix TX dispatch condition
    - igb: Allocate MSI-X vector when testing
    - net: broadcom: Add PTP_1588_CLOCK_OPTIONAL dependency for BCMGENET under
      ARCH_BCM2835
    - drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420
    - af_unix: Get user_ns from in_skb in unix_diag_get_exact().
    - vmxnet3: correctly report encapsulated LRO packet
    - vmxnet3: use correct intrConf reference when using extended queues
    - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn()
    - Bluetooth: Fix not cleanup led when bt_init fails
    - net: dsa: ksz: Check return value
    - net: dsa: hellcreek: Check return value
    - net: dsa: sja1105: Check return value
    - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload
    - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
    - net: encx24j600: Add parentheses to fix precedence
    - net: encx24j600: Fix invalid logic in reading of MISTAT register
    - net: mdiobus: fwnode_mdiobus_register_phy() rework error handling
    - net: mdiobus: fix double put fwnode in the error path
    - octeontx2-pf: Fix potential memory leak in otx2_init_tc()
    - xen-netfront: Fix NULL sring after live migration
    - net: mvneta: Prevent out of bounds read in mvneta_config_rss()
    - i40e: Fix not setting default xps_cpus after reset
    - i40e: Fix for VF MAC address 0
    - i40e: Disallow ip4 and ip6 l4_4_bytes
    - NFC: nci: Bounds check struct nfc_target arrays
    - nvme initialize core quirks before calling nvme_init_subsystem
    - gpio/rockchip: fix refcount leak in rockchip_gpiolib_register()
    - net: stmmac: fix "snps,axi-config" node property parsing
    - ip_gre: do not report erspan version on GRE interface
    - net: microchip: sparx5: Fix missing destroy_workqueue of mact_queue
    - net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq
    - net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
    - net: mdio: fix unbalanced fwnode reference count in mdio_device_release()
    - net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
    - tipc: Fix potential OOB in tipc_link_proto_rcv()
    - ipv4: Fix incorrect route flushing when source address is deleted
    - ipv4: Fix incorrect route flushing when table ID 0 is used
    - net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions()
    - tipc: call tipc_lxc_xmit without holding node_read_lock
    - ethernet: aeroflex: fix potential skb leak in greth_init_rings()
    - dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and
      dpaa2_switch_acl_entry_remove()
    - net: phy: mxl-gpy: fix version reporting
    - net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq()
    - ipv6: avoid use-after-free in ip6_fragment()
    - net: thunderbolt: fix memory leak in tbnet_open()
    - net: mvneta: Fix an out of bounds check
    - macsec: add missing attribute validation for offload
    - s390/qeth: fix various format strings
    - s390/qeth: fix use-after-free in hsci
    - can: esd_usb: Allow REC and TEC to return to zero
    - block: move CONFIG_BLOCK guard to top Makefile
    - io_uring: move to separate directory
    - io_uring: Fix a null-ptr-deref in io_tctx_exit_cb()
    - Linux 5.15.83
  * 5.15.0-58.64 breaks xen bridge networking (pvh domU) (LP: #2002889) // Jammy
    update: v5.15.83 upstream stable release (LP: #2003134)
    - xen/netback: fix build warning
  * Jammy update: v5.15.82 upstream stable release (LP: #2003132)
    - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored
    - drm/i915: Create a dummy object for gen6 ppgtt
    - drm/i915/gt: Use i915_vm_put on ppgtt_create error paths
    - erofs: fix order >= MAX_ORDER warning due to crafted negative i_size
    - btrfs: sink iterator parameter to btrfs_ioctl_logical_to_ino
    - btrfs: free btrfs_path before copying inodes to userspace
    - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock
    - btrfs: move QUOTA_ENABLED check to rescan_should_stop from
      btrfs_qgroup_rescan_worker
    - btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
    - drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code
    - drm/amdgpu: update drm_display_info correctly when the edid is read
    - drm/amdgpu: Partially revert "drm/amdgpu: update drm_display_info correctly
      when the edid is read"
    - iio: health: afe4403: Fix oob read in afe4403_read_raw
    - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
    - iio: light: rpr0521: add missing Kconfig dependencies
    - bpf, perf: Use subprog name when reporting subprog ksymbol
    - scripts/faddr2line: Fix regression in name resolution on ppc64le
    - ARM: at91: rm9200: fix usb device clock id
    - libbpf: Handle size overflow for ringbuf mmap
    - hwmon: (ltc2947) fix temperature scaling
    - hwmon: (ina3221) Fix shunt sum critical calculation
    - hwmon: (i5500_temp) fix missing pci_disable_device()
    - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
    - bpf: Do not copy spin lock field from user in bpf_selem_alloc
    - nvmem: rmem: Fix return value check in rmem_read()
    - of: property: decrement node refcount in of_fwnode_get_reference_args()
    - ixgbevf: Fix resource leak in ixgbevf_init_module()
    - i40e: Fix error handling in i40e_init_module()
    - fm10k: Fix error handling in fm10k_init_module()
    - iavf: remove redundant ret variable
    - iavf: Fix error handling in iavf_init_module()
    - e100: Fix possible use after free in e100_xmit_prepare
    - net/mlx5: DR, Fix uninitialized var warning
    - net/mlx5: Fix uninitialized variable bug in outlen_write()
    - net/mlx5e: Fix use-after-free when reverting termination table
    - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
    - can: cc770: cc770_isa_probe(): add missing free_cc770dev()
    - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev()
    - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods
    - can: m_can: Add check for devm_clk_get
    - qlcnic: fix sleep-in-atomic-context bugs caused by msleep
    - aquantia: Do not purge addresses when setting the number of rings
    - wifi: cfg80211: fix buffer overflow in elem comparison
    - wifi: cfg80211: don't allow multi-BSSID in S1G
    - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration
    - net: phy: fix null-ptr-deref while probe() failed
    - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe()
    - net: net_netdev: Fix error handling in ntb_netdev_init_module()
    - net/9p: Fix a potential socket leak in p9_socket_open
    - net: ethernet: nixge: fix NULL dereference
    - net: wwan: iosm: fix kernel test robot reported error
    - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type
    - dsa: lan9303: Correct stat name
    - tipc: re-fetch skb cb after tipc_msg_validate
    - net: hsr: Fix potential use-after-free
    - net: mdiobus: fix unbalanced node reference count
    - afs: Fix fileserver probe RTT handling
    - net: tun: Fix use-after-free in tun_detach()
    - packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
    - sctp: fix memory leak in sctp_stream_outq_migrate()
    - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
    - hwmon: (coretemp) Check for null before removing sysfs attrs
    - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
    - riscv: vdso: fix section overlapping under some conditions
    - riscv: mm: Proper page permissions after initmem free
    - ALSA: dice: fix regression for Lexicon I-ONIX FW810S
    - error-injection: Add prompt for function error injection
    - tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep"
    - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
    - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3
    - pinctrl: intel: Save and restore pins in "direct IRQ" mode
    - v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails
    - net: stmmac: Set MAC's flow control register to reflect current settings
    - mmc: mmc_test: Fix removal of debugfs file
    - mmc: core: Fix ambiguous TRIM and DISCARD arg
    - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check
    - mmc: sdhci-sprd: Fix no reset data and command after voltage switch
    - mmc: sdhci: Fix voltage switch delay
    - drm/amdgpu: temporarily disable broken Clang builds due to blown stack-frame
    - drm/amdgpu: enable Vangogh VCN indirect sram mode
    - drm/i915: Fix negative value passed as remaining time
    - drm/i915: Never return 0 if not all requests retired
    - tracing/osnoise: Fix duration type
    - tracing: Fix race where histograms can be called before the event
    - tracing: Free buffers when a used dynamic event is removed
    - io_uring: update res mask in io_poll_check_events
    - io_uring: fix tw losing poll events
    - io_uring: cmpxchg for poll arm refs release
    - io_uring: make poll refs more robust
    - io_uring/poll: fix poll_refs race with cancelation
    - KVM: x86/mmu: Fix race condition in direct_page_fault
    - ASoC: ops: Fix bounds check for _sx controls
    - pinctrl: single: Fix potential division by zero
    - riscv: Sync efi page table's kernel mappings before switching
    - riscv: fix race when vmap stack overflow
    - riscv: kexec: Fixup irq controller broken in kexec crash path
    - nvme: fix SRCU protection of nvme_ns_head list
    - iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
    - iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
    - mm: __isolate_lru_page_prepare() in isolate_migratepages_block()
    - mm: migrate: fix THP's mapcount on isolation
    - parisc: Increase FRAME_WARN to 2048 bytes on parisc
    - Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is
      enabled
    - selftests: net: add delete nexthop route warning test
    - selftests: net: fix nexthop warning cleanup double ip typo
    - ipv4: Handle attempt to delete multipath route when fib_info contains an nh
      reference
    - ipv4: Fix route deletion when nexthop info is not specified
    - serial: stm32: Factor out GPIO RTS toggling into separate function
    - serial: stm32: Use TC interrupt to deassert GPIO RTS in RS485 mode
    - serial: stm32: Deassert Transmit Enable on ->rs485_config()
    - i2c: npcm7xx: Fix error handling in npcm_i2c_init()
    - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set
    - ACPI: HMAT: remove unnecessary variable initialization
    - ACPI: HMAT: Fix initiator registration for single-initiator systems
    - Revert "clocksource/drivers/riscv: Events are stopped during CPU suspend"
    - char: tpm: Protect tpm_pm_suspend with locks
    - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send()
    - ipc/sem: Fix dangling sem_array access in semtimedop race
    - Linux 5.15.82
  * Jammy update: v5.15.81 upstream stable release (LP: #2003130)
    - ASoC: fsl_sai: use local device pointer
    - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N
    - serial: Add rs485_supported to uart_port
    - serial: fsl_lpuart: Fill in rs485_supported
    - tty: serial: fsl_lpuart: don't break the on-going transfer when global reset
    - sctp: remove the unnecessary sinfo_stream check in sctp_prsctp_prune_unsent
    - sctp: clear out_curr if all frag chunks of current msg are pruned
    - cifs: introduce new helper for cifs_reconnect()
    - cifs: split out dfs code from cifs_reconnect()
    - cifs: support nested dfs links over reconnect
    - cifs: Fix connections leak when tlink setup failed
    - ata: libata-scsi: simplify __ata_scsi_queuecmd()
    - ata: libata-core: do not issue non-internal commands once EH is pending
    - drm/display: Don't assume dual mode adaptors support i2c sub-addressing
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro
    - nvme-pci: disable namespace identifiers for the MAXIO MAP1001
    - nvme-pci: disable write zeroes on various Kingston SSD
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000
    - iio: ms5611: Simplify IO callback parameters
    - iio: pressure: ms5611: fixed value compensation bug
    - ceph: do not update snapshot context when there is no new snapshot
    - ceph: avoid putting the realm twice when decoding snaps fails
    - x86/sgx: Create utility to validate user provided offset and length
    - x86/sgx: Add overflow check in sgx_validate_offset_length()
    - binder: validate alloc->mm in ->mmap() handler
    - ceph: Use kcalloc for allocating multiple elements
    - ceph: fix NULL pointer dereference for req->r_session
    - wifi: mac80211: fix memory free error when registering wiphy fail
    - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
    - riscv: dts: sifive unleashed: Add PWM controlled LEDs
    - audit: fix undefined behavior in bit shift for AUDIT_BIT
    - wifi: airo: do not assign -1 to unsigned char
    - wifi: mac80211: Fix ack frame idr leak when mesh has no route
    - wifi: ath11k: Fix QCN9074 firmware boot on x86
    - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
    - selftests/bpf: Add verifier test for release_reference()
    - Revert "net: macsec: report real_dev features when HW offloading is enabled"
    - platform/x86: ideapad-laptop: Disable touchpad_switch
    - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1
    - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix
    - platform/x86/intel/hid: Add some ACPI device IDs
    - scsi: ibmvfc: Avoid path failures during live migration
    - scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC
    - drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
    - block, bfq: fix null pointer dereference in bfq_bio_bfqg()
    - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
    - nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked
    - Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10
      properly""
    - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue
    - RISC-V: vdso: Do not add missing symbols to version section in linker script
    - MIPS: pic32: treat port as signed integer
    - xfrm: fix "disable_policy" on ipv4 early demux
    - xfrm: replay: Fix ESN wrap around for GSO
    - af_key: Fix send_acquire race with pfkey_register
    - ARM: dts: am335x-pcm-953: Define fixed regulators in root node
    - ASoC: hdac_hda: fix hda pcm buffer overflow issue
    - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
    - ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open()
    - x86/hyperv: Restore VP assist page after cpu offlining/onlining
    - scsi: storvsc: Fix handling of srb_status and capacity change events
    - ASoC: max98373: Add checks for devm_kcalloc
    - regulator: core: fix kobject release warning and memory leak in
      regulator_register()
    - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld()
    - regulator: core: fix UAF in destroy_regulator()
    - bus: sunxi-rsb: Remove the shutdown callback
    - bus: sunxi-rsb: Support atomic transfers
    - tee: optee: fix possible memory leak in optee_register_device()
    - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
    - selftests: mptcp: more stable simult_flows tests
    - selftests: mptcp: fix mibit vs mbit mix up
    - net: liquidio: simplify if expression
    - rxrpc: Allow list of in-use local UDP endpoints to be viewed in /proc
    - rxrpc: Use refcount_t rather than atomic_t
    - rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-
      CAN-15975]
    - net: dsa: sja1105: disallow C45 transactions on the BASE-TX MDIO bus
    - nfc/nci: fix race with opening and closing
    - net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
    - 9p/fd: fix issue of list_del corruption in p9_fd_cancel()
    - netfilter: conntrack: Fix data-races around ct mark
    - netfilter: nf_tables: do not set up extensions for end interval
    - iavf: Fix a crash during reset task
    - iavf: Do not restart Tx queues after reset task failure
    - iavf: Fix race condition between iavf_shutdown and iavf_remove
    - ARM: mxs: fix memory leak in mxs_machine_init()
    - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties
    - net: ethernet: mtk_eth_soc: fix error handling in mtk_open()
    - net/mlx4: Check retval of mlx4_bitmap_init
    - net: mvpp2: fix possible invalid pointer dereference
    - net/qla3xxx: fix potential memleak in ql3xxx_send()
    - octeontx2-af: debugsfs: fix pci device refcount leak
    - net: pch_gbe: fix pci device refcount leak while module exiting
    - nfp: fill splittable of devlink_port_attrs correctly
    - nfp: add port from netdev validation for EEPROM access
    - macsec: Fix invalid error code set
    - Drivers: hv: vmbus: fix double free in the error path of
      vmbus_add_channel_work()
    - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
    - netfilter: ipset: regression in ip_set_hash_ip.c
    - net/mlx5: Do not query pci info while pci disabled
    - net/mlx5: Fix FW tracer timestamp calculation
    - net/mlx5: Fix handling of entry refcount when command is not issued to FW
    - tipc: set con sock in tipc_conn_alloc
    - tipc: add an extra conn_get in tipc_conn_alloc
    - tipc: check skb_linearize() return value in tipc_disc_rcv()
    - xfrm: Fix oops in __xfrm_state_delete()
    - xfrm: Fix ignored return value in xfrm6_init()
    - net: wwan: iosm: use ACPI_FREE() but not kfree() in ipc_pcie_read_bios_cfg()
    - sfc: fix potential memleak in __ef100_hard_start_xmit()
    - net: sparx5: fix error handling in sparx5_port_open()
    - net: sched: allow act_ct to be built without NF_NAT
    - NFC: nci: fix memory leak in nci_rx_data_packet()
    - regulator: twl6030: re-add TWL6032_SUBCLASS
    - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
    - dma-buf: fix racing conflict of dma_heap_add()
    - netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface
    - netfilter: flowtable_offload: add missing locking
    - fs: do not update freeing inode i_io_list
    - dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
    - ipv4: Fix error return code in fib_table_insert()
    - arcnet: fix potential memory leak in com20020_probe()
    - s390/dasd: fix no record found for raw_track_access
    - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
    - nfc: st-nci: fix memory leaks in EVT_TRANSACTION
    - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION
    - net: enetc: manage ENETC_F_QBV in priv->active_offloads only when enabled
    - net: enetc: cache accesses to &priv->si->hw
    - net: enetc: preserve TX ring priority across reconfiguration
    - octeontx2-pf: Add check for devm_kcalloc
    - octeontx2-af: Fix reference count issue in rvu_sdp_init()
    - net: thunderx: Fix the ACPI memory leak
    - s390/crashdump: fix TOD programmable field size
    - lib/vdso: use "grep -E" instead of "egrep"
    - [Config] updateconfigs for CC_HAS_ASM_GOTO_TIED_OUTPUT
    - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
    - nios2: add FORCE for vmlinuz.gz
    - mmc: sdhci-brcmstb: Re-organize flags
    - mmc: sdhci-brcmstb: Enable Clock Gating to save power
    - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI
    - KVM: arm64: pkvm: Fixup boot mode to reflect that the kernel resumes from
      EL1
    - usb: dwc3: exynos: Fix remove() function
    - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint
    - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1
    - ext4: fix use-after-free in ext4_ext_shift_extents
    - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
    - iio: light: apds9960: fix wrong register for gesture gain
    - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
    - bus: ixp4xx: Don't touch bit 7 on IXP42x
    - usb: dwc3: gadget: conditionally remove requests
    - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable
    - usb: dwc3: gadget: Clear ep descriptor last
    - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
    - gcov: clang: fix the buffer overflow issue
    - mm: vmscan: fix extreme overreclaim and swap floods
    - KVM: x86: nSVM: leave nested mode on vCPU free
    - KVM: x86: forcibly leave nested mode on vCPU reset
    - KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in
      use
    - KVM: x86: add kvm_leave_nested
    - KVM: x86: remove exit_int_info warning in svm_handle_exit
    - x86/tsx: Add a feature bit for TSX control MSR support
    - x86/pm: Add enumeration check before spec MSRs save/restore setup
    - x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
    - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
    - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
    - tools: iio: iio_generic_buffer: Fix read size
    - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
    - Input: goodix - try resetting the controller when no config is set
    - Input: soc_button_array - add use_low_level_irq module parameter
    - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[]
    - Input: i8042 - apply probe defer to more ASUS ZenBook models
    - ASoC: stm32: dfsdm: manage cb buffers cleanup
    - xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too
    - xen/platform-pci: add missing free_irq() in error path
    - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
    - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
    - drm/amdgpu: disable BACO support on more cards
    - zonefs: fix zone report size in __zonefs_io_error()
    - platform/x86: hp-wmi: Ignore Smart Experience App event
    - platform/x86: ideapad-laptop: Fix interrupt storm on fn-lock toggle on some
      Yoga laptops
    - [Config] updateconfigs for INET_TABLE_PERTURB_ORDER
    - tcp: configurable source port perturb table size
    - net: usb: qmi_wwan: add Telit 0x103a composition
    - scsi: iscsi: Fix possible memory leak when device_register() failed
    - gpu: host1x: Avoid trying to use GART on Tegra20
    - dm integrity: flush the journal on suspend
    - dm integrity: clear the journal on suspend
    - fuse: lock inode unconditionally in fuse_fallocate()
    - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute
    - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute
    - wifi: wilc1000: validate number of channels
    - genirq/msi: Shutdown managed interrupts with unsatifiable affinities
    - genirq: Always limit the affinity to online CPUs
    - irqchip/gic-v3: Always trust the managed affinity provided by the core code
    - genirq: Take the proposed affinity at face value if force==true
    - btrfs: free btrfs_path before copying root refs to userspace
    - btrfs: free btrfs_path before copying fspath to userspace
    - btrfs: free btrfs_path before copying subvol info to userspace
    - btrfs: zoned: fix missing endianness conversion in sb_write_pointer
    - btrfs: use kvcalloc in btrfs_get_dev_zone_info
    - btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs()
    - drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
    - drm/amd/display: No display after resume from WB/CB
    - drm/amdgpu: Enable Aldebaran devices to report CU Occupancy
    - drm/amdgpu: always register an MMU notifier for userptr
    - cifs: fix missed refcounting of ipc tcon
    - Linux 5.15.81
  * Jammy update: v5.15.80 upstream stable release (LP: #2003122)
    - mm: hwpoison: refactor refcount check handling
    - mm: hwpoison: handle non-anonymous THP correctly
    - mm: shmem: don't truncate page if memory failure happens
    - ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in
      wm5102_probe"
    - ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in
      wm5110_probe"
    - ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in
      wm8997_probe"
    - ASoC: mt6660: Keep the pm_runtime enables before component stuff in
      mt6660_i2c_probe
    - ASoC: rt1019: Fix the TDM settings
    - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK
    - spi: intel: Fix the offset to get the 64K erase opcode
    - ASoC: codecs: jz4725b: add missed Line In power control bit
    - ASoC: codecs: jz4725b: fix reported volume for Master ctl
    - ASoC: codecs: jz4725b: use right control for Capture Volume
    - ASoC: codecs: jz4725b: fix capture selector naming
    - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15
    - selftests/futex: fix build for clang
    - selftests/intel_pstate: fix build for ARCH=x86_64
    - ASoC: rt1308-sdw: add the default value of some registers
    - drm/amd/display: Remove wrong pipe control lock
    - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[]
    - RDMA/efa: Add EFA 0xefa2 PCI ID
    - btrfs: raid56: properly handle the error when unable to find the missing
      stripe
    - NFSv4: Retry LOCK on OLD_STATEID during delegation return
    - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable
    - firmware: arm_scmi: Cleanup the core driver removal callback
    - i2c: tegra: Allocate DMA memory for DMA engine
    - i2c: i801: add lis3lv02d's I2C address for Vostro 5568
    - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
    - btrfs: remove pointless and double ulist frees in error paths of qgroup
      tests
    - x86/cpu: Add several Intel server CPU model numbers
    - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" ->
      "Route"
    - mtd: spi-nor: intel-spi: Disable write protection only if asked
    - spi: intel: Use correct mask for flash and protected regions
    - KVM: x86/pmu: Do not speculatively query Intel GP PMCs that don't exist yet
    - hugetlbfs: don't delete error page from pagecache
    - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed
    - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed
    - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed
    - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed
    - spi: stm32: Print summary 'callbacks suppressed' message
    - ARM: dts: at91: sama7g5: fix signal name of pin PB2
    - ASoC: core: Fix use-after-free in snd_soc_exit()
    - ASoC: tas2770: Fix set_tdm_slot in case of single slot
    - ASoC: tas2764: Fix set_tdm_slot in case of single slot
    - ARM: at91: pm: avoid soft resetting AC DLL
    - serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl()
    - serial: 8250_omap: remove wait loop from Errata i202 workaround
    - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove()
    - serial: 8250: omap: Flush PM QOS work on remove
    - serial: imx: Add missing .thaw_noirq hook
    - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
    - bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
    - ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
    - pinctrl: rockchip: list all pins in a possible mux route for PX30
    - scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
    - block: sed-opal: kmalloc the cmd/resp buffers
    - bpf: Fix memory leaks in __check_func_call
    - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro
    - siox: fix possible memory leak in siox_device_add()
    - parport_pc: Avoid FIFO port location truncation
    - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
    - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms
    - drm/panel: simple: set bpc field for logic technologies displays
    - drm/drv: Fix potential memory leak in drm_dev_init()
    - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()
    - arm64: dts: imx8mm: Fix NAND controller size-cells
    - arm64: dts: imx8mn: Fix NAND controller size-cells
    - ata: libata-transport: fix double ata_host_put() in ata_tport_add()
    - ata: libata-transport: fix error handling in ata_tport_add()
    - ata: libata-transport: fix error handling in ata_tlink_add()
    - ata: libata-transport: fix error handling in ata_tdev_add()
    - nfp: change eeprom length to max length enumerators
    - MIPS: fix duplicate definitions for exported symbols
    - MIPS: Loongson64: Add WARN_ON on kexec related kmalloc failed
    - bpf: Initialize same number of free nodes for each pcpu_freelist
    - net: bgmac: Drop free_netdev() from bgmac_enet_remove()
    - mISDN: fix possible memory leak in mISDN_dsp_element_register()
    - net: hinic: Fix error handling in hinic_module_init()
    - net: stmmac: ensure tx function is not running in stmmac_xdp_release()
    - soc: imx8m: Enable OCOTP clock before reading the register
    - net: liquidio: release resources when liquidio driver open failed
    - mISDN: fix misuse of put_device() in mISDN_register_device()
    - net: macvlan: Use built-in RCU list checking
    - net: caif: fix double disconnect client in chnl_net_open()
    - bnxt_en: Remove debugfs when pci_register_driver failed
    - net: mhi: Fix memory leak in mhi_net_dellink()
    - net: dsa: make dsa_master_ioctl() see through port_hwtstamp_get() shims
    - xen/pcpu: fix possible memory leak in register_pcpu()
    - net: ionic: Fix error handling in ionic_init_module()
    - net: ena: Fix error handling in ena_init()
    - net: hns3: fix setting incorrect phy link ksettings for firmware in
      resetting process
    - bridge: switchdev: Fix memory leaks when changing VLAN protocol
    - drbd: use after free in drbd_create_device()
    - platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when
      virtualized
    - platform/surface: aggregator: Do not check for repeated unsequenced packets
    - cifs: add check for returning value of SMB2_close_init
    - net: ag71xx: call phylink_disconnect_phy if ag71xx_hw_enable() fail in
      ag71xx_open()
    - net/x25: Fix skb leak in x25_lapb_receive_frame()
    - cifs: Fix wrong return value checking when GETFLAGS
    - net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init()
      and sparx5_start()
    - net: thunderbolt: Fix error handling in tbnet_init()
    - cifs: add check for returning value of SMB2_set_info_init
    - ftrace: Fix the possible incorrect kernel message
    - ftrace: Optimize the allocation for mcount entries
    - ftrace: Fix null pointer dereference in ftrace_add_mod()
    - ring_buffer: Do not deactivate non-existant pages
    - tracing: Fix memory leak in tracing_read_pipe()
    - tracing/ring-buffer: Have polling block on watermark
    - tracing: Fix memory leak in test_gen_synth_cmd() and
      test_empty_synth_event()
    - tracing: Fix wild-memory-access in register_synth_event()
    - tracing: Fix race where eprobes can be called before the event
    - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in
      kprobe_event_gen_test_exit()
    - tracing: kprobe: Fix potential null-ptr-deref on trace_array in
      kprobe_event_gen_test_exit()
    - drm/amd/display: Add HUBP surface flip interrupt handler
    - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
    - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro
    - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360
    - Revert "usb: dwc3: disable USB core PHY management"
    - slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y &&
      CONFIG_QCOM_RPROC_COMMON=m
    - slimbus: stream: correct presence rate frequencies
    - speakup: fix a segfault caused by switching consoles
    - USB: bcma: Make GPIO explicitly optional
    - USB: serial: option: add Sierra Wireless EM9191
    - USB: serial: option: remove old LARA-R6 PID
    - USB: serial: option: add u-blox LARA-R6 00B modem
    - USB: serial: option: add u-blox LARA-L6 modem
    - USB: serial: option: add Fibocom FM160 0x0111 composition
    - usb: add NO_LPM quirk for Realforce 87U Keyboard
    - usb: chipidea: fix deadlock in ci_otg_del_timer
    - usb: cdns3: host: fix endless superspeed hub port reset
    - usb: typec: mux: Enter safe mode only when pins need to be reconfigured
    - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
    - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
    - iio: adc: mp2629: fix wrong comparison of channel
    - iio: adc: mp2629: fix potential array out of bound access
    - iio: pressure: ms5611: changed hardcoded SPI speed to value limited
    - dm ioctl: fix misbehavior if list_versions races with module loading
    - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
    - serial: 8250: Flush DMA Rx on RLSI
    - serial: 8250_lpss: Configure DMA also w/o DMA filter
    - Input: iforce - invert valid length check when fetching device IDs
    - maccess: Fix writing offset in case of fault in
      strncpy_from_kernel_nofault()
    - net: phy: marvell: add sleep time after enabling the loopback bit
    - scsi: zfcp: Fix double free of FSF request when qdio send fails
    - iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries
    - iommu/vt-d: Set SRE bit only when hardware has SRS cap
    - firmware: coreboot: Register bus in module init
    - mmc: core: properly select voltage range without power cycle
    - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce
      timeout
    - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
    - docs: update mediator contact information in CoC doc
    - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
    - perf/x86/intel/pt: Fix sampling using single range output
    - nvme: restrict management ioctls to admin
    - nvme: ensure subsystem reset is single threaded
    - serial: 8250_lpss: Use 16B DMA burst with Elkhart Lake
    - perf: Improve missing SIGTRAP checking
    - ring-buffer: Include dropped pages in counting dirty patches
    - tracing: Fix warning on variable 'struct trace_array'
    - net: use struct_group to copy ip/ipv6 header addresses
    - scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
    - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
    - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case
    - Input: i8042 - fix leaking of platform device on module removal
    - macvlan: enforce a consistent minimal mtu
    - tcp: cdg: allow tcp_cdg_release() to be called multiple times
    - kcm: avoid potential race in kcm_tx_work
    - kcm: close race conditions on sk_receive_queue
    - 9p: trans_fd/p9_conn_cancel: drop client lock earlier
    - gfs2: Check sb_bsize_shift after reading superblock
    - gfs2: Switch from strlcpy to strscpy
    - 9p/trans_fd: always use O_NONBLOCK read/write
    - wifi: wext: use flex array destination for memcpy()
    - mm: fs: initialize fsdata passed to write_begin/write_end interface
    - net/9p: use a dedicated spinlock for trans_fd
    - ntfs: fix use-after-free in ntfs_attr_find()
    - ntfs: fix out-of-bounds read in ntfs_attr_find()
    - ntfs: check overflow when iterating ATTR_RECORDs
    - Linux 5.15.80
  * CVE-2022-4139
    - drm/i915: fix TLB invalidation for Gen12 video and compute engines
  * Jammy update: v5.15.79 upstream stable release (LP: #2001570)
    - fuse: fix readdir cache race
    - drm/amdkfd: avoid recursive lock in migrations back to RAM
    - drm/amdkfd: handle CPU fault on COW mapping
    - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram()
    - hwspinlock: qcom: correct MMIO max register for newer SoCs
    - phy: stm32: fix an error code in probe
    - wifi: cfg80211: silence a sparse RCU warning
    - wifi: cfg80211: fix memory leak in query_regdb_file()
    - soundwire: qcom: reinit broadcast completion
    - soundwire: qcom: check for outanding writes before doing a read
    - bpf, verifier: Fix memory leak in array reallocation for stack state
    - bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues
    - wifi: mac80211: Set TWT Information Frame Disabled bit as 1
    - bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without
      FILE
    - HID: hyperv: fix possible memory leak in mousevsc_probe()
    - bpf, sockmap: Fix sk->sk_forward_alloc warn_on in sk_stream_kill_queues
    - bpf: Fix sockmap calling sleepable function in teardown path
    - bpf, sock_map: Move cancel_work_sync() out of sock lock
    - bpf: Add helper macro bpf_for_each_reg_in_vstate
    - bpf: Fix wrong reg type conversion in release_reference()
    - net: gso: fix panic on frag_list with mixed head alloc types
    - macsec: delete new rxsc when offload fails
    - macsec: fix secy->n_rx_sc accounting
    - macsec: fix detection of RXSCs when toggling offloading
    - macsec: clear encryption keys from the stack after setting up offload
    - octeontx2-pf: Use hardware register for CQE count
    - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT]
    - net: tun: Fix memory leaks of napi_get_frags
    - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal()
    - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
    - net: fman: Unregister ethernet device on removal
    - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
    - phy: ralink: mt7621-pci: add sentinel to quirks table
    - KVM: s390: pv: don't allow userspace to set the clock under PV
    - net: lapbether: fix issue of dev reference count leakage in
      lapbeth_device_event()
    - hamradio: fix issue of dev reference count leakage in bpq_device_event()
    - net: wwan: iosm: fix memory leak in ipc_wwan_dellink
    - net: wwan: mhi: fix memory leak in mhi_mbim_dellink
    - drm/vc4: Fix missing platform_unregister_drivers() call in
      vc4_drm_register()
    - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent
    - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
    - can: af_can: fix NULL pointer dereference in can_rx_register()
    - net: stmmac: dwmac-meson8b: fix meson8b_devm_clk_prepare_enable()
    - net: broadcom: Fix BCMGENET Kconfig
    - tipc: fix the msg->req tlv len check in
      tipc_nl_compat_name_table_dump_header
    - dmaengine: pxa_dma: use platform_get_irq_optional
    - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
    - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail
    - net: lapbether: fix issue of invalid opcode in lapbeth_open()
    - drivers: net: xgene: disable napi when register irq failed in
      xgene_enet_open()
    - perf stat: Fix printing os->prefix in CSV metrics output
    - perf tools: Add the include/perf/ directory to .gitignore
    - netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
    - netfilter: Cleanup nft_net->module_list from nf_tables_exit_net()
    - net: marvell: prestera: fix memory leak in prestera_rxtx_switch_init()
    - net: nixge: disable napi when enable interrupts failed in nixge_open()
    - net: wwan: iosm: fix memory leak in ipc_pcie_read_bios_cfg
    - net/mlx5: Bridge, verify LAG state when adding bond to bridge
    - net/mlx5: Allow async trigger completion execution on single CPU systems
    - net/mlx5e: E-Switch, Fix comparing termination table instance
    - net: cpsw: disable napi in cpsw_ndo_open()
    - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
    - stmmac: intel: Enable 2.5Gbps for Intel AlderLake-S
    - stmmac: intel: Update PCH PTP clock rate from 200MHz to 204.8MHz
    - mctp: Fix an error handling path in mctp_init()
    - cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in
      cxgb4vf_open()
    - stmmac: dwmac-loongson: fix missing pci_disable_msi() while module exiting
    - stmmac: dwmac-loongson: fix missing pci_disable_device() in
      loongson_dwmac_probe()
    - stmmac: dwmac-loongson: fix missing of_node_put() while module exiting
    - net: phy: mscc: macsec: clear encryption keys when freeing a flow
    - net: atlantic: macsec: clear encryption keys from the stack
    - ethernet: s2io: disable napi when start nic failed in s2io_card_up()
    - net: mv643xx_eth: disable napi when init rxq or txq failed in
      mv643xx_eth_open()
    - ethernet: tundra: free irq when alloc ring failed in tsi108_open()
    - net: macvlan: fix memory leaks of macvlan_common_newlink
    - riscv: process: fix kernel info leakage
    - riscv: vdso: fix build with llvm
    - riscv: fix reserved memory setup
    - arm64: efi: Fix handling of misaligned runtime regions and drop warning
    - MIPS: jump_label: Fix compat branch range check
    - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
    - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI
    - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI
    - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI
    - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA
    - ALSA: hda/hdmi - enable runtime pm for more AMD display audio
    - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK
    - ALSA: hda: fix potential memleak in 'add_widget_node'
    - ALSA: hda/realtek: Add Positivo C6300 model quirk
    - ALSA: usb-audio: Yet more regression for for the delayed card registration
    - ALSA: usb-audio: Add quirk entry for M-Audio Micro
    - ALSA: usb-audio: Add DSD support for Accuphase DAC-60
    - vmlinux.lds.h: Fix placement of '.data..decrypted' section
    - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure
    - nilfs2: fix deadlock in nilfs_count_free_blocks()
    - nilfs2: fix use-after-free bug of ns_writer on remount
    - drm/i915/dmabuf: fix sg_table handling in map_dma_buf
    - drm/amdgpu: disable BACO on special BEIGE_GOBY card
    - btrfs: fix match incorrectly in dev_args_match_device
    - btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
    - btrfs: zoned: initialize device's zone info for seeding
    - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI
    - udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
    - mm/damon/dbgfs: check if rm_contexts input is for a real context
    - mm/memremap.c: map FS_DAX device memory as decrypted
    - mm/shmem: use page_mapping() to detect page cache for uffd continue
    - can: j1939: j1939_send_one(): fix missing CAN header initialization
    - cert host tools: Stop complaining about deprecated OpenSSL functions
    - dmaengine: at_hdmac: Fix at_lli struct definition
    - dmaengine: at_hdmac: Don't start transactions at tx_submit level
    - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending
    - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending
    - dmaengine: at_hdmac: Do not call the complete callback on
      device_terminate_all
    - dmaengine: at_hdmac: Protect atchan->status with the channel lock
    - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all()
    - dmaengine: at_hdmac: Fix concurrency over descriptor
    - dmaengine: at_hdmac: Free the memset buf without holding the chan lock
    - dmaengine: at_hdmac: Fix concurrency over the active list
    - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware
    - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
    - dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
    - dmaengine: at_hdmac: Fix impossible condition
    - dmaengine: at_hdmac: Check return code of dma_async_device_register
    - marvell: octeontx2: build error: unknown type name 'u64'
    - drm/amdkfd: Migrate in CPU page fault use current mm
    - net: tun: call napi_schedule_prep() to ensure we own a napi
    - x86/cpu: Restore AMD's DE_CFG MSR after resume
    - Linux 5.15.79
  * CVE-2022-47520
    - wifi: wilc1000: validate pairwise and authentication suite offsets
  * CVE-2022-3545
    - nfp: fix use-after-free in area_cache_get()

[ Ubuntu: 5.15.0-60.66 ]

* jammy/linux: 5.15.0-60.66 -proposed tracker (LP: #2003450)
  * Revoke & rotate to new signing key (LP: #2002812)
    - [Packaging] Revoke and rotate to new signing key

-- Juerg Haefliger <juerg.haefliger@canonical.com>  Thu, 16 Feb 2023 17:40:54 +0100

Changed in linux-raspi (Ubuntu Jammy):
status:	New → Fix Released

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-06

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-06

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-06

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-06

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-06

description:

updated

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-03-06: Workflow done!

#4

All tasks have been completed and the bug is being closed

Changed in kernel-sru-workflow:
status:	In Progress → Fix Committed

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-04-18

Changed in kernel-sru-workflow:
status:	Fix Committed → Fix Released

Kernel SRU Workflow

jammy/linux-raspi: 5.15.0-1025.27 -proposed tracker

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
Kernel SRU Workflow	Fix Released	Medium	Unassigned
Automated-testing	Invalid	Medium	Unassigned
Boot-testing	Fix Released	Medium	Unassigned
Certification-testing	Fix Released	Medium	Canonical Hardware Certification
New-review	Fix Released	Medium	Andy Whitcroft
Prepare-package	Fix Released	Medium	Juerg Haefliger
Prepare-package-meta	Fix Released	Medium	Juerg Haefliger
Promote-signing-to-proposed	Invalid	Medium	Unassigned
Promote-to-proposed	Fix Released	Medium	Ubuntu Stable Release Updates Team
Promote-to-security	Fix Released	Medium	Andy Whitcroft
Promote-to-updates	Fix Released	Medium	Andy Whitcroft
Regression-testing	Fix Released	Medium	Canonical Kernel Team
Security-signoff	Fix Released	Medium	Steve Beattie
Sru-review	Fix Released	Medium	Andy Whitcroft
Verification-testing	Fix Released	Medium	Juerg Haefliger
canonical-signing-jobs
Task00	Fix Released	Medium	Andy Whitcroft
linux-raspi (Ubuntu)
Jammy	Fix Released	Medium	Unassigned