Ubuntu
linux package

Kinetic update: upstream stable patchset 2023-05-23

Bug #2020599 reported by Kamal Mostafa on 2023-05-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Kinetic	Fix Released	Medium	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2023-05-23

                Ported from the following upstream stable releases:
                        v5.15.100, v6.1.17
                        v5.15.101, v6.1.18
                        v5.15.102, v6.1.19

from git://git.kernel.org/

auxdisplay: hd44780: Fix potential memory leak in hd44780_remove()
fs/jfs: fix shift exponent db_agl2size negative
objtool: Fix memory leak in create_static_call_sections()
pwm: sifive: Reduce time the controller lock is held
pwm: sifive: Always let the first pwm_apply_state succeed
pwm: stm32-lp: fix the check on arr and cmp registers update
f2fs: use memcpy_{to,from}_page() where possible
fs: f2fs: initialize fsdata in pagecache_write()
f2fs: allow set compression option of files without blocks
um: vector: Fix memory leak in vector_config
ubi: ensure that VID header offset + VID header size <= alloc, size
ubifs: Fix build errors as symbol undefined
ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
ubifs: Rectify space budget for ubifs_xrename()
ubifs: Fix wrong dirty space budget for dirty inode
ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
ubifs: Reserve one leb for each journal head while doing budget
ubi: Fix use-after-free when volume resizing failed
ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
ubifs: Fix memory leak in alloc_wbufs()
ubi: Fix possible null-ptr-deref in ubi_free_volume()
ubifs: Re-statistic cleaned znode count if commit failed
ubifs: ubifs_writepage: Mark page dirty after writing inode failed
ubi: fastmap: Fix missed fm_anchor PEB in wear-leveling after disabling fastmap
ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
f2fs: fix to avoid potential memory corruption in __update_iostat_latency()
ext4: use ext4_fc_tl_mem in fast-commit replay path
netfilter: nf_tables: allow to fetch set elements when table has an owner
x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list
um: virtio_uml: free command if adding to virtqueue failed
um: virtio_uml: mark device as unregistered when breaking it
um: virtio_uml: move device breaking into workqueue
um: virt-pci: properly remove PCI device from bus
watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path
watchdog: Fix kmemleak in watchdog_cdev_register
watchdog: pcwd_usb: Fix attempting to access uninitialized memory
watchdog: sbsa_wdog: Make sure the timeout programming is within the limits
netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()
netfilter: ebtables: fix table blob use-after-free
netfilter: x_tables: fix percpu counter block leak on error path when creating new netns
ipv6: Add lwtunnel encap size of all siblings in nexthop calculation
sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop
octeontx2-pf: Use correct struct reference in test condition
net: fix __dev_kfree_skb_any() vs drop monitor
9p/xen: fix version parsing
9p/xen: fix connection sequence
9p/rdma: unmap receive dma buffer in rdma_request()/post_recv()
net/mlx5e: Verify flow_source cap before using it
net/mlx5: Geneve, Fix handling of Geneve object id as error code
nfc: fix memory leak of se_io context in nfc_genl_se_io
net/sched: transition act_pedit to rcu and percpu stats
net/sched: act_pedit: fix action bind logic
net/sched: act_mpls: fix action bind logic
net/sched: act_sample: fix action bind logic
ARM: dts: spear320-hmi: correct STMPE GPIO compatible
tcp: tcp_check_req() can be called from process context
vc_screen: modify vcs_size() handling in vcs_read()
rtc: sun6i: Always export the internal oscillator
genirq: Refactor accessors to use irq_data_get_affinity_mask
genirq: Add and use an irq_data_update_affinity helper
scsi: ipr: Work around fortify-string warning
rtc: allow rtc_read_alarm without read_alarm callback
loop: loop_set_status_from_info() check before assignment
ASoC: adau7118: don't disable regulators on device unbind
ASoC: zl38060 add gpiolib dependency
ASoC: mediatek: mt8195: add missing initialization
thermal: intel: quark_dts: fix error pointer dereference
thermal: intel: BXT_PMIC: select REGMAP instead of depending on it
tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
kernel/printk/index.c: fix memory leak with using debugfs_lookup()
firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
bootconfig: Increase max nodes of bootconfig from 1024 to 8192 for DCC support
mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak
IB/hfi1: Update RMT size calculation
iommu/amd: Fix error handling for pdev_pri_ats_enable()
media: uvcvideo: Remove format descriptions
media: uvcvideo: Handle cameras with invalid descriptors
media: uvcvideo: Handle errors from calls to usb_string
media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910
media: uvcvideo: Silence memcpy() run-time false positive warnings
USB: fix memory leak with using debugfs_lookup()
staging: emxx_udc: Add checks for dma_alloc_coherent()
tty: fix out-of-bounds access in tty_driver_lookup_tty()
tty: serial: fsl_lpuart: disable the CTS when send break signal
serial: sc16is7xx: setup GPIO controller later in probe
mei: bus-fixup:upon error print return values of send and receive
tools/iio/iio_utils:fix memory leak
iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word()
iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word()
soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe()
PCI: loongson: Prevent LS7A MRRS increases
USB: dwc3: fix memory leak with using debugfs_lookup()
USB: chipidea: fix memory leak with using debugfs_lookup()
USB: uhci: fix memory leak with using debugfs_lookup()
USB: sl811: fix memory leak with using debugfs_lookup()
USB: fotg210: fix memory leak with using debugfs_lookup()
USB: isp116x: fix memory leak with using debugfs_lookup()
USB: isp1362: fix memory leak with using debugfs_lookup()
USB: gadget: gr_udc: fix memory leak with using debugfs_lookup()
USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup()
USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup()
USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup()
USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup()
usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math
USB: ene_usb6250: Allocate enough memory for full object
usb: uvc: Enumerate valid values for color matching
usb: gadget: uvc: Make bSourceID read/write
PCI: Align extra resources for hotplug bridges properly
PCI: Take other bus devices into account when distributing resources
tty: pcn_uart: fix memory leak with using debugfs_lookup()
misc: vmw_balloon: fix memory leak with using debugfs_lookup()
drivers: base: component: fix memory leak with using debugfs_lookup()
drivers: base: dd: fix memory leak with using debugfs_lookup()
kernel/fail_function: fix memory leak with using debugfs_lookup()
PCI: loongson: Add more devices that need MRRS quirk
PCI: Add ACS quirk for Wangxun NICs
phy: rockchip-typec: Fix unsigned comparison with less than zero
soundwire: cadence: Remove wasted space in response_buf
soundwire: cadence: Drain the RX FIFO after an IO timeout
net: tls: avoid hanging tasks on the tx_lock
x86/resctl: fix scheduler confusion with 'current'
drm/display/dp_mst: Fix down/up message handling after sink disconnect
drm/display/dp_mst: Fix down message handling after a packet reception error
media: uvcvideo: Fix race condition with usb_kill_urb
drm/virtio: Fix error code in virtio_gpu_object_shmem_init()
Revert "scsi: mpt3sas: Fix return value check of dma_get_required_mask()"
scsi: mpt3sas: Don't change DMA mask while reallocating pools
scsi: mpt3sas: re-do lost mpt3sas DMA mask fix
scsi: mpt3sas: Remove usage of dma_get_required_mask() API
usb: gadget: uvc: fix missing mutex_unlock() if kstrtou8() fails
Revert "drm/i915: Don't use BAR mappings for ring buffers with LLC"
wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext"
staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script
staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh
driver: soc: xilinx: fix memory leak in xlnx_add_cb_for_notify_event()
f2fs: don't rely on F2FS_MAP_* in f2fs_iomap_begin
soc: mediatek: mtk-pm-domains: Allow mt8186 ADSP default power on
memory: renesas-rpc-if: Split-off private data from struct rpcif
memory: renesas-rpc-if: Move resource acquisition to .probe()
f2fs: introduce trace_f2fs_replace_atomic_write_block
f2fs: fix to abort atomic write only during do_exist()
ubifs: Fix memory leak in ubifs_sysfs_init()
ubifs: dirty_cow_znode: Fix memleak in error handling path
ubifs: ubifs_releasepage: Remove ubifs_assert(0) to valid this process
soc: qcom: stats: Populate all subsystem debugfs files
ext4: don't show commit interval if it is zero
watchdog: rzg2l_wdt: Issue a reset before we put the PM clocks
netfilter: xt_length: use skb len to match in length_mt6
netfilter: ctnetlink: make event listener tracking global
ptp: vclock: use mutex to fix "sleep on atomic" bug
drm/i915: move a Kconfig symbol to unbreak the menu presentation
spi: tegra210-quad: Fix validate combined sequence
ext4: fix incorrect options show of original mount_opt and extend mount_opt2
net: dsa: seville: ignore mscc-miim read errors from Lynx PCS
spi: tegra210-quad: Fix iterator outside loop
genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask()
scsi: mpi3mr: Use number of bits to manage bitmap sizes
nvme-fabrics: show well known discovery name
arm64: efi: Make efi_rt_lock a raw_spinlock
arm64: Reset KASAN tag in copy_highpage with HW tags only
UBUNTU: Upstream stable to v5.15.102, v6.1.19

See original description

Tags:

CVE References

Kamal Mostafa (kamalmostafa) on 2023-05-23

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status:	Confirmed → Invalid
Changed in linux (Ubuntu Kinetic):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Kamal Mostafa (kamalmostafa)
description:	updated
description:	updated

Luke Nowakowski-Krijger (lukenow) on 2023-06-08

Changed in linux (Ubuntu Kinetic):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-06-15:

Download full text (43.3 KiB)

This bug was fixed in the package linux - 5.19.0-45.46

---------------
linux (5.19.0-45.46) kinetic; urgency=medium

* kinetic/linux: 5.19.0-45.46 -proposed tracker (LP: #2023057)

* Kinetic update: upstream stable patchset 2023-05-23 (LP: #2020599)
- wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext"

linux (5.19.0-44.45) kinetic; urgency=medium

* kinetic/linux: 5.19.0-44.45 -proposed tracker (LP: #2019827)

  * Linux 5.19 amdgpu: NULL pointer on GCN2 and invalid load on GCN1
    (LP: #2018470)
    - drm/amdgpu: Fix for BO move issue

* CVE-2023-32233
- netfilter: nf_tables: deactivate anonymous set from preparation phase

* CVE-2023-2612
- SAUCE: shiftfs: prevent lock unbalance in shiftfs_create_object()

* CVE-2023-31436
- net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

* CVE-2023-1380
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()

* conntrack mark is not advertised via netlink (LP: #2016269)
- netfilter: ctnetlink: revert to dumping mark regardless of event type

* 5.19 not reporting cgroups v1 blkio.throttle.io_serviced (LP: #2016186)
- SAUCE: blk-throttle: Fix io statistics for cgroup v1

  * [SRU] Backport request for hpwdt from upstream 6.1 to Jammy (LP: #2008751)
    - watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems.
    - watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING
    - [Config] Add arm64 option to CONFIG_HP_WATCHDOG

  * vmwgfx fails to reserve graphics buffer on aarch64 leading to blank display
    (LP: #2007001)
    - SAUCE: Revert "video/aperture: Disable and unregister sysfb devices via
      aperture helpers"

  * Ubuntu 22.04 raise abnormal NIC MSI-X requests with larger CPU cores (256)
    (LP: #2012335)
    - ice: Allow operation with reduced device MSI-X

* Dell: Enable speaker mute hotkey LED indicator (LP: #2015972)
- platform/x86: dell-laptop: Register ctl-led for speaker-mute

  * [SRU]With "Performance per Watt (DAPC)" enabled in the BIOS, Bootup time is
    taking longer than expected (LP: #2008527)
    - cpufreq: ACPI: Defer setting boost MSRs

* [SRU][Jammy] CONFIG_PCI_MESON is not enabled (LP: #2007745)
- [Config] arm64: Enable PCI_MESON module

This bug was fixed in the package linux - 5.19.0-45.46

---------------
linux (5.19.0-45.46) kinetic; urgency=medium

* kinetic/linux: 5.19.0-45.46 -proposed tracker (LP: #2023057)

* Kinetic update: upstream stable patchset 2023-05-23 (LP: #2020599)
    - wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext"

linux (5.19.0-44.45) kinetic; urgency=medium

* kinetic/linux: 5.19.0-44.45 -proposed tracker (LP: #2019827)

* Linux 5.19 amdgpu: NULL pointer on GCN2 and invalid load on GCN1
    (LP: #2018470)
    - drm/amdgpu: Fix for BO move issue

* CVE-2023-32233
    - netfilter: nf_tables: deactivate anonymous set from preparation phase

* CVE-2023-2612
    - SAUCE: shiftfs: prevent lock unbalance in shiftfs_create_object()

* CVE-2023-31436
    - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

* CVE-2023-1380
    - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()

* conntrack mark is not advertised via netlink (LP: #2016269)
    - netfilter: ctnetlink: revert to dumping mark regardless of event type

* 5.19 not reporting cgroups v1 blkio.throttle.io_serviced  (LP: #2016186)
    - SAUCE: blk-throttle: Fix io statistics for cgroup v1

* vmwgfx fails to reserve graphics buffer on aarch64 leading to blank display
    (LP: #2007001)
    - SAUCE: Revert "video/aperture: Disable and unregister sysfb devices via
      aperture helpers"

* Ubuntu 22.04 raise abnormal NIC MSI-X requests with larger CPU cores (256)
    (LP: #2012335)
    - ice: Allow operation with reduced device MSI-X

* Dell: Enable speaker mute hotkey LED indicator (LP: #2015972)
    - platform/x86: dell-laptop: Register ctl-led for speaker-mute

* [SRU]With "Performance per Watt (DAPC)" enabled in the BIOS, Bootup time is
    taking longer than expected (LP: #2008527)
    - cpufreq: ACPI: Defer setting boost MSRs

* [SRU][Jammy] CONFIG_PCI_MESON is not enabled (LP: #2007745)
    - [Config] arm64: Enable PCI_MESON module

* Kinetic update: upstream stable patchset 2023-05-08 (LP: #2018948)
    - HID: asus: use spinlock to protect concurrent accesses
    - HID: asus: use spinlock to safely schedule workers
    - powerpc/mm: Rearrange if-else block to avoid clang warning
    - ARM: OMAP2+: Fix memory leak in realtime_counter_init()
    - arm64: dts: qcom: qcs404: use symbol names for PCIe resets
    - arm64: dts: qcom: msm8996-tone: Fix USB taking 6 minutes to wake up
    - arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k
    - arm64: dts: qcom: sm6125: Reorder HSUSB PHY clocks to match bindings
    - arm64: dts: imx8m: Align SoC unique ID node unit address
    - ARM: zynq: Fix refcount leak in zynq_early_slcr_init
    - arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description
    - arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name
    - arm64: dts: qcom: sc7180: correct SPMI bus address cells
    - arm64: dts: qcom: sc7280: correct SPMI bus address cells
    - arm64: dts: meson-gx: Fix Ethernet MAC address unit name
    - arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name
    - arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address
    - arm64: dts: msm8992-bullhead: add memory hole region
    - arm64: dts: qcom: msm8992-bullhead: Fix cont_splash_mem size
    - arm64: dts: qcom: msm8992-bullhead: Disable dfps_data_mem
    - arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names
    - arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY
    - arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges
    - arm64: dts: qcom: ipq8074: fix Gen3 PCIe node
    - arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names
    - arm64: dts: meson: remove CPU opps below 1GHz for G12A boards
    - ARM: OMAP1: call platform_device_put() in error case in
      omap1_dm_timer_init()
    - ARM: bcm2835_defconfig: Enable the framebuffer
    - ARM: s3c: fix s3c64xx_set_timer_source prototype
    - arm64: dts: ti: k3-j7200: Fix wakeup pinmux range
    - ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato
    - ARM: imx: Call ida_simple_remove() for ida_simple_get
    - arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
    - arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
    - arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible
    - arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names
      property
    - arm64: dts: amlogic: meson-gx: add missing unit address to rng node name
    - arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node
      name
    - arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name
    - arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names
    - arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name
    - arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name
    - arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip
    - locking/rwsem: Disable preemption in all down_read*() and up_read() code
      paths
    - arm64: dts: renesas: beacon-renesom: Fix gpio expander reference
    - arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN
    - ARM: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference
    - ARM: dts: imx7s: correct iomuxc gpr mux controller cells
    - arm64: dts: mt8192: Fix CPU map for single-cluster SoC
    - arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
    - blk-mq: avoid sleep in blk_mq_alloc_request_hctx
    - blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx
    - blk-mq: correct stale comment of .get_budget
    - arm64: dts: qcom: msm8992-lg-bullhead: Correct memory overlaps with the SMEM
      and MPSS memory regions
    - s390/dasd: Fix potential memleak in dasd_eckd_init()
    - sched/rt: pick_next_rt_entity(): check list_entry
    - x86/perf/zhaoxin: Add stepping check for ZXC
    - KEYS: asymmetric: Fix ECDSA use via keyctl uapi
    - arm64: dts: qcom: pmk8350: Specify PBS register for PON
    - arm64: dts: qcom: pmk8350: Use the correct PON compatible
    - block: bio-integrity: Copy flags when bio_integrity_payload is cloned
    - wifi: rsi: Fix memory leak in rsi_coex_attach()
    - wifi: rtlwifi: rtl8821ae: don't call kfree_skb() under spin_lock_irqsave()
    - wifi: rtlwifi: rtl8188ee: don't call kfree_skb() under spin_lock_irqsave()
    - wifi: rtlwifi: rtl8723be: don't call kfree_skb() under spin_lock_irqsave()
    - wifi: iwlegacy: common: don't call dev_kfree_skb() under spin_lock_irqsave()
    - wifi: libertas: fix memory leak in lbs_init_adapter()
    - wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave()
    - wifi: rtlwifi: Fix global-out-of-bounds bug in
      _rtl8812ae_phy_set_txpower_limit()
    - libbpf: Fix btf__align_of() by taking into account field offsets
    - wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave()
    - wifi: ipw2200: fix memory leak in ipw_wdev_init()
    - wifi: wilc1000: fix potential memory leak in wilc_mac_xmit()
    - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
    - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
    - wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave()
    - wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave()
    - wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave()
    - wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave()
    - wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave()
    - crypto: x86/ghash - fix unaligned access in ghash_setkey()
    - ACPICA: Drop port I/O validation for some regions
    - genirq: Fix the return type of kstat_cpu_irqs_sum()
    - rcu-tasks: Improve comments explaining tasks_rcu_exit_srcu purpose
    - rcu-tasks: Remove preemption disablement around srcu_read_[un]lock() calls
    - rcu-tasks: Fix synchronize_rcu_tasks() VS zap_pid_ns_processes()
    - lib/mpi: Fix buffer overrun when SG is too long
    - crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2
    - ACPICA: nsrepair: handle cases without a return value correctly
    - thermal/drivers/tsens: Drop msm8976-specific defines
    - thermal/drivers/tsens: Sort out msm8976 vs msm8956 data
    - thermal/drivers/tsens: fix slope values for msm8939
    - thermal/drivers/tsens: limit num_sensors to 9 for msm8939
    - wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU
    - wifi: orinoco: check return value of hermes_write_wordrec()
    - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback
      function
    - ath9k: htc: clean up statistics macros
    - wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
    - wifi: ath9k: Fix potential stack-out-of-bounds write in
      ath9k_wmi_rsp_callback()
    - wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
    - wifi: cfg80211: Fix extended KCK key length check in
      nl80211_set_rekey_data()
    - ACPI: battery: Fix missing NUL-termination with large strings
    - crypto: ccp - Failure on re-initialization due to duplicate sysfs filename
    - crypto: essiv - Handle EBUSY correctly
    - crypto: seqiv - Handle EBUSY correctly
    - powercap: fix possible name leak in powercap_register_zone()
    - x86/microcode: Print previous version of microcode after reload
    - x86/microcode: Add a parameter to microcode_check() to store CPU
      capabilities
    - x86/microcode: Check CPU capabilities after late microcode update correctly
    - x86/microcode: Adjust late loading result reporting message
    - crypto: xts - Handle EBUSY correctly
    - leds: led-class: Add missing put_device() to led_put()
    - crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware
    - bpftool: profile online CPUs instead of possible
    - net/mlx5: Enhance debug print in page allocation failure
    - irqchip: Fix refcount leak in platform_irqchip_probe
    - irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains
    - irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe
    - irqchip/ti-sci: Fix refcount leak in ti_sci_intr_irq_domain_probe
    - s390/mem_detect: fix detect_memory() error handling
    - s390/vmem: fix empty page tables cleanup under KASAN
    - net: add sock_init_data_uid()
    - tun: tun_chr_open(): correctly initialize socket uid
    - tap: tap_open(): correctly initialize socket uid
    - OPP: fix error checking in opp_migrate_dentry()
    - Bluetooth: L2CAP: Fix potential user-after-free
    - Bluetooth: hci_qca: get wakeup status from serdev device handle
    - s390/ap: fix status returned by ap_aqic()
    - s390/ap: fix status returned by ap_qact()
    - libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
    - rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
    - crypto: rsa-pkcs1pad - Use akcipher_request_complete
    - m68k: /proc/hardware should depend on PROC_FS
    - RISC-V: time: initialize hrtimer based broadcast clock event device
    - wifi: iwl3945: Add missing check for create_singlethread_workqueue
    - wifi: iwl4965: Add missing check for create_singlethread_workqueue()
    - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
    - selftests/bpf: Fix out-of-srctree build
    - ACPI: resource: Add IRQ overrides for MAINGEAR Vector Pro 2 models
    - ACPI: resource: Do IRQ override on all TongFang GMxRGxx
    - crypto: crypto4xx - Call dma_unmap_page when done
    - wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
    - thermal/drivers/hisi: Drop second sensor hi3660
    - can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a
      bus error
    - bpf: Fix global subprog context argument resolution logic
    - irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts
    - irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts
    - selftests/net: Interpret UDP_GRO cmsg data as an int value
    - l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register()
    - net: bcmgenet: fix MoCA LED control
    - sefltests: netdevsim: wait for devlink instance after netns removal
    - drm: Fix potential null-ptr-deref due to drmm_mode_config_init()
    - drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats
    - drm/bridge: ti-sn65dsi83: Fix delay after reset deassert to match spec
    - [Config] updateconfigs for DRM_MXSFB
    - drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
    - drm/bridge: megachips: Fix error handling in i2c_register_driver()
    - drm/vkms: Fix memory leak in vkms_init()
    - drm/vkms: Fix null-ptr-deref in vkms_release()
    - drm/vc4: dpi: Add option for inverting pixel clock and output enable
    - drm/vc4: dpi: Fix format mapping for RGB565
    - drm: tidss: Fix pixel format definition
    - gpu: ipu-v3: common: Add of_node_put() for reference returned by
      of_graph_get_port_by_id()
    - hwmon: (ftsteutates) Fix scaling of measurements
    - drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
    - pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins
    - pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain
    - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
    - drm/vc4: hvs: Set AXI panic modes
    - drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5
    - drm/vc4: hdmi: Correct interlaced timings again
    - drm/msm: clean event_thread->worker in case of an error
    - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription
    - scsi: qla2xxx: Fix exchange oversubscription
    - scsi: qla2xxx: Fix exchange oversubscription for management commands
    - ASoC: fsl_sai: initialize is_dsp_mode flag
    - drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()
    - ALSA: hda/ca0132: minor fix for allocation size
    - drm/msm/gem: Add check for kmalloc
    - drm/msm/dpu: Disallow unallocated resources to be returned
    - drm/bridge: lt9611: fix sleep mode setup
    - drm/bridge: lt9611: fix HPD reenablement
    - drm/bridge: lt9611: fix polarity programming
    - drm/bridge: lt9611: fix programming of video modes
    - drm/bridge: lt9611: fix clock calculation
    - drm/bridge: lt9611: pass a pointer to the of node
    - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
    - drm: exynos: dsi: Fix MIPI_DSI*_NO_* mode flags
    - drm/msm/dsi: Allow 2 CTRLs on v2.5.0
    - drm/msm: use strscpy instead of strncpy
    - drm/msm/dpu: Add check for cstate
    - drm/msm/dpu: Add check for pstates
    - drm/msm/mdp5: Add check for kzalloc
    - pinctrl: bcm2835: Remove of_node_put() in bcm2835_of_gpio_ranges_fallback()
    - pinctrl: mediatek: Initialize variable pullen and pullup to zero
    - pinctrl: mediatek: Initialize variable *buf to zero
    - gpu: host1x: Don't skip assigning syncpoints to channels
    - drm/tegra: firewall: Check for is_addr_reg existence in IMM check
    - drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update()
    - drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd
    - drm/mediatek: Use NULL instead of 0 for NULL pointer
    - drm/mediatek: Drop unbalanced obj unref
    - drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc
    - drm/mediatek: Clean dangling pointer on bind error path
    - ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress()
    - gpio: vf610: connect GPIO label to dev name
    - spi: dw_bt1: fix MUX_MMIO dependencies
    - ASoC: mchp-spdifrx: fix controls which rely on rsr register
    - ASoC: mchp-spdifrx: fix return value in case completion times out
    - ASoC: mchp-spdifrx: fix controls that works with completion mechanism
    - ASoC: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove()
    - ASoC: rsnd: fixup #endif position
    - ASoC: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params()
    - ASoC: dt-bindings: meson: fix gx-card codec node regex
    - hwmon: (ltc2945) Handle error case in ltc2945_value_store
    - drm/amdgpu: fix enum odm_combine_mode mismatch
    - scsi: mpt3sas: Fix a memory leak
    - scsi: aic94xx: Add missing check for dma_map_single()
    - HID: multitouch: Add quirks for flipped axes
    - HID: retain initial quirks set up when creating HID devices
    - ASoC: codecs: lpass: fix incorrect mclk rate
    - spi: bcm63xx-hsspi: Fix multi-bit mode setting
    - hwmon: (mlxreg-fan) Return zero speed for broken fan
    - ASoC: tlv320adcx140: fix 'ti,gpio-config' DT property init
    - dm: remove flush_scheduled_work() during local_exit()
    - nfs4trace: fix state manager flag printing
    - NFS: fix disabling of swap
    - spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one()
    - ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not declared
    - HID: bigben: use spinlock to protect concurrent accesses
    - HID: bigben_worker() remove unneeded check on report_field
    - HID: bigben: use spinlock to safely schedule workers
    - hid: bigben_probe(): validate report count
    - drm/shmem-helper: Fix locking for drm_gem_shmem_get_pages_sgt()
    - nfsd: fix race to check ls_layouts
    - cifs: Fix lost destroy smbd connection when MR allocate failed
    - cifs: Fix warning and UAF when destroy the MR list
    - gfs2: jdata writepage fix
    - perf llvm: Fix inadvertent file creation
    - leds: led-core: Fix refcount leak in of_led_get()
    - perf inject: Use perf_data__read() for auxtrace
    - perf intel-pt: Do not try to queue auxtrace data on pipe
    - perf tools: Fix auto-complete on aarch64
    - sparc: allow PM configs for sparc32 COMPILE_TEST
    - printf: fix errname.c list
    - objtool: add UACCESS exceptions for __tsan_volatile_read/write
    - mfd: cs5535: Don't build on UML
    - mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()
    - dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0
    - [Config] updateconfigs for HISI_DMA
    - dmaengine: HISI_DMA should depend on ARCH_HISI
    - iio: light: tsl2563: Do not hardcode interrupt trigger type
    - usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe()
    - i2c: designware: fix i2c_dw_clk_rate() return size to be u32
    - soundwire: cadence: Don't overflow the command FIFOs
    - driver core: fix potential null-ptr-deref in device_add()
    - kobject: modify kobject_get_path() to take a const *
    - kobject: Fix slab-out-of-bounds in fill_kobj_path()
    - alpha/boot/tools/objstrip: fix the check for ELF header
    - media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible()
    - coresight: etm4x: Fix accesses to TRCSEQRSTEVR and TRCSEQSTR
    - coresight: cti: Prevent negative values of enable count
    - coresight: cti: Add PM runtime call in enable_store
    - ACPI: resource: Add helper function acpi_dev_get_memory_resources()
    - usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources()
    - usb: typec: intel_pmc_mux: Don't leak the ACPI device reference count
    - PCI/IOV: Enlarge virtfn sysfs name buffer
    - PCI: switchtec: Return -EFAULT for copy_to_user() errors
    - tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown()
    - tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown()
    - serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init()
    - Revert "char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in
      set_protocol"
    - eeprom: idt_89hpesx: Fix error handling in idt_init()
    - applicom: Fix PCI device refcount leak in applicom_init()
    - firmware: stratix10-svc: add missing gen_pool_destroy() in
      stratix10_svc_drv_probe()
    - VMCI: check context->notify_page after call to get_user_pages_fast() to
      avoid GPF
    - misc/mei/hdcp: Use correct macros to initialize uuid_le
    - driver core: fix resource leak in device_add()
    - drivers: base: transport_class: fix possible memory leak
    - drivers: base: transport_class: fix resource leak when
      transport_add_device() fails
    - firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle
    - fotg210-udc: Add missing completion handler
    - dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers
    - usb: early: xhci-dbc: Fix a potential out-of-bound memory access
    - tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case
    - RDMA/cxgb4: add null-ptr-check after ip_dev_find()
    - usb: musb: mediatek: don't unregister something that wasn't registered
    - usb: gadget: configfs: Restrict symlink creation is UDC already binded
    - iommu/vt-d: Set No Execute Enable bit in PASID table entry
    - power: supply: remove faulty cooling logic
    - RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish()
    - usb: max-3421: Fix setting of I/O pins
    - RDMA/irdma: Cap MSIX used to online CPUs + 1
    - serial: fsl_lpuart: fix RS485 RTS polariy inverse issue
    - tty: serial: imx: Handle RS485 DE signal active high
    - tty: serial: imx: disable Ageing Timer interrupt request irq
    - dmaengine: dw-edma: Fix readq_ch() return value truncation
    - phy: rockchip-typec: fix tcphy_get_mode error case
    - iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry()
    - iommu: Fix error unwind in iommu_group_alloc()
    - dmaengine: sf-pdma: pdma_desc memory leak fix
    - dmaengine: dw-axi-dmac: Do not dereference NULL structure
    - iommu/vt-d: Fix error handling in sva enable/disable paths
    - iommu/vt-d: Allow to use flush-queue when first level is default
    - IB/hfi1: Fix math bugs in hfi1_can_pin_pages()
    - IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
    - remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers
    - media: ti: cal: fix possible memory leak in cal_ctx_create()
    - media: platform: ti: Add missing check for devm_regulator_get
    - powerpc: Remove linker flag from KBUILD_AFLAGS
    - s390/vdso: Drop '-shared' from KBUILD_CFLAGS_64
    - builddeb: clean generated package content
    - media: max9286: Fix memleak in max9286_v4l2_register()
    - media: ov2740: Fix memleak in ov2740_init_controls()
    - media: ov5675: Fix memleak in ov5675_init_controls()
    - media: i2c: ov772x: Fix memleak in ov772x_probe()
    - media: i2c: imx219: Split common registers from mode tables
    - media: i2c: imx219: Fix binning for RAW8 capture
    - media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data
    - media: v4l2-jpeg: ignore the unknown APP14 marker
    - media: imx-jpeg: Apply clk_bulk api instead of operating specific clk
    - media: i2c: ov7670: 0 instead of -EINVAL was returned
    - media: usb: siano: Fix use after free bugs caused by do_submit_urb
    - media: saa7134: Use video_unregister_device for radio_dev
    - rpmsg: glink: Avoid infinite loop on intent for missing channel
    - udf: Define EFSCORRUPTED error code
    - ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy
    - blk-iocost: fix divide by 0 error in calc_lcoefs()
    - trace/blktrace: fix memory leak with using debugfs_lookup()
    - wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
    - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()
    - rcu: Make RCU_LOCKDEP_WARN() avoid early lockdep checks
    - rcu: Suppress smp_processor_id() complaint in
      synchronize_rcu_expedited_wait()
    - rcu-tasks: Make rude RCU-Tasks work well with CPU hotplug
    - wifi: ath11k: debugfs: fix to work with multiple PCI devices
    - thermal: intel: Fix unsigned comparison with less than zero
    - timers: Prevent union confusion from unexpected restart_syscall()
    - x86/bugs: Reset speculation control settings on init
    - wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-
      of-bounds
    - wifi: mt7601u: fix an integer underflow
    - inet: fix fast path in __inet_hash_connect()
    - ice: restrict PTP HW clock freq adjustments to 100, 000, 000 PPB
    - ice: add missing checks for PF vsi type
    - ACPI: Don't build ACPICA with '-Os'
    - thermal: intel: intel_pch: Add support for Wellsburg PCH
    - clocksource: Suspend the watchdog temporarily when high read latency
      detected
    - crypto: hisilicon: Wipe entire pool on error
    - net: bcmgenet: Add a check for oversized packets
    - m68k: Check syscall_trace_enter() return code
    - netfilter: nf_tables: NULL pointer dereference in nf_tables_updobj()
    - tools/power/x86/intel-speed-select: Add Emerald Rapid quirk
    - wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup
    - ACPI: video: Fix Lenovo Ideapad Z570 DMI match
    - net/mlx5: fw_tracer: Fix debug print
    - coda: Avoid partial allocation of sig_inputArgs
    - uaccess: Add minimum bounds check on kernel buffer size
    - s390/idle: mark arch_cpu_idle() noinstr
    - time/debug: Fix memory leak with using debugfs_lookup()
    - PM: domains: fix memory leak with using debugfs_lookup()
    - PM: EM: fix memory leak with using debugfs_lookup()
    - Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE
    - hv_netvsc: Check status in SEND_RNDIS_PKT completion message
    - scm: add user copy checks to put_cmsg()
    - drm/amd/display: Revert Reduce delay when sink device not able to ACK 00340h
      write
    - drm/amd/display: Fix potential null-deref in dm_resume
    - drm/omap: dsi: Fix excessive stack usage
    - HID: Add Mapping for System Microphone Mute
    - drm/tiny: ili9486: Do not assume 8-bit only SPI controllers
    - drm/radeon: free iio for atombios when driver shutdown
    - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write
    - Revert "fbcon: don't lose the console font across generic->chip driver
      switch"
    - drm: amd: display: Fix memory leakage
    - drm/msm/dsi: Add missing check for alloc_ordered_workqueue
    - docs/scripts/gdb: add necessary make scripts_gdb step
    - ASoC: soc-compress: Reposition and add pcm_mutex
    - ASoC: kirkwood: Iterate over array indexes instead of using pointer math
    - regulator: max77802: Bounds check regulator id against opmode
    - regulator: s5m8767: Bounds check id indexing into arrays
    - gfs2: Improve gfs2_make_fs_rw error handling
    - hwmon: (coretemp) Simplify platform device handling
    - pinctrl: at91: use devm_kasprintf() to avoid potential leaks
    - scsi: snic: Fix memory leak with using debugfs_lookup()
    - HID: logitech-hidpp: Don't restart communication if not necessary
    - drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5
    - dm thin: add cond_resched() to various workqueue loops
    - dm cache: add cond_resched() to various workqueue loops
    - nfsd: zero out pointers after putting nfsd_files on COPY setup error
    - drm/shmem-helper: Revert accidental non-GPL export
    - wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
    - firmware: coreboot: framebuffer: Ignore reserved pixel color bits
    - block: don't allow multiple bios for IOCB_NOWAIT issue
    - rtc: pm8xxx: fix set-alarm race
    - ipmi:ssif: resend_msg() cannot fail
    - ipmi_ssif: Rename idle state and check
    - s390/extmem: return correct segment type in __segment_load()
    - s390: discard .interp section
    - s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler
    - s390/kprobes: fix current_kprobe never cleared after kprobes reenter
    - cifs: Fix uninitialized memory read in smb3_qfs_tcon()
    - btrfs: hold block group refcount during async discard
    - locking/rwsem: Prevent non-first waiter from spinning in down_write()
      slowpath
    - ksmbd: fix wrong data area length for smb2 lock request
    - ksmbd: do not allow the actual frame length to be smaller than the rfc1002
      length
    - ARM: dts: exynos: correct HDMI phy compatible in Exynos4
    - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
    - fs: hfsplus: fix UAF issue in hfsplus_put_super
    - exfat: fix reporting fs error when reading dir beyond EOF
    - exfat: fix unexpected EOF while reading dir
    - exfat: redefine DIR_DELETED as the bad cluster number
    - exfat: fix inode->i_blocks for non-512 byte sector size device
    - fs: dlm: don't set stop rx flag after node reset
    - fs: dlm: move sending fin message into state change handling
    - fs: dlm: send FIN ack back in right cases
    - f2fs: fix information leak in f2fs_move_inline_dirents()
    - f2fs: fix cgroup writeback accounting with fs-layer encryption
    - ocfs2: fix defrag path triggering jbd2 ASSERT
    - ocfs2: fix non-auto defrag path not working issue
    - selftests/landlock: Skip overlayfs tests when not supported
    - selftests/landlock: Test ptrace as much as possible with Yama
    - udf: Truncate added extents on failed expansion
    - udf: Do not bother merging very long extents
    - udf: Do not update file length for failed writes to inline files
    - udf: Preserve link count of system files
    - udf: Detect system inodes linked into directory hierarchy
    - udf: Fix file corruption when appending just after end of preallocated
      extent
    - RDMA/siw: Fix user page pinning accounting
    - KVM: Destroy target device if coalesced MMIO unregistration fails
    - KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI
    - KVM: SVM: Fix potential overflow in SEV's send|receive_update_data()
    - KVM: SVM: hyper-v: placate modpost section mismatch error
    - KVM: s390: disable migration mode when dirty tracking is disabled
    - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows)
    - x86/crash: Disable virt in core NMI crash handler to avoid double shootdown
    - x86/reboot: Disable virtualization in an emergency if SVM is supported
    - x86/reboot: Disable SVM, not just VMX, when stopping CPUs
    - x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
    - x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe
      range
    - x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
    - x86/microcode/AMD: Add a @cpu parameter to the reloading functions
    - x86/microcode/AMD: Fix mixed steppings support
    - x86/speculation: Allow enabling STIBP with legacy IBRS
    - Documentation/hw-vuln: Document the interaction between IBRS and STIBP
    - brd: return 0/-error from brd_insert_page()
    - ima: Align ima_file_mmap() parameters with mmap_file LSM hook
    - irqdomain: Fix association race
    - irqdomain: Fix disassociation race
    - irqdomain: Look for existing mapping only once
    - irqdomain: Drop bogus fwspec-mapping error handling
    - irqdomain: Fix domain registration race
    - crypto: qat - fix out-of-bounds read
    - io_uring: handle TIF_NOTIFY_RESUME when checking for task_work
    - io_uring: mark task TASK_RUNNING before handling resume/task work
    - io_uring: add a conditional reschedule to the IOPOLL cancelation loop
    - io_uring/rsrc: disallow multi-source reg buffers
    - io_uring: remove MSG_NOSIGNAL from recvmsg
    - io_uring/poll: allow some retries for poll triggering spuriously
    - ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls()
    - ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC
    - jbd2: fix data missing when reusing bh which is ready to be checkpointed
    - ext4: optimize ea_inode block expansion
    - ext4: refuse to create ea block when umounted
    - mtd: spi-nor: sfdp: Fix index value for SCCR dwords
    - mtd: spi-nor: spansion: Consider reserved bits in CFR5 register
    - mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type
    - dm: send just one event on resize, not two
    - dm: add cond_resched() to dm_wq_work()
    - wifi: rtl8xxxu: Use a longer retry limit of 48
    - wifi: ath11k: allow system suspend to survive ath11k
    - wifi: cfg80211: Fix use after free for wext
    - qede: fix interrupt coalescing configuration
    - thermal: intel: powerclamp: Fix cur_state for multi package system
    - dm flakey: fix logic when corrupting a bio
    - dm flakey: don't corrupt the zero page
    - dm flakey: fix a bug with 32-bit highmem systems
    - ARM: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node
    - ARM: dts: exynos: correct TMU phandle in Exynos4210
    - ARM: dts: exynos: correct TMU phandle in Exynos4
    - ARM: dts: exynos: correct TMU phandle in Odroid XU3 family
    - ARM: dts: exynos: correct TMU phandle in Exynos5250
    - ARM: dts: exynos: correct TMU phandle in Odroid XU
    - ARM: dts: exynos: correct TMU phandle in Odroid HC1
    - fuse: add inode/permission checks to fileattr_get/fileattr_set
    - rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
    - ceph: update the time stamps and try to drop the suid/sgid
    - alpha: fix FEN fault handling
    - dax/kmem: Fix leak of memory-hotplug resources
    - mips: fix syscall_get_nr
    - media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
    - remoteproc/mtk_scp: Move clk ops outside send_lock
    - docs: gdbmacros: print newest record
    - mm: memcontrol: deprecate charge moving
    - mm/thp: check and bail out if page in deferred queue already
    - ktest.pl: Give back console on Ctrt^C on monitor
    - ktest.pl: Fix missing "end_monitor" when machine check fails
    - ktest.pl: Add RUN_TIMEOUT option with default unlimited
    - ring-buffer: Handle race between rb_move_tail and rb_check_pages
    - tools/bootconfig: fix single & used for logical condition
    - scsi: qla2xxx: Fix link failure in NPIV environment
    - scsi: qla2xxx: Check if port is online before sending ELS
    - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
    - scsi: qla2xxx: Remove unintended flag clearing
    - scsi: qla2xxx: Fix erroneous link down
    - scsi: qla2xxx: Remove increment of interface err cnt
    - scsi: ses: Don't attach if enclosure has no components
    - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
    - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
    - scsi: ses: Fix possible desc_ptr out-of-bounds accesses
    - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
    - RISC-V: add a spin_shadow_stack declaration
    - riscv: mm: fix regression due to update_mmu_cache change
    - riscv: jump_label: Fixup unaligned arch_static_branch function
    - riscv, mm: Perform BPF exhandler fixup on page fault
    - riscv: ftrace: Remove wasted nops for !RISCV_ISA_C
    - riscv: ftrace: Reduce the detour code size to half
    - MIPS: DTS: CI20: fix otg power gpio
    - PCI/PM: Observe reset delay irrespective of bridge_d3
    - PCI: hotplug: Allow marking devices as disconnected during bind/unbind
    - PCI: Avoid FLR for AMD FCH AHCI adapters
    - iommu/vt-d: Avoid superfluous IOTLB tracking in lazy mode
    - vfio/type1: prevent underflow of locked_vm via exec()
    - vfio/type1: track locked_vm per dma
    - vfio/type1: restore locked_vm
    - drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv
    - drm/radeon: Fix eDP for single-display iMac11,2
    - drm/edid: fix AVI infoframe aspect ratio handling
    - qede: avoid uninitialized entries in coal_entry array
    - arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY
    - wifi: ath9k: use proper statements in conditionals
    - kbuild: Port silent mode detection to future gnu make.
    - arm64: dts: qcom: sm6350: Fix up the ramoops node
    - arm64: dts: mediatek: mt8192: Fix systimer 13 MHz clock description
    - arm64: dts: mediatek: mt8195: Fix systimer 13 MHz clock description
    - x86/acpi/boot: Do not register processors that cannot be onlined for x2APIC
    - arm64: dts: meson-gxl: jethub-j80: Fix WiFi MAC address node
    - arm64: dts: meson-gxl: jethub-j80: Fix Bluetooth MAC node name
    - arm64: tegra: Fix duplicate regulator on Jetson TX1
    - arm64: dts: mediatek: mt8192: Mark scp_adsp clock as broken
    - arm64: dts: meson: radxa-zero: allow usb otg mode
    - arm64: dts: mt8195: Fix CPU map for single-cluster SoC
    - arm64: dts: mediatek: mt7986: Fix watchdog compatible
    - ARM: dts: stm32: Update part number NVMEM description on stm32mp131
    - blk-mq: wait on correct sbitmap_queue in blk_mq_mark_tag_wait
    - blk-mq: Fix potential io hung for shared sbitmap per tagset
    - arm64: dts: qcom: sm8350: drop incorrect cells from serial
    - arm64: dts: qcom: msm8953: correct TLMM gpio-ranges
    - block: Fix io statistics for cgroup in throttle path
    - wifi: mt76: mt7915: add missing of_node_put()
    - wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host
    - wifi: mt76: mt7915: check return value before accessing free_block_num
    - wifi: mt76: mt7915: drop always true condition of __mt7915_reg_addr()
    - wifi: mt76: mt7915: fix unintended sign extension of mt7915_hw_queue_read()
    - wifi: rtw89: 8852c: rfk: correct DACK setting
    - wifi: rtw89: 8852c: rfk: correct DPK settings
    - wifi: wilc1000: add missing unregister_netdev() in wilc_netdev_ifc_init()
    - libbpf: Fix invalid return address register in s390
    - kselftest/arm64: Fix syscall-abi for systems without 128 bit SME
    - workqueue: Protects wq_unbound_cpumask with wq_pool_attach_mutex
    - s390/early: fix sclp_early_sccb variable lifetime
    - s390/vfio-ap: fix an error handling path in vfio_ap_mdev_probe_queue()
    - x86/signal: Fix the value returned by strict_sas_size()
    - wifi: rtw89: fix potential leak in rtw89_append_probe_req_ie()
    - wifi: rtw89: Add missing check for alloc_workqueue
    - s390/bpf: Add expoline to tail calls
    - wifi: iwlwifi: mei: fix compilation errors in rfkill()
    - kselftest/arm64: Fix enumeration of systems without 128 bit SME
    - can: rcar_canfd: Fix R-Car V3U GAFLCFG field accesses
    - wifi: mt76: mt7915: call mt7915_mcu_set_thermal_throttling() only after
      init_work
    - wifi: mt76: mt7915: fix memory leak in mt7915_mcu_exit
    - wifi: mt76: add memory barrier to SDIO queue kick
    - cpufreq: davinci: Fix clk use after free
    - net: ipa: generic command param fix
    - crypto: octeontx2 - Fix objects shared between several modules
    - tools/lib/thermal: Fix thermal_sampling_exit()
    - selftests/bpf: Fix map_kptr test.
    - net/smc: fix potential panic dues to unprotected smc_llc_srv_add_link()
    - net: lan966x: Fix possible deadlock inside PTP
    - net/mlx4_en: Introduce flexible array to silence overflow warning
    - drm/msm/dpu: check for null return of devm_kzalloc() in dpu_writeback_init()
    - drm/vc4: hvs: SCALER_DISPBKGND_AUTOHS is only valid on HVS4
    - scsi: qla2xxx: edif: Fix clang warning
    - scsi: ufs: exynos: Fix DMA alignment for PAGE_SIZE != 4096
    - habanalabs: bugs fixes in timestamps buff alloc
    - dt-bindings: display: mediatek: Fix the fallback for mediatek,mt8186-disp-
      ccorr
    - ASoC: topology: Properly access value coming from topology file
    - regmap: apply reg_base and reg_downshift for single register ops
    - hwmon: (asus-ec-sensors) add missing mutex path
    - [Config] updateconfigs for SND_HDA_CTL_DEV_ID
    - ALSA: hda: Fix the control element identification for multiple codecs
    - ASoC: qcom: q6apm-lpass-dai: unprepare stream if its already prepared
    - ASoC: qcom: q6apm-dai: fix race condition while updating the position
      pointer
    - ASoC: qcom: q6apm-dai: Add SNDRV_PCM_INFO_BATCH flag
    - nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open
    - NFSD: copy the whole verifier in nfsd_copy_write_verifier
    - cifs: use tcon allocation functions even for dummy tcon
    - tools/tracing/rtla: osnoise_hist: use total duration for average calculation
    - perf test bpf: Skip test if kernel-debuginfo is not present
    - perf record: Fix segfault with --overwrite and --max-size
    - RDMA/hns: Fix refcount leak in hns_roce_mmap
    - mei: pxp: Use correct macros to initialize uuid_le
    - misc: fastrpc: Fix an error handling path in fastrpc_rpmsg_probe()
    - driver core: location: Free struct acpi_pld_info *pld before return false
    - PCI: mt7621: Delay phy ports initialization
    - driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links
    - mtd: mtdpart: Don't create platform device that'll never probe
    - usb: host: fsl-mph-dr-of: reuse device_set_of_node_from_dev
    - PCI: Fix dropping valid root bus resources with .end = zero
    - dmaengine: ptdma: check for null desc before calling pt_cmd_callback
    - RDMA/rxe: Fix missing memory barriers in rxe_queue.h
    - media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in
      imx7_csi_init()
    - media: camss: csiphy-3ph: avoid undefined behavior
    - media: drivers/media/v4l2-core/v4l2-h264 : add detection of null pointers
    - rpmsg: glink: Release driver_override
    - block: clear bio->bi_bdev when putting a bio back in the cache
    - block: be a bit more careful in checking for NULL bdev while polling
    - ipmi: ipmb: Fix the MODULE_PARM_DESC associated to 'retry_time_ms'
    - io_uring: Replace 0-length array with flexible array
    - io_uring: fix fget leak when fs don't support nowait buffered read
    - scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization
    - scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()
    - scsi: mpi3mr: Remove unnecessary memcpy() to alltgt_info->dmi
    - ksmbd: fix possible memory leak in smb2_lock()
    - f2fs: fix kernel crash due to null io->bio
    - KVM: VMX: Fix crash due to uninitialized current_vmcs
    - KVM: x86: Purge "highest ISR" cache when updating APICv state
    - KVM: x86: Don't inhibit APICv/AVIC on xAPIC ID "change" if APIC is disabled
    - KVM: x86: Don't inhibit APICv/AVIC if xAPIC ID mismatch is due to 32-bit ID
    - KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target
    - virt/sev-guest: Return -EIO if certificate buffer is not large enough
    - ima: fix error handling logic when file measurement failed
    - irqdomain: Refactor __irq_domain_alloc_irqs()
    - irqdomain: Fix mapping-creation race
    - mm/damon/paddr: fix missing folio_put()
    - cxl/pmem: Fix nvdimm registration races
    - cpuidle: add ARCH_SUSPEND_POSSIBLE dependencies
    - hwmon: (peci/cputemp) Fix off-by-one in coretemp_label allocation
    - hwmon: (nct6775) Fix incorrect parenthesization in nct6775_write_fan_div()
    - ARM: dts: qcom: sdx65: Add Qcom SMMU-500 as the fallback for IOMMU node
    - [Config] updateconfigs for HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON
    - arm64: mm: hugetlb: Disable HUGETLB_PAGE_OPTIMIZE_VMEMMAP
    - panic: fix the panic_print NMI backtrace setting
    - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list
    - scsi: aacraid: Allocate cmd_priv with scsicmd
    - riscv: Avoid enabling interrupts in die()
    - PCI: Unify delay handling for reset and resume
    - bus: mhi: ep: Only send -ENOTCONN status if client driver is available
    - bus: mhi: ep: Move chan->lock to the start of processing queued ch ring
    - bus: mhi: ep: Save channel state locally during suspend and resume
    - iommu/vt-d: Fix PASID directory pointer coherency
    - vfio/type1: exclude mdevs from VFIO_UPDATE_VADDR
    - drm/i915: Don't use stolen memory for ring buffers with LLC
    - drm/i915: Don't use BAR mappings for ring buffers with LLC

* CVE-2022-4269
    - act_mirred: use the backlog for nested calls to mirred ingress
    - net/sched: act_mirred: better wording on protection against excessive stack
      growth

* CVE-2023-30456
    - KVM: nVMX: add missing consistency checks for CR0 and CR4

* CVE-2023-1859
    - 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race
      condition

* CVE-2023-1670
    - xirc2ps_cs: Fix use after free bug in xirc2ps_detach

* Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

-- Roxana Nicolescu <roxana.nicolescu@canonical.com>  Wed, 07 Jun 2023 10:19:43 +0200

Changed in linux (Ubuntu Kinetic):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package