Ubuntu
linux package

Focal update: v5.4.240 upstream stable release

Bug #2023601 reported by Luke Nowakowski-Krijger on 2023-06-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Focal	Fix Released	Medium	Luke Nowakowski-Krijger

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

v5.4.240 upstream stable patchset
from git://git.kernel.org/

net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition
iavf: fix inverted Rx hash condition leading to disabled hash
iavf: fix non-tunneled IPv6 UDP packet type and hashing
intel/igbvf: free irq on the error path in igbvf_request_msix()
igbvf: Regard vf reset nack as success
i2c: imx-lpi2c: check only for enabled interrupt flags
scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
net: usb: smsc95xx: Limit packet length to skb->len
qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
net: qcom/emac: Fix use after free bug in emac_remove due to race condition
net/ps3_gelic_net: Fix RX sk_buff length
net/ps3_gelic_net: Use dma_mapping_error
keys: Do not cache key in task struct if key is requested from kernel thread
bpf: Adjust insufficient default bpf_jit_limit
net/mlx5: Read the TC mapping of all priorities on ETS query
atm: idt77252: fix kmemleak when rmmod idt77252
erspan: do not use skb_mac_header() in ndo_start_xmit()
net/sonic: use dma_mapping_error() for error check
nvme-tcp: fix nvme_tcp_term_pdu to match spec
hvc/xen: prevent concurrent accesses to the shared ring
net: mdio: thunder: Add missing fwnode_handle_put()
Bluetooth: btqcomsmd: Fix command timeout after setting BD address
platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs
scsi: qla2xxx: Perform lockless command completion in abort path
uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
thunderbolt: Use const qualifier for `ring_interrupt_index`
riscv: Bump COMMAND_LINE_SIZE value to 1024
ca8210: fix mac_len negative array access
m68k: Only force 030 bus error if PC not in exception table
selftests/bpf: check that modifier resolves after pointer
scsi: target: iscsi: Fix an error message in iscsi_check_key()
scsi: ufs: core: Add soft dependency on governor_simpleondemand
scsi: lpfc: Avoid usage of list iterator variable after loop
net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
net: usb: qmi_wwan: add Telit 0x1080 composition
sh: sanitize the flags on sigreturn
cifs: empty interface list when server doesn't support query interfaces
scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
usb: gadget: u_audio: don't let userspace block driver unbind
fsverity: Remove WQ_UNBOUND from fsverity read workqueue
igb: revert rtnl_lock() that causes deadlock
dm thin: fix deadlock when swapping to thin device
usb: cdns3: Fix issue with using incorrect PCI device function
usb: chipdea: core: fix return -EINVAL if request role is the same with current role
usb: chipidea: core: fix possible concurrent when switch role
wifi: mac80211: fix qos on mesh interfaces
nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
dm stats: check for and propagate alloc_percpu failure
dm crypt: add cond_resched() to dmcrypt_write()
sched/fair: sanitize vruntime of entity being placed
sched/fair: Sanitize vruntime of entity being migrated
tun: avoid double free in tun_free_netdev
ocfs2: fix data corruption after failed write
fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY
bus: imx-weim: fix branch condition evaluates to a garbage value
md: avoid signed overflow in slot_store()
ALSA: asihpi: check pao in control_message()
ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
fbdev: tgafb: Fix potential divide by zero
sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
fbdev: nvidia: Fix potential divide by zero
fbdev: intelfb: Fix potential divide by zero
fbdev: lxfb: Fix potential divide by zero
fbdev: au1200fb: Fix potential divide by zero
ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx()
dma-mapping: drop the dev argument to arch_sync_dma_for_*
mips: bmips: BCM6358: disable RAC flush for TP1
mtd: rawnand: meson: invalidate cache on polling ECC bit
scsi: megaraid_sas: Fix crash after a double completion
ptp_qoriq: fix memory leak in probe()
regulator: fix spelling mistake "Cant" -> "Can't"
regulator: Handle deferred clk
net/net_failover: fix txq exceeding warning
can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
s390/vfio-ap: fix memory leak in vfio_ap device driver
i40e: fix registers dump after run ethtool adapter self test
bnxt_en: Fix typo in PCI id to device description string mapping
net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only
net: mvneta: make tx buffer array agnostic
pinctrl: ocelot: Fix alt mode for ocelot
Input: alps - fix compatibility with -funsigned-char
Input: focaltech - use explicitly signed char type
cifs: prevent infinite recursion in CIFSGetDFSRefer()
cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table
xen/netback: don't do grant copy across page boundary
pinctrl: at91-pio4: fix domain name assignment
NFSv4: Fix hangs when recovering open state after a server reboot
ALSA: hda/conexant: Partial revert of a quirk for Lenovo
ALSA: usb-audio: Fix regression on detection of Roland VS-100
drm/etnaviv: fix reference leak when mmaping imported buffer
btrfs: scan device in non-exclusive mode
ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
net_sched: add __rcu annotation to netdev->qdisc
net: sched: fix race condition in qdisc_graft()
firmware: arm_scmi: Fix device node validation for mailbox transport
gfs2: Always check inode size of inline inodes
Linux 5.4.240
UBUNTU: Upstream stable to v5.4.240

See original description

Tags:

CVE References

Luke Nowakowski-Krijger (lukenow) on 2023-06-12

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status:	Confirmed → Invalid
Changed in linux (Ubuntu Focal):
status:	New → In Progress
assignee:	nobody → Luke Nowakowski-Krijger (lukenow)
description:	updated
summary:	- Focal update: upstream stable patchset 2023-06-12 + Focal update: v5.4.240 upstream stable release
Changed in linux (Ubuntu Focal):
importance:	Undecided → Medium
description:	updated

Stefan Bader (smb) on 2023-06-15

Changed in linux (Ubuntu Focal):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-08-10:

Download full text (21.8 KiB)

This bug was fixed in the package linux - 5.4.0-156.173

---------------
linux (5.4.0-156.173) focal; urgency=medium

* focal/linux: 5.4.0-156.173 -proposed tracker (LP: #2026585)

* CVE-2023-3390
- netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

This bug was fixed in the package linux - 5.4.0-156.173

---------------
linux (5.4.0-156.173) focal; urgency=medium

* focal/linux: 5.4.0-156.173 -proposed tracker (LP: #2026585)

* CVE-2023-3390
    - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

* Focal update: v5.4.241 upstream stable release (LP: #2023930)
    - scsi: ses: Handle enclosure with just a primary component gracefully
    - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot
    - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
    - treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD()
    - smb3: fix problem with null cifs super block with previous patch
    - pinctrl: amd: Use irqchip template
    - pinctrl: amd: disable and mask interrupts on probe
    - pinctrl: amd: Disable and mask interrupts on resume
    - pwm: cros-ec: Explicitly set .polarity in .get_state()
    - pwm: sprd: Explicitly set .polarity in .get_state()
    - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded
      sta
    - icmp: guard against too small mtu
    - net: don't let netpoll invoke NAPI if in xmit context
    - sctp: check send stream number after wait_for_sndbuf
    - ipv6: Fix an uninit variable access bug in __ip6_make_skb()
    - gpio: davinci: Add irq chip flag to skip set wake
    - sunrpc: only free unix grouplist after RCU settles
    - NFSD: callback request does not use correct credential for AUTH_SYS
    - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu
    - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
    - usb: typec: altmodes/displayport: Fix configure initial pin assignment
    - USB: serial: option: add Telit FE990 compositions
    - USB: serial: option: add Quectel RM500U-CN modem
    - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip
    - iio: dac: cio-dac: Fix max DAC write value check for 12-bit
    - tty: serial: sh-sci: Fix transmit end interrupt handler
    - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
    - tty: serial: fsl_lpuart: avoid checking for transfer complete when
      UARTCTRL_SBK is asserted in lpuart32_tx_empty
    - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
    - nilfs2: fix sysfs interface lifetime
    - ALSA: hda/realtek: Add quirk for Clevo X370SNW
    - perf/core: Fix the same task check in perf_event_set_output
    - ftrace: Mark get_lock_parent_ip() __always_inline
    - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access
    - tracing: Free error logs of tracing instances
    - net_sched: prevent NULL dereference if default qdisc setup failed
    - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path
    - ring-buffer: Fix race while reader and writer are on the same page
    - mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
    - irqdomain: Look for existing mapping only once
    - irqdomain: Refactor __irq_domain_alloc_irqs()
    - irqdomain: Fix mapping-creation race
    - Revert "pinctrl: amd: Disable and mask interrupts on resume"
    - ALSA: emu10k1: fix capture interrupt handler unlinking
    - ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
    - ALSA: i2c/cs8427: fix iec958 mixer control deactivation
    - ALSA: firewire-tascam: add missing unwind goto in
      snd_tscm_stream_start_duplex()
    - ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
    - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
    - Bluetooth: Fix race condition in hidp_session_thread
    - btrfs: print checksum type and implementation at mount time
    - btrfs: fix fast csum implementation detection
    - mtdblock: tolerate corrected bit-flips
    - mtd: rawnand: meson: fix bitmask for length in command word
    - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode
    - niu: Fix missing unwind goto in niu_alloc_channels()
    - qlcnic: check pci_reset_function result
    - sctp: fix a potential overflow in sctp_ifwdtsn_skip
    - RDMA/core: Fix GID entry ref leak when create_ah fails
    - udp6: fix potential access to stale information
    - net: macb: fix a memory corruption in extended buffer descriptor mode
    - power: supply: cros_usbpd: reclassify "default case!" as debug
    - i2c: imx-lpi2c: clean rx/tx buffers upon new message
    - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
    - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F
    - verify_pefile: relax wrapper length check
    - asymmetric_keys: log on fatal failures in PE/pkcs7
    - ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
    - mtd: ubi: wl: Fix a couple of kernel-doc issues
    - ubi: Fix deadlock caused by recursively holding work_sem
    - i2c: ocores: generate stop condition after timeout in polling mode
    - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits
    - coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
    - xfs: show the proper user quota options
    - xfs: remove the kuid/kgid conversion wrappers
    - xfs: add a new xfs_sb_version_has_v3inode helper
    - xfs: only check the superblock version for dinode size calculation
    - xfs: simplify di_flags2 inheritance in xfs_ialloc
    - xfs: simplify a check in xfs_ioctl_setattr_check_cowextsize
    - xfs: remove the di_version field from struct icdinode
    - xfs: set inode size after creating symlink
    - xfs: report corruption only as a regular error
    - xfs: shut down the filesystem if we screw up quota reservation
    - xfs: consider shutdown in bmapbt cursor delete assert
    - xfs: don't reuse busy extents on extent trim
    - xfs: force log and push AIL to clear pinned inodes when aborting mount
    - Linux 5.4.241

* [UBUNTU 20.04] [HPS] Kernel panic with "refcount_t: underflow" in mlx5
    driver (LP: #2019011)
    - net/mlx5: cmdif, Avoid skipping reclaim pages if FW is not accessible
    - net/mlx5: Fix handling of entry refcount when command is not issued to FW

* Disable hv-kvp-daemon if /dev/vmbus/hv_kvp is not present (LP: #2024900)
    - [Packaging] disable hv-kvp-daemon if needed

* CVE-2023-35001
    - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

* CVE-2023-32629
    - ovl: adhere to the vfs_ vs. ovl_do_ conventions for xattrs

* CVE-2023-3141
    - memstick: r592: Fix UAF bug in r592_remove due to race condition

* CVE-2023-3111
    - btrfs: check return value of btrfs_commit_transaction in relocation
    - btrfs: unset reloc control if transaction commit fails in
      prepare_to_relocate()

* CVE-2023-3090
    - ipvlan:Fix out-of-bounds caused by unclear skb->cb

* CVE-2023-1611
    - btrfs: fix race between quota disable and quota assign ioctls

* CVE-2022-0168
    - cifs: move some variables off the stack in smb2_ioctl_query_info
    - cifs: prevent bad output lengths in smb2_ioctl_query_info()
    - cifs: fix NULL ptr dereference in smb2_ioctl_query_info()

* CVE-2022-27672
    - x86/speculation: Identify processors vulnerable to SMT RSB predictions
    - KVM: x86: Mitigate the cross-thread return address predictions bug
    - Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions

* Severe NFS performance degradation after LP #2003053 (LP: #2022098)
    - SAUCE: Make NFS file-access stale cache behaviour opt-in

* Encountering an issue with memcpy_fromio causing failed boot of SEV-enabled
    guest (LP: #2020319)
    - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO

* Focal update: v5.4.240 upstream stable release (LP: #2023601)
    - net: tls: fix possible race condition between do_tls_getsockopt_conf() and
      do_tls_setsockopt_conf()
    - power: supply: da9150: Fix use after free bug in da9150_charger_remove due
      to race condition
    - iavf: fix inverted Rx hash condition leading to disabled hash
    - iavf: fix non-tunneled IPv6 UDP packet type and hashing
    - intel/igbvf: free irq on the error path in igbvf_request_msix()
    - igbvf: Regard vf reset nack as success
    - i2c: imx-lpi2c: check only for enabled interrupt flags
    - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
    - net: usb: smsc95xx: Limit packet length to skb->len
    - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
    - net: qcom/emac: Fix use after free bug in emac_remove due to race condition
    - net/ps3_gelic_net: Fix RX sk_buff length
    - net/ps3_gelic_net: Use dma_mapping_error
    - keys: Do not cache key in task struct if key is requested from kernel thread
    - bpf: Adjust insufficient default bpf_jit_limit
    - net/mlx5: Read the TC mapping of all priorities on ETS query
    - atm: idt77252: fix kmemleak when rmmod idt77252
    - erspan: do not use skb_mac_header() in ndo_start_xmit()
    - net/sonic: use dma_mapping_error() for error check
    - nvme-tcp: fix nvme_tcp_term_pdu to match spec
    - hvc/xen: prevent concurrent accesses to the shared ring
    - net: mdio: thunder: Add missing fwnode_handle_put()
    - Bluetooth: btqcomsmd: Fix command timeout after setting BD address
    - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
    - hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs
    - scsi: qla2xxx: Perform lockless command completion in abort path
    - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
    - thunderbolt: Use const qualifier for `ring_interrupt_index`
    - riscv: Bump COMMAND_LINE_SIZE value to 1024
    - ca8210: fix mac_len negative array access
    - m68k: Only force 030 bus error if PC not in exception table
    - selftests/bpf: check that modifier resolves after pointer
    - scsi: target: iscsi: Fix an error message in iscsi_check_key()
    - scsi: ufs: core: Add soft dependency on governor_simpleondemand
    - scsi: lpfc: Avoid usage of list iterator variable after loop
    - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
    - net: usb: qmi_wwan: add Telit 0x1080 composition
    - sh: sanitize the flags on sigreturn
    - cifs: empty interface list when server doesn't support query interfaces
    - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
    - usb: gadget: u_audio: don't let userspace block driver unbind
    - fsverity: Remove WQ_UNBOUND from fsverity read workqueue
    - igb: revert rtnl_lock() that causes deadlock
    - dm thin: fix deadlock when swapping to thin device
    - usb: cdns3: Fix issue with using incorrect PCI device function
    - usb: chipdea: core: fix return -EINVAL if request role is the same with
      current role
    - usb: chipidea: core: fix possible concurrent when switch role
    - wifi: mac80211: fix qos on mesh interfaces
    - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
    - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
    - dm stats: check for and propagate alloc_percpu failure
    - dm crypt: add cond_resched() to dmcrypt_write()
    - sched/fair: sanitize vruntime of entity being placed
    - sched/fair: Sanitize vruntime of entity being migrated
    - tun: avoid double free in tun_free_netdev
    - ocfs2: fix data corruption after failed write
    - fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY
    - bus: imx-weim: fix branch condition evaluates to a garbage value
    - md: avoid signed overflow in slot_store()
    - ALSA: asihpi: check pao in control_message()
    - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
    - fbdev: tgafb: Fix potential divide by zero
    - sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
    - fbdev: nvidia: Fix potential divide by zero
    - fbdev: intelfb: Fix potential divide by zero
    - fbdev: lxfb: Fix potential divide by zero
    - fbdev: au1200fb: Fix potential divide by zero
    - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx()
    - dma-mapping: drop the dev argument to arch_sync_dma_for_*
    - mips: bmips: BCM6358: disable RAC flush for TP1
    - mtd: rawnand: meson: invalidate cache on polling ECC bit
    - scsi: megaraid_sas: Fix crash after a double completion
    - ptp_qoriq: fix memory leak in probe()
    - regulator: fix spelling mistake "Cant" -> "Can't"
    - regulator: Handle deferred clk
    - net/net_failover: fix txq exceeding warning
    - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
    - s390/vfio-ap: fix memory leak in vfio_ap device driver
    - i40e: fix registers dump after run ethtool adapter self test
    - bnxt_en: Fix typo in PCI id to device description string mapping
    - net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only
    - net: mvneta: make tx buffer array agnostic
    - pinctrl: ocelot: Fix alt mode for ocelot
    - Input: alps - fix compatibility with -funsigned-char
    - Input: focaltech - use explicitly signed char type
    - cifs: prevent infinite recursion in CIFSGetDFSRefer()
    - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
    - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table
    - xen/netback: don't do grant copy across page boundary
    - pinctrl: at91-pio4: fix domain name assignment
    - NFSv4: Fix hangs when recovering open state after a server reboot
    - ALSA: hda/conexant: Partial revert of a quirk for Lenovo
    - ALSA: usb-audio: Fix regression on detection of Roland VS-100
    - drm/etnaviv: fix reference leak when mmaping imported buffer
    - btrfs: scan device in non-exclusive mode
    - ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
    - net_sched: add __rcu annotation to netdev->qdisc
    - net: sched: fix race condition in qdisc_graft()
    - firmware: arm_scmi: Fix device node validation for mailbox transport
    - gfs2: Always check inode size of inline inodes
    - Linux 5.4.240

* Focal update: v5.4.239 upstream stable release (LP: #2023600)
    - Linux 5.4.239

* CVE-2023-2124
    - xfs: verify buffer contents when we skip log replay

* CVE-2020-36691
    - netlink: limit recursion depth in policy validation

* CVE-2022-1184
    - ext4: check if directory block is within i_size
    - ext4: fix check for block being out of directory size

* CVE-2022-4269
    - net: sched: extract qstats update code into functions
    - net: sched: don't expose action qstats to skb_tc_reinsert()
    - net/sched: act_mirred: refactor the handle of xmit
    - net: sched: remove unused tcf_result extension
    - net/sched: act_mirred: better wording on protection against excessive stack
      growth
    - act_mirred: use the backlog for nested calls to mirred ingress

* Focal update: v5.4.238 upstream stable release (LP: #2023427)
    - ext4: fix cgroup writeback accounting with fs-layer encryption
    - xfrm: Allow transport-mode states with AF_UNSPEC selector
    - drm/panfrost: Don't sync rpm suspension after mmu flushing
    - cifs: Move the in_send statistic to __smb_send_rqst()
    - drm/meson: fix 1px pink line on GXM when scaling video overlay
    - clk: HI655X: select REGMAP instead of depending on it
    - docs: Correct missing "d_" prefix for dentry_operations member
      d_weak_revalidate
    - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
    - ALSA: hda - add Intel DG1 PCI and HDMI ids
    - ALSA: hda - controller is in GPU on the DG1
    - ALSA: hda: Add Alderlake-S PCI ID and HDMI codec vid
    - ALSA: hda: Add Intel DG2 PCI ID and HDMI codec vid
    - ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU()
    - netfilter: nft_redir: correct value of inet type `.maxattrs`
    - scsi: core: Fix a comment in function scsi_host_dev_release()
    - scsi: core: Fix a procfs host directory removal regression
    - tcp: tcp_make_synack() can be called from process context
    - nfc: pn533: initialize struct pn533_out_arg properly
    - ipvlan: Make skb->skb_iif track skb->dev for l3s mode
    - i40e: Fix kernel crash during reboot when adapter is in recovery mode
    - qed/qed_dev: guard against a possible division by zero
    - net: tunnels: annotate lockless accesses to dev->needed_headroom
    - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails
    - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
    - net: usb: smsc75xx: Limit packet length to skb->len
    - nvmet: avoid potential UAF in nvmet_req_complete()
    - block: sunvdc: add check for mdesc_grab() returning NULL
    - ipv4: Fix incorrect table ID in IOCTL path
    - net: usb: smsc75xx: Move packet length check to prevent kernel panic in
      skb_pull
    - net/iucv: Fix size of interrupt data
    - ethernet: sun: add check for the mdesc_grab()
    - hwmon: (adt7475) Display smoothing attributes in correct order
    - hwmon: (adt7475) Fix masking of hysteresis registers
    - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race
      condition
    - hwmon: (ina3221) return prober error code
    - media: m5mols: fix off-by-one loop termination error
    - mmc: atmel-mci: fix race between stop command and start of next command
    - jffs2: correct logic when creating a hole in jffs2_write_begin
    - ext4: fail ext4_iget if special inode unallocated
    - ext4: fix task hung in ext4_xattr_delete_inode
    - drm/amdkfd: Fix an illegal memory access
    - sh: intc: Avoid spurious sizeof-pointer-div warning
    - ext4: fix possible double unlock when moving a directory
    - tty: serial: fsl_lpuart: skip waiting for transmission complete when
      UARTCTRL_SBK is asserted
    - interconnect: fix mem leak when freeing nodes
    - tracing: Check field value in hist_field_name()
    - tracing: Make tracepoint lockdep check actually test something
    - ftrace: Fix invalid address access in lookup_rec() when index is 0
    - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
    - x86/mm: Fix use of uninitialized buffer in sme_enable()
    - drm/i915: Don't use stolen memory for ring buffers with LLC
    - serial: 8250_em: Fix UART port type
    - s390/ipl: add missing intersection check to ipl_report handling
    - PCI: Unify delay handling for reset and resume
    - HID: core: Provide new max_buffer_size attribute to over-ride the default
    - HID: uhid: Over-ride the default maximum data buffer value with our own
    - Linux 5.4.238

* Focal update: v5.4.237 upstream stable release (LP: #2023420)
    - fs: prevent out-of-bounds array speculation when closing a file descriptor
    - x86/CPU/AMD: Disable XSAVES on AMD family 0x17
    - drm/connector: print max_requested_bpc in state debugfs
    - ext4: fix RENAME_WHITEOUT handling for inline directories
    - ext4: fix another off-by-one fsmap error on 1k block filesystems
    - ext4: move where set the MAY_INLINE_DATA flag is set
    - ext4: fix WARNING in ext4_update_inline_data
    - ext4: zero i_disksize when initializing the bootloader inode
    - nfc: change order inside nfc_se_io error path
    - iommu/amd: Add PCI segment support for ivrs_[ioapic/hpet/acpihid] commands
    - iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options
    - iommu/amd: Add a length limitation for the ivrs_acpihid command-line
      parameter
    - ipmi:ssif: make ssif_i2c_send() void
    - ipmi:ssif: resend_msg() cannot fail
    - ipmi:ssif: Remove rtc_us_timer
    - ipmi:ssif: Increase the message retry time
    - ipmi:ssif: Add a timer between request retries
    - irqdomain: Change the type of 'size' in __irq_domain_add() to be consistent
    - irqdomain: Fix domain registration race
    - iommu/vt-d: Fix PASID directory pointer coherency
    - SMB3: Backup intent flag missing from some more ops
    - cifs: Fix uninitialized memory read in smb3_qfs_tcon()
    - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
    - ext4: Fix possible corruption when moving a directory
    - drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register
    - nfc: fdp: add null check of devm_kmalloc_array in
      fdp_nci_i2c_read_device_properties
    - ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()
    - selftests: nft_nat: ensuring the listening side is up before starting the
      client
    - net: usb: lan78xx: Remove lots of set but unused 'ret' variables
    - net: lan78xx: fix accessing the LAN7800's internal phy specific registers
      from the MAC driver
    - net: caif: Fix use-after-free in cfusbl_device_notify()
    - bnxt_en: Avoid order-5 memory allocation for TPA data
    - netfilter: tproxy: fix deadlock due to missing BH disable
    - btf: fix resolving BTF_KIND_VAR after ARRAY, STRUCT, UNION, PTR
    - scsi: megaraid_sas: Update max supported LD IDs to 240
    - net/smc: fix fallback failed while sendmsg with fastopen
    - riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode
    - ext4: Fix deadlock during directory rename
    - MIPS: Fix a compilation issue
    - alpha: fix R_ALPHA_LITERAL reloc for large modules
    - macintosh: windfarm: Use unsigned type for 1-bit bitfields
    - PCI: Add SolidRun vendor ID
    - media: ov5640: Fix analogue gain control
    - ipmi/watchdog: replace atomic_add() and atomic_sub()
    - ipmi:watchdog: Set panic count to proper value on a panic
    - drm/i915: Don't use BAR mappings for ring buffers with LLC
    - x86, vmlinux.lds: Add RUNTIME_DISCARD_EXIT to generic DISCARDS
    - arch: fix broken BuildID for arm64 and riscv
    - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT
    - powerpc/vmlinux.lds: Don't discard .rela* for relocatable builds
    - s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36
    - sh: define RUNTIME_DISCARD_EXIT
    - UML: define RUNTIME_DISCARD_EXIT
    - s390/dasd: add missing discipline function
    - Linux 5.4.237

* Focal update: v5.4.236 upstream stable release (LP: #2020390)
    - staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script
    - staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh
    - Linux 5.4.236

* Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper

-- Roxana Nicolescu <roxana.nicolescu@canonical.com>  Mon, 10 Jul 2023 17:38:56 +0200

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package