Lunar update: upstream stable patchset 2023-08-03
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Lunar |
Fix Released
|
Medium
|
Kamal Mostafa |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
upstream stable patchset 2023-08-03
from git://git.
RDMA/bnxt_re: Fix the page_size used during the MR creation
phy: amlogic: phy-meson-
RDMA/efa: Fix unsupported page sizes in device
RDMA/hns: Fix timeout attr in query qp for HIP08
RDMA/hns: Fix base address table allocation
RDMA/hns: Modify the value of long message loopback slice
dmaengine: at_xdmac: fix potential Oops in at_xdmac_
RDMA/bnxt_re: Fix a possible memory leak
RDMA/bnxt_re: Fix return value of bnxt_re_
iommu/rockchip: Fix unwind goto issue
iommu/amd: Don't block updates to GATag if guest mode is on
iommu/amd: Handle GALog overflows
iommu/amd: Fix up merge conflict resolution
nfsd: make a copy of struct iattr before calling notify_change
dmaengine: pl330: rename _start to prevent build error
riscv: Fix unused variable warning when BUILTIN_DTB is set
net/mlx5: Drain health before unregistering devlink
net/mlx5: SF, Drain health before removing device
net/mlx5: fw_tracer, Fix event handling
net/mlx5e: Don't attach netdev profile while handling internal error
net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure
netrom: fix info-leak in nr_write_internal()
af_packet: Fix data-races of pkt_sk(sk)->num.
tls: improve lockless access safety of tls_err_abort()
amd-xgbe: fix the false linkup in xgbe_phy_status
perf ftrace latency: Remove unnecessary "--" from --use-nsec option
mtd: rawnand: ingenic: fix empty stub helper definitions
RDMA/irdma: Prevent QP use after free
RDMA/irdma: Fix Local Invalidate fencing
af_packet: do not use READ_ONCE() in packet_bind()
tcp: deny tcp_disconnect() when threads are waiting
tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
net/smc: Scan from current RMB list when no position specified
net/smc: Don't use RMBs not mapped to new link in SMCRv2 ADD LINK
net/sched: sch_ingress: Only create under TC_H_INGRESS
net/sched: sch_clsact: Only create under TC_H_CLSACT
net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs
net/sched: Prohibit regrafting ingress or clsact Qdiscs
net: sched: fix NULL pointer dereference in mq_attach
net/netlink: fix NETLINK_
udp6: Fix race condition in udp6_sendmsg & connect
nfsd: fix double fget() bug in __write_
nvme: fix the name of Zone Append for verbose logging
net/mlx5e: Fix error handling in mlx5e_refresh_tirs
net/mlx5: Read embedded cpu after init bit cleared
iommu/mediatek: Flush IOTLB completely only if domain has been attached
tcp: fix mishandling when the sack compression is deferred.
net: dsa: mv88e6xxx: Increase wait after reset deactivation
mtd: rawnand: marvell: ensure timing values are written
mtd: rawnand: marvell: don't set the NAND frequency select
rtnetlink: call validate_linkmsg in rtnl_create_link
mptcp: avoid unneeded __mptcp_
mptcp: add annotations around msk->subflow accesses
mptcp: avoid unneeded address copy
mptcp: simplify subflow_
mptcp: consolidate passive msk socket initialization
mptcp: fix data race around msk->first access
mptcp: add annotations around sk->sk_shutdown accesses
drm/amdgpu: release gpu full access after "amdgpu_
watchdog: menz069_wdt: fix watchdog initialisation
ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs.
ASoC: Intel: soc-acpi-cht: Add quirk for Nextbook Ares 8A tablet
drm/amdgpu: Use the default reset when loading or reloading the driver
mailbox: mailbox-test: Fix potential double-free in mbox_test_
btrfs: abort transaction when sibling keys check fails for leaves
ARM: 9295/1: unwind:fix unwind abort for uleb128 case
hwmon: (k10temp) Add PCI ID for family 19, model 78h
media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_
platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield
platform/mellanox: fix potential race in mlxbf-tmfifo driver
gfs2: Don't deref jdesc in evict
drm/amdgpu: set gfx9 onwards APU atomics support to be true
fbdev: imsttfb: Fix use after free bug in imsttfb_probe
fbdev: modedb: Add 1920x1080 at 60 Hz video mode
fbdev: stifb: Fix info entry in sti_struct on error path
nbd: Fix debugfs_create_dir error checking
block/rnbd: replace REQ_OP_FLUSH with REQ_OP_WRITE
nvme-pci: add NVME_QUIRK_
nvme-pci: add quirk for missing secondary temperature thresholds
ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12
ASoC: dwc: limit the number of overrun messages
um: harddog: fix modular build
xfrm: Check if_id in inbound policy/secpath match
ASoC: dt-bindings: Adjust #sound-dai-cells on TI's single-DAI codecs
ALSA: hda/realtek: Add quirks for ASUS GU604V and GU603V
ASoC: ssm2602: Add workaround for playback distortions
media: dvb_demux: fix a bug for the continuity counter
media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer()
media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_
media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer
media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
media: dvb-usb: dw2102: fix uninit-value in su3000_
media: netup_unidvb: fix irq init by register it at the end of probe
media: dvb_ca_en50221: fix a size write bug
media: ttusb-dec: fix memory leak in ttusb_dec_
media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table
media: dvb-core: Fix use-after-free due on race condition at dvb_net
media: dvb-core: Fix use-after-free due to race at dvb_register_
media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
ASoC: SOF: debug: conditionally bump runtime_pm counter on exceptions
ASoC: SOF: pcm: fix pm_runtime imbalance in error handling
ASoC: SOF: sof-client-probes: fix pm_runtime imbalance in error handling
ASoC: SOF: pm: save io region state in case of errors in resume
s390/pkey: zeroize key blobs
s390/topology: honour nr_cpu_ids when adding CPUs
ACPI: resource: Add IRQ override quirk for LG UltraPC 17U70P
wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value
ARM: dts: stm32: add pin map for CAN controller on stm32f7
arm64/mm: mark private VM_FAULT_X defines as vm_fault_t
arm64: vdso: Pass (void *) to virt_to_page()
wifi: mac80211: simplify chanctx allocation
wifi: mac80211: consider reserved chanctx for mindef
wifi: mac80211: recalc chanctx mindef before assigning
wifi: iwlwifi: mvm: Add locking to the rate read flow
scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed
wifi: b43: fix incorrect __packed annotation
net: wwan: t7xx: Ensure init is completed before system sleep
netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT
nvme-multipath: don't call blk_mark_disk_dead in nvme_mpath_
nvme: do not let the user delete a ctrl before a complete initialization
ALSA: oss: avoid missing-prototype warnings
drm/msm: Be more shouty if per-process pgtables aren't working
atm: hide unused procfs functions
ceph: silence smatch warning in reconnect_caps_cb()
drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged
ublk: fix AB-BA lockdep warning
nvme-pci: Add quirk for Teamgroup MP33 SSD
block: Deny writable memory mapping if block is read-only
KVM: arm64: vgic: Fix a circular locking issue
KVM: arm64: vgic: Wrap vgic_its_create() with config_lock
KVM: arm64: vgic: Fix locking comment
media: mediatek: vcodec: Only apply 4K frame sizes on decoder formats
mailbox: mailbox-test: fix a locking issue in mbox_test_
drivers: base: cacheinfo: Fix shared_cpu_map changes in event of CPU hotplug
media: uvcvideo: Don't expose unsupported formats to userspace
iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method
iio: adc: mxs-lradc: fix the order of two cleanup operations
HID: google: add jewel USB id
HID: wacom: avoid integer overflow in wacom_intuos_
iio: imu: inv_icm42600: fix timestamp reset
dt-bindings: iio: adc: renesas,
iio: light: vcnl4035: fixed chip ID check
iio: adc: stm32-adc: skip adc-channels setup if none is present
iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag
iio: dac: mcp4725: Fix i2c_master_send() return value handling
iio: addac: ad74413: fix resistance input processing
iio: adc: ad7192: Change "shorted" channels to differential
iio: adc: stm32-adc: skip adc-diff-channels setup if none is present
iio: dac: build ad5758 driver when AD5758 is selected
net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_
usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM
usb: gadget: f_fs: Add unbind event before functionfs_unbind
md/raid5: fix miscalculation of 'end_sector' in raid5_read_
misc: fastrpc: return -EPIPE to invocations on device removal
misc: fastrpc: reject new invocations during device removal
scsi: stex: Fix gcc 13 warnings
ata: libata-scsi: Use correct device no in ata_find_dev()
drm/amdgpu: enable tmz by default for GC 11.0.1
drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4
drm/amd/pm: reverse mclk and fclk clocks levels for vangogh
drm/amd/pm: resolve reboot exception for si oland
drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5
drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp
drm/amd/pm: reverse mclk and fclk clocks levels for renoir
mmc: vub300: fix invalid response handling
mmc: pwrseq: sd8787: Fix WILC CHIP_EN and RESETN toggling order
tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK
btrfs: fix csum_tree_block page iteration to avoid tripping on -Werror=
phy: qcom-qmp-combo: fix init-count imbalance
phy: qcom-qmp-
block: fix revalidate performance regression
powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall
iommu/amd: Fix domain flush size when syncing iotlb
tpm, tpm_tis: correct tpm_tis_flags enumeration values
riscv: perf: Fix callchain parse error with kernel tracepoint events
io_uring: undeprecate epoll_ctl support
selinux: don't use make's grouped targets feature yet
mtdchar: mark bits of ioctl handler noinline
tracing/timerlat: Always wakeup the timerlat thread
tracing/histograms: Allow variables to have some modifiers
tracing/probe: trace_probe_
selftests: mptcp: connect: skip if MPTCP is not supported
selftests: mptcp: pm nl: skip if MPTCP is not supported
selftests: mptcp: join: skip if MPTCP is not supported
selftests: mptcp: sockopt: skip if MPTCP is not supported
selftests: mptcp: userspace pm: skip if MPTCP is not supported
mptcp: fix connect timeout handling
mptcp: fix active subflow finalization
ext4: add EA_INODE checking to ext4_iget()
ext4: set lockdep subclass for the ea_inode in ext4_xattr_
ext4: disallow ea_inodes with extended attributes
ext4: add lockdep annotations for i_data_sem for ea_inode's
fbcon: Fix null-ptr-deref in soft_cursor
serial: 8250_tegra: Fix an error handling path in tegra_uart_probe()
serial: cpm_uart: Fix a COMPILE_TEST dependency
powerpc/xmon: Use KSYM_NAME_LEN in array size
test_firmware: fix a memory leak with reqs buffer
test_firmware: fix the memory leak of the allocated firmware buffer
KVM: arm64: Populate fault info for watchpoint
KVM: x86: Account fastpath-only VM-Exits in vCPU stats
ksmbd: fix credit count leakage
ksmbd: fix UAF issue from opinfo->conn
ksmbd: fix incorrect AllocationSize set in smb2_get_info
ksmbd: fix slab-out-of-bounds read in smb2_handle_
ksmbd: fix multiple out-of-bounds read during context decoding
KEYS: asymmetric: Copy sig and digest in public_
fs/ntfs3: Validate MFT flags before replaying logs
regmap: Account for register length when chunking
tpm, tpm_tis: Request threaded interrupt handler
iommu/amd/pgtbl_v2: Fix domain max address
drm/amd/display: Have Payload Properly Created After Resume
tls: rx: strp: don't use GFP_KERNEL in softirq context
selftests: mptcp: diag: skip if MPTCP is not supported
selftests: mptcp: simult flows: skip if MPTCP is not supported
selftests: mptcp: join: avoid using 'cmp --bytes'
ext4: enable the lazy init thread when remounting read/write
iommu: Make IPMMU_VMSA dependencies more strict
UBUNTU: [Config] updateconfigs for IPMMU_VMSA
iommu/amd: Add missing domain type checks
efi: Bump stub image version for macOS HVF compatibility
rxrpc: Truncate UTS_RELEASE for rxrpc version
net: renesas: rswitch: Fix return value in error path of xmit
KVM: arm64: Prevent unconditional donation of unmapped regions from the host
KVM: arm64: Reload PTE after invoking walker callback on preorder traversal
iio: ad4130: Make sure clock provider gets removed
iio: adc: mt6370: Fix ibus and ibat scaling value of some specific vendor ID chips
iio: accel: kx022a fix irq getting
misc: fastrpc: Reassign memory ownership only for remote heap
module/decompress: Fix error checking on zstd decompression
dmaengine: at_hdmac: Repair bitfield macros for peripheral ID handling
dmaengine: at_hdmac: Extend the Flow Controller bitfield to three bits
test_firmware: prevent race conditions by a correct implementation of locking
KVM: arm64: Drop last page ref in kvm_pgtable_
KVM: x86/mmu: Grab memslot for correct address space in NX recovery worker
UBUNTU: Upstream stable to v6.1.33, v6.3.7
scsi: megaraid_sas: Add flexible array member for SGLs
net: sfp: fix state loss when updating state_hw_mask
spi: mt65xx: make sure operations completed before unloading
platform/surface: aggregator: Allow completion work-items to be executed in parallel
platform/surface: aggregator_
spi: qup: Request DMA before enabling clocks
afs: Fix setting of mtime when creating a file/dir/symlink
wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll
bpf, sockmap: Avoid potential NULL dereference in sk_psock_
neighbour: fix unaligned access to pneigh_entry
net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
net/ipv4: ping_group_range: allow GID from 2147483648 to 4294967294
bpf: Fix UAF in task local storage
bpf: Fix elem_size not being set for inner maps
net/ipv6: fix bool/int mismatch for skip_notify_
net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT
net: enetc: correct the statistics of rx bytes
net: enetc: correct rx_bytes statistics of XDP
net/sched: fq_pie: ensure reasonable TCA_FQ_PIE_QUANTUM values
Bluetooth: hci_sync: add lock to protect HCI_UNREGISTER
Bluetooth: Fix l2cap_disconnec
Bluetooth: ISO: don't try to remove CIG if there are bound CIS left
Bluetooth: L2CAP: Add missing checks for invalid DCID
wifi: mac80211: use correct iftype HE cap
wifi: cfg80211: reject bad AP MLD address
wifi: mac80211: mlme: fix non-inheritence element
wifi: mac80211: don't translate beacon/presp addrs
qed/qede: Fix scheduling while atomic
wifi: cfg80211: fix locking in sched scan stop work
selftests/bpf: Verify optval=NULL case
selftests/bpf: Fix sockopt_sk selftest
netfilter: nft_bitwise: fix register tracking
netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper
netfilter: ipset: Add schedule point in call_ad().
netfilter: nf_tables: out-of-bound check in chain blob
ipv6: rpl: Fix Route of Death.
tcp: gso: really support BIG TCP
rfs: annotate lockless accesses to sk->sk_rxhash
rfs: annotate lockless accesses to RFS sock flow table
net: sched: add rcu annotations around qdisc->
drm/i915/selftests: Add some missing error propagation
net: sched: move rtm_tca_policy declaration to include file
net: sched: act_police: fix sparse errors in tcf_police_dump()
net: sched: fix possible refcount leak in tc_chain_
bpf: Add extra path pointer check to d_path helper
drm/amdgpu: fix Null pointer dereference error in amdgpu_
lib: cpu_rmap: Fix potential use-after-free in irq_cpu_
net: bcmgenet: Fix EEE implementation
bnxt_en: Don't issue AP reset during ethtool's reset operation
bnxt_en: Query default VLAN before VNIC setup on a VF
bnxt_en: Skip firmware fatal error recovery if chip is not accessible
bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event
bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks
batman-adv: Broken sync while rescheduling delayed work
Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
Input: psmouse - fix OOB access in Elantech protocol
Input: fix open count when closing inhibited device
ALSA: hda: Fix kctl->id initialization
ALSA: ymfpci: Fix kctl->id initialization
ALSA: gus: Fix kctl->id initialization
ALSA: cmipci: Fix kctl->id initialization
ALSA: hda/realtek: Add quirk for Clevo NS50AU
ALSA: ice1712,ice1724: fix the kcontrol->id initialization
ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01
ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41
drm/i915/gt: Use the correct error value when kernel_context() fails
drm/amdgpu: fix xclk freq on CHIP_STONEY
drm/amdgpu: change reserved vram info print
drm/amd/pm: Fix power context allocation in SMU13
drm/amd/display: Reduce sdp bw after urgent to 90%
wifi: iwlwifi: mvm: Fix -Warray-bounds bug in iwl_mvm_
can: j1939: j1939_sk_
can: j1939: change j1939_netdev_lock type to mutex
can: j1939: avoid possible use-after-free when j1939_can_
mptcp: only send RM_ADDR in nl_cmd_remove
mptcp: add address into userspace pm list
mptcp: update userspace pm infos
selftests: mptcp: update userspace pm addr tests
selftests: mptcp: update userspace pm subflow tests
ceph: fix use-after-free bug for inodes when flushing capsnaps
s390/dasd: Use correct lock while counting channel queue length
Bluetooth: Fix use-after-free in hci_remove_
Bluetooth: fix debugfs registration
Bluetooth: hci_qca: fix debugfs registration
tee: amdtee: Add return_origin to 'struct tee_cmd_load_ta'
rbd: move RBD_OBJ_
rbd: get snapshot context after exclusive lock is ensured to be held
virtio_net: use control_buf for coalesce params
soc: qcom: icc-bwmon: fix incorrect error code passed to dev_err_probe()
pinctrl: meson-axg: add missing GPIOA_18 gpio group
usb: usbfs: Enforce page requirements for mmap
usb: usbfs: Use consistent mmap functions
mm: page_table_check: Make it dependent on EXCLUSIVE_
mm: page_table_check: Ensure user pages are not slab pages
arm64: dts: qcom: sc8280xp: Flush RSC sleep & wake votes
ARM: at91: pm: fix imbalanced reference counter for ethernet devices
ARM: dts: at91: sama7g5ek: fix debounce delay property for shdwc
ASoC: codecs: wsa883x: do not set can_multi_write flag
ASoC: codecs: wsa881x: do not set can_multi_write flag
arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards
arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals
arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts
ASoC: mediatek: mt8195-afe-pcm: Convert to platform remove callback returning void
ASoC: mediatek: mt8195: fix use-after-free in driver remove path
ASoC: simple-card-utils: fix PCM constraint error check
blk-mq: fix blk_mq_hw_ctx active request accounting
arm64: dts: imx8mn-beacon: Fix SPI CS pinmux
i2c: mv64xxx: Fix reading invalid status value in atomic mode
firmware: arm_ffa: Set handle field to zero in memory descriptor
gpio: sim: fix memory corruption when adding named lines and unnamed hogs
i2c: sprd: Delete i2c adapter in .remove's error path
riscv: mm: Ensure prot of VM_WRITE and VM_EXEC must be readable
eeprom: at24: also select REGMAP
soundwire: stream: Add missing clear of alloc_slave_rt
riscv: fix kprobe __user string arg print fault issue
UBUNTU: [Config] updateconfigs for ARCH_HAS_
vduse: avoid empty string for dev name
vhost: support PACKED when setting-getting vring_base
vhost_vdpa: support PACKED when setting-getting vring_base
ksmbd: fix out-of-bound read in deassemble_
ksmbd: fix out-of-bound read in parse_lease_state()
ksmbd: check the validation of pdu_size in ksmbd_conn_
ext4: only check dquot_initializ
wifi: rtw89: correct PS calculation for SUPPORTS_DYNAMIC_PS
wifi: rtw88: correct PS calculation for SUPPORTS_DYNAMIC_PS
Bluetooth: Split bt_iso_qos into dedicated structures
Bluetooth: ISO: consider right CIS when removing CIG at cleanup
Bluetooth: ISO: Fix CIG auto-allocation to select configurable CIG
netfilter: nf_tables: Add null check for nla_nest_
drm/lima: fix sched context destroy
net: openvswitch: fix upcall counter access before allocation
bnxt_en: Fix bnxt_hwrm_
Input: cyttsp5 - fix array length
soc: qcom: rpmh-rsc: drop redundant unsigned >=0 comparision
arm64: dts: qcom: sm6375-pdx225: Fix remoteproc firmware paths
vdpa/mlx5: Fix hang when cvq commands are triggered during device unregister
ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR()
UBUNTU: Upstream stable to v6.1.34, v6.3.8
CVE References
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
tags: | added: kernel-stable-tracking-bug |
Changed in linux (Ubuntu): | |
status: | Confirmed → Invalid |
Changed in linux (Ubuntu Lunar): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
description: | updated |
description: | updated |
Skipped "gfs2: Don't deref jdesc in evict" since it is applied for CVE-2023-3212.
Skipped "net: wwan: t7xx: Ensure init is completed before system sleep" as this was already applied for bug #2020743