Bug #2035163 “Avoid address overwrite in kernel_connect” : Bugs : linux-gcp package : Ubuntu

Khaled El Mously (kmously) on 2023-09-12

no longer affects:

linux (Ubuntu)

Khaled El Mously (kmously) on 2023-09-12

description:	updated
Changed in linux-gcp (Ubuntu Focal):
assignee:	nobody → Khaled El Mously (kmously)
Changed in linux-gcp (Ubuntu Jammy):
assignee:	nobody → Khaled El Mously (kmously)
Changed in linux-gcp (Ubuntu Lunar):
assignee:	nobody → Khaled El Mously (kmously)
Changed in linux-gcp (Ubuntu Mantic):
assignee:	nobody → Khaled El Mously (kmously)

Stefan Bader (smb) on 2023-09-12

Changed in linux-gke (Ubuntu Lunar):
status:	New → Invalid
Changed in linux-gke (Ubuntu Mantic):
status:	New → Invalid

Khaled El Mously (kmously) on 2023-09-12

no longer affects:	linux-gke (Ubuntu Focal)
no longer affects:	linux-gke (Ubuntu Mantic)
no longer affects:	linux-gke (Ubuntu Lunar)

John Cabaj (john-cabaj) on 2023-09-19

Changed in linux-gcp (Ubuntu Focal):
status:	New → Fix Committed
Changed in linux-gcp (Ubuntu Jammy):
status:	New → Fix Committed
Changed in linux-gcp (Ubuntu Lunar):
status:	New → Fix Committed
Changed in linux-gke (Ubuntu Jammy):
status:	New → Fix Committed

Roxana Nicolescu (roxanan) on 2023-09-20

Changed in linux (Ubuntu):
status:	New → Invalid

Roxana Nicolescu (roxanan) on 2023-09-20

no longer affects:	linux-gcp (Ubuntu Focal)
no longer affects:	linux-gcp (Ubuntu Lunar)
Changed in linux (Ubuntu Focal):
status:	New → Fix Committed
Changed in linux (Ubuntu Jammy):
status:	New → Fix Committed
Changed in linux (Ubuntu Lunar):
status:	New → Fix Committed
Changed in linux-gcp (Ubuntu Focal):
status:	New → Fix Committed
Changed in linux-gcp (Ubuntu Lunar):
status:	New → Fix Committed
no longer affects:	linux-gke (Ubuntu Focal)
no longer affects:	linux-gke (Ubuntu Lunar)
Changed in linux-gcp (Ubuntu Mantic):
status:	New → Fix Committed
status:	Fix Committed → New
Changed in linux-gcp (Ubuntu Jammy):
assignee:	Khaled El Mously (kmously) → nobody
Changed in linux-gcp (Ubuntu Mantic):
assignee:	Khaled El Mously (kmously) → nobody
Changed in linux-gcp (Ubuntu Focal):
assignee:	nobody → John Cabaj (john-cabaj)
Changed in linux-gcp (Ubuntu Jammy):
assignee:	nobody → John Cabaj (john-cabaj)
Changed in linux-gcp (Ubuntu Lunar):
assignee:	nobody → John Cabaj (john-cabaj)
Changed in linux-gke (Ubuntu Jammy):
assignee:	nobody → John Cabaj (john-cabaj)

Stefan Bader (smb) on 2023-09-20

Changed in linux (Ubuntu Focal):
importance:	Undecided → Medium
Changed in linux (Ubuntu Jammy):
importance:	Undecided → Medium
Changed in linux (Ubuntu Lunar):
importance:	Undecided → Medium

Revision history for this message

John Cabaj (john-cabaj) wrote on 2023-10-02:

#1

Fix was tested by Google, and the relevant patch is in all releases of linux-gcp and linux-gke affected.

Changed in linux-gcp (Ubuntu Focal):
status:	Fix Committed → Fix Released
Changed in linux-gcp (Ubuntu Jammy):
status:	Fix Committed → Fix Released
Changed in linux-gcp (Ubuntu Lunar):
status:	Fix Committed → Fix Released
Changed in linux-gcp (Ubuntu Mantic):
status:	New → Fix Released
Changed in linux-gke (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-10-05:

#2

This bug was fixed in the package linux - 6.5.0-7.7

---------------
linux (6.5.0-7.7) mantic; urgency=medium

* mantic/linux: 6.5.0-7.7 -proposed tracker (LP: #2037611)

* kexec enable to load/kdump zstd compressed zimg (LP: #2037398)
- [Packaging] Revert arm64 image format to Image.gz

  * Mantic minimized/minimal cloud images do not receive IP address during
    provisioning (LP: #2036968)
    - [Config] Enable virtio-net as built-in to avoid race

  * Miscellaneous Ubuntu changes
    - SAUCE: Add mdev_set_iommu_device() kABI
    - [Config] update gcc version in annotations

-- Andrea Righi <email address hidden> Thu, 28 Sep 2023 10:19:24 +0200

Changed in linux (Ubuntu):
status:	Invalid → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-10-05:

#3

This bug is awaiting verification that the linux/5.15.0-88.98 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux' to 'verification-done-jammy-linux'. If the problem still exists, change the tag 'verification-needed-jammy-linux' to 'verification-failed-jammy-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-v2 verification-needed-jammy-linux

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-10-05:

#4

This bug is awaiting verification that the linux/5.4.0-166.183 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux' to 'verification-done-focal-linux'. If the problem still exists, change the tag 'verification-needed-focal-linux' to 'verification-failed-focal-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-focal-linux-v2 verification-needed-focal-linux

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-10-06:

#5

This bug is awaiting verification that the linux/6.2.0-36.37 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-lunar-linux' to 'verification-done-lunar-linux'. If the problem still exists, change the tag 'verification-needed-lunar-linux' to 'verification-failed-lunar-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-lunar-linux-v2 verification-needed-lunar-linux

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-10-24:

#6

This bug is awaiting verification that the linux-azure-6.5/6.5.0-1007.7~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-azure-6.5' to 'verification-done-jammy-linux-azure-6.5'. If the problem still exists, change the tag 'verification-needed-jammy-linux-azure-6.5' to 'verification-failed-jammy-linux-azure-6.5'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-azure-6.5-v2 verification-needed-jammy-linux-azure-6.5

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-10-24:

#7

This bug is awaiting verification that the linux-aws-6.5/6.5.0-1008.8~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-aws-6.5' to 'verification-done-jammy-linux-aws-6.5'. If the problem still exists, change the tag 'verification-needed-jammy-linux-aws-6.5' to 'verification-failed-jammy-linux-aws-6.5'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-aws-6.5-v2 verification-needed-jammy-linux-aws-6.5

Revision history for this message

Roxana Nicolescu (roxanan) wrote on 2023-10-27:

#8

It seems the fix was tested by Google with linux-gpc. I don't think we need to do anything for linux main, so I'll mark this as verified.

tags:

added: verification-done-focal-linux verification-done-jammy-linux verification-done-lunar-linux
removed: verification-needed-focal-linux verification-needed-jammy-linux verification-needed-lunar-linux

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-10-30:

#9

Download full text (26.1 KiB)

This bug was fixed in the package linux - 5.4.0-166.183

---------------
linux (5.4.0-166.183) focal; urgency=medium

* focal/linux: 5.4.0-166.183 -proposed tracker (LP: #2038010)

  * Use new annotations model (LP: #2019000)
    - [Packaging] new annotations model infrastructure
    - [Packaging] config-check: Handle new annotations format 4
    - [Packaging] rules: Use old-kernelconfig for old configs
    - [Config] sanitize annotations
    - [Config] import generated configs into annotation file
    - [Packaging] kernelconfig: add i386 as supported arch
    - [Config] Remove all old configs files

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] update annotations scripts

  * fix typo in config-checks invocation (LP: #2020413)
    - [Packaging] fix typo when calling the old config-check
    - [Packaging] fix typo in 4-checks.mk

* support python < 3.9 with annotations (LP: #2020531)
- [Packaging] kconfig/annotations.py: support older way of merging dicts

* CVE-2023-42756
- netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP

* CVE-2023-4623
- net/sched: sch_hfsc: Ensure inner classes have fsc curve

  * Focal update: v5.4.252 upstream stable release (LP: #2036240)
    - ia64/cpu: Switch to arch_cpu_finalize_init()
    - m68k/cpu: Switch to arch_cpu_finalize_init()
    - mips/cpu: Switch to arch_cpu_finalize_init()
    - sh/cpu: Switch to arch_cpu_finalize_init()
    - x86/cpufeatures: Add SEV-ES CPU feature
    - x86/cpu: Add VM page flush MSR availablility as a CPUID feature
    - x86/cpufeatures: Assign dedicated feature word for CPUID_0x8000001F[EAX]
    - tools headers cpufeatures: Sync with the kernel sources
    - x86/cpu, kvm: Add support for CPUID_80000021_EAX
    - Linux 5.4.252
    - Upstream stable to v5.4.252

  * CVE-2023-42755
    - net/sched: Retire rsvp classifier
    - [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6

  * CVE-2023-42753
    - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
      ip_set_hash_netportnet.c

* CVE-2023-34319
- xen/netback: Fix buffer overrun triggered by unusual packet

* CVE-2023-4921
- net: sched: sch_qfq: Fix UAF in qfq_dequeue()

* CVE-2023-42752
- igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU

* Avoid address overwrite in kernel_connect (LP: #2035163)
- net: Avoid address overwrite in kernel_connect

  * [regression] Unable to initialize SGX enclaves with XFRM other than 3
    (LP: #2034745)
    - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4

* CVE-2023-4881
- netfilter: nftables: exthdr: fix 4-byte stack OOB write

* CVE-2023-4622
- af_unix: Fix null-ptr-deref in unix_stream_sendpage().

  * Focal update: v5.4.251 upstream stable release (LP: #2034918)
    - x86/smp: Use dedicated cache-line for mwait_play_dead()
    - video: imsttfb: check for ioremap() failures
    - fbdev: imsttfb: Fix use after free bug in imsttfb_probe
    - HID: wacom: Use ktime_t rather than int when dealing with timestamps
    - drm/i915: Initialise outparam for error return from wait_for_register
    - scripts/tags.sh: Resolve gtags empty ind...

This bug was fixed in the package linux - 5.4.0-166.183

---------------
linux (5.4.0-166.183) focal; urgency=medium

* focal/linux: 5.4.0-166.183 -proposed tracker (LP: #2038010)

* Use new annotations model (LP: #2019000)
    - [Packaging] new annotations model infrastructure
    - [Packaging] config-check: Handle new annotations format 4
    - [Packaging] rules: Use old-kernelconfig for old configs
    - [Config] sanitize annotations
    - [Config] import generated configs into annotation file
    - [Packaging] kernelconfig: add i386 as supported arch
    - [Config] Remove all old configs files

* Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] update annotations scripts

* fix typo in config-checks invocation (LP: #2020413)
    - [Packaging] fix typo when calling the old config-check
    - [Packaging] fix typo in 4-checks.mk

* support python < 3.9 with annotations (LP: #2020531)
    - [Packaging] kconfig/annotations.py: support older way of merging dicts

* CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP

* CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve

* Focal update: v5.4.252 upstream stable release (LP: #2036240)
    - ia64/cpu: Switch to arch_cpu_finalize_init()
    - m68k/cpu: Switch to arch_cpu_finalize_init()
    - mips/cpu: Switch to arch_cpu_finalize_init()
    - sh/cpu: Switch to arch_cpu_finalize_init()
    - x86/cpufeatures: Add SEV-ES CPU feature
    - x86/cpu: Add VM page flush MSR availablility as a CPUID feature
    - x86/cpufeatures: Assign dedicated feature word for CPUID_0x8000001F[EAX]
    - tools headers cpufeatures: Sync with the kernel sources
    - x86/cpu, kvm: Add support for CPUID_80000021_EAX
    - Linux 5.4.252
    - Upstream stable to v5.4.252

* CVE-2023-42755
    - net/sched: Retire rsvp classifier
    - [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6

* CVE-2023-42753
    - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
      ip_set_hash_netportnet.c

* CVE-2023-34319
    - xen/netback: Fix buffer overrun triggered by unusual packet

* CVE-2023-4921
    - net: sched: sch_qfq: Fix UAF in qfq_dequeue()

* CVE-2023-42752
    - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU

* Avoid address overwrite in kernel_connect (LP: #2035163)
    - net: Avoid address overwrite in kernel_connect

* [regression] Unable to initialize SGX enclaves with XFRM other than 3
    (LP: #2034745)
    - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4

* CVE-2023-4881
    - netfilter: nftables: exthdr: fix 4-byte stack OOB write

* CVE-2023-4622
    - af_unix: Fix null-ptr-deref in unix_stream_sendpage().

* Focal update: v5.4.251 upstream stable release (LP: #2034918)
    - x86/smp: Use dedicated cache-line for mwait_play_dead()
    - video: imsttfb: check for ioremap() failures
    - fbdev: imsttfb: Fix use after free bug in imsttfb_probe
    - HID: wacom: Use ktime_t rather than int when dealing with timestamps
    - drm/i915: Initialise outparam for error return from wait_for_register
    - scripts/tags.sh: Resolve gtags empty index generation
    - drm/amdgpu: Validate VM ioctl flags.
    - bgmac: fix *initial* chip reset to support BCM5358
    - x86/resctrl: Use is_closid_match() in more places
    - x86/resctrl: Only show tasks' pid in current pid namespace
    - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
    - md/raid10: fix overflow of md/safe_mode_delay
    - md/raid10: fix wrong setting of max_corr_read_errors
    - md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
    - md/raid10: fix io loss while replacement replace rdev
    - irqchip/jcore-aic: Kill use of irq_create_strict_mappings()
    - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
    - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode().
    - clocksource/drivers/cadence-ttc: Use ttc driver as platform driver
    - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
    - PM: domains: fix integer overflow issues in genpd_parse_state()
    - powercap: RAPL: Fix CONFIG_IOSF_MBI dependency
    - ARM: 9303/1: kprobes: avoid missing-declaration warnings
    - evm: Complete description of evm_inode_setattr()
    - pstore/ram: Add check for kstrdup
    - ima: Fix build warnings
    - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
    - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
    - samples/bpf: Fix buffer overflow in tcp_basertt
    - spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG
    - wifi: mwifiex: Fix the size of a memory allocation in
      mwifiex_ret_802_11_scan()
    - nfc: constify several pointers to u8, char and sk_buff
    - nfc: llcp: fix possible use of uninitialized variable in
      nfc_llcp_send_connect()
    - regulator: core: Fix more error checking for debugfs_create_dir()
    - regulator: core: Streamline debugfs operations
    - wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
    - wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
    - wifi: atmel: Fix an error handling path in atmel_probe()
    - wl3501_cs: Fix a bunch of formatting issues related to function docs
    - wl3501_cs: Remove unnecessary NULL check
    - wl3501_cs: Fix misspelling and provide missing documentation
    - net: create netdev->dev_addr assignment helpers
    - wl3501_cs: use eth_hw_addr_set()
    - wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
    - wifi: ray_cs: Utilize strnlen() in parse_addr()
    - wifi: ray_cs: Drop useless status variable in parse_addr()
    - wifi: ray_cs: Fix an error handling path in ray_probe()
    - wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
    - wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
    - watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct
      config
    - watchdog/perf: more properly prevent false positives with turbo modes
    - kexec: fix a memory leak in crash_shrink_memory()
    - memstick r592: make memstick_debug_get_tpc_name() static
    - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
    - rtnetlink: extend RTEXT_FILTER_SKIP_STATS to IFLA_VF_INFO
    - wifi: iwlwifi: pull from TXQs with softirqs disabled
    - wifi: cfg80211: rewrite merging of inherited elements
    - wifi: ath9k: convert msecs to jiffies where needed
    - netlink: fix potential deadlock in netlink_set_err()
    - netlink: do not hard code device address lenth in fdb dumps
    - selftests: rtnetlink: remove netdevsim device after ipsec offload test
    - gtp: Fix use-after-free in __gtp_encap_destroy().
    - lib/ts_bm: reset initial match offset for every block of text
    - netfilter: conntrack: dccp: copy entire header to stack buffer, not just
      basic one
    - netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return
      value.
    - ipvlan: Fix return value of ipvlan_queue_xmit()
    - netlink: Add __sock_i_ino() for __netlink_diag_dump().
    - radeon: avoid double free in ci_dpm_init()
    - Input: drv260x - sleep between polling GO bit
    - ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
    - Input: adxl34x - do not hardcode interrupt trigger type
    - drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks`
    - RDMA/bnxt_re: Fix to remove an unnecessary log
    - ARM: dts: gta04: Move model property out of pinctrl node
    - arm64: dts: qcom: msm8916: correct camss unit address
    - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
    - ARM: ep93xx: fix missing-prototype warnings
    - memory: brcmstb_dpfe: fix testing array offset after use
    - ASoC: es8316: Increment max value for ALC Capture Target Volume control
    - ASoC: es8316: Do not set rate constraints for unsupported MCLKs
    - soc/fsl/qe: fix usb.c build errors
    - IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
    - arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
    - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
    - drm/amdkfd: Fix potential deallocation of previously deallocated memory.
    - drm/radeon: fix possible division-by-zero errors
    - clk: tegra: tegra124-emc: Fix potential memory leak
    - ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
    - clk: cdce925: check return value of kasprintf()
    - clk: keystone: sci-clk: check return value of kasprintf()
    - ASoC: imx-audmix: check return value of devm_kasprintf()
    - scsi: qedf: Fix NULL dereference in error handling
    - PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free
    - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
    - PCI: pciehp: Cancel bringup sequence if card is not present
    - PCI: ftpci100: Release the clock resources
    - PCI: Add pci_clear_master() stub for non-CONFIG_PCI
    - pinctrl: cherryview: Return correct value if pin in push-pull mode
    - perf dwarf-aux: Fix off-by-one in die_get_varname()
    - pinctrl: at91-pio4: check return value of devm_kasprintf()
    - powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-
      boundary
    - hwrng: virtio - add an internal buffer
    - hwrng: virtio - don't wait on cleanup
    - hwrng: virtio - don't waste entropy
    - hwrng: virtio - always add a pending request
    - hwrng: virtio - Fix race on data_avail and actual data
    - crypto: nx - fix build warnings when DEBUG_FS is not enabled
    - modpost: fix section mismatch message for R_ARM_ABS32
    - modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
    - crypto: marvell/cesa - Fix type mismatch warning
    - modpost: fix off by one in is_executable_section()
    - ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
    - NFSv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION
    - hwrng: st - Fix W=1 unused variable warning
    - hwrng: st - keep clock enabled while hwrng is registered
    - USB: serial: option: add LARA-R6 01B PIDs
    - usb: dwc3: gadget: Propagate core init errors to UDC during pullup
    - block: fix signed int overflow in Amiga partition support
    - block: change all __u32 annotations to __be32 in affs_hardblocks.h
    - w1: fix loop in w1_fini()
    - sh: j2: Use ioremap() to translate device tree address into kernel memory
    - media: usb: Check az6007_read() return value
    - media: videodev2.h: Fix struct v4l2_input tuner index comment
    - usb: dwc3: qcom: Fix potential memory leak
    - extcon: Fix kernel doc of property fields to avoid warnings
    - extcon: Fix kernel doc of property capability fields to avoid warnings
    - usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
    - usb: hide unused usbfs_notify_suspend/resume functions
    - mfd: rt5033: Drop rt5033-battery sub-device
    - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
    - usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove()
    - mfd: intel-lpss: Add missing check for platform_get_resource
    - serial: 8250_omap: Use force_suspend and resume for system suspend
    - mfd: stmfx: Fix error path in stmfx_chip_init
    - KVM: s390: vsie: fix the length of APCB bitmap
    - mfd: stmpe: Only disable the regulators if they are enabled
    - pwm: imx-tpm: force 'real_period' to be zero in suspend
    - pwm: sysfs: Do not apply state to already disabled PWMs
    - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
    - sctp: fix potential deadlock on &net->sctp.addr_wq_lock
    - Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
    - spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
    - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
    - f2fs: fix error path handling in truncate_dnode()
    - powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
    - net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
    - tcp: annotate data races in __tcp_oow_rate_limited()
    - xsk: Improve documentation for AF_XDP
    - xsk: Honor SO_BINDTODEVICE on bind
    - net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
    - net: dsa: tag_sja1105: fix MAC DA patching from meta frames
    - sh: dma: Fix DMA channel offset calculation
    - i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
    - i2c: xiic: Don't try to handle more interrupt events after error
    - ALSA: jack: Fix mutex call in snd_jack_report()
    - NFSD: add encoding of op_recall flag for write delegation
    - mmc: core: disable TRIM on Kingston EMMC04G-M627
    - mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
    - mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is
      used.
    - bcache: Remove unnecessary NULL point check in node allocations
    - integrity: Fix possible multiple allocation in integrity_inode_get()
    - jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
    - fs: avoid empty option when generating legacy mount string
    - ext4: Remove ext4 locking of moved directory
    - Revert "f2fs: fix potential corruption when moving a directory"
    - fs: Establish locking order for unrelated directories
    - fs: Lock moved directories
    - btrfs: fix race when deleting quota root from the dirty cow roots list
    - ARM: orion5x: fix d2net gpio initialization
    - fs: no need to check source
    - fanotify: disallow mount/sb marks on kernel internal pseudo fs
    - block: add overflow checks for Amiga partition support
    - netfilter: nf_tables: fix nat hook table deletion
    - netfilter: nftables: add helper function to set the base sequence number
    - netfilter: add helper function to set up the nfnetlink header and use it
    - netfilter: nf_tables: use net_generic infra for transaction data
    - netfilter: nf_tables: add rescheduling points during loop detection walks
    - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
      set/chain
    - netfilter: nf_tables: reject unbound anonymous set before commit phase
    - netfilter: nf_tables: unbind non-anonymous set if rule construction fails
    - netfilter: nf_tables: fix scheduling-while-atomic splat
    - netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
    - tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
    - block/partition: fix signedness issue for Amiga partitions
    - net: lan743x: Don't sleep in atomic context
    - workqueue: clean up WORK_* constant types, clarify masking
    - drm/panel: Initialise panel dev and funcs through drm_panel_init()
    - drm/panel: Add and fill drm_panel type field
    - drm/panel: simple: Add connector_type for innolux_at043tn24
    - igc: Remove delay during TX ring configuration
    - igc: set TP bit in 'supported' and 'advertising' fields of
      ethtool_link_ksettings
    - scsi: qla2xxx: Fix error code in qla2x00_start_sp()
    - net: mvneta: fix txq_map in case of txq_number==1
    - ionic: improve irq numa locality
    - ionic: clean irq affinity on queue deinit
    - ionic: move irq request to qcq alloc
    - ionic: ionic_intr_free parameter change
    - ionic: remove WARN_ON to prevent panic_on_warn
    - icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
    - udp6: fix udp6_ehashfn() typo
    - ntb: idt: Fix error handling in idt_pci_driver_init()
    - NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
    - ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
    - NTB: ntb_transport: fix possible memory leak while device_register() fails
    - NTB: ntb_tool: Add check for devm_kcalloc
    - ipv6/addrconf: fix a potential refcount underflow for idev
    - platform/x86: wmi: Replace UUID redefinitions by their originals
    - platform/x86: wmi: Fix indentation in some cases
    - platform/x86: wmi: remove unnecessary argument
    - platform/x86: wmi: use guid_t and guid_equal()
    - platform/x86: wmi: move variables
    - platform/x86: wmi: Break possible infinite loop when parsing GUID
    - erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF
    - wifi: airo: avoid uninitialized warning in airo_get_rate()
    - cls_flower: Add extack support for src and dst port range options
    - net/sched: flower: Ensure both minimum and maximum ports are specified
    - net/sched: make psched_mtu() RTNL-less safe
    - pinctrl: amd: Fix mistake in handling clearing pins at startup
    - pinctrl: amd: Detect internal GPIO0 debounce handling
    - pinctrl: amd: Only use special debounce behavior for GPIO 0
    - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
    - mtd: rawnand: meson: fix unaligned DMA buffers handling
    - net: bcmgenet: Ensure MDIO unregistration has clocks enabled
    - powerpc: Fail build if using recordmcount with binutils v2.37
    - misc: fastrpc: Create fastrpc scalar with correct buffer count
    - SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
    - erofs: fix compact 4B support for 16k block size
    - ext4: fix wrong unit use in ext4_mb_clear_bb
    - ext4: only update i_reserved_data_blocks on successful block allocation
    - jfs: jfs_dmap: Validate db_l2nbperpage while mounting
    - PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
    - PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
    - PCI: qcom: Disable write access to read only registers for IP v2.3.3
    - PCI: rockchip: Assert PCI Configuration Enable bit after probe
    - PCI: rockchip: Write PCI Device ID to correct register
    - PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked
    - PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core
    - PCI: rockchip: Use u32 variable to access 32-bit registers
    - PCI: rockchip: Set address alignment for endpoint mode
    - misc: pci_endpoint_test: Free IRQs before removing the device
    - misc: pci_endpoint_test: Re-init completion for every test
    - md/raid0: add discard support for the 'original' layout
    - fs: dlm: return positive pid value for F_GETLK
    - drm/atomic: Allow vblank-enabled + self-refresh "disable"
    - drm/rockchip: vop: Leave vblank enabled in self-refresh
    - serial: atmel: don't enable IRQs prematurely
    - firmware: stratix10-svc: Fix a potential resource leak in
      svc_create_memory_pool()
    - hwrng: imx-rngc - fix the timeout for init and self check
    - ceph: don't let check_caps skip sending responses for revoke msgs
    - meson saradc: fix clock divider mask length
    - Revert "8250: add support for ASIX devices with a FIFO bug"
    - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in
      case of error
    - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when
      iterating clk
    - tracing/histograms: Add histograms to hist_vars if they have referenced
      variables
    - ring-buffer: Fix deadloop issue on reading trace_pipe
    - xtensa: ISS: fix call to split_if_spec
    - tracing: Fix null pointer dereference in tracing_err_log_open()
    - tracing/probes: Fix not to count error code to total length
    - scsi: qla2xxx: Wait for io return on terminate rport
    - scsi: qla2xxx: Fix potential NULL pointer dereference
    - scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
    - scsi: qla2xxx: Correct the index of array
    - scsi: qla2xxx: Pointer may be dereferenced
    - scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
    - drm/atomic: Fix potential use-after-free in nonblocking commits
    - perf probe: Add test for regression introduced by switch to
      die_get_decl_file()
    - btrfs: fix warning when putting transaction with qgroups enabled after abort
    - fuse: revalidate: don't invalidate if interrupted
    - selftests: tc: set timeout to 15 minutes
    - can: bcm: Fix UAF in bcm_proc_show()
    - drm/client: Fix memory leak in drm_client_target_cloned
    - drm/client: Fix memory leak in drm_client_modeset_probe
    - ext4: correct inline offset when handling xattrs in inode body
    - debugobjects: Recheck debug_objects_enabled before reporting
    - nbd: Add the maximum limit of allocated index in nbd_dev_add
    - md: fix data corruption for raid456 when reshape restart while grow up
    - md/raid10: prevent soft lockup while flush writes
    - posix-timers: Ensure timer ID search-loop limit is valid
    - arm64: mm: fix VA-range sanity check
    - sched/fair: Don't balance task to its current running CPU
    - bpf: Address KCSAN report on bpf_lru_list
    - devlink: report devlink_port_type_warn source device
    - wifi: wext-core: Fix -Wstringop-overflow warning in
      ioctl_standard_iw_point()
    - wifi: iwlwifi: mvm: avoid baid size integer overflow
    - igb: Fix igb_down hung on surprise removal
    - spi: bcm63xx: fix max prepend length
    - fbdev: imxfb: warn about invalid left/right margin
    - pinctrl: amd: Use amd_pinconf_set() for all config options
    - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
    - iavf: Fix use-after-free in free_netdev
    - net:ipv6: check return value of pskb_trim()
    - Revert "tcp: avoid the lookup process failing to get sk in ehash table"
    - fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
    - llc: Don't drop packet from non-root netns.
    - netfilter: nf_tables: fix spurious set element insertion failure
    - netfilter: nf_tables: can't schedule in nft_chain_validate
    - tcp: annotate data-races around tp->tcp_tx_delay
    - net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX
    - tcp: annotate data-races around tp->linger2
    - tcp: annotate data-races around rskq_defer_accept
    - tcp: annotate data-races around tp->notsent_lowat
    - tcp: annotate data-races around fastopenq.max_qlen
    - tracing/histograms: Return an error if we fail to add histogram to hist_vars
      list
    - Linux 5.4.251

* Focal update: v5.4.250 upstream stable release (LP: #2033297)
    - x86/microcode/AMD: Load late on both threads too
    - Linux 5.4.250

* Focal update: v5.4.249 upstream stable release (LP: #2033278)
    - nilfs2: reject devices with insufficient block count
    - mm: rewrite wait_on_page_bit_common() logic
    - list: add "list_del_init_careful()" to go with "list_empty_careful()"
    - epoll: ep_autoremove_wake_function should use list_del_init_careful
    - tracing: Add tracing_reset_all_online_cpus_unlocked() function
    - x86/purgatory: remove PGO flags
    - tick/common: Align tick period during sched_timer setup
    - media: dvbdev: Fix memleak in dvb_register_device
    - media: dvbdev: fix error logic at dvb_register_device()
    - media: dvb-core: Fix use-after-free due to race at dvb_register_device()
    - nilfs2: fix buffer corruption due to concurrent device reads
    - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs
    - PCI: hv: Fix a race condition bug in hv_pci_query_relations()
    - cgroup: Do not corrupt task iteration when rebinding subsystem
    - mmc: meson-gx: remove redundant mmc_request_done() call from irq context
    - ip_tunnels: allow VXLAN/GENEVE to inherit TOS/TTL from VLAN
    - writeback: fix dereferencing NULL mapping->host on writeback_page_template
    - nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
    - cifs: Clean up DFS referral cache
    - cifs: Get rid of kstrdup_const()'d paths
    - cifs: Introduce helpers for finding TCP connection
    - cifs: Merge is_path_valid() into get_normalized_path()
    - cifs: Fix potential deadlock when updating vol in cifs_reconnect()
    - x86/mm: Avoid using set_pgd() outside of real PGD pages
    - ieee802154: hwsim: Fix possible memory leaks
    - xfrm: Linearize the skb after offloading if needed.
    - net: qca_spi: Avoid high load if QCA7000 is not available
    - mmc: mtk-sd: fix deferred probing
    - mmc: mvsdio: convert to devm_platform_ioremap_resource
    - mmc: mvsdio: fix deferred probing
    - mmc: omap: fix deferred probing
    - mmc: omap_hsmmc: fix deferred probing
    - mmc: sdhci-acpi: fix deferred probing
    - mmc: sh_mmcif: fix deferred probing
    - mmc: usdhi60rol0: fix deferred probing
    - ipvs: align inner_mac_header for encapsulation
    - net: dsa: mt7530: fix trapping frames on non-MT7621 SoC MT7530 switch
    - be2net: Extend xmit workaround to BE3 chip
    - netfilter: nf_tables: disallow element updates of bound anonymous sets
    - netfilter: nfnetlink_osf: fix module autoload
    - Revert "net: phy: dp83867: perform soft reset and retain established link"
    - sch_netem: acquire qdisc lock in netem_change()
    - scsi: target: iscsi: Prevent login threads from racing between each other
    - HID: wacom: Add error check to wacom_parse_and_register()
    - arm64: Add missing Set/Way CMO encodings
    - media: cec: core: don't set last_initiator if tx in progress
    - nfcsim.c: Fix error checking for debugfs_create_dir
    - usb: gadget: udc: fix NULL dereference in remove()
    - s390/cio: unregister device when the only path is gone
    - ASoC: nau8824: Add quirk to active-high jack-detect
    - ARM: dts: Fix erroneous ADS touchscreen polarities
    - drm/exynos: vidi: fix a wrong error return
    - drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
    - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
    - x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys
    - i2c: imx-lpi2c: fix type char overflow issue when calculating the clock
      cycle
    - mm: fix VM_BUG_ON(PageTail) and BUG_ON(PageWriteback)
    - mm: make wait_on_page_writeback() wait for multiple pending writebacks
    - Linux 5.4.249

* allow io_uring to be disabled in runtime (LP: #2035116)
    - io_uring: add a sysctl to disable io_uring system-wide

* CVE-2023-31083
    - Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO

* CVE-2023-4132
    - media: usb: siano: Fix warning due to null work_func_t function pointer

* CVE-2023-3772
    - xfrm: add NULL check in xfrm_update_ae_params

* CVE-2023-0597
    - random32: add noise from network and scheduling activity
    - x86/kasan: Map shadow for percpu pages on demand
    - x86/mm: Randomize per-cpu entry area
    - x86/mm: Recompute physical address for every page of per-CPU CEA mapping
    - x86/mm: Populate KASAN shadow for entire per-CPU range of CPU entry area
    - x86/mm: Do not shuffle CPU entry areas without KASLR

-- Roxana Nicolescu <roxana.nicolescu@canonical.com>  Mon, 02 Oct 2023 12:18:58 +0200

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-10-30:

#10

Download full text (26.5 KiB)

This bug was fixed in the package linux-gkeop - 5.4.0-1080.84

---------------
linux-gkeop (5.4.0-1080.84) focal; urgency=medium

* focal/linux-gkeop: 5.4.0-1080.84 -proposed tracker (LP: #2037989)

  * Use new annotations model (LP: #2019000)
    - [Config] sanitize annotations
    - [Config] import generated configs into annotation file
    - [Config] Remove all old configs files
    - [Config] Drop comment about using one flavour

* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts

[ Ubuntu: 5.4.0-166.183 ]

  * focal/linux: 5.4.0-166.183 -proposed tracker (LP: #2038010)
  * Use new annotations model (LP: #2019000)
    - [Packaging] new annotations model infrastructure
    - [Packaging] config-check: Handle new annotations format 4
    - [Packaging] rules: Use old-kernelconfig for old configs
    - [Config] sanitize annotations
    - [Config] import generated configs into annotation file
    - [Packaging] kernelconfig: add i386 as supported arch
    - [Config] Remove all old configs files
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] update annotations scripts
  * fix typo in config-checks invocation (LP: #2020413)
    - [Packaging] fix typo when calling the old config-check
    - [Packaging] fix typo in 4-checks.mk
  * support python < 3.9 with annotations (LP: #2020531)
    - [Packaging] kconfig/annotations.py: support older way of merging dicts
  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve
  * Focal update: v5.4.252 upstream stable release (LP: #2036240)
    - ia64/cpu: Switch to arch_cpu_finalize_init()
    - m68k/cpu: Switch to arch_cpu_finalize_init()
    - mips/cpu: Switch to arch_cpu_finalize_init()
    - sh/cpu: Switch to arch_cpu_finalize_init()
    - x86/cpufeatures: Add SEV-ES CPU feature
    - x86/cpu: Add VM page flush MSR availablility as a CPUID feature
    - x86/cpufeatures: Assign dedicated feature word for CPUID_0x8000001F[EAX]
    - tools headers cpufeatures: Sync with the kernel sources
    - x86/cpu, kvm: Add support for CPUID_80000021_EAX
    - Linux 5.4.252
    - Upstream stable to v5.4.252
  * CVE-2023-42755
    - net/sched: Retire rsvp classifier
    - [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6
  * CVE-2023-42753
    - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
      ip_set_hash_netportnet.c
  * CVE-2023-34319
    - xen/netback: Fix buffer overrun triggered by unusual packet
  * CVE-2023-4921
    - net: sched: sch_qfq: Fix UAF in qfq_dequeue()
  * CVE-2023-42752
    - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
  * Avoid address overwrite in kernel_connect (LP: #2035163)
    - net: Avoid address overwrite in kernel_connect
  * [regression] Unable to initialize SGX enclaves with XFRM other than 3
    (LP: #2034745)
    - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4
  * CVE-2023-4881
    - netfilter: nftables: exthdr: fix 4-byte stack OOB write
  * CVE-2023-4622
    - af_unix: Fix null-ptr-deref in unix_stream_sendpage().
  * Focal update: v5.4.251 ...

This bug was fixed in the package linux-gkeop - 5.4.0-1080.84

---------------
linux-gkeop (5.4.0-1080.84) focal; urgency=medium

* focal/linux-gkeop: 5.4.0-1080.84 -proposed tracker (LP: #2037989)

* Use new annotations model (LP: #2019000)
    - [Config] sanitize annotations
    - [Config] import generated configs into annotation file
    - [Config] Remove all old configs files
    - [Config] Drop comment about using one flavour

* Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

[ Ubuntu: 5.4.0-166.183 ]

* focal/linux: 5.4.0-166.183 -proposed tracker (LP: #2038010)
  * Use new annotations model (LP: #2019000)
    - [Packaging] new annotations model infrastructure
    - [Packaging] config-check: Handle new annotations format 4
    - [Packaging] rules: Use old-kernelconfig for old configs
    - [Config] sanitize annotations
    - [Config] import generated configs into annotation file
    - [Packaging] kernelconfig: add i386 as supported arch
    - [Config] Remove all old configs files
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] update annotations scripts
  * fix typo in config-checks invocation (LP: #2020413)
    - [Packaging] fix typo when calling the old config-check
    - [Packaging] fix typo in 4-checks.mk
  * support python < 3.9 with annotations (LP: #2020531)
    - [Packaging] kconfig/annotations.py: support older way of merging dicts
  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve
  * Focal update: v5.4.252 upstream stable release (LP: #2036240)
    - ia64/cpu: Switch to arch_cpu_finalize_init()
    - m68k/cpu: Switch to arch_cpu_finalize_init()
    - mips/cpu: Switch to arch_cpu_finalize_init()
    - sh/cpu: Switch to arch_cpu_finalize_init()
    - x86/cpufeatures: Add SEV-ES CPU feature
    - x86/cpu: Add VM page flush MSR availablility as a CPUID feature
    - x86/cpufeatures: Assign dedicated feature word for CPUID_0x8000001F[EAX]
    - tools headers cpufeatures: Sync with the kernel sources
    - x86/cpu, kvm: Add support for CPUID_80000021_EAX
    - Linux 5.4.252
    - Upstream stable to v5.4.252
  * CVE-2023-42755
    - net/sched: Retire rsvp classifier
    - [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6
  * CVE-2023-42753
    - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
      ip_set_hash_netportnet.c
  * CVE-2023-34319
    - xen/netback: Fix buffer overrun triggered by unusual packet
  * CVE-2023-4921
    - net: sched: sch_qfq: Fix UAF in qfq_dequeue()
  * CVE-2023-42752
    - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
  * Avoid address overwrite in kernel_connect (LP: #2035163)
    - net: Avoid address overwrite in kernel_connect
  * [regression] Unable to initialize SGX enclaves with XFRM other than 3
    (LP: #2034745)
    - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4
  * CVE-2023-4881
    - netfilter: nftables: exthdr: fix 4-byte stack OOB write
  * CVE-2023-4622
    - af_unix: Fix null-ptr-deref in unix_stream_sendpage().
  * Focal update: v5.4.251 upstream stable release (LP: #2034918)
    - x86/smp: Use dedicated cache-line for mwait_play_dead()
    - video: imsttfb: check for ioremap() failures
    - fbdev: imsttfb: Fix use after free bug in imsttfb_probe
    - HID: wacom: Use ktime_t rather than int when dealing with timestamps
    - drm/i915: Initialise outparam for error return from wait_for_register
    - scripts/tags.sh: Resolve gtags empty index generation
    - drm/amdgpu: Validate VM ioctl flags.
    - bgmac: fix *initial* chip reset to support BCM5358
    - x86/resctrl: Use is_closid_match() in more places
    - x86/resctrl: Only show tasks' pid in current pid namespace
    - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
    - md/raid10: fix overflow of md/safe_mode_delay
    - md/raid10: fix wrong setting of max_corr_read_errors
    - md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
    - md/raid10: fix io loss while replacement replace rdev
    - irqchip/jcore-aic: Kill use of irq_create_strict_mappings()
    - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
    - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode().
    - clocksource/drivers/cadence-ttc: Use ttc driver as platform driver
    - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
    - PM: domains: fix integer overflow issues in genpd_parse_state()
    - powercap: RAPL: Fix CONFIG_IOSF_MBI dependency
    - ARM: 9303/1: kprobes: avoid missing-declaration warnings
    - evm: Complete description of evm_inode_setattr()
    - pstore/ram: Add check for kstrdup
    - ima: Fix build warnings
    - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
    - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
    - samples/bpf: Fix buffer overflow in tcp_basertt
    - spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG
    - wifi: mwifiex: Fix the size of a memory allocation in
      mwifiex_ret_802_11_scan()
    - nfc: constify several pointers to u8, char and sk_buff
    - nfc: llcp: fix possible use of uninitialized variable in
      nfc_llcp_send_connect()
    - regulator: core: Fix more error checking for debugfs_create_dir()
    - regulator: core: Streamline debugfs operations
    - wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
    - wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
    - wifi: atmel: Fix an error handling path in atmel_probe()
    - wl3501_cs: Fix a bunch of formatting issues related to function docs
    - wl3501_cs: Remove unnecessary NULL check
    - wl3501_cs: Fix misspelling and provide missing documentation
    - net: create netdev->dev_addr assignment helpers
    - wl3501_cs: use eth_hw_addr_set()
    - wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
    - wifi: ray_cs: Utilize strnlen() in parse_addr()
    - wifi: ray_cs: Drop useless status variable in parse_addr()
    - wifi: ray_cs: Fix an error handling path in ray_probe()
    - wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
    - wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
    - watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct
      config
    - watchdog/perf: more properly prevent false positives with turbo modes
    - kexec: fix a memory leak in crash_shrink_memory()
    - memstick r592: make memstick_debug_get_tpc_name() static
    - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
    - rtnetlink: extend RTEXT_FILTER_SKIP_STATS to IFLA_VF_INFO
    - wifi: iwlwifi: pull from TXQs with softirqs disabled
    - wifi: cfg80211: rewrite merging of inherited elements
    - wifi: ath9k: convert msecs to jiffies where needed
    - netlink: fix potential deadlock in netlink_set_err()
    - netlink: do not hard code device address lenth in fdb dumps
    - selftests: rtnetlink: remove netdevsim device after ipsec offload test
    - gtp: Fix use-after-free in __gtp_encap_destroy().
    - lib/ts_bm: reset initial match offset for every block of text
    - netfilter: conntrack: dccp: copy entire header to stack buffer, not just
      basic one
    - netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return
      value.
    - ipvlan: Fix return value of ipvlan_queue_xmit()
    - netlink: Add __sock_i_ino() for __netlink_diag_dump().
    - radeon: avoid double free in ci_dpm_init()
    - Input: drv260x - sleep between polling GO bit
    - ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
    - Input: adxl34x - do not hardcode interrupt trigger type
    - drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks`
    - RDMA/bnxt_re: Fix to remove an unnecessary log
    - ARM: dts: gta04: Move model property out of pinctrl node
    - arm64: dts: qcom: msm8916: correct camss unit address
    - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
    - ARM: ep93xx: fix missing-prototype warnings
    - memory: brcmstb_dpfe: fix testing array offset after use
    - ASoC: es8316: Increment max value for ALC Capture Target Volume control
    - ASoC: es8316: Do not set rate constraints for unsupported MCLKs
    - soc/fsl/qe: fix usb.c build errors
    - IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
    - arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
    - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
    - drm/amdkfd: Fix potential deallocation of previously deallocated memory.
    - drm/radeon: fix possible division-by-zero errors
    - clk: tegra: tegra124-emc: Fix potential memory leak
    - ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
    - clk: cdce925: check return value of kasprintf()
    - clk: keystone: sci-clk: check return value of kasprintf()
    - ASoC: imx-audmix: check return value of devm_kasprintf()
    - scsi: qedf: Fix NULL dereference in error handling
    - PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free
    - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
    - PCI: pciehp: Cancel bringup sequence if card is not present
    - PCI: ftpci100: Release the clock resources
    - PCI: Add pci_clear_master() stub for non-CONFIG_PCI
    - pinctrl: cherryview: Return correct value if pin in push-pull mode
    - perf dwarf-aux: Fix off-by-one in die_get_varname()
    - pinctrl: at91-pio4: check return value of devm_kasprintf()
    - powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-
      boundary
    - hwrng: virtio - add an internal buffer
    - hwrng: virtio - don't wait on cleanup
    - hwrng: virtio - don't waste entropy
    - hwrng: virtio - always add a pending request
    - hwrng: virtio - Fix race on data_avail and actual data
    - crypto: nx - fix build warnings when DEBUG_FS is not enabled
    - modpost: fix section mismatch message for R_ARM_ABS32
    - modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
    - crypto: marvell/cesa - Fix type mismatch warning
    - modpost: fix off by one in is_executable_section()
    - ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
    - NFSv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION
    - hwrng: st - Fix W=1 unused variable warning
    - hwrng: st - keep clock enabled while hwrng is registered
    - USB: serial: option: add LARA-R6 01B PIDs
    - usb: dwc3: gadget: Propagate core init errors to UDC during pullup
    - block: fix signed int overflow in Amiga partition support
    - block: change all __u32 annotations to __be32 in affs_hardblocks.h
    - w1: fix loop in w1_fini()
    - sh: j2: Use ioremap() to translate device tree address into kernel memory
    - media: usb: Check az6007_read() return value
    - media: videodev2.h: Fix struct v4l2_input tuner index comment
    - usb: dwc3: qcom: Fix potential memory leak
    - extcon: Fix kernel doc of property fields to avoid warnings
    - extcon: Fix kernel doc of property capability fields to avoid warnings
    - usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
    - usb: hide unused usbfs_notify_suspend/resume functions
    - mfd: rt5033: Drop rt5033-battery sub-device
    - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
    - usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove()
    - mfd: intel-lpss: Add missing check for platform_get_resource
    - serial: 8250_omap: Use force_suspend and resume for system suspend
    - mfd: stmfx: Fix error path in stmfx_chip_init
    - KVM: s390: vsie: fix the length of APCB bitmap
    - mfd: stmpe: Only disable the regulators if they are enabled
    - pwm: imx-tpm: force 'real_period' to be zero in suspend
    - pwm: sysfs: Do not apply state to already disabled PWMs
    - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
    - sctp: fix potential deadlock on &net->sctp.addr_wq_lock
    - Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
    - spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
    - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
    - f2fs: fix error path handling in truncate_dnode()
    - powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
    - net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
    - tcp: annotate data races in __tcp_oow_rate_limited()
    - xsk: Improve documentation for AF_XDP
    - xsk: Honor SO_BINDTODEVICE on bind
    - net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
    - net: dsa: tag_sja1105: fix MAC DA patching from meta frames
    - sh: dma: Fix DMA channel offset calculation
    - i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
    - i2c: xiic: Don't try to handle more interrupt events after error
    - ALSA: jack: Fix mutex call in snd_jack_report()
    - NFSD: add encoding of op_recall flag for write delegation
    - mmc: core: disable TRIM on Kingston EMMC04G-M627
    - mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
    - mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is
      used.
    - bcache: Remove unnecessary NULL point check in node allocations
    - integrity: Fix possible multiple allocation in integrity_inode_get()
    - jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
    - fs: avoid empty option when generating legacy mount string
    - ext4: Remove ext4 locking of moved directory
    - Revert "f2fs: fix potential corruption when moving a directory"
    - fs: Establish locking order for unrelated directories
    - fs: Lock moved directories
    - btrfs: fix race when deleting quota root from the dirty cow roots list
    - ARM: orion5x: fix d2net gpio initialization
    - fs: no need to check source
    - fanotify: disallow mount/sb marks on kernel internal pseudo fs
    - block: add overflow checks for Amiga partition support
    - netfilter: nf_tables: fix nat hook table deletion
    - netfilter: nftables: add helper function to set the base sequence number
    - netfilter: add helper function to set up the nfnetlink header and use it
    - netfilter: nf_tables: use net_generic infra for transaction data
    - netfilter: nf_tables: add rescheduling points during loop detection walks
    - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
      set/chain
    - netfilter: nf_tables: reject unbound anonymous set before commit phase
    - netfilter: nf_tables: unbind non-anonymous set if rule construction fails
    - netfilter: nf_tables: fix scheduling-while-atomic splat
    - netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
    - tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
    - block/partition: fix signedness issue for Amiga partitions
    - net: lan743x: Don't sleep in atomic context
    - workqueue: clean up WORK_* constant types, clarify masking
    - drm/panel: Initialise panel dev and funcs through drm_panel_init()
    - drm/panel: Add and fill drm_panel type field
    - drm/panel: simple: Add connector_type for innolux_at043tn24
    - igc: Remove delay during TX ring configuration
    - igc: set TP bit in 'supported' and 'advertising' fields of
      ethtool_link_ksettings
    - scsi: qla2xxx: Fix error code in qla2x00_start_sp()
    - net: mvneta: fix txq_map in case of txq_number==1
    - ionic: improve irq numa locality
    - ionic: clean irq affinity on queue deinit
    - ionic: move irq request to qcq alloc
    - ionic: ionic_intr_free parameter change
    - ionic: remove WARN_ON to prevent panic_on_warn
    - icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
    - udp6: fix udp6_ehashfn() typo
    - ntb: idt: Fix error handling in idt_pci_driver_init()
    - NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
    - ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
    - NTB: ntb_transport: fix possible memory leak while device_register() fails
    - NTB: ntb_tool: Add check for devm_kcalloc
    - ipv6/addrconf: fix a potential refcount underflow for idev
    - platform/x86: wmi: Replace UUID redefinitions by their originals
    - platform/x86: wmi: Fix indentation in some cases
    - platform/x86: wmi: remove unnecessary argument
    - platform/x86: wmi: use guid_t and guid_equal()
    - platform/x86: wmi: move variables
    - platform/x86: wmi: Break possible infinite loop when parsing GUID
    - erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF
    - wifi: airo: avoid uninitialized warning in airo_get_rate()
    - cls_flower: Add extack support for src and dst port range options
    - net/sched: flower: Ensure both minimum and maximum ports are specified
    - net/sched: make psched_mtu() RTNL-less safe
    - pinctrl: amd: Fix mistake in handling clearing pins at startup
    - pinctrl: amd: Detect internal GPIO0 debounce handling
    - pinctrl: amd: Only use special debounce behavior for GPIO 0
    - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
    - mtd: rawnand: meson: fix unaligned DMA buffers handling
    - net: bcmgenet: Ensure MDIO unregistration has clocks enabled
    - powerpc: Fail build if using recordmcount with binutils v2.37
    - misc: fastrpc: Create fastrpc scalar with correct buffer count
    - SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
    - erofs: fix compact 4B support for 16k block size
    - ext4: fix wrong unit use in ext4_mb_clear_bb
    - ext4: only update i_reserved_data_blocks on successful block allocation
    - jfs: jfs_dmap: Validate db_l2nbperpage while mounting
    - PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
    - PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
    - PCI: qcom: Disable write access to read only registers for IP v2.3.3
    - PCI: rockchip: Assert PCI Configuration Enable bit after probe
    - PCI: rockchip: Write PCI Device ID to correct register
    - PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked
    - PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core
    - PCI: rockchip: Use u32 variable to access 32-bit registers
    - PCI: rockchip: Set address alignment for endpoint mode
    - misc: pci_endpoint_test: Free IRQs before removing the device
    - misc: pci_endpoint_test: Re-init completion for every test
    - md/raid0: add discard support for the 'original' layout
    - fs: dlm: return positive pid value for F_GETLK
    - drm/atomic: Allow vblank-enabled + self-refresh "disable"
    - drm/rockchip: vop: Leave vblank enabled in self-refresh
    - serial: atmel: don't enable IRQs prematurely
    - firmware: stratix10-svc: Fix a potential resource leak in
      svc_create_memory_pool()
    - hwrng: imx-rngc - fix the timeout for init and self check
    - ceph: don't let check_caps skip sending responses for revoke msgs
    - meson saradc: fix clock divider mask length
    - Revert "8250: add support for ASIX devices with a FIFO bug"
    - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in
      case of error
    - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when
      iterating clk
    - tracing/histograms: Add histograms to hist_vars if they have referenced
      variables
    - ring-buffer: Fix deadloop issue on reading trace_pipe
    - xtensa: ISS: fix call to split_if_spec
    - tracing: Fix null pointer dereference in tracing_err_log_open()
    - tracing/probes: Fix not to count error code to total length
    - scsi: qla2xxx: Wait for io return on terminate rport
    - scsi: qla2xxx: Fix potential NULL pointer dereference
    - scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
    - scsi: qla2xxx: Correct the index of array
    - scsi: qla2xxx: Pointer may be dereferenced
    - scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
    - drm/atomic: Fix potential use-after-free in nonblocking commits
    - perf probe: Add test for regression introduced by switch to
      die_get_decl_file()
    - btrfs: fix warning when putting transaction with qgroups enabled after abort
    - fuse: revalidate: don't invalidate if interrupted
    - selftests: tc: set timeout to 15 minutes
    - can: bcm: Fix UAF in bcm_proc_show()
    - drm/client: Fix memory leak in drm_client_target_cloned
    - drm/client: Fix memory leak in drm_client_modeset_probe
    - ext4: correct inline offset when handling xattrs in inode body
    - debugobjects: Recheck debug_objects_enabled before reporting
    - nbd: Add the maximum limit of allocated index in nbd_dev_add
    - md: fix data corruption for raid456 when reshape restart while grow up
    - md/raid10: prevent soft lockup while flush writes
    - posix-timers: Ensure timer ID search-loop limit is valid
    - arm64: mm: fix VA-range sanity check
    - sched/fair: Don't balance task to its current running CPU
    - bpf: Address KCSAN report on bpf_lru_list
    - devlink: report devlink_port_type_warn source device
    - wifi: wext-core: Fix -Wstringop-overflow warning in
      ioctl_standard_iw_point()
    - wifi: iwlwifi: mvm: avoid baid size integer overflow
    - igb: Fix igb_down hung on surprise removal
    - spi: bcm63xx: fix max prepend length
    - fbdev: imxfb: warn about invalid left/right margin
    - pinctrl: amd: Use amd_pinconf_set() for all config options
    - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
    - iavf: Fix use-after-free in free_netdev
    - net:ipv6: check return value of pskb_trim()
    - Revert "tcp: avoid the lookup process failing to get sk in ehash table"
    - fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
    - llc: Don't drop packet from non-root netns.
    - netfilter: nf_tables: fix spurious set element insertion failure
    - netfilter: nf_tables: can't schedule in nft_chain_validate
    - tcp: annotate data-races around tp->tcp_tx_delay
    - net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX
    - tcp: annotate data-races around tp->linger2
    - tcp: annotate data-races around rskq_defer_accept
    - tcp: annotate data-races around tp->notsent_lowat
    - tcp: annotate data-races around fastopenq.max_qlen
    - tracing/histograms: Return an error if we fail to add histogram to hist_vars
      list
    - Linux 5.4.251
  * Focal update: v5.4.250 upstream stable release (LP: #2033297)
    - x86/microcode/AMD: Load late on both threads too
    - Linux 5.4.250
  * Focal update: v5.4.249 upstream stable release (LP: #2033278)
    - nilfs2: reject devices with insufficient block count
    - mm: rewrite wait_on_page_bit_common() logic
    - list: add "list_del_init_careful()" to go with "list_empty_careful()"
    - epoll: ep_autoremove_wake_function should use list_del_init_careful
    - tracing: Add tracing_reset_all_online_cpus_unlocked() function
    - x86/purgatory: remove PGO flags
    - tick/common: Align tick period during sched_timer setup
    - media: dvbdev: Fix memleak in dvb_register_device
    - media: dvbdev: fix error logic at dvb_register_device()
    - media: dvb-core: Fix use-after-free due to race at dvb_register_device()
    - nilfs2: fix buffer corruption due to concurrent device reads
    - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs
    - PCI: hv: Fix a race condition bug in hv_pci_query_relations()
    - cgroup: Do not corrupt task iteration when rebinding subsystem
    - mmc: meson-gx: remove redundant mmc_request_done() call from irq context
    - ip_tunnels: allow VXLAN/GENEVE to inherit TOS/TTL from VLAN
    - writeback: fix dereferencing NULL mapping->host on writeback_page_template
    - nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
    - cifs: Clean up DFS referral cache
    - cifs: Get rid of kstrdup_const()'d paths
    - cifs: Introduce helpers for finding TCP connection
    - cifs: Merge is_path_valid() into get_normalized_path()
    - cifs: Fix potential deadlock when updating vol in cifs_reconnect()
    - x86/mm: Avoid using set_pgd() outside of real PGD pages
    - ieee802154: hwsim: Fix possible memory leaks
    - xfrm: Linearize the skb after offloading if needed.
    - net: qca_spi: Avoid high load if QCA7000 is not available
    - mmc: mtk-sd: fix deferred probing
    - mmc: mvsdio: convert to devm_platform_ioremap_resource
    - mmc: mvsdio: fix deferred probing
    - mmc: omap: fix deferred probing
    - mmc: omap_hsmmc: fix deferred probing
    - mmc: sdhci-acpi: fix deferred probing
    - mmc: sh_mmcif: fix deferred probing
    - mmc: usdhi60rol0: fix deferred probing
    - ipvs: align inner_mac_header for encapsulation
    - net: dsa: mt7530: fix trapping frames on non-MT7621 SoC MT7530 switch
    - be2net: Extend xmit workaround to BE3 chip
    - netfilter: nf_tables: disallow element updates of bound anonymous sets
    - netfilter: nfnetlink_osf: fix module autoload
    - Revert "net: phy: dp83867: perform soft reset and retain established link"
    - sch_netem: acquire qdisc lock in netem_change()
    - scsi: target: iscsi: Prevent login threads from racing between each other
    - HID: wacom: Add error check to wacom_parse_and_register()
    - arm64: Add missing Set/Way CMO encodings
    - media: cec: core: don't set last_initiator if tx in progress
    - nfcsim.c: Fix error checking for debugfs_create_dir
    - usb: gadget: udc: fix NULL dereference in remove()
    - s390/cio: unregister device when the only path is gone
    - ASoC: nau8824: Add quirk to active-high jack-detect
    - ARM: dts: Fix erroneous ADS touchscreen polarities
    - drm/exynos: vidi: fix a wrong error return
    - drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
    - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
    - x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys
    - i2c: imx-lpi2c: fix type char overflow issue when calculating the clock
      cycle
    - mm: fix VM_BUG_ON(PageTail) and BUG_ON(PageWriteback)
    - mm: make wait_on_page_writeback() wait for multiple pending writebacks
    - Linux 5.4.249
  * allow io_uring to be disabled in runtime (LP: #2035116)
    - io_uring: add a sysctl to disable io_uring system-wide
  * CVE-2023-31083
    - Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
  * CVE-2023-4132
    - media: usb: siano: Fix warning due to null work_func_t function pointer
  * CVE-2023-3772
    - xfrm: add NULL check in xfrm_update_ae_params
  * CVE-2023-0597
    - random32: add noise from network and scheduling activity
    - x86/kasan: Map shadow for percpu pages on demand
    - x86/mm: Randomize per-cpu entry area
    - x86/mm: Recompute physical address for every page of per-CPU CEA mapping
    - x86/mm: Populate KASAN shadow for entire per-CPU range of CPU entry area
    - x86/mm: Do not shuffle CPU entry areas without KASLR

-- Agathe Porte <agathe.porte@canonical.com>  Thu, 19 Oct 2023 13:35:13 +0200

Changed in linux-gkeop (Ubuntu):
status:	New → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-10-30:

#11

Download full text (22.7 KiB)

This bug was fixed in the package linux - 5.15.0-88.98

---------------
linux (5.15.0-88.98) jammy; urgency=medium

* jammy/linux: 5.15.0-88.98 -proposed tracker (LP: #2038055)

  * CVE-2023-4244
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: remove busy mark and gc batch API
    - netfilter: nf_tables: don't fail inserts if duplicate has expired
    - netfilter: nf_tables: fix kdoc warnings after gc rework
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending
    - netfilter: nft_dynset: disallow object maps
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction

* CVE-2023-42756
- netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP

* CVE-2023-4623
- net/sched: sch_hfsc: Ensure inner classes have fsc curve

* PCI BARs larger than 128GB are disabled (LP: #2037403)
- PCI: Support BAR sizes up to 8TB

* Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
- ALSA: hda/realtek - ALC287 I2S speaker platform support

* Check for changes relevant for security certifications (LP: #1945989)
- [Packaging] Add a new fips-checks script

  * Jammy update: v5.15.126 upstream stable release (LP: #2037593)
    - io_uring: gate iowait schedule on having pending requests
    - perf: Fix function pointer case
    - net/mlx5: Free irqs only on shutdown callback
    - arm64: errata: Add workaround for TSB flush failures
    - arm64: errata: Add detection for TRBE write to out-of-range
    - [Config] updateconfigs for ARM64_ERRATUM_ and
      ARM64_WORKAROUND_TSB_FLUSH_FAILURE
    - iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
    - iommu/arm-smmu-v3: Document MMU-700 erratum 2812531
    - iommu/arm-smmu-v3: Add explicit feature for nesting
    - iommu/arm-smmu-v3: Document nesting-related errata
    - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux
    - word-at-a-time: use the same return type for has_zero regardless of
      endianness
    - KVM: s390: fix sthyi error handling
    - wifi: cfg80211: Fix return value in scan logic
    - net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
    - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
    - bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing
    - rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length
    - net: dsa: fix value check in bcm_sf2_sw_probe()
    - perf test uprobe_from_different_cu: Skip if there is no gcc
    - net: sched: cls_u32: Fix match key mis-addressing
    - mISDN: hfcpci: Fix potential deadlock on &hc->l...

This bug was fixed in the package linux - 5.15.0-88.98

---------------
linux (5.15.0-88.98) jammy; urgency=medium

* jammy/linux: 5.15.0-88.98 -proposed tracker (LP: #2038055)

* CVE-2023-4244
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: remove busy mark and gc batch API
    - netfilter: nf_tables: don't fail inserts if duplicate has expired
    - netfilter: nf_tables: fix kdoc warnings after gc rework
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending
    - netfilter: nft_dynset: disallow object maps
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction

* CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP

* CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve

* PCI BARs larger than 128GB are disabled (LP: #2037403)
    - PCI: Support BAR sizes up to 8TB

* Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
    - ALSA: hda/realtek - ALC287 I2S speaker platform support

* Check for changes relevant for security certifications (LP: #1945989)
    - [Packaging] Add a new fips-checks script

* Jammy update: v5.15.126 upstream stable release (LP: #2037593)
    - io_uring: gate iowait schedule on having pending requests
    - perf: Fix function pointer case
    - net/mlx5: Free irqs only on shutdown callback
    - arm64: errata: Add workaround for TSB flush failures
    - arm64: errata: Add detection for TRBE write to out-of-range
    - [Config] updateconfigs for ARM64_ERRATUM_ and
      ARM64_WORKAROUND_TSB_FLUSH_FAILURE
    - iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
    - iommu/arm-smmu-v3: Document MMU-700 erratum 2812531
    - iommu/arm-smmu-v3: Add explicit feature for nesting
    - iommu/arm-smmu-v3: Document nesting-related errata
    - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux
    - word-at-a-time: use the same return type for has_zero regardless of
      endianness
    - KVM: s390: fix sthyi error handling
    - wifi: cfg80211: Fix return value in scan logic
    - net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
    - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
    - bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing
    - rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length
    - net: dsa: fix value check in bcm_sf2_sw_probe()
    - perf test uprobe_from_different_cu: Skip if there is no gcc
    - net: sched: cls_u32: Fix match key mis-addressing
    - mISDN: hfcpci: Fix potential deadlock on &hc->lock
    - qed: Fix kernel-doc warnings
    - qed: Fix scheduling in a tasklet while getting stats
    - net: annotate data-races around sk->sk_max_pacing_rate
    - net: add missing READ_ONCE(sk->sk_rcvlowat) annotation
    - net: add missing READ_ONCE(sk->sk_sndbuf) annotation
    - net: add missing READ_ONCE(sk->sk_rcvbuf) annotation
    - net: add missing data-race annotations around sk->sk_peek_off
    - net: add missing data-race annotation for sk_ll_usec
    - net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX.
    - bpf, cpumap: Handle skb as well when clean up ptr_ring
    - bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire
    - net: ll_temac: Switch to use dev_err_probe() helper
    - net: ll_temac: fix error checking of irq_of_parse_and_map()
    - net: korina: handle clk prepare error in korina_probe()
    - net: netsec: Ignore 'phy-mode' on SynQuacer in DT mode
    - net: dcb: choose correct policy to parse DCB_ATTR_BCN
    - s390/qeth: Don't call dev_close/dev_open (DOWN/UP)
    - ip6mr: Fix skb_under_panic in ip6mr_cache_report()
    - vxlan: Fix nexthop hash size
    - net/mlx5: fs_core: Make find_closest_ft more generic
    - net/mlx5: fs_core: Skip the FTs in the same FS_TYPE_PRIO_CHAINS fs_prio
    - prestera: fix fallback to previous version on same major version
    - tcp_metrics: fix addr_same() helper
    - tcp_metrics: annotate data-races around tm->tcpm_stamp
    - tcp_metrics: annotate data-races around tm->tcpm_lock
    - tcp_metrics: annotate data-races around tm->tcpm_vals[]
    - tcp_metrics: annotate data-races around tm->tcpm_net
    - tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
    - scsi: zfcp: Defer fc_rport blocking until after ADISC response
    - scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices
    - libceph: fix potential hang in ceph_osdc_notify()
    - USB: zaurus: Add ID for A-300/B-500/C-700
    - ceph: defer stopping mdsc delayed_work
    - firmware: arm_scmi: Drop OF node reference in the transport channel setup
    - exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree
    - exfat: release s_lock before calling dir_emit()
    - mtd: spinand: toshiba: Fix ecc_get_status
    - mtd: rawnand: meson: fix OOB available bytes for ECC
    - arm64: dts: stratix10: fix incorrect I2C property for SCL signal
    - wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC)
    - rbd: prevent busy loop when requesting exclusive lock
    - bpf: Disable preemption in bpf_event_output
    - open: make RESOLVE_CACHED correctly test for O_TMPFILE
    - drm/ttm: check null pointer before accessing when swapping
    - bpf, cpumap: Make sure kthread is running before map update returns
    - file: reinstate f_pos locking optimization for regular files
    - fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_load_attr_list()
    - fs/sysv: Null check to prevent null-ptr-deref bug
    - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
    - fs: Protect reconfiguration of sb read-write from racing writes
    - ext2: Drop fragment support
    - mtd: rawnand: omap_elm: Fix incorrect type in assignment
    - mtd: rawnand: rockchip: fix oobfree offset and description
    - mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts
    - mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op()
    - powerpc/mm/altmap: Fix altmap boundary check
    - drm/imx/ipuv3: Fix front porch adjustment upon hactive aligning
    - selftests/rseq: check if libc rseq support is registered
    - selftests/rseq: Play nice with binaries statically linked against glibc
      2.35+
    - soundwire: bus: pm_runtime_request_resume on peripheral attachment
    - soundwire: fix enumeration completion
    - PM / wakeirq: support enabling wake-up irq after runtime_suspend called
    - PM: sleep: wakeirq: fix wake irq arming
    - Linux 5.15.126

* Jammy update: v5.15.125 upstream stable release (LP: #2036843)
    - ia64/cpu: Switch to arch_cpu_finalize_init()
    - m68k/cpu: Switch to arch_cpu_finalize_init()
    - mips/cpu: Switch to arch_cpu_finalize_init()
    - sh/cpu: Switch to arch_cpu_finalize_init()
    - Linux 5.15.125
    - Upstream stable to v5.15.125

* CVE-2023-42755
    - net/sched: Retire rsvp classifier
    - [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6

* CVE-2023-42753
    - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
      ip_set_hash_netportnet.c

* CVE-2023-34319
    - xen/netback: Fix buffer overrun triggered by unusual packet

* CVE-2023-5197
    - netfilter: nf_tables: disallow rule removal from chain binding

* CVE-2023-4921
    - net: sched: sch_qfq: Fix UAF in qfq_dequeue()

* CVE-2023-42752
    - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU

* Avoid address overwrite in kernel_connect (LP: #2035163)
    - net: Avoid address overwrite in kernel_connect

* NULL Pointer Dereference During KVM MMU Page Invalidation (LP: #2035166)
    - KVM: x86/mmu: Track the number of TDP MMU pages, but not the actual pages

* Fix suspend hang on Lenovo workstation (LP: #2034479)
    - igb: Fix igb_down hung on surprise removal

* [regression] Unable to initialize SGX enclaves with XFRM other than 3
    (LP: #2034745)
    - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4

* CVE-2023-4881
    - netfilter: nftables: exthdr: fix 4-byte stack OOB write

* CVE-2023-4622
    - af_unix: Fix null-ptr-deref in unix_stream_sendpage().

* Jammy update: v5.15.124 upstream stable release (LP: #2035400)
    - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint
    - KVM: s390: pv: fix index value of replaced ASCE
    - io_uring: don't audit the capability check in io_uring_create()
    - gpio: tps68470: Make tps68470_gpio_output() always set the initial value
    - pwm: Add a stub for devm_pwmchip_add()
    - gpio: mvebu: Make use of devm_pwmchip_add
    - gpio: mvebu: fix irq domain leak
    - btrfs: fix race between quota disable and relocation
    - i2c: Delete error messages for failed memory allocations
    - i2c: Improve size determinations
    - i2c: nomadik: Remove unnecessary goto label
    - i2c: nomadik: Use devm_clk_get_enabled()
    - i2c: nomadik: Remove a useless call in the remove function
    - PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link()
    - PCI/ASPM: Factor out pcie_wait_for_retrain()
    - PCI/ASPM: Avoid link retraining race
    - PCI: rockchip: Remove writes to unused registers
    - PCI: rockchip: Fix window mapping and address translation for endpoint
    - PCI: rockchip: Don't advertise MSI-X in PCIe capabilities
    - dlm: cleanup plock_op vs plock_xop
    - dlm: rearrange async condition return
    - fs: dlm: interrupt posix locks only when process is killed
    - drm/ttm: Don't print error message if eviction was interrupted
    - drm/ttm: Don't leak a resource on eviction error
    - n_tty: Rename tail to old_tail in n_tty_read()
    - tty: fix hang on tty device with no_room set
    - drm/ttm: never consider pinned BOs for eviction&swap
    - cifs: missing directory in MAINTAINERS file
    - cifs: use fs_context for automounts
    - ksmbd: remove internal.h include
    - cifs: if deferred close is disabled then close files immediately
    - pwm: meson: Simplify duplicated per-channel tracking
    - pwm: meson: fix handling of period/duty if greater than UINT_MAX
    - tracing/probes: Add symstr type for dynamic events
    - tracing/probes: Fix to avoid double count of the string length on the array
    - tracing: Allow synthetic events to pass around stacktraces
    - Revert "tracing: Add "(fault)" name injection to kernel probes"
    - tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if
      fails
    - scsi: qla2xxx: Remove unused declarations for qla2xxx
    - scsi: qla2xxx: Multi-que support for TMF
    - scsi: qla2xxx: Fix task management cmd failure
    - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource
    - scsi: qla2xxx: Add debug prints in the device remove path
    - scsi: qla2xxx: Fix hang in task management
    - drm/amdgpu: fix vkms crtc settings
    - drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel
    - phy: qcom-snps: Use dev_err_probe() to simplify code
    - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc
    - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend
    - phy: qcom-snps-femto-v2: properly enable ref clock
    - soundwire: qcom: update status correctly with mask
    - media: staging: atomisp: select V4L2_FWNODE
    - i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
    - iavf: fix potential deadlock on allocation failure
    - iavf: check for removal state before IAVF_FLAG_PF_COMMS_FAILED
    - net: phy: marvell10g: fix 88x3310 power up
    - net: hns3: fix wrong tc bandwidth weight data issue
    - net: hns3: fix wrong bw weight of disabled tc issue
    - vxlan: move to its own directory
    - vxlan: calculate correct header length for GPE
    - phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()
    - ethernet: atheros: fix return value check in atl1e_tso_csum()
    - ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new
      temporary address
    - ice: Fix memory management in ice_ethtool_fdir.c
    - bonding: reset bond's flags when down link is P2P device
    - team: reset team's flags when down link is P2P device
    - net: stmmac: Apply redundant write work around on 4.xx too
    - platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100
    - igc: Fix Kernel Panic during ndo_tx_timeout callback
    - netfilter: nft_set_rbtree: fix overlap expiration walk
    - net/sched: mqprio: refactor nlattr parsing to a separate function
    - net/sched: mqprio: add extack to mqprio_parse_nlattr()
    - net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64
    - benet: fix return value check in be_lancer_xmit_workarounds()
    - tipc: check return value of pskb_trim()
    - tipc: stop tipc crypto on failure in tipc_node_create
    - RDMA/mlx4: Make check for invalid flags stricter
    - drm/msm/dpu: drop enum dpu_core_perf_data_bus_id
    - drm/msm/adreno: Fix snapshot BINDLESS_DATA size
    - RDMA/irdma: Add missing read barriers
    - RDMA/irdma: Fix data race on CQP completion stats
    - RDMA/irdma: Fix data race on CQP request done
    - RDMA/mthca: Fix crash when polling CQ for shared QPs
    - RDMA/bnxt_re: Prevent handling any completions after qp destroy
    - drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb()
    - ASoC: fsl_spdif: Silence output on stop
    - block: Fix a source code comment in include/uapi/linux/blkzoned.h
    - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths
    - dm raid: clean up four equivalent goto tags in raid_ctr()
    - dm raid: protect md_stop() with 'reconfig_mutex'
    - drm/amd: Fix an error handling mistake in psp_sw_init()
    - RDMA/irdma: Report correct WC error
    - ata: pata_ns87415: mark ns87560_tf_read static
    - ring-buffer: Fix wrong stat of cpu_buffer->read
    - tracing: Fix warning in trace_buffered_event_disable()
    - Revert "usb: gadget: tegra-xudc: Fix error check in
      tegra_xudc_powerdomain_init()"
    - usb: gadget: call usb_gadget_check_config() to verify UDC capability
    - USB: gadget: Fix the memory leak in raw_gadget driver
    - KVM: Grab a reference to KVM for VM and vCPU stats file descriptors
    - KVM: VMX: Don't fudge CR0 and CR4 for restricted L2 guest
    - serial: qcom-geni: drop bogus runtime pm state update
    - serial: 8250_dw: Preserve original value of DLF register
    - serial: sifive: Fix sifive_serial_console_setup() section
    - USB: serial: option: support Quectel EM060K_128
    - USB: serial: option: add Quectel EC200A module support
    - USB: serial: simple: add Kaufmann RKS+CAN VCP
    - USB: serial: simple: sort driver entries
    - can: gs_usb: gs_can_close(): add missing set of CAN state to
      CAN_STATE_STOPPED
    - Revert "usb: dwc3: core: Enable AutoRetry feature in the controller"
    - usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
    - usb: dwc3: don't reset device side if dwc3 was configured as host-only
    - usb: ohci-at91: Fix the unhandle interrupt when resume
    - USB: quirks: add quirk for Focusrite Scarlett
    - usb: cdns3: fix incorrect calculation of ep_buf_size when more than one
      config
    - usb: xhci-mtk: set the dma max_seg_size
    - Revert "usb: xhci: tegra: Fix error check"
    - Documentation: security-bugs.rst: update preferences when dealing with the
      linux-distros group
    - Documentation: security-bugs.rst: clarify CVE handling
    - staging: r8712: Fix memory leak in _r8712_init_xmit_priv()
    - staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
    - tty: n_gsm: fix UAF in gsm_cleanup_mux
    - Revert "xhci: add quirk for host controllers that don't update endpoint DCS"
    - ALSA: hda/relatek: Enable Mute LED on HP 250 G8
    - hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature
    - hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
    - btrfs: check if the transaction was aborted at btrfs_wait_for_commit()
    - btrfs: check for commit error at btrfs_attach_transaction_barrier()
    - file: always lock position for FMODE_ATOMIC_POS
    - nfsd: Remove incorrect check in nfsd4_validate_stateid
    - tpm_tis: Explicitly check for error code
    - irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
    - irqchip/gic-v4.1: Properly lock VPEs when doing a directLPI invalidation
    - locking/rtmutex: Fix task->pi_waiters integrity
    - KVM: x86: Disallow KVM_SET_SREGS{2} if incoming CR0 is invalid
    - virtio-net: fix race between set queues and probe
    - s390/dasd: fix hanging device after quiesce/resume
    - ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
    - ceph: never send metrics if disable_send_metrics is set
    - dm cache policy smq: ensure IO doesn't prevent cleaner policy progress
    - rbd: make get_lock_owner_info() return a single locker or NULL
    - rbd: harden get_lock_owner_info() a bit
    - rbd: retrieve and check lock owner twice before blocklisting
    - tracing: Fix trace_event_raw_event_synth() if else statement
    - ACPI: processor: perflib: Use the "no limit" frequency QoS
    - ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily
    - cpufreq: intel_pstate: Drop ACPI _PSS states table patching
    - selftests: mptcp: sockopt: use 'iptables-legacy' if available
    - io_uring: treat -EAGAIN for REQ_F_NOWAIT as final for io-wq
    - ASoC: cs42l51: fix driver to properly autoload with automatic module loading
    - selftests: mptcp: join: only check for ip6tables if needed
    - Linux 5.15.124

* Jammy update: v5.15.123 upstream stable release (LP: #2034612)
    - ALSA: hda/realtek - remove 3k pull low procedure
    - ALSA: hda/realtek: Add quirk for Clevo NS70AU
    - ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx
    - keys: Fix linking a duplicate key to a keyring's assoc_array
    - perf probe: Add test for regression introduced by switch to
      die_get_decl_file()
    - btrfs: fix warning when putting transaction with qgroups enabled after abort
    - fuse: revalidate: don't invalidate if interrupted
    - btrfs: zoned: fix memory leak after finding block group with super blocks
    - fuse: ioctl: translate ENOSYS in outarg
    - selftests: tc: set timeout to 15 minutes
    - selftests: tc: add 'ct' action kconfig dep
    - regmap: Drop initial version of maximum transfer length fixes
    - regmap: Account for register length in SMBus I/O limits
    - can: bcm: Fix UAF in bcm_proc_show()
    - selftests: tc: add ConnTrack procfs kconfig
    - drm/client: Fix memory leak in drm_client_target_cloned
    - drm/client: Fix memory leak in drm_client_modeset_probe
    - drm/amd/display: Disable MPC split by default on special asic
    - drm/amd/display: Keep PHY active for DP displays on DCN31
    - ASoC: fsl_sai: Disable bit clock with transmitter
    - ASoC: codecs: wcd938x: fix missing clsh ctrl error handling
    - ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove
    - ASoC: codecs: wcd938x: fix resource leaks on component remove
    - ASoC: codecs: wcd938x: fix missing mbhc init error handling
    - ASoC: codecs: wcd934x: fix resource leaks on component remove
    - ASoC: codecs: wcd938x: fix codec initialisation race
    - ASoC: codecs: wcd938x: fix soundwire initialisation race
    - ext4: correct inline offset when handling xattrs in inode body
    - drm/radeon: Fix integer overflow in radeon_cs_parser_init
    - ALSA: emu10k1: roll up loops in DSP setup code for Audigy
    - quota: Properly disable quotas when add_dquot_ref() fails
    - quota: fix warning in dqgrab()
    - udf: Fix uninitialized array access for some pathnames
    - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
    - MIPS: dec: prom: Address -Warray-bounds warning
    - FS: JFS: Fix null-ptr-deref Read in txBegin
    - FS: JFS: Check for read-only mounted filesystem in txBegin
    - spi: bcm63xx: fix max prepend length
    - fbdev: imxfb: warn about invalid left/right margin
    - perf build: Fix library not found error when using CSLIBS
    - pinctrl: amd: Use amd_pinconf_set() for all config options
    - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
    - bridge: Add extack warning when enabling STP in netns.
    - ethernet: use eth_hw_addr_set() instead of ether_addr_copy()
    - of: net: add a helper for loading netdev->dev_addr
    - ethernet: use of_get_ethdev_address()
    - net: ethernet: mtk_eth_soc: handle probe deferral
    - net: sched: cls_bpf: Undo tcf_bind_filter in case of an error
    - iavf: Fix use-after-free in free_netdev
    - iavf: Fix out-of-bounds when setting channels on remove
    - security: keys: Modify mismatched function name
    - octeontx2-pf: Dont allocate BPIDs for LBK interfaces
    - bpf: Fix subprog idx logic in check_max_stack_depth
    - igc: Prevent garbled TX queue with XDP ZEROCOPY
    - tcp: annotate data-races around tcp_rsk(req)->ts_recent
    - net: ipv4: Use kfree_sensitive instead of kfree
    - net:ipv6: check return value of pskb_trim()
    - Revert "tcp: avoid the lookup process failing to get sk in ehash table"
    - fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
    - llc: Don't drop packet from non-root netns.
    - netfilter: nf_tables: fix spurious set element insertion failure
    - netfilter: nf_tables: skip bound chain in netns release path
    - tcp: annotate data-races around tp->tcp_tx_delay
    - tcp: annotate data-races around tp->keepalive_time
    - tcp: annotate data-races around tp->keepalive_intvl
    - tcp: annotate data-races around tp->keepalive_probes
    - tcp: annotate data-races around icsk->icsk_syn_retries
    - tcp: annotate data-races around tp->linger2
    - tcp: annotate data-races around rskq_defer_accept
    - tcp: annotate data-races around tp->notsent_lowat
    - tcp: annotate data-races around icsk->icsk_user_timeout
    - tcp: annotate data-races around fastopenq.max_qlen
    - net: phy: prevent stale pointer dereference in phy_init()
    - jbd2: recheck chechpointing non-dirty buffer
    - tracing/histograms: Return an error if we fail to add histogram to hist_vars
      list
    - nixge: fix mac address error handling again
    - Linux 5.15.123

* allow io_uring to be disabled in runtime (LP: #2035116)
    - io_uring: add a sysctl to disable io_uring system-wide

* CVE-2023-31083
    - Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO

* CVE-2023-3772
    - xfrm: add NULL check in xfrm_update_ae_params

* Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

-- Roxana Nicolescu <roxana.nicolescu@canonical.com>  Mon, 02 Oct 2023 15:40:31 +0200

Changed in linux (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-10-30:

#12

Download full text (22.8 KiB)

This bug was fixed in the package linux-gkeop - 5.15.0-1032.38

---------------
linux-gkeop (5.15.0-1032.38) jammy; urgency=medium

* jammy/linux-gkeop: 5.15.0-1032.38 -proposed tracker (LP: #2038026)

[ Ubuntu: 5.15.0-88.98 ]

  * jammy/linux: 5.15.0-88.98 -proposed tracker (LP: #2038055)
  * CVE-2023-4244
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: remove busy mark and gc batch API
    - netfilter: nf_tables: don't fail inserts if duplicate has expired
    - netfilter: nf_tables: fix kdoc warnings after gc rework
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending
    - netfilter: nft_dynset: disallow object maps
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve
  * PCI BARs larger than 128GB are disabled (LP: #2037403)
    - PCI: Support BAR sizes up to 8TB
  * Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
    - ALSA: hda/realtek - ALC287 I2S speaker platform support
  * Check for changes relevant for security certifications (LP: #1945989)
    - [Packaging] Add a new fips-checks script
  * Jammy update: v5.15.126 upstream stable release (LP: #2037593)
    - io_uring: gate iowait schedule on having pending requests
    - perf: Fix function pointer case
    - net/mlx5: Free irqs only on shutdown callback
    - arm64: errata: Add workaround for TSB flush failures
    - arm64: errata: Add detection for TRBE write to out-of-range
    - [Config] updateconfigs for ARM64_ERRATUM_ and
      ARM64_WORKAROUND_TSB_FLUSH_FAILURE
    - iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
    - iommu/arm-smmu-v3: Document MMU-700 erratum 2812531
    - iommu/arm-smmu-v3: Add explicit feature for nesting
    - iommu/arm-smmu-v3: Document nesting-related errata
    - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux
    - word-at-a-time: use the same return type for has_zero regardless of
      endianness
    - KVM: s390: fix sthyi error handling
    - wifi: cfg80211: Fix return value in scan logic
    - net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
    - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
    - bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing
    - rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length
    - net: dsa: fix value check in bcm_sf2_sw_probe()
    - perf test uprobe_from_different_cu: Skip if there is no gcc
...

This bug was fixed in the package linux-gkeop - 5.15.0-1032.38

---------------
linux-gkeop (5.15.0-1032.38) jammy; urgency=medium

* jammy/linux-gkeop: 5.15.0-1032.38 -proposed tracker (LP: #2038026)

[ Ubuntu: 5.15.0-88.98 ]

* jammy/linux: 5.15.0-88.98 -proposed tracker (LP: #2038055)
  * CVE-2023-4244
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: remove busy mark and gc batch API
    - netfilter: nf_tables: don't fail inserts if duplicate has expired
    - netfilter: nf_tables: fix kdoc warnings after gc rework
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending
    - netfilter: nft_dynset: disallow object maps
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve
  * PCI BARs larger than 128GB are disabled (LP: #2037403)
    - PCI: Support BAR sizes up to 8TB
  * Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
    - ALSA: hda/realtek - ALC287 I2S speaker platform support
  * Check for changes relevant for security certifications (LP: #1945989)
    - [Packaging] Add a new fips-checks script
  * Jammy update: v5.15.126 upstream stable release (LP: #2037593)
    - io_uring: gate iowait schedule on having pending requests
    - perf: Fix function pointer case
    - net/mlx5: Free irqs only on shutdown callback
    - arm64: errata: Add workaround for TSB flush failures
    - arm64: errata: Add detection for TRBE write to out-of-range
    - [Config] updateconfigs for ARM64_ERRATUM_ and
      ARM64_WORKAROUND_TSB_FLUSH_FAILURE
    - iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
    - iommu/arm-smmu-v3: Document MMU-700 erratum 2812531
    - iommu/arm-smmu-v3: Add explicit feature for nesting
    - iommu/arm-smmu-v3: Document nesting-related errata
    - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux
    - word-at-a-time: use the same return type for has_zero regardless of
      endianness
    - KVM: s390: fix sthyi error handling
    - wifi: cfg80211: Fix return value in scan logic
    - net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
    - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
    - bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing
    - rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length
    - net: dsa: fix value check in bcm_sf2_sw_probe()
    - perf test uprobe_from_different_cu: Skip if there is no gcc
    - net: sched: cls_u32: Fix match key mis-addressing
    - mISDN: hfcpci: Fix potential deadlock on &hc->lock
    - qed: Fix kernel-doc warnings
    - qed: Fix scheduling in a tasklet while getting stats
    - net: annotate data-races around sk->sk_max_pacing_rate
    - net: add missing READ_ONCE(sk->sk_rcvlowat) annotation
    - net: add missing READ_ONCE(sk->sk_sndbuf) annotation
    - net: add missing READ_ONCE(sk->sk_rcvbuf) annotation
    - net: add missing data-race annotations around sk->sk_peek_off
    - net: add missing data-race annotation for sk_ll_usec
    - net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX.
    - bpf, cpumap: Handle skb as well when clean up ptr_ring
    - bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire
    - net: ll_temac: Switch to use dev_err_probe() helper
    - net: ll_temac: fix error checking of irq_of_parse_and_map()
    - net: korina: handle clk prepare error in korina_probe()
    - net: netsec: Ignore 'phy-mode' on SynQuacer in DT mode
    - net: dcb: choose correct policy to parse DCB_ATTR_BCN
    - s390/qeth: Don't call dev_close/dev_open (DOWN/UP)
    - ip6mr: Fix skb_under_panic in ip6mr_cache_report()
    - vxlan: Fix nexthop hash size
    - net/mlx5: fs_core: Make find_closest_ft more generic
    - net/mlx5: fs_core: Skip the FTs in the same FS_TYPE_PRIO_CHAINS fs_prio
    - prestera: fix fallback to previous version on same major version
    - tcp_metrics: fix addr_same() helper
    - tcp_metrics: annotate data-races around tm->tcpm_stamp
    - tcp_metrics: annotate data-races around tm->tcpm_lock
    - tcp_metrics: annotate data-races around tm->tcpm_vals[]
    - tcp_metrics: annotate data-races around tm->tcpm_net
    - tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
    - scsi: zfcp: Defer fc_rport blocking until after ADISC response
    - scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices
    - libceph: fix potential hang in ceph_osdc_notify()
    - USB: zaurus: Add ID for A-300/B-500/C-700
    - ceph: defer stopping mdsc delayed_work
    - firmware: arm_scmi: Drop OF node reference in the transport channel setup
    - exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree
    - exfat: release s_lock before calling dir_emit()
    - mtd: spinand: toshiba: Fix ecc_get_status
    - mtd: rawnand: meson: fix OOB available bytes for ECC
    - arm64: dts: stratix10: fix incorrect I2C property for SCL signal
    - wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC)
    - rbd: prevent busy loop when requesting exclusive lock
    - bpf: Disable preemption in bpf_event_output
    - open: make RESOLVE_CACHED correctly test for O_TMPFILE
    - drm/ttm: check null pointer before accessing when swapping
    - bpf, cpumap: Make sure kthread is running before map update returns
    - file: reinstate f_pos locking optimization for regular files
    - fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_load_attr_list()
    - fs/sysv: Null check to prevent null-ptr-deref bug
    - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
    - fs: Protect reconfiguration of sb read-write from racing writes
    - ext2: Drop fragment support
    - mtd: rawnand: omap_elm: Fix incorrect type in assignment
    - mtd: rawnand: rockchip: fix oobfree offset and description
    - mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts
    - mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op()
    - powerpc/mm/altmap: Fix altmap boundary check
    - drm/imx/ipuv3: Fix front porch adjustment upon hactive aligning
    - selftests/rseq: check if libc rseq support is registered
    - selftests/rseq: Play nice with binaries statically linked against glibc
      2.35+
    - soundwire: bus: pm_runtime_request_resume on peripheral attachment
    - soundwire: fix enumeration completion
    - PM / wakeirq: support enabling wake-up irq after runtime_suspend called
    - PM: sleep: wakeirq: fix wake irq arming
    - Linux 5.15.126
  * Jammy update: v5.15.125 upstream stable release (LP: #2036843)
    - ia64/cpu: Switch to arch_cpu_finalize_init()
    - m68k/cpu: Switch to arch_cpu_finalize_init()
    - mips/cpu: Switch to arch_cpu_finalize_init()
    - sh/cpu: Switch to arch_cpu_finalize_init()
    - Linux 5.15.125
    - Upstream stable to v5.15.125
  * CVE-2023-42755
    - net/sched: Retire rsvp classifier
    - [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6
  * CVE-2023-42753
    - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
      ip_set_hash_netportnet.c
  * CVE-2023-34319
    - xen/netback: Fix buffer overrun triggered by unusual packet
  * CVE-2023-5197
    - netfilter: nf_tables: disallow rule removal from chain binding
  * CVE-2023-4921
    - net: sched: sch_qfq: Fix UAF in qfq_dequeue()
  * CVE-2023-42752
    - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
  * Avoid address overwrite in kernel_connect (LP: #2035163)
    - net: Avoid address overwrite in kernel_connect
  * NULL Pointer Dereference During KVM MMU Page Invalidation (LP: #2035166)
    - KVM: x86/mmu: Track the number of TDP MMU pages, but not the actual pages
  * Fix suspend hang on Lenovo workstation (LP: #2034479)
    - igb: Fix igb_down hung on surprise removal
  * [regression] Unable to initialize SGX enclaves with XFRM other than 3
    (LP: #2034745)
    - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4
  * CVE-2023-4881
    - netfilter: nftables: exthdr: fix 4-byte stack OOB write
  * CVE-2023-4622
    - af_unix: Fix null-ptr-deref in unix_stream_sendpage().
  * Jammy update: v5.15.124 upstream stable release (LP: #2035400)
    - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint
    - KVM: s390: pv: fix index value of replaced ASCE
    - io_uring: don't audit the capability check in io_uring_create()
    - gpio: tps68470: Make tps68470_gpio_output() always set the initial value
    - pwm: Add a stub for devm_pwmchip_add()
    - gpio: mvebu: Make use of devm_pwmchip_add
    - gpio: mvebu: fix irq domain leak
    - btrfs: fix race between quota disable and relocation
    - i2c: Delete error messages for failed memory allocations
    - i2c: Improve size determinations
    - i2c: nomadik: Remove unnecessary goto label
    - i2c: nomadik: Use devm_clk_get_enabled()
    - i2c: nomadik: Remove a useless call in the remove function
    - PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link()
    - PCI/ASPM: Factor out pcie_wait_for_retrain()
    - PCI/ASPM: Avoid link retraining race
    - PCI: rockchip: Remove writes to unused registers
    - PCI: rockchip: Fix window mapping and address translation for endpoint
    - PCI: rockchip: Don't advertise MSI-X in PCIe capabilities
    - dlm: cleanup plock_op vs plock_xop
    - dlm: rearrange async condition return
    - fs: dlm: interrupt posix locks only when process is killed
    - drm/ttm: Don't print error message if eviction was interrupted
    - drm/ttm: Don't leak a resource on eviction error
    - n_tty: Rename tail to old_tail in n_tty_read()
    - tty: fix hang on tty device with no_room set
    - drm/ttm: never consider pinned BOs for eviction&swap
    - cifs: missing directory in MAINTAINERS file
    - cifs: use fs_context for automounts
    - ksmbd: remove internal.h include
    - cifs: if deferred close is disabled then close files immediately
    - pwm: meson: Simplify duplicated per-channel tracking
    - pwm: meson: fix handling of period/duty if greater than UINT_MAX
    - tracing/probes: Add symstr type for dynamic events
    - tracing/probes: Fix to avoid double count of the string length on the array
    - tracing: Allow synthetic events to pass around stacktraces
    - Revert "tracing: Add "(fault)" name injection to kernel probes"
    - tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if
      fails
    - scsi: qla2xxx: Remove unused declarations for qla2xxx
    - scsi: qla2xxx: Multi-que support for TMF
    - scsi: qla2xxx: Fix task management cmd failure
    - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource
    - scsi: qla2xxx: Add debug prints in the device remove path
    - scsi: qla2xxx: Fix hang in task management
    - drm/amdgpu: fix vkms crtc settings
    - drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel
    - phy: qcom-snps: Use dev_err_probe() to simplify code
    - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc
    - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend
    - phy: qcom-snps-femto-v2: properly enable ref clock
    - soundwire: qcom: update status correctly with mask
    - media: staging: atomisp: select V4L2_FWNODE
    - i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
    - iavf: fix potential deadlock on allocation failure
    - iavf: check for removal state before IAVF_FLAG_PF_COMMS_FAILED
    - net: phy: marvell10g: fix 88x3310 power up
    - net: hns3: fix wrong tc bandwidth weight data issue
    - net: hns3: fix wrong bw weight of disabled tc issue
    - vxlan: move to its own directory
    - vxlan: calculate correct header length for GPE
    - phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()
    - ethernet: atheros: fix return value check in atl1e_tso_csum()
    - ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new
      temporary address
    - ice: Fix memory management in ice_ethtool_fdir.c
    - bonding: reset bond's flags when down link is P2P device
    - team: reset team's flags when down link is P2P device
    - net: stmmac: Apply redundant write work around on 4.xx too
    - platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100
    - igc: Fix Kernel Panic during ndo_tx_timeout callback
    - netfilter: nft_set_rbtree: fix overlap expiration walk
    - net/sched: mqprio: refactor nlattr parsing to a separate function
    - net/sched: mqprio: add extack to mqprio_parse_nlattr()
    - net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64
    - benet: fix return value check in be_lancer_xmit_workarounds()
    - tipc: check return value of pskb_trim()
    - tipc: stop tipc crypto on failure in tipc_node_create
    - RDMA/mlx4: Make check for invalid flags stricter
    - drm/msm/dpu: drop enum dpu_core_perf_data_bus_id
    - drm/msm/adreno: Fix snapshot BINDLESS_DATA size
    - RDMA/irdma: Add missing read barriers
    - RDMA/irdma: Fix data race on CQP completion stats
    - RDMA/irdma: Fix data race on CQP request done
    - RDMA/mthca: Fix crash when polling CQ for shared QPs
    - RDMA/bnxt_re: Prevent handling any completions after qp destroy
    - drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb()
    - ASoC: fsl_spdif: Silence output on stop
    - block: Fix a source code comment in include/uapi/linux/blkzoned.h
    - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths
    - dm raid: clean up four equivalent goto tags in raid_ctr()
    - dm raid: protect md_stop() with 'reconfig_mutex'
    - drm/amd: Fix an error handling mistake in psp_sw_init()
    - RDMA/irdma: Report correct WC error
    - ata: pata_ns87415: mark ns87560_tf_read static
    - ring-buffer: Fix wrong stat of cpu_buffer->read
    - tracing: Fix warning in trace_buffered_event_disable()
    - Revert "usb: gadget: tegra-xudc: Fix error check in
      tegra_xudc_powerdomain_init()"
    - usb: gadget: call usb_gadget_check_config() to verify UDC capability
    - USB: gadget: Fix the memory leak in raw_gadget driver
    - KVM: Grab a reference to KVM for VM and vCPU stats file descriptors
    - KVM: VMX: Don't fudge CR0 and CR4 for restricted L2 guest
    - serial: qcom-geni: drop bogus runtime pm state update
    - serial: 8250_dw: Preserve original value of DLF register
    - serial: sifive: Fix sifive_serial_console_setup() section
    - USB: serial: option: support Quectel EM060K_128
    - USB: serial: option: add Quectel EC200A module support
    - USB: serial: simple: add Kaufmann RKS+CAN VCP
    - USB: serial: simple: sort driver entries
    - can: gs_usb: gs_can_close(): add missing set of CAN state to
      CAN_STATE_STOPPED
    - Revert "usb: dwc3: core: Enable AutoRetry feature in the controller"
    - usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
    - usb: dwc3: don't reset device side if dwc3 was configured as host-only
    - usb: ohci-at91: Fix the unhandle interrupt when resume
    - USB: quirks: add quirk for Focusrite Scarlett
    - usb: cdns3: fix incorrect calculation of ep_buf_size when more than one
      config
    - usb: xhci-mtk: set the dma max_seg_size
    - Revert "usb: xhci: tegra: Fix error check"
    - Documentation: security-bugs.rst: update preferences when dealing with the
      linux-distros group
    - Documentation: security-bugs.rst: clarify CVE handling
    - staging: r8712: Fix memory leak in _r8712_init_xmit_priv()
    - staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
    - tty: n_gsm: fix UAF in gsm_cleanup_mux
    - Revert "xhci: add quirk for host controllers that don't update endpoint DCS"
    - ALSA: hda/relatek: Enable Mute LED on HP 250 G8
    - hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature
    - hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
    - btrfs: check if the transaction was aborted at btrfs_wait_for_commit()
    - btrfs: check for commit error at btrfs_attach_transaction_barrier()
    - file: always lock position for FMODE_ATOMIC_POS
    - nfsd: Remove incorrect check in nfsd4_validate_stateid
    - tpm_tis: Explicitly check for error code
    - irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
    - irqchip/gic-v4.1: Properly lock VPEs when doing a directLPI invalidation
    - locking/rtmutex: Fix task->pi_waiters integrity
    - KVM: x86: Disallow KVM_SET_SREGS{2} if incoming CR0 is invalid
    - virtio-net: fix race between set queues and probe
    - s390/dasd: fix hanging device after quiesce/resume
    - ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
    - ceph: never send metrics if disable_send_metrics is set
    - dm cache policy smq: ensure IO doesn't prevent cleaner policy progress
    - rbd: make get_lock_owner_info() return a single locker or NULL
    - rbd: harden get_lock_owner_info() a bit
    - rbd: retrieve and check lock owner twice before blocklisting
    - tracing: Fix trace_event_raw_event_synth() if else statement
    - ACPI: processor: perflib: Use the "no limit" frequency QoS
    - ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily
    - cpufreq: intel_pstate: Drop ACPI _PSS states table patching
    - selftests: mptcp: sockopt: use 'iptables-legacy' if available
    - io_uring: treat -EAGAIN for REQ_F_NOWAIT as final for io-wq
    - ASoC: cs42l51: fix driver to properly autoload with automatic module loading
    - selftests: mptcp: join: only check for ip6tables if needed
    - Linux 5.15.124
  * Jammy update: v5.15.123 upstream stable release (LP: #2034612)
    - ALSA: hda/realtek - remove 3k pull low procedure
    - ALSA: hda/realtek: Add quirk for Clevo NS70AU
    - ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx
    - keys: Fix linking a duplicate key to a keyring's assoc_array
    - perf probe: Add test for regression introduced by switch to
      die_get_decl_file()
    - btrfs: fix warning when putting transaction with qgroups enabled after abort
    - fuse: revalidate: don't invalidate if interrupted
    - btrfs: zoned: fix memory leak after finding block group with super blocks
    - fuse: ioctl: translate ENOSYS in outarg
    - selftests: tc: set timeout to 15 minutes
    - selftests: tc: add 'ct' action kconfig dep
    - regmap: Drop initial version of maximum transfer length fixes
    - regmap: Account for register length in SMBus I/O limits
    - can: bcm: Fix UAF in bcm_proc_show()
    - selftests: tc: add ConnTrack procfs kconfig
    - drm/client: Fix memory leak in drm_client_target_cloned
    - drm/client: Fix memory leak in drm_client_modeset_probe
    - drm/amd/display: Disable MPC split by default on special asic
    - drm/amd/display: Keep PHY active for DP displays on DCN31
    - ASoC: fsl_sai: Disable bit clock with transmitter
    - ASoC: codecs: wcd938x: fix missing clsh ctrl error handling
    - ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove
    - ASoC: codecs: wcd938x: fix resource leaks on component remove
    - ASoC: codecs: wcd938x: fix missing mbhc init error handling
    - ASoC: codecs: wcd934x: fix resource leaks on component remove
    - ASoC: codecs: wcd938x: fix codec initialisation race
    - ASoC: codecs: wcd938x: fix soundwire initialisation race
    - ext4: correct inline offset when handling xattrs in inode body
    - drm/radeon: Fix integer overflow in radeon_cs_parser_init
    - ALSA: emu10k1: roll up loops in DSP setup code for Audigy
    - quota: Properly disable quotas when add_dquot_ref() fails
    - quota: fix warning in dqgrab()
    - udf: Fix uninitialized array access for some pathnames
    - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
    - MIPS: dec: prom: Address -Warray-bounds warning
    - FS: JFS: Fix null-ptr-deref Read in txBegin
    - FS: JFS: Check for read-only mounted filesystem in txBegin
    - spi: bcm63xx: fix max prepend length
    - fbdev: imxfb: warn about invalid left/right margin
    - perf build: Fix library not found error when using CSLIBS
    - pinctrl: amd: Use amd_pinconf_set() for all config options
    - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
    - bridge: Add extack warning when enabling STP in netns.
    - ethernet: use eth_hw_addr_set() instead of ether_addr_copy()
    - of: net: add a helper for loading netdev->dev_addr
    - ethernet: use of_get_ethdev_address()
    - net: ethernet: mtk_eth_soc: handle probe deferral
    - net: sched: cls_bpf: Undo tcf_bind_filter in case of an error
    - iavf: Fix use-after-free in free_netdev
    - iavf: Fix out-of-bounds when setting channels on remove
    - security: keys: Modify mismatched function name
    - octeontx2-pf: Dont allocate BPIDs for LBK interfaces
    - bpf: Fix subprog idx logic in check_max_stack_depth
    - igc: Prevent garbled TX queue with XDP ZEROCOPY
    - tcp: annotate data-races around tcp_rsk(req)->ts_recent
    - net: ipv4: Use kfree_sensitive instead of kfree
    - net:ipv6: check return value of pskb_trim()
    - Revert "tcp: avoid the lookup process failing to get sk in ehash table"
    - fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
    - llc: Don't drop packet from non-root netns.
    - netfilter: nf_tables: fix spurious set element insertion failure
    - netfilter: nf_tables: skip bound chain in netns release path
    - tcp: annotate data-races around tp->tcp_tx_delay
    - tcp: annotate data-races around tp->keepalive_time
    - tcp: annotate data-races around tp->keepalive_intvl
    - tcp: annotate data-races around tp->keepalive_probes
    - tcp: annotate data-races around icsk->icsk_syn_retries
    - tcp: annotate data-races around tp->linger2
    - tcp: annotate data-races around rskq_defer_accept
    - tcp: annotate data-races around tp->notsent_lowat
    - tcp: annotate data-races around icsk->icsk_user_timeout
    - tcp: annotate data-races around fastopenq.max_qlen
    - net: phy: prevent stale pointer dereference in phy_init()
    - jbd2: recheck chechpointing non-dirty buffer
    - tracing/histograms: Return an error if we fail to add histogram to hist_vars
      list
    - nixge: fix mac address error handling again
    - Linux 5.15.123
  * allow io_uring to be disabled in runtime (LP: #2035116)
    - io_uring: add a sysctl to disable io_uring system-wide
  * CVE-2023-31083
    - Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
  * CVE-2023-3772
    - xfrm: add NULL check in xfrm_update_ae_params
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

-- Hui Wang <hui.wang@canonical.com>  Wed, 18 Oct 2023 09:09:18 +0800

Changed in linux-gkeop (Ubuntu Jammy):
status:	New → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-10-30:

#13

This bug is awaiting verification that the linux-gkeop/5.15.0-1032.38 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-gkeop' to 'verification-done-jammy-linux-gkeop'. If the problem still exists, change the tag 'verification-needed-jammy-linux-gkeop' to 'verification-failed-jammy-linux-gkeop'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-gkeop-v2 verification-needed-jammy-linux-gkeop

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-10-30:

#14

Download full text (104.2 KiB)

This bug was fixed in the package linux - 6.2.0-36.37

---------------
linux (6.2.0-36.37) lunar; urgency=medium

* lunar/linux: 6.2.0-36.37 -proposed tracker (LP: #2038076)

  * Regression for ubuntu_bpf test build caused by upstream bdeeed3498c7
    (LP: #2035181)
    - selftests/bpf: fix static assert compilation issue for test_cls_*.c

  * CVE-2023-4244
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: don't fail inserts if duplicate has expired
    - netfilter: nf_tables: fix kdoc warnings after gc rework
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending
    - netfilter: nft_dynset: disallow object maps
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction

* CVE-2023-4563
- netfilter: nf_tables: remove busy mark and gc batch API

* CVE-2023-42756
- netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP

* CVE-2023-4623
- net/sched: sch_hfsc: Ensure inner classes have fsc curve

* Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
- ALSA: hda/realtek - ALC287 I2S speaker platform support

  * Lunar update: upstream stable patchset 2023-09-21 (LP: #2037005)
    - Upstream stable to v6.1.41, v6.4.6
    - io_uring: treat -EAGAIN for REQ_F_NOWAIT as final for io-wq
    - ALSA: hda/realtek - remove 3k pull low procedure
    - ALSA: hda/realtek: Add quirk for Clevo NS70AU
    - ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx
    - maple_tree: set the node limit when creating a new root node
    - maple_tree: fix node allocation testing on 32 bit
    - keys: Fix linking a duplicate key to a keyring's assoc_array
    - perf probe: Add test for regression introduced by switch to
      die_get_decl_file()
    - btrfs: fix warning when putting transaction with qgroups enabled after abort
    - fuse: revalidate: don't invalidate if interrupted
    - fuse: Apply flags2 only when userspace set the FUSE_INIT_EXT
    - btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand
    - btrfs: zoned: fix memory leak after finding block group with super blocks
    - fuse: ioctl: translate ENOSYS in outarg
    - btrfs: fix race between balance and cancel/pause
    - selftests: tc: set timeout to 15 minutes
    - selftests: tc: add 'ct' action kconfig dep
    - regmap: Drop initial version of maximum transfer length fixes
    - of: Preserve "of-display" device name for compatibility
    - regmap: Account for register length in SMBus I/O limits
    - arm64/fpsimd: Ensure SME storage is allocated after SVE VL changes
    - can: mcp251xfd: __mcp251xfd_chip_set...

This bug was fixed in the package linux - 6.2.0-36.37

---------------
linux (6.2.0-36.37) lunar; urgency=medium

* lunar/linux: 6.2.0-36.37 -proposed tracker (LP: #2038076)

* Regression for ubuntu_bpf test build caused by upstream bdeeed3498c7
    (LP: #2035181)
    - selftests/bpf: fix static assert compilation issue for test_cls_*.c

* CVE-2023-4244
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: don't fail inserts if duplicate has expired
    - netfilter: nf_tables: fix kdoc warnings after gc rework
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending
    - netfilter: nft_dynset: disallow object maps
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction

* CVE-2023-4563
    - netfilter: nf_tables: remove busy mark and gc batch API

* CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP

* CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve

* Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
    - ALSA: hda/realtek - ALC287 I2S speaker platform support

* Lunar update: upstream stable patchset 2023-09-21 (LP: #2037005)
    - Upstream stable to v6.1.41, v6.4.6
    - io_uring: treat -EAGAIN for REQ_F_NOWAIT as final for io-wq
    - ALSA: hda/realtek - remove 3k pull low procedure
    - ALSA: hda/realtek: Add quirk for Clevo NS70AU
    - ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx
    - maple_tree: set the node limit when creating a new root node
    - maple_tree: fix node allocation testing on 32 bit
    - keys: Fix linking a duplicate key to a keyring's assoc_array
    - perf probe: Add test for regression introduced by switch to
      die_get_decl_file()
    - btrfs: fix warning when putting transaction with qgroups enabled after abort
    - fuse: revalidate: don't invalidate if interrupted
    - fuse: Apply flags2 only when userspace set the FUSE_INIT_EXT
    - btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand
    - btrfs: zoned: fix memory leak after finding block group with super blocks
    - fuse: ioctl: translate ENOSYS in outarg
    - btrfs: fix race between balance and cancel/pause
    - selftests: tc: set timeout to 15 minutes
    - selftests: tc: add 'ct' action kconfig dep
    - regmap: Drop initial version of maximum transfer length fixes
    - of: Preserve "of-display" device name for compatibility
    - regmap: Account for register length in SMBus I/O limits
    - arm64/fpsimd: Ensure SME storage is allocated after SVE VL changes
    - can: mcp251xfd: __mcp251xfd_chip_set_mode(): increase poll timeout
    - can: bcm: Fix UAF in bcm_proc_show()
    - can: gs_usb: gs_can_open(): improve error handling
    - selftests: tc: add ConnTrack procfs kconfig
    - dma-buf/dma-resv: Stop leaking on krealloc() failure
    - drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel
    - drm/amdgpu/pm: make gfxclock consistent for sienna cichlid
    - drm/amdgpu/pm: make mclk consistent for smu 13.0.7
    - drm/client: Fix memory leak in drm_client_target_cloned
    - drm/client: Fix memory leak in drm_client_modeset_probe
    - drm/amd/display: only accept async flips for fast updates
    - drm/amd/display: Disable MPC split by default on special asic
    - drm/amd/display: check TG is non-null before checking if enabled
    - drm/amd/display: Keep PHY active for DP displays on DCN31
    - ASoC: fsl_sai: Disable bit clock with transmitter
    - ASoC: fsl_sai: Revert "ASoC: fsl_sai: Enable MCTL_MCLK_EN bit for master
      mode"
    - ASoC: tegra: Fix ADX byte map
    - ASoC: rt5640: Fix sleep in atomic context
    - ASoC: cs42l51: fix driver to properly autoload with automatic module loading
    - ASoC: codecs: wcd938x: fix missing clsh ctrl error handling
    - ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove
    - ASoC: qdsp6: audioreach: fix topology probe deferral
    - ASoC: tegra: Fix AMX byte map
    - ASoC: codecs: wcd938x: fix resource leaks on component remove
    - ASoC: codecs: wcd938x: fix missing mbhc init error handling
    - ASoC: codecs: wcd934x: fix resource leaks on component remove
    - ASoC: codecs: wcd938x: fix codec initialisation race
    - ASoC: codecs: wcd938x: fix soundwire initialisation race
    - ext4: correct inline offset when handling xattrs in inode body
    - drm/radeon: Fix integer overflow in radeon_cs_parser_init
    - ALSA: emu10k1: roll up loops in DSP setup code for Audigy
    - quota: Properly disable quotas when add_dquot_ref() fails
    - quota: fix warning in dqgrab()
    - HID: add quirk for 03f0:464a HP Elite Presenter Mouse
    - ovl: check type and offset of struct vfsmount in ovl_entry
    - udf: Fix uninitialized array access for some pathnames
    - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
    - MIPS: dec: prom: Address -Warray-bounds warning
    - FS: JFS: Fix null-ptr-deref Read in txBegin
    - FS: JFS: Check for read-only mounted filesystem in txBegin
    - ACPI: video: Add backlight=native DMI quirk for Dell Studio 1569
    - rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()
    - rcu: Mark additional concurrent load from ->cpu_no_qs.b.exp
    - sched/fair: Don't balance task to its current running CPU
    - wifi: ath11k: fix registration of 6Ghz-only phy without the full channel
      range
    - bpf: Print a warning only if writing to unprivileged_bpf_disabled.
    - bpf: Address KCSAN report on bpf_lru_list
    - bpf: tcp: Avoid taking fast sock lock in iterator
    - wifi: ath11k: add support default regdb while searching board-2.bin for
      WCN6855
    - wifi: mac80211_hwsim: Fix possible NULL dereference
    - spi: dw: Add compatible for Intel Mount Evans SoC
    - wifi: ath11k: fix memory leak in WMI firmware stats
    - net: ethernet: litex: add support for 64 bit stats
    - devlink: report devlink_port_type_warn source device
    - wifi: wext-core: Fix -Wstringop-overflow warning in
      ioctl_standard_iw_point()
    - wifi: iwlwifi: Add support for new PCI Id
    - wifi: iwlwifi: mvm: avoid baid size integer overflow
    - wifi: iwlwifi: pcie: add device id 51F1 for killer 1675
    - net: hns3: fix strncpy() not using dest-buf length as length issue
    - ASoC: amd: acp: fix for invalid dai id handling in acp_get_byte_count()
    - ASoC: codecs: wcd938x: fix mbhc impedance loglevel
    - ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR
    - ASoC: qcom: q6apm: do not close GPR port before closing graph
    - sched/fair: Use recent_used_cpu to test p->cpus_ptr
    - sched/psi: Rearrange polling code in preparation
    - sched/psi: Rename existing poll members in preparation
    - sched/psi: Extract update_triggers side effect
    - sched/psi: Allow unprivileged polling of N*2s period
    - sched/psi: use kernfs polling functions for PSI trigger polling
    - pinctrl: renesas: rzv2m: Handle non-unique subnode names
    - pinctrl: renesas: rzg2l: Handle non-unique subnode names
    - spi: bcm63xx: fix max prepend length
    - fbdev: imxfb: warn about invalid left/right margin
    - fbdev: imxfb: Removed unneeded release_mem_region
    - perf build: Fix library not found error when using CSLIBS
    - btrfs: be a bit more careful when setting mirror_num_ret in btrfs_map_block
    - spi: s3c64xx: clear loopback bit after loopback test
    - kallsyms: strip LTO-only suffixes from promoted global functions
    - dsa: mv88e6xxx: Do a final check before timing out
    - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
    - net: ethernet: mtk_eth_soc: handle probe deferral
    - ASoC: SOF: ipc3-dtrace: uninitialized data in dfsentry_trace_filter_write()
    - net: sched: cls_matchall: Undo tcf_bind_filter in case of failure after
      mall_set_parms
    - net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode
    - net: sched: cls_u32: Undo refcount decrement in case update failed
    - net: sched: cls_bpf: Undo tcf_bind_filter in case of an error
    - net: dsa: microchip: ksz8: Separate static MAC table operations for code
      reuse
    - net: dsa: microchip: ksz8: Make ksz8_r_sta_mac_table() static
    - net: dsa: microchip: ksz8_r_sta_mac_table(): Avoid using error code for
      empty entries
    - net: dsa: microchip: correct KSZ8795 static MAC table access
    - iavf: Fix use-after-free in free_netdev
    - iavf: Fix out-of-bounds when setting channels on remove
    - iavf: use internal state to free traffic IRQs
    - iavf: make functions static where possible
    - iavf: Wait for reset in callbacks which trigger it
    - iavf: fix a deadlock caused by rtnl and driver's lock circular dependencies
    - iavf: fix reset task race with iavf_remove()
    - security: keys: Modify mismatched function name
    - octeontx2-pf: Dont allocate BPIDs for LBK interfaces
    - bpf: Fix subprog idx logic in check_max_stack_depth
    - bpf: Repeat check_max_stack_depth for async callbacks
    - bpf, arm64: Fix BTI type used for freplace attached functions
    - igc: Avoid transmit queue timeout for XDP
    - igc: Prevent garbled TX queue with XDP ZEROCOPY
    - net: ipv4: use consistent txhash in TIME_WAIT and SYN_RECV
    - tcp: annotate data-races around tcp_rsk(req)->txhash
    - tcp: annotate data-races around tcp_rsk(req)->ts_recent
    - net: ipv4: Use kfree_sensitive instead of kfree
    - net:ipv6: check return value of pskb_trim()
    - Revert "tcp: avoid the lookup process failing to get sk in ehash table"
    - fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
    - llc: Don't drop packet from non-root netns.
    - ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp
    - netfilter: nf_tables: fix spurious set element insertion failure
    - netfilter: nf_tables: can't schedule in nft_chain_validate
    - Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync
    - Bluetooth: hci_event: call disconnect callback before deleting conn
    - Bluetooth: ISO: fix iso_conn related locking and validity issues
    - Bluetooth: hci_sync: Avoid use-after-free in dbg for
      hci_remove_adv_monitor()
    - tcp: annotate data-races around tp->tcp_tx_delay
    - tcp: annotate data-races around tp->tsoffset
    - tcp: annotate data-races around tp->keepalive_time
    - tcp: annotate data-races around tp->keepalive_intvl
    - tcp: annotate data-races around tp->keepalive_probes
    - tcp: annotate data-races around icsk->icsk_syn_retries
    - tcp: annotate data-races around tp->linger2
    - tcp: annotate data-races around rskq_defer_accept
    - tcp: annotate data-races around tp->notsent_lowat
    - tcp: annotate data-races around icsk->icsk_user_timeout
    - tcp: annotate data-races around fastopenq.max_qlen
    - net: phy: prevent stale pointer dereference in phy_init()
    - jbd2: recheck chechpointing non-dirty buffer
    - tracing/histograms: Return an error if we fail to add histogram to hist_vars
      list
    - drm/ttm: fix bulk_move corruption when adding a entry
    - spi: dw: Remove misleading comment for Mount Evans SoC
    - kallsyms: add kallsyms_seqs_of_names to list of special symbols
    - scripts/kallsyms: update the usage in the comment block
    - selftests/bpf: Workaround verification failure for
      fexit_bpf2bpf/func_replace_return_code
    - selftests/bpf: Fix sk_assign on s390x
    - drm/amd/display: fix some coding style issues
    - drm/dp_mst: Clear MSG_RDY flag before sending new message
    - drm/amd/display: force connector state when bpc changes during compliance
    - drm/amd/display: Clean up errors & warnings in amdgpu_dm.c
    - drm/amd/display: fix linux dp link lost handled only one time
    - drm/amd/display: Add polling method to handle MST reply packet
    - perf probe: Read DWARF files from the correct CU
    - btrfs: raid56: always verify the P/Q contents for scrub
    - can: gs_usb: fix time stamp counter initialization
    - KVM: arm64: Correctly handle page aging notifiers for unaligned memslot
    - KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption
    - gso: fix dodgy bit handling for GSO_UDP_L4
    - drm/i915/perf: add sentinel to xehp_oa_b_counters
    - net: ethernet: mtk_eth_soc: always mtk_get_ib1_pkt_type
    - Upstream stable to v6.1.42, v6.4.7
    - netfilter: nf_tables: fix underflow in object reference counter
    - netfilter: nf_tables: fix underflow in chain reference counter
    - platform/x86/amd/pmf: Notify OS power slider update
    - platform/x86/amd/pmf: reduce verbosity of apmf_get_system_params
    - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint
    - blk-mq: Fix stall due to recursive flush plug
    - powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close
    - KVM: s390: pv: fix index value of replaced ASCE
    - io_uring: don't audit the capability check in io_uring_create()
    - gpio: tps68470: Make tps68470_gpio_output() always set the initial value
    - pwm: Add a stub for devm_pwmchip_add()
    - gpio: mvebu: Make use of devm_pwmchip_add
    - gpio: mvebu: fix irq domain leak
    - btrfs: fix race between quota disable and relocation
    - i2c: Delete error messages for failed memory allocations
    - i2c: Improve size determinations
    - i2c: nomadik: Remove unnecessary goto label
    - i2c: nomadik: Use devm_clk_get_enabled()
    - i2c: nomadik: Remove a useless call in the remove function
    - MIPS: Loongson: Move arch cflags to MIPS top level Makefile
    - MIPS: Loongson: Fix build error when make modules_install
    - PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link()
    - PCI/ASPM: Factor out pcie_wait_for_retrain()
    - PCI/ASPM: Avoid link retraining race
    - PCI: rockchip: Remove writes to unused registers
    - PCI: rockchip: Fix window mapping and address translation for endpoint
    - PCI: rockchip: Don't advertise MSI-X in PCIe capabilities
    - drm/amd/display: add ODM case when looking for first split pipe
    - drm/amd/display: add pixel rate based CRB allocation support
    - drm/amd/display: fix dcn315 single stream crb allocation
    - drm/amd/display: Update correct DCN314 register header
    - drm/amd/display: Set minimum requirement for using PSR-SU on Rembrandt
    - drm/amd/display: Set minimum requirement for using PSR-SU on Phoenix
    - drm/ttm: Don't print error message if eviction was interrupted
    - drm/ttm: Don't leak a resource on eviction error
    - drm/ttm: never consider pinned BOs for eviction&swap
    - KVM: arm64: Condition HW AF updates on config option
    - [Config] updateconfigs for AMPERE_ERRATUM_AC03_CPU_38
    - arm64: errata: Mitigate Ampere1 erratum AC03_CPU_38 at stage-2
    - mptcp: introduce 'sk' to replace 'sock->sk' in mptcp_listen()
    - tracing: Allow synthetic events to pass around stacktraces
    - Revert "tracing: Add "(fault)" name injection to kernel probes"
    - tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if
      fails
    - test_maple_tree: test modifications while iterating
    - maple_tree: add __init and __exit to test module
    - maple_tree: fix 32 bit mas_next testing
    - drm/amd/display: fix dc/core/dc.c kernel-doc
    - drm/amd/display: Add FAMS validation before trying to use it
    - drm/amd/display: update extended blank for dcn314 onwards
    - drm/amd/display: Fix possible underflow for displays with large vblank
    - drm/amd/display: Prevent vtotal from being set to 0
    - phy: phy-mtk-dp: Fix an error code in probe()
    - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc
    - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend
    - phy: qcom-snps-femto-v2: properly enable ref clock
    - soundwire: qcom: update status correctly with mask
    - media: staging: atomisp: select V4L2_FWNODE
    - media: amphion: Fix firmware path to match linux-firmware
    - i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
    - iavf: fix potential deadlock on allocation failure
    - iavf: check for removal state before IAVF_FLAG_PF_COMMS_FAILED
    - net: phy: marvell10g: fix 88x3310 power up
    - net: hns3: fix the imp capability bit cannot exceed 32 bits issue
    - net: hns3: fix wrong tc bandwidth weight data issue
    - net: hns3: fix wrong bw weight of disabled tc issue
    - vxlan: calculate correct header length for GPE
    - vxlan: generalize vxlan_parse_gpe_hdr and remove unused args
    - vxlan: fix GRO with VXLAN-GPE
    - phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()
    - atheros: fix return value check in atl1_tso()
    - ethernet: atheros: fix return value check in atl1e_tso_csum()
    - ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new
      temporary address
    - ice: Fix memory management in ice_ethtool_fdir.c
    - bonding: reset bond's flags when down link is P2P device
    - team: reset team's flags when down link is P2P device
    - octeontx2-af: Removed unnecessary debug messages.
    - octeontx2-af: Fix hash extraction enable configuration
    - net: stmmac: Apply redundant write work around on 4.xx too
    - platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100
    - x86/traps: Fix load_unaligned_zeropad() handling for shared TDX memory
    - igc: Fix Kernel Panic during ndo_tx_timeout callback
    - netfilter: nft_set_rbtree: fix overlap expiration walk
    - mm: suppress mm fault logging if fatal signal already pending
    - net/sched: mqprio: refactor nlattr parsing to a separate function
    - net/sched: mqprio: add extack to mqprio_parse_nlattr()
    - net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64
    - benet: fix return value check in be_lancer_xmit_workarounds()
    - tipc: check return value of pskb_trim()
    - tipc: stop tipc crypto on failure in tipc_node_create
    - RDMA/mlx4: Make check for invalid flags stricter
    - drm/msm/dpu: drop enum dpu_core_perf_data_bus_id
    - drm/msm/adreno: Fix snapshot BINDLESS_DATA size
    - RDMA/irdma: Add missing read barriers
    - RDMA/irdma: Fix data race on CQP completion stats
    - RDMA/irdma: Fix data race on CQP request done
    - RDMA/mthca: Fix crash when polling CQ for shared QPs
    - RDMA/bnxt_re: Prevent handling any completions after qp destroy
    - drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb()
    - cxl/acpi: Fix a use-after-free in cxl_parse_cfmws()
    - cxl/acpi: Return 'rc' instead of '0' in cxl_parse_cfmws()
    - ASoC: fsl_spdif: Silence output on stop
    - block: Fix a source code comment in include/uapi/linux/blkzoned.h
    - smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request
    - drm/i915: Fix an error handling path in igt_write_huge()
    - xenbus: check xen_domain in xenbus_probe_initcall
    - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths
    - dm raid: clean up four equivalent goto tags in raid_ctr()
    - dm raid: protect md_stop() with 'reconfig_mutex'
    - drm/amd: Fix an error handling mistake in psp_sw_init()
    - drm/amd/display: Unlock on error path in
      dm_handle_mst_sideband_msg_ready_event()
    - RDMA/irdma: Fix op_type reporting in CQEs
    - RDMA/irdma: Report correct WC error
    - drm/msm: Switch idr_lock to spinlock
    - drm/msm: Disallow submit with fence id 0
    - ublk_drv: move ublk_get_device_from_id into ublk_ctrl_uring_cmd
    - ublk: fail to start device if queue setup is interrupted
    - ublk: fail to recover device if queue setup is interrupted
    - ata: pata_ns87415: mark ns87560_tf_read static
    - ring-buffer: Fix wrong stat of cpu_buffer->read
    - tracing: Fix warning in trace_buffered_event_disable()
    - Revert "usb: gadget: tegra-xudc: Fix error check in
      tegra_xudc_powerdomain_init()"
    - usb: gadget: call usb_gadget_check_config() to verify UDC capability
    - USB: gadget: Fix the memory leak in raw_gadget driver
    - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate
    - KVM: Grab a reference to KVM for VM and vCPU stats file descriptors
    - KVM: VMX: Don't fudge CR0 and CR4 for restricted L2 guest
    - KVM: x86: Disallow KVM_SET_SREGS{2} if incoming CR0 is invalid
    - serial: qcom-geni: drop bogus runtime pm state update
    - serial: 8250_dw: Preserve original value of DLF register
    - serial: sifive: Fix sifive_serial_console_setup() section
    - USB: serial: option: support Quectel EM060K_128
    - USB: serial: option: add Quectel EC200A module support
    - USB: serial: simple: add Kaufmann RKS+CAN VCP
    - USB: serial: simple: sort driver entries
    - can: gs_usb: gs_can_close(): add missing set of CAN state to
      CAN_STATE_STOPPED
    - usb: typec: Set port->pd before adding device for typec_port
    - usb: typec: Iterate pds array when showing the pd list
    - usb: typec: Use sysfs_emit_at when concatenating the string
    - Revert "usb: dwc3: core: Enable AutoRetry feature in the controller"
    - usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
    - usb: dwc3: don't reset device side if dwc3 was configured as host-only
    - usb: misc: ehset: fix wrong if condition
    - usb: ohci-at91: Fix the unhandle interrupt when resume
    - USB: quirks: add quirk for Focusrite Scarlett
    - usb: cdns3: fix incorrect calculation of ep_buf_size when more than one
      config
    - usb: xhci-mtk: set the dma max_seg_size
    - Revert "usb: xhci: tegra: Fix error check"
    - Documentation: security-bugs.rst: update preferences when dealing with the
      linux-distros group
    - Documentation: security-bugs.rst: clarify CVE handling
    - staging: r8712: Fix memory leak in _r8712_init_xmit_priv()
    - staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
    - tty: n_gsm: fix UAF in gsm_cleanup_mux
    - Revert "xhci: add quirk for host controllers that don't update endpoint DCS"
    - ALSA: hda/realtek: Support ASUS G713PV laptop
    - ALSA: hda/relatek: Enable Mute LED on HP 250 G8
    - hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature
    - hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
    - btrfs: account block group tree when calculating global reserve size
    - btrfs: check if the transaction was aborted at btrfs_wait_for_commit()
    - btrfs: check for commit error at btrfs_attach_transaction_barrier()
    - x86/MCE/AMD: Decrement threshold_bank refcount when removing threshold
      blocks
    - file: always lock position for FMODE_ATOMIC_POS
    - nfsd: Remove incorrect check in nfsd4_validate_stateid
    - ACPI/IORT: Remove erroneous id_count check in iort_node_get_rmr_info()
    - tpm_tis: Explicitly check for error code
    - irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
    - irqchip/gic-v4.1: Properly lock VPEs when doing a directLPI invalidation
    - locking/rtmutex: Fix task->pi_waiters integrity
    - proc/vmcore: fix signedness bug in read_from_oldmem()
    - xen: speed up grant-table reclaim
    - virtio-net: fix race between set queues and probe
    - net: dsa: qca8k: fix search_and_insert wrong handling of new rule
    - net: dsa: qca8k: fix broken search_and_del
    - net: dsa: qca8k: fix mdb add/del case with 0 VID
    - selftests: mptcp: join: only check for ip6tables if needed
    - soundwire: fix enumeration completion
    - Revert "um: Use swap() to make code cleaner"
    - LoongArch: BPF: Fix check condition to call lu32id in move_imm()
    - LoongArch: BPF: Enable bpf_probe_read{, str}() on LoongArch
    - s390/dasd: fix hanging device after quiesce/resume
    - s390/dasd: print copy pair message only for the correct error
    - ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
    - arm64/sme: Set new vector length before reallocating
    - PM: sleep: wakeirq: fix wake irq arming
    - ceph: never send metrics if disable_send_metrics is set
    - drm/i915/dpt: Use shmem for dpt objects
    - dm cache policy smq: ensure IO doesn't prevent cleaner policy progress
    - rbd: make get_lock_owner_info() return a single locker or NULL
    - rbd: harden get_lock_owner_info() a bit
    - rbd: retrieve and check lock owner twice before blocklisting
    - tracing: Fix trace_event_raw_event_synth() if else statement
    - ACPI: processor: perflib: Use the "no limit" frequency QoS
    - ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily
    - cpufreq: intel_pstate: Drop ACPI _PSS states table patching
    - dma-buf: keep the signaling time of merged fences v3
    - dma-buf: fix an error pointer vs NULL bug
    - KVM: s390: pv: simplify shutdown and fix race
    - media: tc358746: Address compiler warnings
    - net: fec: avoid tx queue timeout when XDP is enabled
    - drm/msm/dsi: Drop unused regulators from QCM2290 14nm DSI PHY config
    - RDMA/core: Update CMA destination address on rdma_resolve_addr
    - RDMA/bnxt_re: Fix hang during driver unload
    - iommufd: IOMMUFD_DESTROY should not increase the refcount
    - TIOCSTI: always enable for CAP_SYS_ADMIN
    - hwmon: (aquacomputer_d5next) Fix incorrect PWM value readout
    - btrfs: zoned: do not enable async discard
    - net: ipa: only reset hashed tables when supported
    - iommufd: Set end correctly when doing batch carry
    - mptcp: more accurate NL event generation
    - Upstream stable to v6.1.43, v6.4.8

* CVE-2023-42755
    - net/sched: Retire rsvp classifier
    - [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6

* CVE-2023-42753
    - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
      ip_set_hash_netportnet.c

* CVE-2023-34319
    - xen/netback: Fix buffer overrun triggered by unusual packet

* CVE-2023-5197
    - netfilter: nf_tables: skip bound chain in netns release path
    - netfilter: nf_tables: disallow rule removal from chain binding

* CVE-2023-4921
    - net: sched: sch_qfq: Fix UAF in qfq_dequeue()

* CVE-2023-42752
    - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
    - net: remove osize variable in __alloc_skb()
    - net: factorize code in kmalloc_reserve()
    - net: deal with integer overflows in kmalloc_reserve()

* CVE-2023-42572
    - net: add SKB_HEAD_ALIGN() helper

* Fix RCU warning on AMD laptops (LP: #2036377)
    - power: supply: core: Use blocking_notifier_call_chain to avoid RCU complaint

* Fix non-working I219 after system sleep (LP: #2035313)
    - mei: mei-me: resume device in prepare

* Avoid address overwrite in kernel_connect (LP: #2035163)
    - net: Avoid address overwrite in kernel_connect

* Ethernet not stable 23.04 (RTL8168/8169) (LP: #2031537)
    - r8169: fix ASPM-related problem for chip version 42 and 43
    - r8169: revert 2ab19de62d67 ("r8169: remove ASPM restrictions now that ASPM
      is disabled during NAPI poll")
    - Revert "r8169: disable ASPM during NAPI poll"
    - r8169: fix ASPM-related issues on a number of systems with NIC version from
      RTL8168h

* Enable ASPM for NVMe behind VMD (LP: #2034504)
    - Revert "UBUNTU: SAUCE: vmd: fixup bridge ASPM by driver name instead"
    - Revert "UBUNTU: SAUCE: PCI/ASPM: Enable LTR for endpoints behind VMD"
    - Revert "UBUNTU: SAUCE: PCI/ASPM: Enable ASPM for links under VMD domain"
    - PCI/ASPM: Add pci_enable_link_state()
    - PCI: vmd: Use PCI_VDEVICE in device list
    - PCI: vmd: Create feature grouping for client products
    - PCI: vmd: Add quirk to configure PCIe ASPM and LTR
    - SAUCE: PCI/ASPM: Allow ASPM override over FADT default
    - SAUCE: PCI: vmd: Mark ASPM override for device behind VMD bridge

* Fix suspend hang on Lenovo workstation (LP: #2034479)
    - igb: Fix igb_down hung on surprise removal

* Fix blank display when Thunderbolt monitor is plugged second time
    (LP: #2034491)
    - drm/amd: Disable S/G for APUs when 64GB or more host memory
    - thunderbolt: Fix Thunderbolt 3 display flickering issue on 2nd hot plug
      onwards
    - thunderbolt: Fix a backport error for display flickering issue

* [regression] Unable to initialize SGX enclaves with XFRM other than 3
    (LP: #2034745)
    - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4

* CVE-2023-4881
    - netfilter: nftables: exthdr: fix 4-byte stack OOB write

* CVE-2023-4622
    - af_unix: Fix null-ptr-deref in unix_stream_sendpage().

* Lunar update: upstream stable patchset 2023-09-14 (LP: #2036075)
    - net: lan743x: Don't sleep in atomic context
    - workqueue: clean up WORK_* constant types, clarify masking
    - ksmbd: add missing compound request handing in some commands
    - ksmbd: fix out of bounds read in smb2_sess_setup
    - drm/panel: simple: Add connector_type for innolux_at043tn24
    - drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime
    - swiotlb: always set the number of areas before allocating the pool
    - swiotlb: reduce the number of areas to match actual memory pool size
    - drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags
    - ice: Fix max_rate check while configuring TX rate limits
    - igc: Remove delay during TX ring configuration
    - net/mlx5e: fix double free in mlx5e_destroy_flow_table
    - net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create
    - net/mlx5e: fix memory leak in mlx5e_ptp_open
    - net/mlx5e: Check for NOT_READY flag state after locking
    - igc: set TP bit in 'supported' and 'advertising' fields of
      ethtool_link_ksettings
    - igc: Handle PPS start time programming for past time values
    - blk-crypto: use dynamic lock class for blk_crypto_profile::lock
    - scsi: qla2xxx: Fix error code in qla2x00_start_sp()
    - scsi: ufs: ufs-mediatek: Add dependency for RESET_CONTROLLER
    - bpf: Fix max stack depth check for async callbacks
    - net: mvneta: fix txq_map in case of txq_number==1
    - gve: Set default duplex configuration to full
    - octeontx2-af: Promisc enable/disable through mbox
    - octeontx2-af: Move validation of ptp pointer before its usage
    - ionic: remove WARN_ON to prevent panic_on_warn
    - net: bgmac: postpone turning IRQs off to avoid SoC hangs
    - net: prevent skb corruption on frag list segmentation
    - icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
    - udp6: fix udp6_ehashfn() typo
    - ntb: idt: Fix error handling in idt_pci_driver_init()
    - NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
    - ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
    - NTB: ntb_transport: fix possible memory leak while device_register() fails
    - NTB: ntb_tool: Add check for devm_kcalloc
    - ipv6/addrconf: fix a potential refcount underflow for idev
    - net: dsa: qca8k: Add check for skb_copy
    - platform/x86: wmi: Break possible infinite loop when parsing GUID
    - kernel/trace: Fix cleanup logic of enable_trace_eprobe
    - igc: Fix launchtime before start of cycle
    - igc: Fix inserting of empty frame for launchtime
    - nvme: fix the NVME_ID_NS_NVM_STS_MASK definition
    - riscv, bpf: Fix inconsistent JIT image generation
    - drm/i915: Don't preserve dpll_hw_state for slave crtc in Bigjoiner
    - drm/i915: Fix one wrong caching mode enum usage
    - octeontx2-pf: Add additional check for MCAM rules
    - erofs: avoid useless loops in z_erofs_pcluster_readmore() when reading
      beyond EOF
    - erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF
    - erofs: fix fsdax unavailability for chunk-based regular files
    - wifi: airo: avoid uninitialized warning in airo_get_rate()
    - bpf: cpumap: Fix memory leak in cpu_map_update_elem
    - net/sched: flower: Ensure both minimum and maximum ports are specified
    - riscv: mm: fix truncation warning on RV32
    - netdevsim: fix uninitialized data in nsim_dev_trap_fa_cookie_write()
    - net/sched: make psched_mtu() RTNL-less safe
    - wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set()
    - nvme-pci: fix DMA direction of unmapping integrity data
    - cifs: fix session state check in smb2_find_smb_ses
    - drm/client: Send hotplug event after registering a client
    - drm/amdgpu/sdma4: set align mask to 255
    - drm/amd/pm: revise the ASPM settings for thunderbolt attached scenario
    - drm/amd/pm: add abnormal fan detection for smu 13.0.0
    - f2fs: fix deadlock in i_xattr_sem and inode page lock
    - pinctrl: amd: Add Z-state wake control bits
    - pinctrl: amd: Adjust debugfs output
    - pinctrl: amd: Add fields for interrupt status and wake status
    - pinctrl: amd: Detect internal GPIO0 debounce handling
    - pinctrl: amd: Fix mistake in handling clearing pins at startup
    - pinctrl: amd: Detect and mask spurious interrupts
    - pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe"
    - pinctrl: amd: Only use special debounce behavior for GPIO 0
    - pinctrl: amd: Use amd_pinconf_set() for all config options
    - pinctrl: amd: Drop pull up select configuration
    - pinctrl: amd: Unify debounce handling into amd_pinconf_set()
    - tpm: Do not remap from ACPI resources again for Pluton TPM
    - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
    - tpm: tis_i2c: Limit read bursts to I2C_SMBUS_BLOCK_MAX (32) bytes
    - tpm: tis_i2c: Limit write bursts to I2C_SMBUS_BLOCK_MAX (32) bytes
    - tpm: return false from tpm_amd_is_rng_defective on non-x86 platforms
    - mtd: rawnand: meson: fix unaligned DMA buffers handling
    - net: bcmgenet: Ensure MDIO unregistration has clocks enabled
    - net: phy: dp83td510: fix kernel stall during netboot in DP83TD510E PHY
      driver
    - kasan: add kasan_tag_mismatch prototype
    - tracing/user_events: Fix incorrect return value for writing operation when
      events are disabled
    - powerpc: Fail build if using recordmcount with binutils v2.37
    - misc: fastrpc: Create fastrpc scalar with correct buffer count
    - powerpc/security: Fix Speculation_Store_Bypass reporting on Power10
    - powerpc/64s: Fix native_hpte_remove() to be irq-safe
    - MIPS: Loongson: Fix cpu_probe_loongson() again
    - MIPS: KVM: Fix NULL pointer dereference
    - ext4: Fix reusing stale buffer heads from last failed mounting
    - ext4: fix wrong unit use in ext4_mb_clear_bb
    - ext4: get block from bh in ext4_free_blocks for fast commit replay
    - ext4: fix wrong unit use in ext4_mb_new_blocks
    - ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
    - ext4: turn quotas off if mount failed after enabling quotas
    - ext4: only update i_reserved_data_blocks on successful block allocation
    - fs: dlm: revert check required context while close
    - soc: qcom: mdt_loader: Fix unconditional call to scm_pas_mem_setup
    - ext2/dax: Fix ext2_setsize when len is page aligned
    - jfs: jfs_dmap: Validate db_l2nbperpage while mounting
    - hwrng: imx-rngc - fix the timeout for init and self check
    - dm integrity: reduce vmalloc space footprint on 32-bit architectures
    - scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O
    - s390/zcrypt: do not retry administrative requests
    - PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
    - PCI: Release resource invalidated by coalescing
    - PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
    - PCI: qcom: Disable write access to read only registers for IP v2.3.3
    - PCI: epf-test: Fix DMA transfer completion initialization
    - PCI: epf-test: Fix DMA transfer completion detection
    - PCI: rockchip: Assert PCI Configuration Enable bit after probe
    - PCI: rockchip: Write PCI Device ID to correct register
    - PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked
    - PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core
    - PCI: rockchip: Use u32 variable to access 32-bit registers
    - PCI: rockchip: Set address alignment for endpoint mode
    - misc: pci_endpoint_test: Free IRQs before removing the device
    - misc: pci_endpoint_test: Re-init completion for every test
    - mfd: pm8008: Fix module autoloading
    - md/raid0: add discard support for the 'original' layout
    - fs: dlm: return positive pid value for F_GETLK
    - fs: dlm: fix cleanup pending ops when interrupted
    - fs: dlm: interrupt posix locks only when process is killed
    - fs: dlm: make F_SETLK use unkillable wait_event
    - fs: dlm: fix mismatch of plock results from userspace
    - scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by
      lpfc_nlp_not_used()
    - drm/atomic: Allow vblank-enabled + self-refresh "disable"
    - drm/rockchip: vop: Leave vblank enabled in self-refresh
    - drm/amd/display: fix seamless odm transitions
    - drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2
    - drm/amd/display: disable seamless boot if force_odm_combine is enabled
    - drm/amdgpu: fix clearing mappings for BOs that are always valid in VM
    - drm/amd: Disable PSR-SU on Parade 0803 TCON
    - drm/amd/display: add a NULL pointer check
    - drm/amd/display: Correct `DMUB_FW_VERSION` macro
    - drm/amd/display: Add monitor specific edid quirk
    - drm/amdgpu: avoid restore process run into dead loop.
    - drm/ttm: Don't leak a resource on swapout move error
    - serial: atmel: don't enable IRQs prematurely
    - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in
      case of error
    - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when
      iterating clk
    - tty: serial: imx: fix rs485 rx after tx
    - firmware: stratix10-svc: Fix a potential resource leak in
      svc_create_memory_pool()
    - libceph: harden msgr2.1 frame segment length checks
    - ceph: add a dedicated private data for netfs rreq
    - ceph: fix blindly expanding the readahead windows
    - ceph: don't let check_caps skip sending responses for revoke msgs
    - xhci: Fix resume issue of some ZHAOXIN hosts
    - xhci: Fix TRB prefetch issue of ZHAOXIN hosts
    - xhci: Show ZHAOXIN xHCI root hub speed correctly
    - meson saradc: fix clock divider mask length
    - opp: Fix use-after-free in lazy_opp_tables after probe deferral
    - soundwire: qcom: fix storing port config out-of-bounds
    - Revert "8250: add support for ASIX devices with a FIFO bug"
    - bus: ixp4xx: fix IXP4XX_EXP_T1_MASK
    - s390/decompressor: fix misaligned symbol build error
    - dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter
    - tracing/histograms: Add histograms to hist_vars if they have referenced
      variables
    - tracing: Fix memory leak of iter->temp when reading trace_pipe
    - nvme: don't reject probe due to duplicate IDs for single-ported PCIe devices
    - samples: ftrace: Save required argument registers in sample trampolines
    - perf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start()
    - regmap-irq: Fix out-of-bounds access when allocating config buffers
    - net: ena: fix shift-out-of-bounds in exponential backoff
    - ring-buffer: Fix deadloop issue on reading trace_pipe
    - ftrace: Fix possible warning on checking all pages used in
      ftrace_process_locs()
    - cifs: if deferred close is disabled then close files immediately
    - xtensa: ISS: fix call to split_if_spec
    - perf/x86: Fix lockdep warning in for_each_sibling_event() on SPR
    - PM: QoS: Restore support for default value on frequency QoS
    - pwm: meson: modify and simplify calculation in meson_pwm_get_state
    - pwm: meson: fix handling of period/duty if greater than UINT_MAX
    - fprobe: Release rethook after the ftrace_ops is unregistered
    - fprobe: Ensure running fprobe_exit_handler() finished before calling
      rethook_free()
    - tracing: Fix null pointer dereference in tracing_err_log_open()
    - selftests: mptcp: connect: fail if nft supposed to work
    - selftests: mptcp: sockopt: return error if wrong mark
    - selftests: mptcp: userspace_pm: use correct server port
    - selftests: mptcp: userspace_pm: report errors with 'remove' tests
    - selftests: mptcp: depend on SYN_COOKIES
    - selftests: mptcp: pm_nl_ctl: fix 32-bit support
    - tracing/probes: Fix not to count error code to total length
    - tracing/probes: Fix to update dynamic data counter if fetcharg uses it
    - tracing/user_events: Fix struct arg size match check
    - scsi: qla2xxx: Multi-que support for TMF
    - scsi: qla2xxx: Fix task management cmd failure
    - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource
    - scsi: qla2xxx: Fix hang in task management
    - scsi: qla2xxx: Wait for io return on terminate rport
    - scsi: qla2xxx: Fix mem access after free
    - scsi: qla2xxx: Array index may go out of bound
    - scsi: qla2xxx: Avoid fcport pointer dereference
    - scsi: qla2xxx: Fix potential NULL pointer dereference
    - scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
    - scsi: qla2xxx: Correct the index of array
    - scsi: qla2xxx: Pointer may be dereferenced
    - scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
    - scsi: qla2xxx: Fix end of loop test
    - MIPS: kvm: Fix build error with KVM_MIPS_DEBUG_COP0_COUNTERS enabled
    - Revert "drm/amd: Disable PSR-SU on Parade 0803 TCON"
    - net/sched: sch_qfq: reintroduce lmax bound check for MTU
    - drm/atomic: Fix potential use-after-free in nonblocking commits
    - net/ncsi: make one oem_gma function for all mfr id
    - net/ncsi: change from ndo_set_mac_address to dev_set_mac_address
    - HID: input: fix mapping for camera access keys
    - xen/virtio: Fix NULL deref when a bridge of PCI root bus has no parent
    - netfilter: conntrack: don't fold port numbers into addresses before hashing
    - net/mlx5: Query hca_cap_2 only when supported
    - udp6: add a missing call into udp_fail_queue_rcv_skb tracepoint
    - HID: hyperv: avoid struct memcpy overrun warning
    - igc: Rename qbv_enable to taprio_offload_enable
    - igc: No strict mode in pure launchtime/CBS offload
    - net: fec: increase the size of tx ring and update tx_wake_threshold
    - drm/nouveau/disp: fix HDMI on gt215+
    - drm/nouveau/disp/g94: enable HDMI
    - drm/nouveau: bring back blit subchannel for pre nv50 GPUs
    - net: txgbe: fix eeprom calculation error
    - kasan, slub: fix HW_TAGS zeroing with slub_debug
    - drm/amd/display: perform a bounds check before filling dirty rectangles
    - fs: dlm: clear pending bit when queue was empty
    - fs: dlm: fix missing pending to false
    - tty: fix hang on tty device with no_room set
    - nfp: clean mc addresses in application firmware when closing port
    - mptcp: do not rely on implicit state check in mptcp_listen()
    - mptcp: ensure subflow is unhashed before cleaning the backlog
    - selftests: mptcp: sockopt: use 'iptables-legacy' if available
    - smb: client: Fix -Wstringop-overflow issues
    - tracing/probes: Fix to avoid double count of the string length on the array
    - Upstream stable to v6.1.40, v6.4.5

* Nouveau driver crash - Ubuntu 22.04.3 LTS stuck on power-off/reboot screen
    (LP: #2031352) // Lunar update: upstream stable patchset 2023-09-14
    (LP: #2036075)
    - drm/nouveau/acr: Abort loading ACR if no firmware was found

* Lunar update: upstream stable patchset 2023-09-05 (LP: #2034469)
    - drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2
    - fs: pipe: reveal missing function protoypes
    - block: Fix the type of the second bdev_op_is_zoned_write() argument
    - erofs: avoid tagged pointers to mark sync decompression
    - erofs: remove tagged pointer helpers
    - erofs: move zdata.h into zdata.c
    - erofs: kill hooked chains to avoid loops on deduplicated compressed images
    - x86/resctrl: Only show tasks' pid in current pid namespace
    - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
    - x86/sev: Fix calculation of end address based on number of pages
    - virt: sevguest: Add CONFIG_CRYPTO dependency
    - blk-mq: fix potential io hang by wrong 'wake_batch'
    - lockd: drop inappropriate svc_get() from locked_get()
    - nvme-core: fix memory leak in dhchap_secret_store
    - nvme-core: fix memory leak in dhchap_ctrl_secret
    - nvme-core: add missing fault-injection cleanup
    - nvme-core: fix dev_pm_qos memleak
    - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
    - md/raid10: fix overflow of md/safe_mode_delay
    - md/raid10: fix wrong setting of max_corr_read_errors
    - md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
    - md/raid10: fix io loss while replacement replace rdev
    - md/raid1-10: factor out a helper to add bio to plug
    - md/raid1-10: factor out a helper to submit normal write
    - md/raid1-10: submit write io directly if bitmap is not enabled
    - block: fix blktrace debugfs entries leakage
    - irqchip/stm32-exti: Fix warning on initialized field overwritten
    - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
    - svcrdma: Prevent page release when nothing was received
    - erofs: simplify iloc()
    - erofs: fix compact 4B support for 16k block size
    - posix-timers: Prevent RT livelock in itimer_delete()
    - tick/rcu: Fix bogus ratelimit condition
    - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode().
    - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
    - PM: domains: fix integer overflow issues in genpd_parse_state()
    - perf/arm-cmn: Fix DTC reset
    - x86/mm: Allow guest.enc_status_change_prepare() to fail
    - x86/tdx: Fix race between set_memory_encrypted() and
      load_unaligned_zeropad()
    - drivers/perf: hisi: Don't migrate perf to the CPU going to teardown
    - powercap: RAPL: Fix CONFIG_IOSF_MBI dependency
    - PM: domains: Move the verification of in-params from genpd_add_device()
    - ARM: 9303/1: kprobes: avoid missing-declaration warnings
    - cpufreq: intel_pstate: Fix energy_performance_preference for passive
    - thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe()
    - rcu: Make rcu_cpu_starting() rely on interrupts being disabled
    - rcu-tasks: Stop rcu_tasks_invoke_cbs() from using never-onlined CPUs
    - rcutorture: Correct name of use_softirq module parameter
    - rcuscale: Move shutdown from wait_event() to wait_event_idle()
    - rcu/rcuscale: Move rcu_scale_*() after kfree_scale_cleanup()
    - rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale
    - kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME
      is undefined
    - perf/ibs: Fix interface via core pmu events
    - x86/mm: Fix __swp_entry_to_pte() for Xen PV guests
    - locking/atomic: arm: fix sync ops
    - evm: Complete description of evm_inode_setattr()
    - evm: Fix build warnings
    - ima: Fix build warnings
    - pstore/ram: Add check for kstrdup
    - igc: Enable and fix RX hash usage by netstack
    - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
    - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
    - libbpf: btf_dump_type_data_check_overflow needs to consider
      BTF_MEMBER_BITFIELD_SIZE
    - samples/bpf: Fix buffer overflow in tcp_basertt
    - spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG
    - wifi: wilc1000: fix for absent RSN capabilities WFA testcase
    - wifi: mwifiex: Fix the size of a memory allocation in
      mwifiex_ret_802_11_scan()
    - sctp: add bpf_bypass_getsockopt proto callback
    - libbpf: fix offsetof() and container_of() to work with CO-RE
    - bpf: Don't EFAULT for {g,s}setsockopt with wrong optlen
    - spi: dw: Round of n_bytes to power of 2
    - nfc: llcp: fix possible use of uninitialized variable in
      nfc_llcp_send_connect()
    - bpftool: JIT limited misreported as negative value on aarch64
    - bpf: Remove bpf trampoline selector
    - bpf: Fix memleak due to fentry attach failure
    - selftests/bpf: Do not use sign-file as testcase
    - regulator: core: Fix more error checking for debugfs_create_dir()
    - regulator: core: Streamline debugfs operations
    - wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
    - wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
    - wifi: atmel: Fix an error handling path in atmel_probe()
    - wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
    - wifi: ray_cs: Fix an error handling path in ray_probe()
    - wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
    - samples/bpf: xdp1 and xdp2 reduce XDPBUFSIZE to 60
    - wifi: ath10k: Trigger STA disconnect after reconfig complete on hardware
      restart
    - wifi: mac80211: recalc min chandef for new STA links
    - selftests/bpf: Fix check_mtu using wrong variable type
    - wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled
    - wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
    - ice: handle extts in the miscellaneous interrupt thread
    - selftests: cgroup: fix unexpected failure on test_memcg_low
    - watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct
      config
    - watchdog/perf: more properly prevent false positives with turbo modes
    - kexec: fix a memory leak in crash_shrink_memory()
    - mmc: mediatek: Avoid ugly error message when SDIO wakeup IRQ isn't used
    - memstick r592: make memstick_debug_get_tpc_name() static
    - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
    - wifi: mac80211: Fix permissions for valid_links debugfs entry
    - rtnetlink: extend RTEXT_FILTER_SKIP_STATS to IFLA_VF_INFO
    - wifi: ath11k: Add missing check for ioremap
    - wifi: iwlwifi: pull from TXQs with softirqs disabled
    - wifi: iwlwifi: pcie: fix NULL pointer dereference in
      iwl_pcie_irq_rx_msix_handler()
    - wifi: mac80211: Remove "Missing iftype sband data/EHT cap" spam
    - wifi: cfg80211: rewrite merging of inherited elements
    - wifi: cfg80211: drop incorrect nontransmitted BSS update code
    - wifi: cfg80211: fix regulatory disconnect with OCB/NAN
    - wifi: ieee80211: Fix the common size calculation for reconfiguration ML
    - mmc: Add MMC_QUIRK_BROKEN_SD_CACHE for Kingston Canvas Go Plus from 11/2019
    - wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection
    - wifi: ath9k: convert msecs to jiffies where needed
    - bpf: Factor out socket lookup functions for the TC hookpoint.
    - bpf: Call __bpf_sk_lookup()/__bpf_skc_lookup() directly via TC hookpoint
    - bpf: Fix bpf socket lookup from tc/xdp to respect socket VRF bindings
    - can: length: fix bitstuffing count
    - can: kvaser_pciefd: Add function to set skb hwtstamps
    - can: kvaser_pciefd: Set hardware timestamp on transmitted packets
    - net: stmmac: fix double serdes powerdown
    - netlink: fix potential deadlock in netlink_set_err()
    - netlink: do not hard code device address lenth in fdb dumps
    - bonding: do not assume skb mac_header is set
    - selftests: rtnetlink: remove netdevsim device after ipsec offload test
    - gtp: Fix use-after-free in __gtp_encap_destroy().
    - net: axienet: Move reset before 64-bit DMA detection
    - ocfs2: Fix use of slab data with sendpage
    - sfc: fix crash when reading stats while NIC is resetting
    - lib/ts_bm: reset initial match offset for every block of text
    - netfilter: conntrack: dccp: copy entire header to stack buffer, not just
      basic one
    - netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return
      value.
    - ipvlan: Fix return value of ipvlan_queue_xmit()
    - netlink: Add __sock_i_ino() for __netlink_diag_dump().
    - drm/amd/display: Add logging for display MALL refresh setting
    - radeon: avoid double free in ci_dpm_init()
    - drm/amd/display: Explicitly specify update type per plane info change
    - drm/bridge: it6505: Move a variable assignment behind a null pointer check
      in receive_timing_debugfs_show()
    - Input: drv260x - sleep between polling GO bit
    - drm/bridge: ti-sn65dsi83: Fix enable error path
    - drm/bridge: tc358768: always enable HS video mode
    - drm/bridge: tc358768: fix PLL parameters computation
    - drm/bridge: tc358768: fix PLL target frequency
    - drm/bridge: tc358768: fix TCLK_ZEROCNT computation
    - drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation
    - drm/bridge: tc358768: fix TCLK_TRAILCNT computation
    - drm/bridge: tc358768: fix THS_ZEROCNT computation
    - drm/bridge: tc358768: fix TXTAGOCNT computation
    - drm/bridge: tc358768: fix THS_TRAILCNT computation
    - drm/vram-helper: fix function names in vram helper doc
    - ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
    - ARM: dts: meson8b: correct uart_B and uart_C clock references
    - mm: call arch_swap_restore() from do_swap_page()
    - clk: vc5: Use `clamp()` to restrict PLL range
    - bootmem: remove the vmemmap pages from kmemleak in free_bootmem_page
    - clk: vc5: Fix .driver_data content in i2c_device_id
    - clk: vc7: Fix .driver_data content in i2c_device_id
    - clk: rs9: Fix .driver_data content in i2c_device_id
    - Input: adxl34x - do not hardcode interrupt trigger type
    - drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks`
    - drm/panel: sharp-ls043t1le01: adjust mode settings
    - driver: soc: xilinx: use _safe loop iterator to avoid a use after free
    - ASoC: Intel: sof_sdw: remove SOF_SDW_TGL_HDMI for MeteorLake devices
    - drm/vkms: isolate pixel conversion functionality
    - drm: Add fixed-point helper to get rounded integer values
    - drm/vkms: Fix RGB565 pixel conversion
    - ARM: dts: stm32: Move ethernet MAC EEPROM from SoM to carrier boards
    - bus: ti-sysc: Fix dispc quirk masking bool variables
    - arm64: dts: microchip: sparx5: do not use PSCI on reference boards
    - drm/bridge: tc358767: Switch to devm MIPI-DSI helpers
    - clk: imx: scu: use _safe list iterator to avoid a use after free
    - hwmon: (f71882fg) prevent possible division by zero
    - RDMA/bnxt_re: Disable/kill tasklet only if it is enabled
    - RDMA/bnxt_re: Fix to remove unnecessary return labels
    - RDMA/bnxt_re: Use unique names while registering interrupts
    - RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid
    - RDMA/bnxt_re: Fix to remove an unnecessary log
    - drm/msm/dsi: don't allow enabling 14nm VCO with unprogrammed rate
    - drm/msm/disp/dpu: get timing engine status from intf status register
    - drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK
    - iommu/virtio: Detach domain on endpoint release
    - iommu/virtio: Return size mapped for a detached domain
    - clk: renesas: rzg2l: Fix CPG_SIPLL5_CLK1 register write
    - ARM: dts: gta04: Move model property out of pinctrl node
    - drm/bridge: anx7625: Convert to i2c's .probe_new()
    - drm/bridge: anx7625: Prevent endless probe loop
    - ARM: dts: qcom: msm8974: do not use underscore in node name (again)
    - arm64: dts: qcom: msm8916: correct camss unit address
    - arm64: dts: qcom: msm8916: correct MMC unit address
    - arm64: dts: qcom: msm8994: correct SPMI unit address
    - arm64: dts: qcom: msm8996: correct camss unit address
    - arm64: dts: qcom: sdm630: correct camss unit address
    - arm64: dts: qcom: sdm845: correct camss unit address
    - arm64: dts: qcom: sm8350: correct DMA controller unit address
    - arm64: dts: qcom: sdm845-polaris: add missing touchscreen child node reg
    - arm64: dts: qcom: apq8016-sbc: Fix regulator constraints
    - arm64: dts: qcom: apq8016-sbc: Fix 1.8V power rail on LS expansion
    - drm/bridge: Introduce pre_enable_prev_first to alter bridge init order
    - drm/bridge: ti-sn65dsi83: Fix enable/disable flow to meet spec
    - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
    - ARM: ep93xx: fix missing-prototype warnings
    - ARM: omap2: fix missing tick_broadcast() prototype
    - arm64: dts: qcom: pm7250b: add missing spmi-vadc include
    - arm64: dts: qcom: apq8096: fix fixed regulator name property
    - arm64: dts: mediatek: mt8183: Add mediatek,broken-save-restore-fw to kukui
    - ARM: dts: stm32: Shorten the AV96 HDMI sound card name
    - memory: brcmstb_dpfe: fix testing array offset after use
    - ARM: dts: qcom: apq8074-dragonboard: Set DMA as remotely controlled
    - ASoC: es8316: Increment max value for ALC Capture Target Volume control
    - ASoC: es8316: Do not set rate constraints for unsupported MCLKs
    - ARM: dts: meson8: correct uart_B and uart_C clock references
    - soc/fsl/qe: fix usb.c build errors
    - RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes
    - IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate
    - RDMA/hns: Fix hns_roce_table_get return value
    - ARM: dts: iwg20d-q7-common: Fix backlight pwm specifier
    - arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
    - drm/msm/dpu: set DSC flush bit correctly at MDP CTL flush register
    - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
    - arm64: dts: ti: k3-j7200: Fix physical address of pin
    - Input: pm8941-powerkey - fix debounce on gen2+ PMICs
    - ARM: dts: stm32: Fix audio routing on STM32MP15xx DHCOM PDK2
    - ARM: dts: stm32: fix i2s endpoint format property for stm32mp15xx-dkx
    - hwmon: (gsc-hwmon) fix fan pwm temperature scaling
    - hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272
    - ARM: dts: BCM5301X: fix duplex-full => full-duplex
    - clk: Export clk_hw_forward_rate_request()
    - drm/amd/display: Fix a test CalculatePrefetchSchedule()
    - drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg()
    - drm/amdkfd: Fix potential deallocation of previously deallocated memory.
    - soc: mediatek: SVS: Fix MT8192 GPU node name
    - drm/amd/display: Fix artifacting on eDP panels when engaging freesync video
      mode
    - drm/radeon: fix possible division-by-zero errors
    - HID: uclogic: Modular KUnit tests should not depend on KUNIT=y
    - RDMA/rxe: Fix access checks in rxe_check_bind_mw
    - amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
    - drm/msm/a5xx: really check for A510 in a5xx_gpu_init
    - RDMA/bnxt_re: wraparound mbox producer index
    - RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context
    - clk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe
    - clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe
    - clk: imx93: fix memory leak and missing unwind goto in imx93_clocks_probe
    - clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()
    - arm64: dts: qcom: sdm845: Flush RSC sleep & wake votes
    - arm64: dts: qcom: sm8250-edo: Panel framebuffer is 2.5k instead of 4k
    - clk: bcm: rpi: Fix off by one in raspberrypi_discover_clocks()
    - clk: clocking-wizard: Fix Oops in clk_wzrd_register_divider()
    - clk: tegra: tegra124-emc: Fix potential memory leak
    - ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
    - drm/msm/dpu: do not enable color-management if DSPPs are not available
    - drm/msm/dpu: Fix slice_last_group_size calculation
    - drm/msm/dsi: Use DSC slice(s) packet size to compute word count
    - drm/msm/dsi: Flip greater-than check for slice_count and slice_per_intf
    - drm/msm/dsi: Remove incorrect references to slice_count
    - drm/msm/dp: Free resources after unregistering them
    - arm64: dts: mediatek: Add cpufreq nodes for MT8192
    - arm64: dts: mediatek: mt8192: Fix CPUs capacity-dmips-mhz
    - drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function.
    - drm/amdgpu: Fix usage of UMC fill record in RAS
    - drm/msm/dpu: correct MERGE_3D length
    - clk: vc5: check memory returned by kasprintf()
    - clk: cdce925: check return value of kasprintf()
    - clk: si5341: return error if one synth clock registration fails
    - clk: si5341: check return value of {devm_}kasprintf()
    - clk: si5341: free unused memory on probe failure
    - clk: keystone: sci-clk: check return value of kasprintf()
    - clk: ti: clkctrl: check return value of kasprintf()
    - drivers: meson: secure-pwrc: always enable DMA domain
    - ovl: update of dentry revalidate flags after copy up
    - ASoC: imx-audmix: check return value of devm_kasprintf()
    - clk: Fix memory leak in devm_clk_notifier_register()
    - ARM: dts: lan966x: kontron-d10: fix board reset
    - ARM: dts: lan966x: kontron-d10: fix SPI CS
    - ASoC: amd: acp: clear pdm dma interrupt mask
    - PCI: cadence: Fix Gen2 Link Retraining process
    - PCI: vmd: Reset VMD config register between soft reboots
    - scsi: qedf: Fix NULL dereference in error handling
    - pinctrl: bcm2835: Handle gpiochip_add_pin_range() errors
    - platform/x86: lenovo-yogabook: Fix work race on remove()
    - platform/x86: lenovo-yogabook: Reprobe devices on remove()
    - platform/x86: lenovo-yogabook: Set default keyboard backligh brightness on
      probe()
    - PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free
    - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
    - PCI: pciehp: Cancel bringup sequence if card is not present
    - PCI: ftpci100: Release the clock resources
    - pinctrl: sunplus: Add check for kmalloc
    - PCI: Add pci_clear_master() stub for non-CONFIG_PCI
    - scsi: lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on
      nlp_state
    - perf bench: Add missing setlocale() call to allow usage of %'d style
      formatting
    - pinctrl: cherryview: Return correct value if pin in push-pull mode
    - platform/x86: think-lmi: mutex protection around multiple WMI calls
    - platform/x86: think-lmi: Correct System password interface
    - platform/x86: think-lmi: Correct NVME password handling
    - pinctrl:sunplus: Add check for kmalloc
    - pinctrl: npcm7xx: Add missing check for ioremap
    - kcsan: Don't expect 64 bits atomic builtins from 32 bits architectures
    - powerpc/interrupt: Don't read MSR from interrupt_exit_kernel_prepare()
    - powerpc/signal32: Force inlining of __unsafe_save_user_regs() and
      save_tm_user_regs_unsafe()
    - perf script: Fix allocation of evsel->priv related to per-event dump files
    - platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles
    - perf dwarf-aux: Fix off-by-one in die_get_varname()
    - platform/x86/dell/dell-rbtn: Fix resources leaking on error path
    - perf tool x86: Consolidate is_amd check into single function
    - perf tool x86: Fix perf_env memory leak
    - powerpc/64s: Fix VAS mm use after free
    - pinctrl: microchip-sgpio: check return value of devm_kasprintf()
    - pinctrl: at91-pio4: check return value of devm_kasprintf()
    - powerpc/powernv/sriov: perform null check on iov before dereferencing iov
    - powerpc: update ppc_save_regs to save current r1 in pt_regs
    - PCI: qcom: Remove PCIE20_ prefix from register definitions
    - PCI: qcom: Sort and group registers and bitfield definitions
    - PCI: qcom: Use lower case for hex
    - PCI: qcom: Use DWC helpers for modifying the read-only DBI registers
    - PCI: qcom: Disable write access to read only registers for IP v2.9.0
    - riscv: uprobes: Restore thread.bad_cause
    - powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo
    - powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-
      boundary
    - PCI: endpoint: Fix a Kconfig prompt of vNTB driver
    - PCI: endpoint: functions/pci-epf-test: Fix dma_chan direction
    - PCI: vmd: Fix uninitialized variable usage in vmd_enable_domain()
    - vfio/mdev: Move the compat_class initialization to module init
    - hwrng: virtio - Fix race on data_avail and actual data
    - modpost: remove broken calculation of exception_table_entry size
    - crypto: nx - fix build warnings when DEBUG_FS is not enabled
    - modpost: fix section mismatch message for R_ARM_ABS32
    - modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
    - crypto: marvell/cesa - Fix type mismatch warning
    - crypto: jitter - correct health test during initialization
    - modpost: fix off by one in is_executable_section()
    - ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
    - crypto: qat - unmap buffer before free for DH
    - crypto: qat - unmap buffers before free for RSA
    - NFSv4.2: fix wrong shrinker_id
    - NFSv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION
    - SMB3: Do not send lease break acknowledgment if all file handles have been
      closed
    - dax: Fix dax_mapping_release() use after free
    - dax: Introduce alloc_dev_dax_id()
    - dax/kmem: Pass valid argument to memory_group_register_static
    - hwrng: st - keep clock enabled while hwrng is registered
    - kbuild: Disable GCOV for *.mod.o
    - efi/libstub: Disable PCI DMA before grabbing the EFI memory map
    - cifs: prevent use-after-free by freeing the cfile later
    - cifs: do all necessary checks for credits within or before locking
    - smb: client: fix broken file attrs with nodfs mounts
    - ksmbd: avoid field overflow warning
    - arm64: sme: Use STR P to clear FFR context field in streaming SVE mode
    - x86/efi: Make efi_set_virtual_address_map IBT safe
    - md/raid1-10: fix casting from randomized structure in raid1_submit_write()
    - USB: serial: option: add LARA-R6 01B PIDs
    - usb: dwc3: gadget: Propagate core init errors to UDC during pullup
    - phy: tegra: xusb: Clear the driver reference in usb-phy dev
    - iio: adc: ad7192: Fix null ad7192_state pointer access
    - iio: adc: ad7192: Fix internal/external clock selection
    - iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF
    - iio: accel: fxls8962af: fixup buffer scan element type
    - mm/mmap: Fix VM_LOCKED check in do_vmi_align_munmap()
    - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook
    - ALSA: hda/realtek: Add quirk for Clevo NPx0SNx
    - ALSA: jack: Fix mutex call in snd_jack_report()
    - ALSA: pcm: Fix potential data race at PCM memory allocation helpers
    - block: fix signed int overflow in Amiga partition support
    - block: add overflow checks for Amiga partition support
    - block: change all __u32 annotations to __be32 in affs_hardblocks.h
    - block: increment diskseq on all media change events
    - btrfs: fix race when deleting free space root from the dirty cow roots list
    - SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
    - w1: w1_therm: fix locking behavior in convert_t
    - w1: fix loop in w1_fini()
    - dt-bindings: power: reset: qcom-pon: Only allow reboot-mode pre-pmk8350
    - f2fs: do not allow to defragment files have FI_COMPRESS_RELEASED
    - sh: j2: Use ioremap() to translate device tree address into kernel memory
    - usb: dwc2: Fix some error handling paths
    - serial: 8250: omap: Fix freeing of resources on failed register
    - clk: qcom: mmcc-msm8974: remove oxili_ocmemgx_clk
    - clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs
    - clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks
    - clk: qcom: gcc-qcm2290: Mark RCGs shared where applicable
    - media: usb: Check az6007_read() return value
    - media: amphion: drop repeated codec data for vc1l format
    - media: amphion: drop repeated codec data for vc1g format
    - media: amphion: initiate a drain of the capture queue in dynamic resolution
      change
    - media: videodev2.h: Fix struct v4l2_input tuner index comment
    - media: i2c: Correct format propagation for st-mipid02
    - media: hi846: fix usage of pm_runtime_get_if_in_use()
    - media: mediatek: vcodec: using decoder status instead of core work count
    - clk: qcom: ipq6018: fix networking resets
    - clk: qcom: dispcc-qcm2290: Fix BI_TCXO_AO handling
    - clk: qcom: dispcc-qcm2290: Fix GPLL0_OUT_DIV handling
    - clk: qcom: mmcc-msm8974: use clk_rcg2_shared_ops for mdp_clk_src clock
    - staging: vchiq_arm: mark vchiq_platform_init() static
    - usb: dwc3: qcom: Fix potential memory leak
    - usb: gadget: u_serial: Add null pointer check in gserial_suspend
    - extcon: Fix kernel doc of property fields to avoid warnings
    - extcon: Fix kernel doc of property capability fields to avoid warnings
    - usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
    - usb: hide unused usbfs_notify_suspend/resume functions
    - usb: misc: eud: Fix eud sysfs path (use 'qcom_eud')
    - serial: core: lock port for stop_rx() in uart_suspend_port()
    - serial: 8250: lock port for stop_rx() in omap8250_irq()
    - serial: core: lock port for start_rx() in uart_resume_port()
    - serial: 8250: lock port for UART_IER access in omap8250_irq()
    - kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR
    - lkdtm: replace ll_rw_block with submit_bh
    - i3c: master: svc: fix cpu schedule in spin lock
    - coresight: Fix loss of connection info when a module is unloaded
    - mfd: rt5033: Drop rt5033-battery sub-device
    - media: venus: helpers: Fix ALIGN() of non power of two
    - media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var()
    - sh: Avoid using IRQ0 on SH3 and SH4
    - gfs2: Fix duplicate should_fault_in_pages() call
    - f2fs: fix potential deadlock due to unpaired node_write lock use
    - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
    - usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove()
    - usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe()
    - usb: common: usb-conn-gpio: Set last role to unknown before initial
      detection
    - usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe()
    - mfd: wcd934x: Fix an error handling path in wcd934x_slim_probe()
    - mfd: intel-lpss: Add missing check for platform_get_resource
    - Revert "usb: common: usb-conn-gpio: Set last role to unknown before initial
      detection"
    - serial: 8250_omap: Use force_suspend and resume for system suspend
    - device property: Clarify description of returned value in some functions
    - drivers: fwnode: fix fwnode_irq_get[_byname]()
    - nvmem: sunplus-ocotp: release otp->clk before return
    - nvmem: rmem: Use NVMEM_DEVID_AUTO
    - bus: fsl-mc: don't assume child devices are all fsl-mc devices
    - mfd: stmfx: Fix error path in stmfx_chip_init
    - mfd: stmfx: Nullify stmfx->vdd in case of error
    - KVM: s390: vsie: fix the length of APCB bitmap
    - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler
    - cpufreq: mediatek: correct voltages for MT7622 and MT7623
    - misc: fastrpc: check return value of devm_kasprintf()
    - clk: qcom: mmcc-msm8974: fix MDSS_GDSC power flags
    - hwtracing: hisi_ptt: Fix potential sleep in atomic context
    - mfd: stmpe: Only disable the regulators if they are enabled
    - phy: tegra: xusb: check return value of devm_kzalloc()
    - lib/bitmap: drop optimization of bitmap_{from,to}_arr64
    - pwm: imx-tpm: force 'real_period' to be zero in suspend
    - pwm: sysfs: Do not apply state to already disabled PWMs
    - pwm: ab8500: Fix error code in probe()
    - pwm: mtk_disp: Fix the disable flow of disp_pwm
    - md/raid10: fix the condition to call bio_end_io_acct()
    - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
    - drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times
    - drm/i915/guc/slpc: Apply min softlimit correctly
    - f2fs: check return value of freeze_super()
    - media: cec: i2c: ch7322: also select REGMAP
    - sctp: fix potential deadlock on &net->sctp.addr_wq_lock
    - net/sched: act_ipt: add sanity checks on table name and hook locations
    - net: add a couple of helpers for iph tot_len
    - net/sched: act_ipt: add sanity checks on skb before calling target
    - spi: spi-geni-qcom: enable SPI_CONTROLLER_MUST_TX for GPI DMA mode
    - net: mscc: ocelot: don't report that RX timestamping is enabled by default
    - net: mscc: ocelot: don't keep PTP configuration of all ports in single
      structure
    - net: dsa: felix: don't drop PTP frames with tag_8021q when RX timestamping
      is disabled
    - net: dsa: sja1105: always enable the INCL_SRCPT option
    - net: dsa: tag_sja1105: always prefer source port information from INCL_SRCPT
    - Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
    - Bluetooth: fix invalid-bdaddr quirk for non-persistent setup
    - Bluetooth: ISO: use hci_sync for setting CIG parameters
    - Bluetooth: MGMT: add CIS feature bits to controller information
    - Bluetooth: MGMT: Use BIT macro when defining bitfields
    - Bluetooth: MGMT: Fix marking SCAN_RSP as not connectable
    - ibmvnic: Do not reset dql stats on NON_FATAL err
    - net: dsa: vsc73xx: fix MTU configuration
    - mlxsw: minimal: fix potential memory leak in mlxsw_m_linecards_init
    - spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
    - drm/amdgpu: fix number of fence calculations
    - drm/amd: Don't try to enable secure display TA multiple times
    - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
    - f2fs: fix error path handling in truncate_dnode()
    - octeontx2-af: Fix mapping for NIX block from CGX connection
    - octeontx2-af: Add validation before accessing cgx and lmac
    - ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr()
    - powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
    - powerpc: dts: turris1x.dts: Fix PCIe MEM size for pci2 node
    - net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
    - net: dsa: tag_sja1105: fix source port decoding in vlan_filtering=0 bridge
      mode
    - net: fix net_dev_start_xmit trace event vs skb_transport_offset()
    - tcp: annotate data races in __tcp_oow_rate_limited()
    - bpf, btf: Warn but return no error for NULL btf from
      __register_btf_kfunc_id_set()
    - xsk: Honor SO_BINDTODEVICE on bind
    - net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
    - fanotify: disallow mount/sb marks on kernel internal pseudo fs
    - riscv: move memblock_allow_resize() after linear mapping is ready
    - pptp: Fix fib lookup calls.
    - net: dsa: tag_sja1105: fix MAC DA patching from meta frames
    - net: dsa: sja1105: always enable the send_meta options
    - octeontx-af: fix hardware timestamp configuration
    - afs: Fix accidental truncation when storing data
    - s390/qeth: Fix vipa deletion
    - sh: dma: Fix DMA channel offset calculation
    - apparmor: fix missing error check for rhashtable_insert_fast
    - i2c: xiic: Don't try to handle more interrupt events after error
    - dm: fix undue/missing spaces
    - dm: avoid split of quoted strings where possible
    - dm ioctl: have constant on the right side of the test
    - dm ioctl: Avoid double-fetch of version
    - extcon: usbc-tusb320: Unregister typec port on driver removal
    - btrfs: do not BUG_ON() on tree mod log failure at balance_level()
    - i2c: qup: Add missing unwind goto in qup_i2c_probe()
    - irqchip/loongson-pch-pic: Fix potential incorrect hwirq assignment
    - NFSD: add encoding of op_recall flag for write delegation
    - irqchip/loongson-pch-pic: Fix initialization of HT vector register
    - io_uring: wait interruptibly for request completions on exit
    - mmc: core: disable TRIM on Kingston EMMC04G-M627
    - mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
    - mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS
    - mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is
      used.
    - wifi: cfg80211: fix regulatory disconnect for non-MLO
    - wifi: ath10k: Serialize wake_tx_queue ops
    - bcache: fixup btree_cache_wait list damage
    - bcache: Remove unnecessary NULL point check in node allocations
    - bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
    - watch_queue: prevent dangling pipe pointer
    - um: Use HOST_DIR for mrproper
    - integrity: Fix possible multiple allocation in integrity_inode_get()
    - autofs: use flexible array in ioctl structure
    - mm/damon/ops-common: atomically test and clear young on ptes and pmds
    - shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs
    - jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
    - fs: avoid empty option when generating legacy mount string
    - ext4: Remove ext4 locking of moved directory
    - Revert "f2fs: fix potential corruption when moving a directory"
    - fs: Establish locking order for unrelated directories
    - fs: Lock moved directories
    - i2c: nvidia-gpu: Add ACPI property to align with device-tree
    - i2c: nvidia-gpu: Remove ccgx,firmware-build property
    - usb: typec: ucsi: Mark dGPUs as DEVICE scope
    - ipvs: increase ip_vs_conn_tab_bits range for 64BIT
    - btrfs: add handling for RAID1C23/DUP to btrfs_reduce_alloc_profile
    - btrfs: delete unused BGs while reclaiming BGs
    - btrfs: bail out reclaim process if filesystem is read-only
    - btrfs: add block-group tree to lockdep classes
    - btrfs: reinsert BGs failed to reclaim
    - btrfs: fix race when deleting quota root from the dirty cow roots list
    - btrfs: fix extent buffer leak after tree mod log failure at split_node()
    - btrfs: do not BUG_ON() on tree mod log failure at __btrfs_cow_block()
    - ASoC: mediatek: mt8173: Fix irq error path
    - ASoC: mediatek: mt8173: Fix snd_soc_component_initialize error path
    - regulator: tps65219: Fix matching interrupts for their regulators
    - ARM: dts: qcom: ipq4019: fix broken NAND controller properties override
    - ARM: orion5x: fix d2net gpio initialization
    - leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename
    - blktrace: use inline function for blk_trace_remove() while blktrace is
      disabled
    - fs: no need to check source
    - xfs: explicitly specify cpu when forcing inodegc delayed work to run
      immediately
    - xfs: check that per-cpu inodegc workers actually run on that cpu
    - xfs: disable reaping in fscounters scrub
    - xfs: fix xfs_inodegc_stop racing with mod_delayed_work
    - mm/mmap: Fix extra maple tree write
    - netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
    - wireguard: queueing: use saner cpu selection wrapping
    - wireguard: netlink: send staged packets when setting initial private key
    - tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
    - block/partition: fix signedness issue for Amiga partitions
    - sh: mach-r2d: Handle virq offset in cascaded IRL demux
    - sh: mach-highlander: Handle virq offset in cascaded IRL demux
    - sh: mach-dreamcast: Handle virq offset in cascaded IRQ demux
    - sh: hd64461: Handle virq offset for offchip IRQ base and HD64461 IRQ
    - blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()
    - irqchip/loongson-eiointc: Fix irq affinity setting during resume
    - perf: arm_cspmu: Set irq affinitiy only if overflow interrupt is used
    - perf/arm_cspmu: Fix event attribute type
    - APEI: GHES: correctly return NULL for ghes_get_devices()
    - wifi: rtw88: usb: silence log flooding error message
    - net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses
    - drm/amd/display: fix is_timing_changed() prototype
    - Input: cyttsp4_core - change del_timer_sync() to timer_shutdown_sync()
    - drm/nouveau: dispnv50: fix missing-prototypes warning
    - arm64: dts: qcom: pm8998: don't use GIC_SPI for SPMI interrupts
    - arm64: dts: qcom: ipq6018: correct qrng unit address
    - arm64: dts: qcom: msm8953: correct IOMMU unit address
    - arm64: dts: qcom: msm8976: correct MMC unit address
    - arm64: dts: qcom: sm6115: correct thermal-sensor unit address
    - drm/msm/dpu: always clear every individual pending flush mask
    - MIPS: DTS: CI20: Fix ACT8600 regulator node names
    - arm64: dts: qcom: sdm670: Flush RSC sleep & wake votes
    - arm64: dts: ti: k3-j721e-beagleboneai64: Fix mailbox node status
    - drm/msm/dp: Drop aux devices together with DP controller
    - iommufd: Do not access the area pointer after unlocking
    - iommufd: Call iopt_area_contig_done() under the lock
    - perf evsel: Don't let for_each_group() treat the head of the list as one of
      its nodes
    - pinctrl: tegra: Duplicate pinmux functions table
    - platform/x86:intel/pmc: Remove Meteor Lake S platform support
    - perf tests task_analyzer: Fix bad substitution ${$1}
    - perf tests task_analyzer: Skip tests if no libtraceevent support
    - pinctrl: freescale: Fix a memory out of bounds when num_configs is 1
    - perf stat: Reset aggr stats for each run
    - platform/x86:intel/pmc: Update maps for Meteor Lake P/M platforms
    - perf test: Set PERF_EXEC_PATH for script execution
    - kbuild: Fix CFI failures with GCOV
    - btrfs: fix range_end calculation in extent_write_locked_range
    - igc: Fix race condition in PTP tx code
    - igc: Check if hardware TX timestamping is enabled earlier
    - igc: Work around HW bug causing missing timestamps
    - sch_netem: fix issues in netem_change() vs get_dist_table()
    - interconnect: qcom: rpm: Don't use clk_get_optional for bus clocks anymore
    - media: videodev2.h: Fix p_s32 and p_s64 pointer types
    - f2fs: fix the wrong condition to determine atomic context
    - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation
    - media: tc358746: select CONFIG_GENERIC_PHY
    - net/sched: act_ipt: zero skb->cb before calling target
    - octeontx2-af: cn10kb: fix interrupt csr addresses
    - octeontx2-af: Reset MAC features in FLR
    - drm/i915/psr: Fix BDW PSR AUX CH data register offsets
    - irqchip/loongson-liointc: Fix IRQ trigger polarity
    - btrfs: fix dirty_metadata_bytes for redirtied buffers
    - btrfs: add missing error handling when logging operation while COWing extent
      buffer
    - ARM: dts: qcom: msm8660: Fix regulator node names
    - ovl: fix null pointer dereference in ovl_permission()
    - ovl: let helper ovl_i_path_real() return the realinode
    - ovl: fix null pointer dereference in ovl_get_acl_rcu()
    - Upstream stable to v6.1.39, v6.3.13, v6.4.4

* Lunar update: upstream stable patchset 2023-09-01 (LP: #2033931)
    - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed
    - test_firmware: Use kstrtobool() instead of strtobool()
    - cgroup: bpf: use cgroup_lock()/cgroup_unlock() wrappers
    - cgroup: always put cset in cgroup_css_set_put_fork
    - cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks()
    - qcom: llcc/edac: Fix the base address used for accessing LLCC banks
    - EDAC/qcom: Get rid of hardcoded register offsets
    - ksmbd: validate smb request protocol id
    - of: overlay: Fix missing of_node_put() in error case of
      init_overlay_changeset()
    - power: supply: ab8500: Fix external_power_changed race
    - power: supply: sc27xx: Fix external_power_changed race
    - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() +
      schedule()
    - ARM: dts: vexpress: add missing cache properties
    - tools: gpio: fix debounce_period_us output of lsgpio
    - selftests: gpio: gpio-sim: Fix BUG: test FAILED due to recent change
    - power: supply: Ratelimit no data debug output
    - PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports
    - platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0
    - regulator: Fix error checking for debugfs_create_dir
    - irqchip/gic-v3: Disable pseudo NMIs on Mediatek devices w/ firmware issues
    - irqchip/meson-gpio: Mark OF related data as maybe unused
    - power: supply: Fix logic checking if system is running from battery
    - drm: panel-orientation-quirks: Change Air's quirk to support Air Plus
    - btrfs: scrub: try harder to mark RAID56 block groups read-only
    - btrfs: handle memory allocation failure in btrfs_csum_one_bio
    - ASoC: soc-pcm: test if a BE can be prepared
    - ASoC: Intel: avs: Account for UID of ACPI device
    - ASoC: Intel: avs: Add missing checks on FE startup
    - parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu()
    - parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()
    - MIPS: unhide PATA_PLATFORM
    - MIPS: Restore Au1300 support
    - MIPS: Alchemy: fix dbdma2
    - mips: Move initrd_start check after initrd address sanitisation.
    - ASoC: cs35l41: Fix default regmap values for some registers
    - ASoC: dwc: move DMA init to snd_soc_dai_driver probe()
    - xen/blkfront: Only check REQ_FUA for writes
    - drm:amd:amdgpu: Fix missing buffer object unlock in failure path
    - io_uring: unlock sqd->lock before sq thread release CPU
    - NVMe: Add MAXIO 1602 to bogus nid list.
    - irqchip/gic: Correctly validate OF quirk descriptors
    - wifi: cfg80211: fix locking in regulatory disconnect
    - wifi: cfg80211: fix double lock bug in reg_wdev_chan_valid()
    - epoll: ep_autoremove_wake_function should use list_del_init_careful
    - ocfs2: fix use-after-free when unmounting read-only filesystem
    - ocfs2: check new file size on fallocate call
    - zswap: do not shrink if cgroup may not zswap
    - nios2: dts: Fix tse_mac "max-frame-size" property
    - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key()
    - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
    - nilfs2: reject devices with insufficient block count
    - LoongArch: Fix perf event id calculation
    - io_uring/net: save msghdr->msg_control for retries
    - kexec: support purgatories with .text.hot sections
    - x86/purgatory: remove PGO flags
    - riscv/purgatory: remove PGO flags
    - powerpc/purgatory: remove PGO flags
    - btrfs: do not ASSERT() on duplicated global roots
    - btrfs: fix iomap_begin length for nocow writes
    - btrfs: can_nocow_file_extent should pass down args->strict from callers
    - ALSA: usb-audio: Fix broken resume due to UAC3 power state
    - ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD
      playback
    - dm thin metadata: check fail_io before using data_sm
    - dm thin: fix issue_discard to pass GFP_NOIO to __blkdev_issue_discard
    - net: ethernet: stmicro: stmmac: fix possible memory leak in __stmmac_open
    - nouveau: fix client work fence deletion race
    - RDMA/uverbs: Restrict usage of privileged QKEYs
    - drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1
    - net: usb: qmi_wwan: add support for Compal RXM-G1
    - drm/amd: Make sure image is written to trigger VBIOS image update flow
    - drm/amd: Tighten permissions on VBIOS flashing attributes
    - drm/amd/pm: workaround for compute workload type on some skus
    - drm/amdgpu: add missing radeon secondary PCI ID
    - ALSA: hda/realtek: Add a quirk for Compaq N14JP6
    - thunderbolt: dma_test: Use correct value for absent rings when creating
      paths
    - thunderbolt: Mask ring interrupt on Intel hardware as well
    - clk: pxa: fix NULL pointer dereference in pxa3xx_clk_update_accr
    - USB: serial: option: add Quectel EM061KGL series
    - serial: lantiq: add missing interrupt ack
    - usb: typec: ucsi: Fix command cancellation
    - usb: typec: Fix fast_role_swap_current show function
    - usb: gadget: udc: core: Offload usb_udc_vbus_handler processing
    - usb: gadget: udc: core: Prevent soft_connect_store() race
    - USB: dwc3: qcom: fix NULL-deref on suspend
    - USB: dwc3: fix use-after-free on core driver unbind
    - usb: dwc3: gadget: Reset num TRBs before giving back the request
    - RDMA/rtrs: Fix the last iu->buf leak in err path
    - RDMA/rtrs: Fix rxe_dealloc_pd warning
    - RDMA/rxe: Fix packet length checks
    - RDMA/rxe: Fix ref count error in check_rkey()
    - spi: cadence-quadspi: Add missing check for dma_set_mask
    - spi: fsl-dspi: avoid SCK glitches with continuous transfers
    - netfilter: nf_tables: integrate pipapo into commit protocol
    - netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
    - ice: Fix XDP memory leak when NIC is brought up and down
    - net: enetc: correct the indexes of highest and 2nd highest TCs
    - ping6: Fix send to link-local addresses with VRF.
    - igb: Fix extts capture value format for 82580/i354/i350
    - net/sched: simplify tcf_pedit_act
    - net/sched: act_pedit: remove extra check for key type
    - net/sched: act_pedit: Parse L3 Header for L4 offset
    - octeontx2-af: Fix promiscuous mode
    - wifi: mac80211: fix link activation settings order
    - wifi: cfg80211: fix link del callback to call correct handler
    - wifi: mac80211: take lock before setting vif links
    - RDMA/rxe: Fix the use-before-initialization error of resp_pkts
    - iavf: remove mask from iavf_irq_enable_queues()
    - octeontx2-af: fixed resource availability check
    - octeontx2-af: fix lbk link credits on cn10k
    - RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions
    - RDMA/mlx5: Create an indirect flow table for steering anchor
    - RDMA/cma: Always set static rate to 0 for RoCE
    - IB/uverbs: Fix to consider event queue closing also upon non-blocking mode
    - RDMA/mlx5: Fix affinity assignment
    - IB/isert: Fix dead lock in ib_isert
    - IB/isert: Fix possible list corruption in CMA handler
    - IB/isert: Fix incorrect release of isert connection
    - net: ethtool: correct MAX attribute value for stats
    - ipvlan: fix bound dev checking for IPv6 l3s mode
    - sctp: fix an error code in sctp_sf_eat_auth()
    - igc: Clean the TX buffer and TX descriptor ring
    - igc: Fix possible system crash when loading module
    - igb: fix nvm.ops.read() error handling
    - net: phylink: report correct max speed for QUSGMII
    - net: phylink: use a dedicated helper to parse usgmii control word
    - drm/nouveau: don't detect DSM for non-NVIDIA device
    - drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow
    - drm/nouveau/dp: check for NULL nv_connector->native_mode
    - drm/nouveau: add nv_encoder pointer check for NULL
    - selftests/tc-testing: Fix Error: Specified qdisc kind is unknown.
    - selftests/tc-testing: Fix Error: failed to find target LOG
    - selftests/tc-testing: Fix SFB db test
    - sched: add new attr TCA_EXT_WARN_MSG to report tc extact message
    - net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs
    - net/sched: qdisc_destroy() old ingress and clsact Qdiscs before grafting
    - selftests: forwarding: hw_stats_l3: Set addrgenmode in a separate step
    - cifs: fix lease break oops in xfstest generic/098
    - ext4: drop the call to ext4_error() from ext4_get_group_info()
    - net/sched: cls_api: Fix lockup on flushing explicitly created chain
    - net: dsa: felix: fix taprio guard band overflow at 10Mbps with jumbo frames
    - net: lapbether: only support ethernet devices
    - net: macsec: fix double free of percpu stats
    - sfc: fix XDP queues mode with legacy IRQ
    - dm: don't lock fs when the map is NULL during suspend or resume
    - net: tipc: resize nlattr array to correct size
    - selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
    - octeon_ep: Add missing check for ioremap
    - afs: Fix vlserver probe RTT handling
    - parisc: Delete redundant register definitions in <asm/assembly.h>
    - net/sched: act_api: move TCA_EXT_WARN_MSG to the correct hierarchy
    - Revert "net/sched: act_api: move TCA_EXT_WARN_MSG to the correct hierarchy"
    - net/sched: act_api: add specific EXT_WARN_MSG for tc action
    - neighbour: delete neigh_lookup_nodev as not used
    - scsi: target: core: Fix error path in target_setup_session()
    - x86/boot/compressed: prefer cc-option for CFLAGS additions
    - MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option
    - MIPS: Prefer cc-option for additions to cflags
    - kbuild: Update assembler calls to use proper flags and language target
    - btrfs: properly enable async discard when switching from RO->RW
    - wifi: mac80211: fragment per STA profile correctly
    - RDMA/rxe: Fix rxe_cq_post
    - blk-cgroup: Flush stats before releasing blkcg_gq
    - Upstream stable to v6.1.35, v6.3.9
    - drm/amd/display: Use dc_update_planes_and_stream
    - drm/amd/display: Add wrapper to call planes and stream update
    - drm/amd/display: fix the system hang while disable PSR
    - tty: serial: fsl_lpuart: make rx_watermark configurable for different
      platforms
    - tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A
    - mm: Fix copy_from_user_nofault().
    - tpm, tpm_tis: Claim locality in interrupt handler
    - tpm_crb: Add support for CRB devices based on Pluton
    - ksmbd: validate command payload size
    - ksmbd: fix out-of-bound read in smb2_write
    - ksmbd: validate session id and tree id in the compound request
    - tick/common: Align tick period during sched_timer setup
    - selftests: mptcp: remove duplicated entries in usage
    - selftests: mptcp: join: fix ShellCheck warnings
    - selftests: mptcp: lib: skip if missing symbol
    - selftests: mptcp: connect: skip transp tests if not supported
    - selftests: mptcp: connect: skip disconnect tests if not supported
    - selftests: mptcp: pm nl: remove hardcoded default limits
    - selftests: mptcp: pm nl: skip fullmesh flag checks if not supported
    - selftests: mptcp: sockopt: relax expected returned size
    - selftests: mptcp: sockopt: skip getsockopt checks if not supported
    - selftests: mptcp: userspace pm: skip if 'ip' tool is unavailable
    - selftests: mptcp: userspace pm: skip if not supported
    - selftests: mptcp: lib: skip if not below kernel version
    - selftests: mptcp: join: use 'iptables-legacy' if available
    - selftests: mptcp: join: helpers to skip tests
    - selftests: mptcp: join: skip check if MIB counter not supported
    - selftests: mptcp: join: support local endpoint being tracked or not
    - selftests: mptcp: join: skip Fastclose tests if not supported
    - selftests: mptcp: join: support RM_ADDR for used endpoints or not
    - selftests: mptcp: join: skip implicit tests if not supported
    - selftests: mptcp: join: skip backup if set flag on ID not supported
    - selftests: mptcp: join: skip fullmesh flag tests if not supported
    - selftests: mptcp: join: skip MPC backups tests if not supported
    - selftests/mount_setattr: fix redefine struct mount_attr build error
    - selftests: mptcp: diag: skip listen tests if not supported
    - selftests: mptcp: sockopt: skip TCP_INQ checks if not supported
    - selftests: mptcp: join: skip test if iptables/tc cmds fail
    - selftests: mptcp: join: skip userspace PM tests if not supported
    - selftests: mptcp: join: skip fail tests if not supported
    - selftests: mptcp: join: fix "userspace pm add & remove address"
    - writeback: fix dereferencing NULL mapping->host on writeback_page_template
    - scripts: fix the gfp flags header path in gfp-translate
    - nilfs2: fix buffer corruption due to concurrent device reads
    - ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep()
    - KVM: Avoid illegal stage2 mapping on invalid memory slot
    - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails
    - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs
    - PCI: hv: Fix a race condition bug in hv_pci_query_relations()
    - Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally"
    - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev
    - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic
    - PCI: hv: Add a per-bus mutex state_lock
    - io_uring/net: clear msg_controllen on partial sendmsg retry
    - io_uring/net: disable partial retries for recvmsg with cmsg
    - mptcp: handle correctly disconnect() failures
    - mptcp: fix possible divide by zero in recvmsg()
    - mptcp: fix possible list corruption on passive MPJ
    - mptcp: consolidate fallback and non fallback state machine
    - cgroup: Do not corrupt task iteration when rebinding subsystem
    - cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex in
      freezer_css_{online,offline}()
    - mmc: litex_mmc: set PROBE_PREFER_ASYNCHRONOUS
    - mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916
    - mmc: meson-gx: remove redundant mmc_request_done() call from irq context
    - mmc: mmci: stm32: fix max busy timeout calculation
    - mmc: sdhci-spear: fix deferred probing
    - mmc: bcm2835: fix deferred probing
    - mmc: sunxi: fix deferred probing
    - bpf: ensure main program has an extable
    - wifi: iwlwifi: pcie: Handle SO-F device for PCI id 0x7AF0
    - spi: spi-geni-qcom: correctly handle -EPROBE_DEFER from dma_request_chan()
    - regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK
    - regmap: spi-avmm: Fix regmap_bus max_raw_write
    - arm64: dts: rockchip: Fix rk356x PCIe register and range mappings
    - nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
    - x86/mm: Avoid using set_pgd() outside of real PGD pages
    - memfd: check for non-NULL file_seals in memfd_create() syscall
    - mmc: meson-gx: fix deferred probing
    - ieee802154: hwsim: Fix possible memory leaks
    - xfrm: Treat already-verified secpath entries as optional
    - xfrm: Ensure policies always checked on XFRM-I input path
    - KVM: arm64: PMU: Restore the host's PMUSERENR_EL0
    - bpf: track immediate values written to stack by BPF_ST instruction
    - bpf: Fix verifier id tracking of scalars on spill
    - xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets
    - bpf: Fix a bpf_jit_dump issue for x86_64 with sysctl bpf_jit_enable.
    - selftests: net: tls: check if FIPS mode is enabled
    - selftests: net: vrf-xfrm-tests: change authentication and encryption algos
    - selftests: net: fcnal-test: check if FIPS mode is enabled
    - xfrm: Linearize the skb after offloading if needed.
    - net/mlx5: DR, Fix wrong action data allocation in decap action
    - sfc: use budget for TX completions
    - net: qca_spi: Avoid high load if QCA7000 is not available
    - mmc: mtk-sd: fix deferred probing
    - mmc: mvsdio: fix deferred probing
    - mmc: omap: fix deferred probing
    - mmc: omap_hsmmc: fix deferred probing
    - mmc: owl: fix deferred probing
    - mmc: sdhci-acpi: fix deferred probing
    - mmc: sh_mmcif: fix deferred probing
    - mmc: usdhi60rol0: fix deferred probing
    - ipvs: align inner_mac_header for encapsulation
    - net: dsa: mt7530: fix trapping frames on non-MT7621 SoC MT7530 switch
    - net: dsa: mt7530: fix handling of BPDUs on MT7530 switch
    - net: dsa: mt7530: fix handling of LLDP frames
    - be2net: Extend xmit workaround to BE3 chip
    - netfilter: nf_tables: drop map element references from preparation phase
    - netfilter: nft_set_pipapo: .walk does not deal with generations
    - netfilter: nf_tables: disallow element updates of bound anonymous sets
    - netfilter: nf_tables: reject unbound anonymous set before commit phase
    - netfilter: nf_tables: reject unbound chain set before commit phase
    - netfilter: nf_tables: disallow updates of anonymous sets
    - netfilter: nfnetlink_osf: fix module autoload
    - Revert "net: phy: dp83867: perform soft reset and retain established link"
    - bpf/btf: Accept function names that contain dots
    - bpf: Force kprobe multi expected_attach_type for kprobe_multi link
    - io_uring/net: use the correct msghdr union member in io_sendmsg_copy_hdr
    - selftests: forwarding: Fix race condition in mirror installation
    - platform/x86/amd/pmf: Register notify handler only if SPS is enabled
    - sch_netem: acquire qdisc lock in netem_change()
    - revert "net: align SO_RCVMARK required privileges with SO_MARK"
    - arm64: dts: rockchip: fix nEXTRST on SOQuartz
    - gpiolib: Fix GPIO chip IRQ initialization restriction
    - gpio: sifive: add missing check for platform_get_irq
    - gpiolib: Fix irq_domain resource tracking for gpiochip_irqchip_add_domain()
    - scsi: target: iscsi: Prevent login threads from racing between each other
    - HID: wacom: Add error check to wacom_parse_and_register()
    - arm64: Add missing Set/Way CMO encodings
    - smb3: missing null check in SMB2_change_notify
    - media: cec: core: disable adapter in cec_devnode_unregister
    - media: cec: core: don't set last_initiator if tx in progress
    - nfcsim.c: Fix error checking for debugfs_create_dir
    - btrfs: fix an uninitialized variable warning in btrfs_log_inode
    - usb: gadget: udc: fix NULL dereference in remove()
    - nvme: double KA polling frequency to avoid KATO with TBKAS on
    - nvme: check IO start time when deciding to defer KA
    - nvme: improve handling of long keep alives
    - Input: soc_button_array - add invalid acpi_index DMI quirk handling
    - arm64: dts: qcom: sc7280-idp: drop incorrect dai-cells from WCD938x SDW
    - arm64: dts: qcom: sc7280-qcard: drop incorrect dai-cells from WCD938x SDW
    - s390/cio: unregister device when the only path is gone
    - spi: lpspi: disable lpspi module irq in DMA mode
    - ASoC: codecs: wcd938x-sdw: do not set can_multi_write flag
    - ASoC: simple-card: Add missing of_node_put() in case of error
    - soundwire: dmi-quirks: add new mapping for HP Spectre x360
    - soundwire: qcom: add proper error paths in qcom_swrm_startup()
    - ASoC: nau8824: Add quirk to active-high jack-detect
    - ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x
    - gfs2: Don't get stuck writing page onto itself under direct I/O
    - s390/purgatory: disable branch profiling
    - ASoC: fsl_sai: Enable BCI bit if SAI works on synchronous mode with BYP
      asserted
    - ALSA: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the
      ALC256
    - i2c: mchp-pci1xxxx: Avoid cast to incompatible function type
    - ARM: dts: Fix erroneous ADS touchscreen polarities
    - null_blk: Fix: memory release when memory_backed=1
    - drm/exynos: vidi: fix a wrong error return
    - drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
    - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
    - vhost_vdpa: tell vqs about the negotiated
    - vhost_net: revert upend_idx only on retriable error
    - KVM: arm64: Restore GICv2-on-GICv3 functionality
    - x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys
    - i2c: imx-lpi2c: fix type char overflow issue when calculating the clock
      cycle
    - smb: move client and server files to common directory fs/smb
    - [Config] updateconfigs for SMBFS_COMMON
    - cifs: fix status checks in cifs_tree_connect
    - udmabuf: revert 'Add support for mapping hugepages (v4)'
    - selftests: mptcp: connect: skip TFO tests if not supported
    - selftests: mptcp: join: skip PM listener tests if not supported
    - selftests: mptcp: join: uniform listener tests
    - block: make sure local irq is disabled when calling __blkcg_rstat_flush
    - xfrm: add missed call to delete offloaded policies
    - net: dsa: introduce preferred_default_local_cpu_port and use on MT7530
    - iommu/amd: Fix possible memory leak of 'domain'
    - Upstream stable to v6.1.36, v6.3.10
    - mm/mmap: Fix error path in do_vmi_align_munmap()
    - mm/mmap: Fix error return in do_vmi_align_munmap()
    - mptcp: ensure listener is unhashed before updating the sk status
    - x86/microcode/AMD: Load late on both threads too
    - x86/smp: Remove pointless wmb()s from native_stop_other_cpus()
    - x86/smp: Use dedicated cache-line for mwait_play_dead()
    - x86/smp: Cure kexec() vs. mwait_play_dead() breakage
    - can: isotp: isotp_sendmsg(): fix return error fix on TX path
    - maple_tree: fix potential out-of-bounds access in mas_wr_end_piv()
    - fbdev: fix potential OOB read in fast_imageblit()
    - HID: hidraw: fix data race on device refcount
    - HID: wacom: Use ktime_t rather than int when dealing with timestamps
    - HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651.
    - Revert "thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak
      in mtk_thermal_probe"
    - sparc32: fix lock_mm_and_find_vma() conversion
    - parisc: fix expand_stack() conversion
    - csky: fix up lock_mm_and_find_vma() conversion
    - xtensa: fix NOMMU build with lock_mm_and_find_vma() conversion
    - Upstream stable to v6.1.37, v6.3.11
    - xtensa: fix lock_mm_and_find_vma in case VMA not found
    - drm/amd/display: Do not update DRR while BW optimizations pending
    - PCI/ACPI: Validate acpi_pci_set_power_state() parameter
    - PCI/ACPI: Call _REG when transitioning D-states
    - execve: always mark stack as growing down during early stack setup
    - nubus: Partially revert proc_create_single_data() conversion
    - perf symbols: Symbol lookup with kcore can fail if multiple segments match
      stext
    - scripts/tags.sh: Resolve gtags empty index generation
    - docs: Set minimal gtags / GNU GLOBAL version to 6.6.5
    - drm/amdgpu: Validate VM ioctl flags.
    - drm/amd/display: Ensure vmin and vmax adjust for DCE
    - Upstream stable to v6.1.38, v6.3.12

* allow io_uring to be disabled in runtime (LP: #2035116)
    - io_uring: add a sysctl to disable io_uring system-wide

* CVE-2023-31083
    - Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO

* CVE-2023-4132
    - media: usb: siano: Fix warning due to null work_func_t function pointer

* CVE-2023-3863
    - net: nfc: Fix use-after-free caused by nfc_llcp_find_local

* CVE-2023-3772
    - xfrm: add NULL check in xfrm_update_ae_params

* Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

-- Roxana Nicolescu <roxana.nicolescu@canonical.com>  Mon, 02 Oct 2023 17:24:25 +0200

Changed in linux (Ubuntu Lunar):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-10-30:

#15

This bug is awaiting verification that the linux-riscv/6.2.0-36.37.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-lunar-linux-riscv' to 'verification-done-lunar-linux-riscv'. If the problem still exists, change the tag 'verification-needed-lunar-linux-riscv' to 'verification-failed-lunar-linux-riscv'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-lunar-linux-riscv-v2 verification-needed-lunar-linux-riscv

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-10-30:

#16

This bug is awaiting verification that the linux-starfive-6.2/6.2.0-1008.9~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-starfive-6.2' to 'verification-done-jammy-linux-starfive-6.2'. If the problem still exists, change the tag 'verification-needed-jammy-linux-starfive-6.2' to 'verification-failed-jammy-linux-starfive-6.2'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-starfive-6.2-v2 verification-needed-jammy-linux-starfive-6.2

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-10-30:

#17

This bug is awaiting verification that the linux-iot/5.4.0-1025.26 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-iot' to 'verification-done-focal-linux-iot'. If the problem still exists, change the tag 'verification-needed-focal-linux-iot' to 'verification-failed-focal-linux-iot'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-focal-linux-iot-v2 verification-needed-focal-linux-iot

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-10-30:

#18

This bug is awaiting verification that the linux-bluefield/5.15.0-1029.31 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-bluefield' to 'verification-done-jammy-linux-bluefield'. If the problem still exists, change the tag 'verification-needed-jammy-linux-bluefield' to 'verification-failed-jammy-linux-bluefield'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-bluefield-v2 verification-needed-jammy-linux-bluefield

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-10-30:

#19

This bug is awaiting verification that the linux-intel-iotg/5.15.0-1044.50 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-intel-iotg' to 'verification-done-jammy-linux-intel-iotg'. If the problem still exists, change the tag 'verification-needed-jammy-linux-intel-iotg' to 'verification-failed-jammy-linux-intel-iotg'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-intel-iotg-v2 verification-needed-jammy-linux-intel-iotg

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-10-30:

#20

This bug is awaiting verification that the linux-oracle/6.2.0-1015.15 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-lunar-linux-oracle' to 'verification-done-lunar-linux-oracle'. If the problem still exists, change the tag 'verification-needed-lunar-linux-oracle' to 'verification-failed-lunar-linux-oracle'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-10-30:

#21

This bug is awaiting verification that the linux-raspi/5.15.0-1042.45 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-raspi' to 'verification-done-jammy-linux-raspi'. If the problem still exists, change the tag 'verification-needed-jammy-linux-raspi' to 'verification-failed-jammy-linux-raspi'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:	added: kernel-spammed-lunar-linux-oracle-v2 verification-needed-lunar-linux-oracle
tags:	added: kernel-spammed-jammy-linux-raspi-v2 verification-needed-jammy-linux-raspi

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-10-30:

#23

This bug is awaiting verification that the linux-intel-iot-realtime/5.15.0-1042.44 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-intel-iot-realtime' to 'verification-done-jammy-linux-intel-iot-realtime'. If the problem still exists, change the tag 'verification-needed-jammy-linux-intel-iot-realtime' to 'verification-failed-jammy-linux-intel-iot-realtime'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-intel-iot-realtime-v2 verification-needed-jammy-linux-intel-iot-realtime

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-10-30:

#24

This bug is awaiting verification that the linux-oracle-6.2/6.2.0-1015.15~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-oracle-6.2' to 'verification-done-jammy-linux-oracle-6.2'. If the problem still exists, change the tag 'verification-needed-jammy-linux-oracle-6.2' to 'verification-failed-jammy-linux-oracle-6.2'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-oracle-6.2-v2 verification-needed-jammy-linux-oracle-6.2

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-11-01:

#25

This bug is awaiting verification that the linux-nvidia-tegra/5.15.0-1019.19 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-nvidia-tegra' to 'verification-done-jammy-linux-nvidia-tegra'. If the problem still exists, change the tag 'verification-needed-jammy-linux-nvidia-tegra' to 'verification-failed-jammy-linux-nvidia-tegra'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-nvidia-tegra-v2 verification-needed-jammy-linux-nvidia-tegra

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-11-09:

#26

This bug is awaiting verification that the linux-gcp-tcpx/5.15.0-1002.2 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-gcp-tcpx' to 'verification-done-focal-linux-gcp-tcpx'. If the problem still exists, change the tag 'verification-needed-focal-linux-gcp-tcpx' to 'verification-failed-focal-linux-gcp-tcpx'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-focal-linux-gcp-tcpx-v2 verification-needed-focal-linux-gcp-tcpx

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-11-09:

#27

This bug is awaiting verification that the linux-xilinx-zynqmp/5.15.0-1025.29 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-xilinx-zynqmp' to 'verification-done-jammy-linux-xilinx-zynqmp'. If the problem still exists, change the tag 'verification-needed-jammy-linux-xilinx-zynqmp' to 'verification-failed-jammy-linux-xilinx-zynqmp'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-xilinx-zynqmp-v2 verification-needed-jammy-linux-xilinx-zynqmp

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-11-10:

#28

This bug is awaiting verification that the linux-nvidia-tegra-igx/5.15.0-1006.6 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-nvidia-tegra-igx' to 'verification-done-jammy-linux-nvidia-tegra-igx'. If the problem still exists, change the tag 'verification-needed-jammy-linux-nvidia-tegra-igx' to 'verification-failed-jammy-linux-nvidia-tegra-igx'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-nvidia-tegra-igx-v2 verification-needed-jammy-linux-nvidia-tegra-igx

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-11-15:

#29

This bug is awaiting verification that the linux-nvidia-tegra-5.15/5.15.0-1019.19~20.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-nvidia-tegra-5.15' to 'verification-done-focal-linux-nvidia-tegra-5.15'. If the problem still exists, change the tag 'verification-needed-focal-linux-nvidia-tegra-5.15' to 'verification-failed-focal-linux-nvidia-tegra-5.15'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-focal-linux-nvidia-tegra-5.15-v2 verification-needed-focal-linux-nvidia-tegra-5.15

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-12-04:

#30

This bug is awaiting verification that the linux-azure-fips/5.15.0-1053.61+fips1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-azure-fips' to 'verification-done-jammy-linux-azure-fips'. If the problem still exists, change the tag 'verification-needed-jammy-linux-azure-fips' to 'verification-failed-jammy-linux-azure-fips'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-azure-fips-v2 verification-needed-jammy-linux-azure-fips

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-03-01:

#31

This bug is awaiting verification that the linux-mtk/5.15.0-1030.34 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-mtk' to 'verification-done-jammy-linux-mtk'. If the problem still exists, change the tag 'verification-needed-jammy-linux-mtk' to 'verification-failed-jammy-linux-mtk'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-mtk-v2 verification-needed-jammy-linux-mtk

Ubuntu
linux-gcp package

Avoid address overwrite in kernel_connect

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	Undecided	Unassigned
Focal	Fix Released	Medium	Unassigned
Jammy	Fix Released	Medium	Unassigned
Lunar	Fix Released	Medium	Unassigned
linux-gcp (Ubuntu)	Fix Released	Undecided	Unassigned
Focal	Fix Released	Undecided	John Cabaj
Jammy	Fix Released	Undecided	John Cabaj
Lunar	Fix Released	Undecided	John Cabaj
Mantic	Fix Released	Undecided	Unassigned
linux-gke (Ubuntu)	Invalid	Undecided	Unassigned
Jammy	Fix Released	Undecided	John Cabaj
linux-gkeop (Ubuntu)	Fix Released	Undecided	Unassigned
Jammy	Fix Released	Undecided	Unassigned

Ubuntulinux-gcp package

Avoid address overwrite in kernel_connect

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux-gcp package