Jammy update: v6.1.54 upstream stable release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-oem-6.1 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
v6.1.54 upstream stable release
from git://git.
Linux 6.1.54
drm/amd/display: Fix a bug when searching for insert_above_mpcc
MIPS: Only fiddle with CHECKFLAGS if `need-compiler'
kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
ixgbe: fix timestamp configuration code
tcp: Fix bind() regression for v4-mapped-v6 non-wildcard address.
tcp: Fix bind() regression for v4-mapped-v6 wildcard address.
tcp: Factorise sk_family-
ipv6: Remove in6addr_any alternatives.
ipv6: fix ip6_sock_
net: macb: fix sleep inside spinlock
net: macb: Enable PTP unicast
net/tls: do not free tls_rec on async operation in bpf_exec_
platform/mellanox: NVSW_SN2201 should depend on ACPI
platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events
platform/mellanox: mlxbf-pmc: Fix potential buffer overflows
platform/mellanox: mlxbf-tmfifo: Drop jumbo frames
platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors
kcm: Fix memory leak in error path of kcm_sendmsg()
r8152: check budget for r8152_poll()
net: dsa: sja1105: block FDB accesses that are concurrent with a switch reset
net: dsa: sja1105: serialize sja1105_
net: dsa: sja1105: fix multicast forwarding working only for last added mdb entry
net: dsa: sja1105: propagate exact error code from sja1105_
net: dsa: sja1105: hide all multicast addresses from "bridge fdb show"
net:ethernet:
net: ethernet: adi: adin1110: use eth_broadcast_
hsr: Fix uninit-value access in fill_frame_info()
net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_
net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_
net: stmmac: fix handling of zero coalescing tx-usecs
net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add
selftests: Keep symlinks, when possible
kselftest/
net: ipv4: fix one memleak in __inet_del_ifa()
kunit: Fix wild-memory-access bug in kunit_free_
drm/amdgpu: register a dirty framebuffer callback for fbcon
drm/amd/display: Remove wait while locked
drm/amd/display: always switch off ODM before committing more streams
perf hists browser: Fix the number of entries for 'e' key
perf tools: Handle old data in PERF_RECORD_ATTR
perf test shell stat_bpf_counters: Fix test on Intel
perf hists browser: Fix hierarchy mode header
MIPS: Fix CONFIG_
KVM: SVM: Skip VMSA init in sev_es_init_vmcb() if pointer is NULL
KVM: SVM: Set target pCPU during IRTE update if target vCPU is running
KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state
KVM: nSVM: Check instead of asserting on nested TSC scaling support
KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration
KVM: SVM: Don't inject #UD if KVM attempts to skip SEV guest insn
KVM: SVM: Take and hold ir_list_lock when updating vCPU's Physical ID entry
drm/amd/display: prevent potential division by zero errors
drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma
mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller
mtd: rawnand: brcmnand: Fix potential false time out warning
mtd: spi-nor: Correct flags for Winbond w25q128
mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write
mtd: rawnand: brcmnand: Fix crash during the panic_write
drm/mxsfb: Disable overlay plane in mxsfb_plane_
btrfs: use the correct superblock to compare fsid in btrfs_validate_
btrfs: zoned: re-enable metadata over-commit for zoned mode
btrfs: set page extent mapped after read_folio in relocate_one_page
btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART
btrfs: free qgroup rsv on io failure
btrfs: fix start transaction qgroup rsv double free
btrfs: zoned: do not zone finish data relocation block group
fuse: nlookup missing decrement in fuse_direntplus
ata: pata_ftide010: Add missing MODULE_DESCRIPTION
ata: sata_gemini: Add missing MODULE_DESCRIPTION
ata: pata_falcon: fix IO base selection for Q40
ata: ahci: Add Elkhart Lake AHCI controller
hwspinlock: qcom: add missing regmap config for SFPB MMIO implementation
lib: test_scanf: Add explicit type cast to result initialization in test_number_
f2fs: avoid false alarm of circular locking
f2fs: flush inode if atomic file is aborted
ext4: fix memory leaks in ext4_fname_
ext4: add correct group descriptors and reserved GDT blocks to system zone
jbd2: correct the end of the journal recovery scan range
jbd2: check 'jh->b_transaction' before removing it from checkpoint
jbd2: fix checkpoint cleanup performance regression
dmaengine: sh: rz-dmac: Fix destination and source data size setting
clocksource/
ARC: atomics: Add compiler barrier to atomic operations...
net/mlx5: Free IRQ rmap and notifier on kernel shutdown
Multi-gen LRU: avoid race in inc_min_seq()
sh: boards: Fix CEU buffer size passed to dma_declare_
net: hns3: remove GSO partial feature bit
net: hns3: fix the port information display when sfp is absent
net: hns3: fix invalid mutex between tc qdisc and dcb ets command issue
net: hns3: fix debugfs concurrency issue between kfree buffer and read
net: hns3: fix byte order conversion issue in hclge_dbg_
net: hns3: fix tx timeout issue
netfilter: nfnetlink_osf: avoid OOB read
netfilter: nftables: exthdr: fix 4-byte stack OOB write
bpf: Assign bpf_tramp_
bpf: Invoke __bpf_prog_
bpf: Remove prog->active check for bpf_lsm and bpf_iter
net: dsa: sja1105: complete tc-cbs offload support on SJA1110
net: dsa: sja1105: fix -ENOSPC when replacing the same tc-cbs too many times
net: dsa: sja1105: fix bandwidth discrepancy between tc-cbs software and offload
ip_tunnels: use DEV_STATS_INC()
idr: fix param name in idr_alloc_cyclic() doc
s390/zcrypt: don't leak memory if dev_set_name() fails
igb: Change IGB_MIN to allow set rx/tx value between 64 and 80
igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80
igc: Change IGC_MIN to allow set rx/tx value between 64 and 80
octeontx2-af: Fix truncation of smq in CN10K NIX AQ enqueue mbox handler
kcm: Destroy mutex in kcm_exit_net()
net: sched: sch_qfq: Fix UAF in qfq_dequeue()
af_unix: Fix data race around sk->sk_err.
af_unix: Fix data-races around sk->sk_shutdown.
af_unix: Fix data-race around unix_tot_inflight.
af_unix: Fix data-races around user->unix_
bpf, sockmap: Fix skb refcnt race after locking changes
net: phy: micrel: Correct bit assignments for phy_device flags
net: ipv6/addrconf: avoid integer underflow in ipv6_create_
veth: Fixing transmit return status for dropped packets
gve: fix frag_list chaining
igb: disable virtualization features on 82580
ipv6: ignore dst hint for multipath routes
ipv4: ignore dst hint for multipath routes
mptcp: annotate data-races around msk->rmem_fwd_alloc
net: annotate data-races around sk->sk_
net: use sk_forward_
drm/i915/gvt: Drop unused helper intel_vgpu_
drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn()
drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page"
xsk: Fix xsk_diag use-after-free error during socket cleanup
net: fib: avoid warn splat in flow dissector
net: read sk->sk_family once in sk_mc_loop()
ipv4: annotate data-races around fi->fib_dead
sctp: annotate data-races around sk->sk_wmem_queued
net/sched: fq_pie: avoid stalls in fq_pie_timer()
smb: propagate error code of extract_sharename()
cifs: use fs_context for automounts
blk-throttle: consider 'carryover_
blk-throttle: use calculate_
drm/i915: mark requests for GuC virtual engines to avoid use-after-free
perf test stat_bpf_
perf test stat_bpf_
pwm: lpc32xx: Remove handling of PWM channels
watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
perf top: Don't pass an ERR_PTR() directly to perf_session_
perf vendor events: Drop STORES_PER_INST metric event for power10 platform
perf vendor events: Drop some of the JSON/events for power10 platform
perf vendor events: Update the JSON/events descriptions for power10 platform
x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm()
perf annotate bpf: Don't enclose non-debug code with an assert()
Input: tca6416-keypad - fix interrupt enable disbalance
Input: tca6416-keypad - always expect proper IRQ number in i2c client
backlight: gpio_backlight: Drop output GPIO direction check for initial power state
pwm: atmel-tcb: Fix resource freeing in error path and remove
pwm: atmel-tcb: Harmonize resource allocation order
pwm: atmel-tcb: Convert to platform remove callback returning void
perf trace: Really free the evsel->priv area
perf trace: Use zfree() to reduce chances of use after free
Input: iqs7222 - configure power mode before triggering ATI
kconfig: fix possible buffer overflow
mailbox: qcom-ipcc: fix incorrect num_chans counting
gfs2: low-memory forced flush fixes
gfs2: Switch to wait_event in gfs2_logd
tpm_crb: Fix an error handling path in crb_acpi_add()
kbuild: do not run depmod for 'make modules_sign'
kbuild: rpm-pkg: define _arch conditionally
net: deal with integer overflows in kmalloc_reserve()
net: factorize code in kmalloc_reserve()
net: remove osize variable in __alloc_skb()
net: add SKB_HEAD_ALIGN() helper
bus: mhi: host: Skip MHI reset if device is in RDDM
NFSv4/pnfs: minor fix for cleanup path in nfs4_get_
NFS: Fix a potential data corruption
clk: qcom: mss-sc7180: fix missing resume during probe
clk: qcom: q6sstop-qcs404: fix missing resume during probe
clk: qcom: lpasscc-sc7280: fix missing resume during probe
clk: qcom: dispcc-sm8450: fix runtime PM imbalance on probe errors
soc: qcom: qmi_encdec: Restrict string length in decode
clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
clk: imx: pll14xx: align pdiv with reference manual
clk: imx: pll14xx: dynamically configure PLL for 393216000/
dt-bindings: clock: xlnx,versal-clk: drop select:false
pinctrl: cherryview: fix address_
cifs: update desired access while requesting for directory lease
parisc: led: Reduce CPU overhead for disk & lan LED computation
parisc: led: Fix LAN receive and transmit LEDs
lib/test_meminit: allocate pages up to order MAX_ORDER
mm: hugetlb_vmemmap: fix a race between vmemmap pmd split
memcg: drop kmem.limit_in_bytes
send channel sequence number in SMB3 requests after reconnects
arm64: dts: renesas: rzg2l: Fix txdv-skew-psec typos
clk: qcom: turingcc-qcs404: fix missing resume during probe
ASoC: tegra: Fix SFC conversion for few rates
drm/ast: Fix DRAM init on AST2200
clk: qcom: camcc-sc7180: fix async resume during probe
fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
null_blk: fix poll request timeout handling
scsi: qla2xxx: Fix firmware resource tracking
scsi: qla2xxx: Error code did not return to upper layer
scsi: qla2xxx: Fix smatch warn for qla_init_
scsi: qla2xxx: Flush mailbox commands on chip reset
scsi: qla2xxx: Remove unsupported ql2xenabledif option
scsi: qla2xxx: Fix TMF leak through
scsi: qla2xxx: Fix session hang in gnl
scsi: qla2xxx: Turn off noisy message log
scsi: qla2xxx: Fix erroneous link up failure
scsi: qla2xxx: Fix command flush during TMF
scsi: qla2xxx: fix inconsistent TMF timeout
scsi: qla2xxx: Fix deletion race condition
scsi: qla2xxx: Limit TMF to 8 per function
scsi: qla2xxx: Adjust IOCB resource on qpair create
drm/virtio: Conditionally allocate virtio_gpu_fence
io_uring: Don't set affinity on a dying sqpoll thread
io_uring/sqpoll: fix io-wq affinity when IORING_SETUP_SQPOLL is used
io_uring: break out of iowq iopoll on teardown
io_uring/net: don't overflow multishot accept
io_uring: revert "io_uring fix multishot accept ordering"
io_uring: always lock in io_apoll_task_func
Multi-gen LRU: fix per-zone reclaim
mm: multi-gen LRU: rename lrugen->lists[] to lrugen->folios[]
net/ipv6: SKB symmetric hash should incorporate transport ports
CVE References
Changed in linux-oem-6.1 (Ubuntu): | |
status: | New → Confirmed |
tags: | added: kernel-stable-tracking-bug |
Changed in linux-oem-6.1 (Ubuntu): | |
status: | Confirmed → Fix Released |
This bug was fixed in the package linux-oem-6.1 - 6.1.0-1025.25
---------------
linux-oem-6.1 (6.1.0-1025.25) jammy; urgency=medium
* jammy/linux- oem-6.1: 6.1.0-1025.25 -proposed tracker (LP: #2038056)
* Jammy update: v6.1.57 upstream stable release (LP: #2039174) dai_is_ dummy() symbol error_report in protocol.c device( ) device( ) execution pte_range( ) to queue_folios_ pte_range( ) ra_min_ rtr_lft ra_min_ rtr_lft to affect all RA lifetimes
- spi: zynqmp-gqspi: fix clock imbalance on probe failure
- ASoC: soc-utils: Export snd_soc_
- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates
- mptcp: rename timer related helper to less confusing names
- mptcp: fix dangling connection hang-up
- mptcp: annotate lockless accesses to sk->sk_err
- mptcp: move __mptcp_
- mptcp: process pending subflow error on close
- ata,scsi: do not issue START STOP UNIT on resume
- scsi: sd: Differentiate system and runtime start/stop management
- scsi: sd: Do not issue commands to suspended disks on shutdown
- scsi: core: Improve type safety of scsi_rescan_
- scsi: Do not attempt to rescan suspended devices
- ata: libata-scsi: Fix delayed scsi_rescan_
- NFS: Cleanup unused rpc_clnt variable
- NFS: rename nfs_client_kset to nfs_kset
- NFSv4: Fix a state manager thread deadlock regression
- mm/memory: add vm_normal_folio()
- mm/mempolicy: convert queue_pages_pmd() to queue_folios_pmd()
- mm/mempolicy: convert queue_pages_
- mm/mempolicy: convert migrate_page_add() to migrate_folio_add()
- mm: mempolicy: keep VMA walk if both MPOL_MF_STRICT and MPOL_MF_MOVE are
specified
- mm/page_alloc: always remove pages from temporary list
- mm/page_alloc: leave IRQs enabled for per-cpu page allocations
- mm: page_alloc: fix CMA and HIGHATOMIC landing on the wrong buddy list
- ring-buffer: remove obsolete comment for free_buffer_page()
- ring-buffer: Fix bytes info in per_cpu buffer stats
- btrfs: use struct qstr instead of name and namelen pairs
- btrfs: setup qstr from dentrys using fscrypt helper
- btrfs: use struct fscrypt_str instead of struct qstr
- Revert "NFSv4: Retry LOCK on OLD_STATEID during delegation return"
- arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path
- net: add sysctl accept_
- net: change accept_
- net: release reference to inet6_dev pointer
- arm64: cpufeature: Fix CLRBHB and BC detection
- drm/amd/display: Adjust the MST resume flow
- iommu/arm-smmu-v3: Set TTL invalidation hint better
- iommu/arm-smmu-v3: Avoid constructing invalid range commands
- rbd: move rbd_dev_refresh() definition
- rbd: decouple header read-in from updating rbd_dev->header
- rbd: decouple parent info read-in from updating rbd_dev
- rbd: take header_rwsem in rbd_dev_refresh() only when updating
- block: fix use-after-free of q->q_usage_counter
- hwmon: (nzxt-smart2) Add device id
- hwmon: (nzxt-smart2) add another USB ID
- i40e: fix the wrong PTP frequency calculation
- scsi: zfcp: Fix a double put in zfcp_port_enqueue()
- iommu/vt-d: Avoid memory allocation in iommu_suspen...