Jammy update: v5.15.140 upstream stable release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Medium
|
Portia Stephens |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
v5.15.140 upstream stable release
from git://git.
locking/
perf/core: Bail out early if the request AUX area is out of bound
clocksource/
clocksource/
workqueue: Provide one lock class key per work_on_cpu() callsite
x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
wifi: mac80211_hwsim: fix clang-specific fortify warning
wifi: mac80211: don't return unset power in ieee80211_
atl1c: Work around the DMA RX overflow issue
bpf: Detect IP == ksym.end as part of BPF program
wifi: ath9k: fix clang-specific fortify warnings
wifi: ath10k: fix clang-specific fortify warning
net: annotate data-races around sk->sk_
net: annotate data-races around sk->sk_
wifi: ath10k: Don't touch the CE interrupt registers after power up
Bluetooth: btusb: Add date->evt_skb is NULL check
Bluetooth: Fix double free in hci_conn_cleanup
platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
drm/komeda: drop all currently held locks if deadlock happens
drm/amdkfd: Fix a race condition of vram buffer unref in svm code
drm/amd/display: use full update for clip size increase of large plane source
string.h: add array-wrappers for (v)memdup_user()
kernel: kexec: copy user-array safely
kernel: watch_queue: copy user-array safely
drm: vmwgfx_surface.c: copy user-array safely
drm/msm/dp: skip validity check for DP CTS EDID checksum
drm/amd: Fix UBSAN array-index-
drm/amd: Fix UBSAN array-index-
drm/amdgpu: Fix potential null pointer derefernce
drm/panel: fix a possible null pointer dereference
drm/panel/
drm/amdgpu/vkms: fix a possible null pointer dereference
drm/panel: st7703: Pick different reset sequence
drm/amdkfd: Fix shift out-of-bounds issue
drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size
selftests/efivarfs: create-read: fix a resource leak
ASoC: soc-card: Add storage for PCI SSID
crypto: pcrypt - Fix hungtask for PADATA_RESET
RDMA/hfi1: Use FIELD_GET() to extract Link Width
scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs
scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool
fs/jfs: Add check for negative db_l2nbperpage
fs/jfs: Add validity check for db_maxag and db_agpref
jfs: fix array-index-
jfs: fix array-index-
HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround
ARM: 9320/1: fix stack depot IRQ stack filter
ALSA: hda: Fix possible null-ptr-deref when assigning a stream
PCI: tegra194: Use FIELD_GET(
atm: iphase: Do PCI error checks on own line
scsi: libfc: Fix potential NULL pointer dereference in fc_lport_
PCI: Use FIELD_GET() to extract Link Width
PCI: Extract ATS disabling to a helper function
PCI: Disable ATS for specific Intel IPU E2000 devices
misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller
PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk
HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W
exfat: support handle zero-size directory
tty: vcc: Add check for kstrdup() in vcc_probe()
usb: gadget: f_ncm: Always set current gadget in ncm_bind()
9p/trans_fd: Annotate data-racy writes to file::f_flags
9p: v9fs_listxattr: fix %s null argument warning
i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler
i2c: sun6i-p2wi: Prevent potential division by zero
virtio-blk: fix implicit overflow on virtio_max_dma_size
i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data.
media: gspca: cpia1: shift-out-of-bounds in set_flicker
media: vivid: avoid integer overflow
gfs2: ignore negated quota changes
gfs2: fix an oops in gfs2_permission
media: cobalt: Use FIELD_GET() to extract Link Width
media: ccs: Fix driver quirk struct documentation
media: imon: fix access to invalid resource for the second interface
drm/amd/display: Avoid NULL dereference of timing generator
kgdb: Flush console before entering kgdb on panic
i2c: dev: copy userspace array safely
ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings
drm/qxl: prevent memory leak
drm/amdgpu: fix software pci_unplug on some chips
pwm: Fix double shift bug
wifi: iwlwifi: Use FW rate for non-data frames
tracing: Reuse logic from perf's get_recursion_
tracing/perf: Add interrupt_
sched/core: Optimize in_task() and in_interrupt() a bit
media: cadence: csi2rx: Unregister v4l2 async notifier
media: cec: meson: always include meson sub-directory in Makefile
SUNRPC: ECONNRESET might require a rebind
SUNRPC: Add an IS_ERR() check back to where it was
NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO
SUNRPC: Fix RPC client cleaned up the freed pipefs dentries
gfs2: Silence "suspicious RCU usage in gfs2_permission" warning
mptcp: diag: switch to context structure
mptcp: listen diag dump support
net: inet: Remove count from inet_listen_
net: inet: Open code inet_hash2 and inet_unhash2
net: inet: Retire port only listening_hash
net: set SOCK_RCU_FREE before inserting socket into hashtable
ipvlan: add ipvlan_
tty: Fix uninit-value access in ppp_sync_receive()
net: hns3: fix add VLAN fail issue
net: hns3: refine the definition for struct hclge_pf_to_vf_msg
net: hns3: add byte order conversion for PF to VF mailbox message
net: hns3: add barrier in vf mailbox reply process
net: hns3: fix incorrect capability bit display for copper port
net: hns3: fix variable may not initialized problem in hns3_init_
net: hns3: fix VF reset fail issue
net: hns3: fix VF wrong speed and duplex issue
tipc: Fix kernel-infoleak due to uninitialized TLV value
ppp: limit MRU to 64K
xen/events: fix delayed eoi list handling
ptp: annotate data-race around q->head and q->tail
bonding: stop the device in bond_setup_
net: ethernet: cortina: Fix max RX frame define
net: ethernet: cortina: Handle large frames
net: ethernet: cortina: Fix MTU max setting
af_unix: fix use-after-free in unix_stream_
netfilter: nf_conntrack_
netfilter: nf_tables: use the correct get/put helpers
netfilter: nf_tables: add and use BE register load-store helpers
netfilter: nf_tables: fix pointer math issue in nft_byteorder_
net: stmmac: fix rx budget limit check
net/mlx5e: Remove incorrect addition of action fwd flag
net/mlx5e: Move mod hdr allocation to a single place
net/mlx5e: Refactor mod header management API
net/mlx5e: Fix pedit endianness
net/mlx5e: Reduce the size of icosq_str
net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors
macvlan: Don't propagate promisc change to lower dev in passthru
tools/power/
tools/power/
cifs: spnego: add ';' in HOST_KEY_LEN
cifs: fix check of rc in function generate_
xfs: refactor buffer cancellation table allocation
xfs: don't leak xfs_buf_cancel structures when recovery fails
xfs: convert buf_cancel_table allocation to kmalloc_array
xfs: use invalidate_lock to check the state of mmap_lock
xfs: prevent a UAF when log IO errors race with unmount
xfs: flush inode gc workqueue before clearing agi bucket
xfs: fix use-after-free in xattr node block inactivation
xfs: don't leak memory when attr fork loading fails
xfs: fix intermittent hang during quotacheck
xfs: add missing cmap->br_state = XFS_EXT_NORM update
xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork
xfs: fix inode reservation space for removing transaction
xfs: avoid a UAF when log intent item recovery fails
xfs: fix exception caused by unexpected illegal bestcount in leaf dir
xfs: fix memory leak in xfs_errortag_init
xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init()
i915/perf: Fix NULL deref bugs with drm_dbg() calls
media: venus: hfi: add checks to perform sanity on queue pointers
powerpc/perf: Fix disabling BHRB and instruction sampling
randstruct: Fix gcc-plugin performance mode to stay in group
bpf: Fix check_stack_
bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END
scsi: mpt3sas: Fix loop logic
scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers
scsi: qla2xxx: Fix system crash due to bad pointer access
crypto: x86/sha - load modules based on CPU features
x86/cpu/hygon: Fix the CPU topology evaluation for real
KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space
KVM: x86: Ignore MSR_AMD64_TW_CFG access
audit: don't take task_lock() in audit_exe_compare() code path
audit: don't WARN_ON_
tty/sysrq: replace smp_processor_id() with get_cpu()
hvc/xen: fix console unplug
hvc/xen: fix error path in xen_hvc_init() to always register frontend driver
hvc/xen: fix event channel handling for secondary consoles
PCI/sysfs: Protect driver's D3cold preference from user space
watchdog: move softlockup_panic back to early_param
ACPI: resource: Do IRQ override on TongFang GMxXGxx
arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer
parisc/pdc: Add width field to struct pdc_model
clk: socfpga: Fix undefined behavior bug in struct stratix10_
clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks
clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks
mmc: vub300: fix an error code
mmc: sdhci_am654: fix start loop index for TAP value parsing
PCI/ASPM: Fix L1 substate handling in aspm_attr_
PCI: exynos: Don't discard .remove() callback
wifi: wilc1000: use vmm_table as array in wilc struct
svcrdma: Drop connection after an RDMA Read error
rcu/tree: Defer setting of jiffies during stall reset
arm64: dts: qcom: ipq6018: Fix hwlock index for SMEM
PM: hibernate: Use __get_safe_page() rather than touching the list
PM: hibernate: Clean up sync_read handling in snapshot_
rcu: kmemleak: Ignore kmemleak false positives when RCU-freeing objects
btrfs: don't arbitrarily slow down delalloc if we're committing
firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit
ACPI: FPDT: properly handle invalid FPDT subtables
ima: annotate iint mutex to avoid lockdep false positive warnings
ima: detect changes to the backing overlay file
wifi: ath11k: fix temperature event locking
wifi: ath11k: fix dfs radar event locking
wifi: ath11k: fix htt pktlog locking
mmc: meson-gx: Remove setting of CMD_CFG_ERROR
genirq/
KEYS: trusted: Rollback init_trusted() consistently
PCI: keystone: Don't discard .remove() callback
PCI: keystone: Don't discard .probe() callback
netfilter: nf_tables: split async and sync catchall in two functions
selftests/resctrl: Remove duplicate feature check from CMT test
selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests
ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix
jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev
quota: explicitly forbid quota files from being encrypted
kernel/reboot: emergency_restart: Set correct system_state
i2c: core: Run atomic i2c xfer when !preemptible
tracing: Have the user copy of synthetic event address use correct context
mcb: fix error handling for different scenarios when parsing
dmaengine: stm32-mdma: correct desc prep when channel running
s390/cmma: fix detection of DAT pages
mm/cma: use nth_page() in place of direct struct page manipulation
mm/memory_hotplug: use pfn math in place of direct struct page manipulation
mtd: cfi_cmdset_0001: Byte swap OTP info
i3c: master: cdns: Fix reading status register
i3c: master: svc: fix race condition in ibi work thread
i3c: master: svc: fix wrong data return when IBI happen during start frame
i3c: master: svc: fix ibi may not return mandatory data byte
i3c: master: svc: fix check wrong status register in irq handler
i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen
parisc: Prevent booting 64-bit kernels on PA1.x machines
parisc/pgtable: Do not drop upper 5 address bits of physical address
xhci: Enable RPM on controllers that support low-power states
ALSA: info: Fix potential deadlock at disconnection
ALSA: hda/realtek - Add Dell ALC295 to pin fall back table
ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC
serial: meson: Use platform_get_irq() to get the interrupt
tty: serial: meson: fix hard LOCKUP on crtscts mode
regmap: Ensure range selector registers are updated after cache sync
cpufreq: stats: Fix buffer overflow detection in trans_stats()
Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559
bluetooth: Add device 0bda:887b to device tables
bluetooth: Add device 13d3:3571 to device tables
Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables
Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE
ksmbd: fix slab out of bounds write in smb_inherit_dacl()
arm64: dts: qcom: ipq6018: switch TCSR mutex to MMIO
arm64: dts: qcom: ipq6018: Fix tcsr_mutex register size
powerpc/
Revert ncsi: Propagate carrier gain/loss events to the NCSI controller
Revert "i2c: pxa: move to generic GPIO recovery"
lsm: fix default return value for vm_enough_memory
lsm: fix default return value for inode_getsecctx
sbsa_gwdt: Calculate timeout with 64-bit math
i2c: designware: Disable TX_EMPTY irq while waiting for block length byte
s390/ap: fix AP bus crash on early config change callback invocation
net: ethtool: Fix documentation of ethtool_sprintf()
net: dsa: lan9303: consequently nested-lock physical MDIO
net: phylink: initialize carrier state at creation
i2c: i801: fix potential race in i801_block_
f2fs: avoid format-overflow warning
media: lirc: drop trailing space from scancode transmit
media: sharp: fix sharp encoding
media: venus: hfi_parser: Add check to keep the number of codecs within range
media: venus: hfi: fix the check to handle session buffer requirement
media: venus: hfi: add checks to handle capabilities from firmware
media: ccs: Correctly initialise try compose rectangle
nfsd: fix file memleak on client_
riscv: kprobes: allow writing to x0
mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2
mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors
r8169: fix network lost after resume on DASH systems
mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER
media: qcom: camss: Fix pm_domain_on sequence in probe
media: qcom: camss: Fix vfe_get() error jump
media: qcom: camss: Fix VFE-17x vfe_disable_
media: qcom: camss: Fix missing vfe_lite clocks check
Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E"
ext4: apply umask if ACL support is disabled
ext4: correct offset of gdb backup in non meta_bg group to update_backups
ext4: correct return value of ext4_convert_
ext4: correct the start block of counting reserved clusters
ext4: remove gdb backup copy for meta bg in setup_new_
ext4: add missed brelse in update_backups
drm/amd/pm: Handle non-terminated overdrive commands.
drm/i915: Fix potential spectre vulnerability
drm/amdgpu: don't use ATRM for external devices
drm/amdgpu: fix error handling in amdgpu_
drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox
io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid
powerpc/powernv: Fix fortify source warnings in opal-prd.c
tracing: Have trace_event_file have ref counters
Input: xpad - add VID for Turtle Beach controllers
driver core: Release all resources during unbind before updating device links
Linux 5.15.140
UBUNTU: Upstream stable to v5.15.140
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
tags: | added: kernel-stable-tracking-bug |
summary: |
- Jammy update: upstream stable patchset 2024-01-22 + Jammy update: v5.15.140 upstream stable release |
description: | updated |
Changed in linux (Ubuntu Jammy): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Portia Stephens (portias) |
Changed in linux (Ubuntu): | |
status: | Confirmed → Invalid |
description: | updated |
Skipped "io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid" as it is already applied as CVE-2023-46862 (cross-checked both patches look identical).