This bug was fixed in the package linux-gkeop - 5.4.0-1099.103 --------------- linux-gkeop (5.4.0-1099.103) focal; urgency=medium * focal/linux-gkeop: 5.4.0-1099.103 -proposed tracker (LP: #2075933) [ Ubuntu: 5.4.0-195.215 ] * focal/linux: 5.4.0-195.215 -proposed tracker (LP: #2075954) * Focal update: v5.4.280 upstream stable release (LP: #2075175) - Compiler Attributes: Add __uninitialized macro - drm/lima: fix shared irq handling on driver remove - media: dvb: as102-fe: Fix as10x_register_addr packing - media: dvb-usb: dib0700_devices: Add missing release_firmware() - IB/core: Implement a limit on UMAD receive List - scsi: qedf: Make qedf_execute_tmf() non-preemptible - drm/amdgpu: Initialize timestamp for some legacy SOCs - drm/amd/display: Skip finding free audio for unknown engine_id - media: dw2102: Don't translate i2c read into write - sctp: prefer struct_size over open coded arithmetic - firmware: dmi: Stop decoding on broken entry - Input: ff-core - prefer struct_size over open coded arithmetic - net: dsa: mv88e6xxx: Correct check for empty list - media: dvb-frontends: tda18271c2dd: Remove casting during div - media: s2255: Use refcount_t instead of atomic_t for num_channels - media: dvb-frontends: tda10048: Fix integer overflow - i2c: i801: Annotate apanel_addr as __ro_after_init - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n - orangefs: fix out-of-bounds fsid access - powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" - jffs2: Fix potential illegal address access in jffs2_free_inode - s390/pkey: Wipe sensitive data on failure - tcp: tcp_mark_head_lost is only valid for sack-tcp - tcp: add ece_ack flag to reno sack functions - net: tcp better handling of reordering then loss cases - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() - tcp_metrics: validate source addr length - wifi: wilc1000: fix ies_len type in connect path - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() - selftests: fix OOM in msg_zerocopy selftest - selftests: make order checking verbose in msg_zerocopy selftest - inet_diag: Initialize pad field in struct inet_diag_req_v2 - nilfs2: fix inode number range checks - nilfs2: add missing check for inode numbers on directory entries - mm: optimize the redundant loop of mm_update_owner_next() - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct - fsnotify: Do not generate events for O_PATH file descriptors - Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes - drm/amdgpu/atomfirmware: silence UBSAN warning - media: dw2102: fix a potential buffer overflow - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 - nvme-multipath: find NUMA path only for online numa-node - nilfs2: fix incorrect inode allocation from reserved inodes - filelock: fix potential use-after-free in posix_lock_inode - fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading - vfs: don't mod negative dentry count when on shrinker list - tcp: add TCP_INFO status for failed client TFO - tcp: fix incorrect undo caused by DSACK of TLP retransmit - octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() - net: lantiq_etop: add blank line after declaration - net: ethernet: lantiq_etop: fix double free in detach - ppp: reject claimed-as-LCP but actually malformed packets - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). - s390: Mark psw in __load_psw_mask() as __unitialized - ARM: davinci: Convert comma to semicolon - octeontx2-af: fix detection of IP layer - USB: serial: option: add Telit generic core-dump composition - USB: serial: option: add Telit FN912 rmnet compositions - USB: serial: option: add Fibocom FM350-GL - USB: serial: option: add support for Foxconn T99W651 - USB: serial: option: add Netprisma LCUK54 series modules - USB: serial: option: add Rolling RW350-GL variants - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor - hpet: Support 32-bit userspace - nvmem: meson-efuse: Fix return value of nvmem callbacks - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX - libceph: fix race between delayed_work() and ceph_monc_stop() - SUNRPC: Fix RPC client cleaned up the freed pipefs dentries - tcp: refactor tcp_retransmit_timer() - net: tcp: fix unexcepted socket die when snd_wnd is 0 - tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() - tcp: avoid too many retransmit packets - nilfs2: fix kernel bug on rename operation of broken directory - i2c: rcar: bring hardware to known state when probing - Linux 5.4.280 * [SRU] UBSAN warnings in bnx2x kernel driver (LP: #2074215) // Focal update: v5.4.280 upstream stable release (LP: #2075175) - bnx2x: Fix multiple UBSAN array-index-out-of-bounds * Focal update: v5.4.279 upstream stable release (LP: #2073621) - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() - wifi: cfg80211: pmsr: use correct nla_get_uX functions - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef - wifi: iwlwifi: mvm: don't read past the mfuart notifcation - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() - net: sched: sch_multiq: fix possible OOB write in multiq_tune() - vxlan: Fix regression when dropping packets due to invalid src addresses - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB - net/mlx5: Stop waiting for PCI if pci channel is offline - net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP - ptp: Fix error message on failed pin verification - af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). - af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). - af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). - af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. - af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. - af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). - af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). - af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). - ipv6: fix possible race in __fib6_drop_pcpu_from() - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete - ASoC: ti: davinci-mcasp: remove redundant assignment to variable ret - ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params - ASoC: ti: davinci-mcasp: Use platform_get_irq_byname_optional - ASoC: ti: davinci-mcasp: Remove legacy dma_request parsing - ASoC: ti: davinci-mcasp: Simplify the configuration parameter handling - ASoC: ti: davinci-mcasp: Handle missing required DT properties - ASoC: ti: davinci-mcasp: Fix race condition during probe - drm/amd/display: Handle Y carry-over in VCP X.Y calculation - serial: sc16is7xx: replace hardcoded divisor value with BIT() macro - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler - selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages - selftests/mm: conform test to TAP format output - selftests/mm: compaction_test: fix bogus test success on Aarch64 - nilfs2: Remove check for PageError - nilfs2: return the mapped address from nilfs_get_page() - nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages - mei: me: release irq in mei_me_pci_resume error path - jfs: xattr: fix buffer overflow for invalid xattr - xhci: Set correct transferred length for cancelled bulk transfers - xhci: Apply reset resume quirk to Etron EJ188 xHCI host - xhci: Apply broken streams quirk to Etron EJ188 xHCI host - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory - Input: try trimming too long modalias strings - SUNRPC: return proper error from gss_wrap_req_priv - gpio: tqmx86: fix typo in Kconfig label - HID: core: remove unnecessary WARN_ON() in implement() - iommu/amd: Fix sysfs leak in iommu init - iommu: Return right value in iommu_sva_bind_device() - HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() - liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet - drm/komeda: check for error-valued pointer - drm/bridge/panel: Fix runtime warning on panel bridge release - tcp: fix race in tcp_v6_syn_recv_sock() - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ - netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type - net/ipv6: Fix the RT cache flush via sysctl using a previous delay - ionic: fix use after netif_napi_del() - drivers: core: synchronize really_probe() and dev_uevent() - drm/exynos/vidi: fix memory leak in .get_modes() - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found - tracing/selftests: Fix kprobe event name test for .isra. functions - vmci: prevent speculation leaks by sanitizing event in event_deliver() - fs/proc: fix softlockup in __read_vmcore - ocfs2: use coarse time for new created files - ocfs2: fix races between hole punching and AIO+DIO - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id - dmaengine: axi-dmac: fix possible race in remove() - intel_th: pci: Add Granite Rapids support - intel_th: pci: Add Granite Rapids SOC support - intel_th: pci: Add Sapphire Rapids SOC support - intel_th: pci: Add Meteor Lake-S support - intel_th: pci: Add Lunar Lake support - nilfs2: fix potential kernel bug due to lack of writeback flag waiting - tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() - hv_utils: drain the timesync packets on onchannelcallback - hugetlb_encode.h: fix undefined behaviour (34 << 26) - greybus: Fix use-after-free bug in gb_interface_release due to race condition. - usb-storage: alauda: Check whether the media is initialized - i2c: at91: Fix the functionality flags of the slave-only interface - rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh - batman-adv: bypass empty buckets in batadv_purge_orig_ref() - drop_monitor: replace spin_lock by raw_spin_lock - scsi: qedi: Fix crash while reading debugfs attribute - Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl - powerpc/pseries: Enforce hcall result buffer validity and size - powerpc/io: Avoid clang null pointer arithmetic warnings - usb: misc: uss720: check for incompatible versions of the Belkin F5U002 - udf: udftime: prevent overflow in udf_disk_stamp_to_time() - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports - MIPS: Octeon: Add PCIe link status check - MIPS: Routerboard 532: Fix vendor retry check code - mips: bmips: BCM6358: make sure CBR is correctly set - cipso: fix total option length computation - netrom: Fix a memory leak in nr_heartbeat_expiry() - ipv6: prevent possible NULL deref in fib6_nh_init() - ipv6: prevent possible NULL dereference in rt6_probe() - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() - netns: Make get_net_ns() handle zero refcount net - net/sched: act_api: rely on rcu in tcf_idr_check_alloc - net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() - virtio_net: checksum offloading handling fix - netfilter: ipset: Fix suspicious rcu_dereference_protected() - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings - regulator: core: Fix modpost error "regulator_get_regmap" undefined - dmaengine: ioatdma: Fix missing kmem_cache_destroy() - ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." - drm/radeon: fix UBSAN warning in kv_dpm.c - gcov: add support for GCC 14 - i2c: ocores: set IACK bit after core is enabled - ARM: dts: samsung: smdkv310: fix keypad no-autorepeat - ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat - ARM: dts: samsung: smdk4412: fix keypad no-autorepeat - arm64: dts: qcom: qcs404: fix bluetooth device address - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test - Revert "kheaders: substituting --sort in archive creation" - kheaders: explicitly define file modes for archived headers - perf/core: Fix missing wakeup when waiting for context reference - PCI: Add PCI_ERROR_RESPONSE and related definitions - x86/amd_nb: Check for invalid SMN reads - iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock - iio: dac: ad5592r: un-indent code-block for scale read - iio: dac: ad5592r: fix temperature channel scaling value - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set - drm/amdgpu: fix UBSAN warning in kv_dpm.c - netfilter: nf_tables: validate family when identifying table via handle - ASoC: fsl-asoc-card: set priv->pdev before using it - net: dsa: microchip: fix initial port flush problem - net: phy: mchp: Add support for LAN8814 QUAD PHY - net: phy: micrel: add Microchip KSZ 9477 to the device table - sparc: fix old compat_sys_select() - parisc: use correct compat recv/recvfrom syscalls - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep - mtd: partitions: redboot: Added conversion of operands to a larger type - net/iucv: Avoid explicit cpumask var allocation on stack - net/dpaa2: Avoid explicit cpumask var allocation on stack - ALSA: emux: improve patch ioctl data validation - media: dvbdev: Initialize sbuf - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message - nvme: fixup comment for nvme RDMA Provider Type - gpio: davinci: Validate the obtained number of IRQs - x86: stop playing stack games in profile_pc() - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos - mmc: sdhci: Do not invert write-protect twice - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() - iio: adc: ad7266: Fix variable checking bug - iio: chemical: bme680: Fix pressure value output - iio: chemical: bme680: Fix calibration data variable - iio: chemical: bme680: Fix overflows in compensate() functions - iio: chemical: bme680: Fix sensor data read operation - net: usb: ax88179_178a: improve link status logs - usb: gadget: printer: SS+ support - usb: musb: da8xx: fix a resource leak in probe() - usb: atm: cxacru: fix endpoint checking in cxacru_bind() - tty: mcf: MCF54418 has 10 UARTS - net: can: j1939: Initialize unused data in j1939_send_one() - net: can: j1939: recover socket queue on CAN bus error during BAM transmission - net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new - csky, hexagon: fix broken sys_sync_file_range - hexagon: fix fadvise64_64 calling conventions - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes - batman-adv: Don't accept TT entries for out-of-spec VIDs - ata: libata-core: Fix double free on error - ftruncate: pass a signed offset - mtd: spinand: macronix: Add support for serial NAND flash - pwm: stm32: Refuse too small period requests - nfs: Leave pages in the pagecache if readpage failed - ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node - arm64: dts: rockchip: Add sound-dai-cells for RK3368 - Linux 5.4.279 * CVE-2024-26921 - skbuff: introduce skb_expand_head() - skb_expand_head() adjust skb->truesize incorrectly - inet: inet_defrag: prevent sk release while still in use * CVE-2024-26929 - scsi: qla2xxx: Fix double free of fcport * CVE-2024-39484 - mmc: davinci: Don't strip remove function when driver is builtin * CVE-2024-36901 - ipv6: prevent NULL dereference in ip6_output() * CVE-2024-26830 - i40e: Refactoring VF MAC filters counting to make more reliable - i40e: Fix MAC address setting for a VF via Host/VM - i40e: Do not allow untrusted VF to remove administratively set MAC * CVE-2024-24860 - Bluetooth: Fix atomicity violation in {min, max}_key_size_set * CVE-2023-52760 - gfs2: Fix slab-use-after-free in gfs2_qd_dealloc * CVE-2024-2201 - [Config] Set SPECTRE_BHI_ON=y * CVE-2023-52629 - sh: push-switch: Reorder cleanup operations to avoid use-after-free bug * CVE-2021-46926 - ALSA: hda: intel-sdw-acpi: harden detection of controller -- Jacob Martin