Bug #2063806 “focal/linux-oracle: 5.4.0-1125.134 -proposed track...” : Series prepare-package-lrm : Bugs : Kernel SRU Workflow

Roxana Nicolescu (roxanan) on 2024-04-26

tags:	added: kernel-release-tracking-bug-live
description:	updated
tags:	added: kernel-sru-cycle-2024.04.29-1
description:	updated
tags:	added: kernel-sru-derivative-of-2063812
Changed in kernel-sru-workflow:
status:	New → Confirmed
importance:	Undecided → Medium

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-04-26

Changed in linux-oracle (Ubuntu Focal):
importance:	Undecided → Medium
Changed in kernel-sru-workflow:
status:	Confirmed → Triaged
description:	updated
Changed in kernel-sru-workflow:
status:	Triaged → In Progress
description:	updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-04-26

tags:	added: kernel-jira-issue-ksru-12360
description:	updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-04-27

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-04-28

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-16

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-17

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-18

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-19

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-20

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-21

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-22

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-23

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-24

description:

updated

Philip Cox (philcox) on 2024-05-24

summary:

- focal/linux-oracle: <version to be filled> -proposed tracker
+ focal/linux-oracle: 5.4.0-1125.134 -proposed tracker

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-24

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-24

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-24

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-24

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-24

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-25

description:

updated

Revision history for this message

Ubuntu Kernel Ancillary Bot (ubuntu-kernel-ancillary-bot) wrote on 2024-05-25: ABI testing

#1

amd64/oracle canonical-certs.pem unchanged
amd64/oracle canonical-revoked-certs.pem unchanged
amd64/oracle fwinfo unchanged
amd64/oracle modules differs
  @@ -3897,14 +3897,11 @@
   sch5627
   sch5636
   sch56xx-common
  -sch_atm (accepted)
   sch_cake
  -sch_cbq (accepted)
   sch_cbs
   sch_choke
   sch_codel
   sch_drr
  -sch_dsmark (accepted)
   sch_fq
   sch_fq_codel
   sch_gred
amd64/oracle retpoline unchanged
arm64/oracle canonical-certs.pem unchanged
arm64/oracle canonical-revoked-certs.pem unchanged
arm64/oracle fwinfo unchanged
arm64/oracle modules differs
  @@ -3556,14 +3556,11 @@
   sch5627
   sch5636
   sch56xx-common
  -sch_atm (accepted)
   sch_cake
  -sch_cbq (accepted)
   sch_cbs
   sch_choke
   sch_codel
   sch_drr
  -sch_dsmark (accepted)
   sch_fq
   sch_fq_codel
   sch_gred
arm64/oracle retpoline unchanged

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-25

description:	updated
description:	updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-25

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-26

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-27

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-27

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-27

description:	updated
description:	updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-27

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-27

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-27

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-27

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-27

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-27

description:	updated
description:	updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-27

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-27

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-27

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-28

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-05-29

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-06-03

description:

updated

Philip Cox (philcox) on 2024-06-10

tags:

added: automated-testing-passed

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-06-10

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-06-11

description:

updated

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-06-12:

#2

Download full text (8.7 KiB)

This bug was fixed in the package linux-oracle - 5.4.0-1125.134

---------------
linux-oracle (5.4.0-1125.134) focal; urgency=medium

* focal/linux-oracle: 5.4.0-1125.134 -proposed tracker (LP: #2063806)

[ Ubuntu: 5.4.0-186.206 ]

  * focal/linux: 5.4.0-186.206 -proposed tracker (LP: #2063812)
  * Mount CIFS fails with Permission denied (LP: #2061986)
    - cifs: fix ntlmssp auth when there is no key exchange
  * USB stick can't be detected (LP: #2040948)
    - usb: Disable USB3 LPM at shutdown
  * CVE-2024-26733
    - net: dev: Convert sa_data to flexible array in struct sockaddr
    - arp: Prevent overflow in arp_req_get().
    - stddef: Introduce DECLARE_FLEX_ARRAY() helper
  * CVE-2024-26712
    - powerpc/kasan: Fix addr error caused by page alignment
  * CVE-2023-52530
    - wifi: mac80211: fix potential key use-after-free
  * CVE-2021-47063
    - drm: bridge/panel: Cleanup connector on bridge detach
  * [Ubuntu 22.04.4/linux-image-6.5.0-26-generic] Kernel output "UBSAN: array-
    index-out-of-bounds in /build/linux-hwe-6.5-34pCLi/linux-
    hwe-6.5-6.5.0/drivers/net/hyperv/netvsc.c:1445:41" multiple times,
    especially during boot. (LP: #2058477)
    - hv: hyperv.h: Replace one-element array with flexible-array member
  * CVE-2024-26614
    - tcp: make sure init the accept_queue's spinlocks once
    - ipv6: init the accept_queue's spinlocks in inet6_create
  * Focal update: v5.4.271 upstream stable release (LP: #2060216)
    - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
    - net: ip_tunnel: prevent perpetual headroom growth
    - tun: Fix xdp_rxq_info's queue_index when detaching
    - ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
    - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is
      detected
    - net: usb: dm9601: fix wrong return value in dm9601_mdio_read
    - Bluetooth: Avoid potential use-after-free in hci_error_reset
    - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
    - Bluetooth: Enforce validation on max value of connection interval
    - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
    - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
    - efi/capsule-loader: fix incorrect allocation size
    - power: supply: bq27xxx-i2c: Do not free non existing IRQ
    - ALSA: Drop leftover snd-rtctimer stuff from Makefile
    - afs: Fix endless loop in directory parsing
    - gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
    - wifi: nl80211: reject iftype change with mesh ID change
    - btrfs: dev-replace: properly validate device names
    - dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
    - dmaengine: fsl-qdma: init irq after reg initialization
    - mmc: core: Fix eMMC initialization with 1-bit bus connection
    - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers
    - cachefiles: fix memory leak in cachefiles_add_cache()
    - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
    - gpio: 74x164: Enable output pins after registers are reset
    - Linux 5.4.271
  * Focal update: v5.4.270 upstream stable release (LP: #2060019)
    - KVM: ar...

This bug was fixed in the package linux-oracle - 5.4.0-1125.134

---------------
linux-oracle (5.4.0-1125.134) focal; urgency=medium

* focal/linux-oracle: 5.4.0-1125.134 -proposed tracker (LP: #2063806)

[ Ubuntu: 5.4.0-186.206 ]

* focal/linux: 5.4.0-186.206 -proposed tracker (LP: #2063812)
  * Mount CIFS fails with Permission denied (LP: #2061986)
    - cifs: fix ntlmssp auth when there is no key exchange
  * USB stick can't be detected (LP: #2040948)
    - usb: Disable USB3 LPM at shutdown
  * CVE-2024-26733
    - net: dev: Convert sa_data to flexible array in struct sockaddr
    - arp: Prevent overflow in arp_req_get().
    - stddef: Introduce DECLARE_FLEX_ARRAY() helper
  * CVE-2024-26712
    - powerpc/kasan: Fix addr error caused by page alignment
  * CVE-2023-52530
    - wifi: mac80211: fix potential key use-after-free
  * CVE-2021-47063
    - drm: bridge/panel: Cleanup connector on bridge detach
  * [Ubuntu 22.04.4/linux-image-6.5.0-26-generic] Kernel output "UBSAN: array-
    index-out-of-bounds in /build/linux-hwe-6.5-34pCLi/linux-
    hwe-6.5-6.5.0/drivers/net/hyperv/netvsc.c:1445:41" multiple times,
    especially during boot. (LP: #2058477)
    - hv: hyperv.h: Replace one-element array with flexible-array member
  * CVE-2024-26614
    - tcp: make sure init the accept_queue's spinlocks once
    - ipv6: init the accept_queue's spinlocks in inet6_create
  * Focal update: v5.4.271 upstream stable release (LP: #2060216)
    - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
    - net: ip_tunnel: prevent perpetual headroom growth
    - tun: Fix xdp_rxq_info's queue_index when detaching
    - ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
    - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is
      detected
    - net: usb: dm9601: fix wrong return value in dm9601_mdio_read
    - Bluetooth: Avoid potential use-after-free in hci_error_reset
    - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
    - Bluetooth: Enforce validation on max value of connection interval
    - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
    - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
    - efi/capsule-loader: fix incorrect allocation size
    - power: supply: bq27xxx-i2c: Do not free non existing IRQ
    - ALSA: Drop leftover snd-rtctimer stuff from Makefile
    - afs: Fix endless loop in directory parsing
    - gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
    - wifi: nl80211: reject iftype change with mesh ID change
    - btrfs: dev-replace: properly validate device names
    - dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
    - dmaengine: fsl-qdma: init irq after reg initialization
    - mmc: core: Fix eMMC initialization with 1-bit bus connection
    - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers
    - cachefiles: fix memory leak in cachefiles_add_cache()
    - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
    - gpio: 74x164: Enable output pins after registers are reset
    - Linux 5.4.271
  * Focal update: v5.4.270 upstream stable release (LP: #2060019)
    - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table()
    - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
    - net/sched: Retire CBQ qdisc
    - [Config] updateconfigs for NET_SCH_CBQ
    - net/sched: Retire ATM qdisc
    - [Config] updateconfigs for NET_SCH_ATM
    - net/sched: Retire dsmark qdisc
    - [Config] updateconfigs for NET_SCH_DSMARK
    - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
    - memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock()
    - nilfs2: replace WARN_ONs for invalid DAT metadata block requests
    - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
    - sched/rt: Fix sysctl_sched_rr_timeslice intial value
    - sched/rt: Disallow writing invalid values to sched_rt_period_us
    - scsi: target: core: Add TMF to tmr_list handling
    - dmaengine: shdma: increase size of 'dev_id'
    - dmaengine: fsl-qdma: increase size of 'irq_name'
    - wifi: cfg80211: fix missing interfaces when dumping
    - wifi: mac80211: fix race condition on enabling fast-xmit
    - fbdev: savage: Error out if pixclock equals zero
    - fbdev: sis: Error out if pixclock equals zero
    - ahci: asm1166: correct count of reported ports
    - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers
    - ext4: avoid allocating blocks from corrupted group in
      ext4_mb_try_best_found()
    - ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
    - regulator: pwm-regulator: Add validity checks in continuous .get_voltage
    - nvmet-tcp: fix nvme tcp ida memory leak
    - ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
    - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in
      sctp_new
    - nvmet-fc: abort command when there is no binding
    - hwmon: (coretemp) Enlarge per package core count limit
    - scsi: lpfc: Use unsigned type for num_sge
    - firewire: core: send bus reset promptly on gap count error
    - virtio-blk: Ensure no requests in virtqueues before deleting vqs.
    - s390/qeth: Fix potential loss of L3-IP@ in case of network issues
    - pmdomain: renesas: r8a77980-sysc: CR7 must be always on
    - tcp: factor out __tcp_close() helper
    - tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit
    - tcp: add annotations around sk->sk_shutdown accesses
    - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours
    - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
    - spi: mt7621: Fix an error message in mt7621_spi_probe()
    - net: bridge: clear bridge's private skb space on xmit
    - selftests/bpf: Avoid running unprivileged tests with alignment requirements
    - Revert "drm/sun4i: dsi: Change the start delay calculation"
    - drm/amdgpu: Check for valid number of registers to read
    - x86/alternatives: Disable KASAN in apply_alternatives()
    - dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata()
    - iomap: Set all uptodate bits for an Uptodate page
    - drm/amdgpu: Fix type of second parameter in trans_msg() callback
    - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node
    - PCI: tegra: Fix reporting GPIO error value
    - PCI: tegra: Fix OF node reference leak
    - IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
    - dm-crypt: don't modify the data when using authenticated encryption
    - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
    - PCI/MSI: Prevent MSI hardware interrupt number truncation
    - l2tp: pass correct message length to ip6_append_data
    - ARM: ep93xx: Add terminator to gpiod_lookup_table
    - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()
    - usb: cdns3: fix memory double free when handle zero packet
    - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
    - usb: roles: don't get/set_role() when usb_role_switch is unregistered
    - IB/hfi1: Fix a memleak in init_credit_return
    - RDMA/bnxt_re: Return error for SRQ resize
    - RDMA/srpt: Make debug output more detailed
    - RDMA/srpt: fix function pointer cast warnings
    - scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions
    - bpf, scripts: Correct GPL license name
    - scsi: jazz_esp: Only build if SCSI core is builtin
    - nouveau: fix function cast warnings
    - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid
    - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
    - afs: Increase buffer size in afs_update_volume_status()
    - ipv6: sr: fix possible use-after-free and null-ptr-deref
    - packet: move from strlcpy with unused retval to strscpy
    - s390: use the correct count for __iowrite64_copy()
    - tls: rx: jump to a more appropriate label
    - tls: rx: drop pointless else after goto
    - tls: stop recv() if initial process_rx_list gave us non-DATA
    - netfilter: nf_tables: set dormant flag on hook register failure
    - drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3
    - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set
    - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
    - scripts/bpf: Fix xdp_md forward declaration typo
    - Linux 5.4.270
  * CVE-2023-47233
    - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
  * CVE-2021-47070
    - uio: uio_hv_generic: use devm_kzalloc() for private data alloc
    - uio_hv_generic: Fix another memory leak in error handling paths
  * CVE-2024-26622
    - tomoyo: fix UAF write bug in tomoyo_write_control()

-- Philip Cox <philip.cox@canonical.com>  Fri, 24 May 2024 15:34:31 -0400

Changed in linux-oracle (Ubuntu Focal):
status:	New → Fix Released

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-06-12

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-06-12

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-06-12

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-06-12

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2024-06-12

description:

updated

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-06-12: Workflow done!

#3

All tasks have been completed and the bug is being closed

Changed in kernel-sru-workflow:
status:	In Progress → Fix Committed

Kernel SRU Workflow

focal/linux-oracle: 5.4.0-1125.134 -proposed tracker

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
Kernel SRU Workflow	Fix Committed	Medium	Unassigned
Abi-testing	Fix Released	Medium	Unassigned
Automated-testing	Fix Released	Medium	Canonical Kernel Team
Boot-testing	Fix Released	Medium	Unassigned
Certification-testing	Invalid	Medium	Unassigned
New-review	Fix Released	Medium	Timo Aaltonen
Prepare-package	Fix Released	Medium	Philip Cox
Prepare-package-generate	Fix Released	Medium	Philip Cox
Prepare-package-lrg	Fix Released	Medium	Philip Cox
Prepare-package-lrm	Fix Released	Medium	Philip Cox
Prepare-package-lrs	Fix Released	Medium	Philip Cox
Prepare-package-meta	Fix Released	Medium	Philip Cox
Prepare-package-signed	Fix Released	Medium	Philip Cox
Promote-signing-to-proposed	Invalid	Medium	Unassigned
Promote-to-proposed	Fix Released	Medium	Ubuntu Stable Release Updates Team
Promote-to-security	Fix Released	Medium	Andy Whitcroft
Promote-to-updates	Fix Released	Medium	Andy Whitcroft
Regression-testing	Fix Released	Medium	Canonical Kernel Team
Security-signoff	Fix Released	Medium	Rodrigo Figueiredo Zaiden
Sru-review	Fix Released	Medium	Andy Whitcroft
Verification-testing	Fix Released	Medium	Canonical Kernel Team
canonical-signing-jobs
Task00	Fix Released	Medium	Timo Aaltonen
linux-oracle (Ubuntu)
Focal	Fix Released	Medium	Unassigned