Bug #1930004 “bionic/linux-aws-5.4: 5.4.0-1050.52~18.04.1 -propo...” : Series prepare-package-meta : Bugs : Kernel SRU Workflow

Kleber Sacilotto de Souza (kleber-souza) on 2021-05-28

tags:	added: kernel-release-tracking-bug-live
description:	updated
tags:	added: kernel-sru-cycle-2021.05.31-1
description:	updated
tags:	added: kernel-sru-backport-of-1930005
Changed in kernel-sru-workflow:
status:	New → Confirmed
importance:	Undecided → Medium

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-05-28

Changed in linux-aws-5.4 (Ubuntu Bionic):
importance:	Undecided → Medium
Changed in kernel-sru-workflow:
status:	Confirmed → In Progress

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-05-28

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-11

description:

updated

Khaled El Mously (kmously) on 2021-06-13

summary:

- bionic/linux-aws-5.4: <version to be filled> -proposed tracker
+ bionic/linux-aws-5.4: 5.4.0-1050.52~18.04.1 -proposed tracker

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-13

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-14

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-14

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-14

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-14

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-14

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-14

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-14

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-14

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-14

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-14

description:	updated
description:	updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-14

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-14

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-14

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-14

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-14

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-14

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-14

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-14

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-16

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-17

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-21

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2021-06-21

description:

updated

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-06-22:

#1

Download full text (34.7 KiB)

This bug was fixed in the package linux-aws-5.4 - 5.4.0-1051.53~18.04.1

---------------
linux-aws-5.4 (5.4.0-1051.53~18.04.1) bionic; urgency=medium

[ Ubuntu: 5.4.0-1051.53 ]

  * UAF on CAN J1939 j1939_can_recv (LP: #1932209)
    - SAUCE: can: j1939: delay release of j1939_priv after synchronize_rcu
  * UAF on CAN BCM bcm_rx_handler (LP: #1931855)
    - SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu
  * focal/linux: 5.4.0-76.85 -proposed tracker (LP: #1932123)
  * Upstream v5.9 introduced 'module' patches that removed exported symbols
    (LP: #1932065)
    - SAUCE: Revert "modules: inherit TAINT_PROPRIETARY_MODULE"
    - SAUCE: Revert "modules: return licensing information from find_symbol"
    - SAUCE: Revert "modules: rename the licence field in struct symsearch to
      license"
    - SAUCE: Revert "modules: unexport __module_address"
    - SAUCE: Revert "modules: unexport __module_text_address"
    - SAUCE: Revert "modules: mark each_symbol_section static"
    - SAUCE: Revert "modules: mark find_symbol static"
    - SAUCE: Revert "modules: mark ref_module static"

linux-aws-5.4 (5.4.0-1050.52~18.04.1) bionic; urgency=medium

* bionic/linux-aws-5.4: 5.4.0-1050.52~18.04.1 -proposed tracker (LP: #1930004)

[ Ubuntu: 5.4.0-1050.52 ]

  * focal/linux-aws: 5.4.0-1050.52 -proposed tracker (LP: #1930005)
  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - [Packaging] update helper scripts
  * kvm: properly tear down PV features on hibernate (LP: #1920944)
    - Revert "UBUNTU: SAUCE: aws: kvm: double the size of hv_clock_boot"
  * focal/linux: 5.4.0-75.84 -proposed tracker (LP: #1930032)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * CVE-2021-33200
    - bpf: Wrap aux data inside bpf_sanitize_info container
    - bpf: Fix mask direction swap upon off reg sign change
    - bpf: No need to simulate speculative domain for immediates
  * Realtek USB hubs in Dell WD19SC/DC/TB fail to work after exiting s2idle
    (LP: #1928242)
    - USB: Verify the port status when timeout happens during port suspend
  * CVE-2020-26145
    - ath10k: drop fragments with multicast DA for SDIO
    - ath10k: add CCMP PN replay protection for fragmented frames for PCIe
    - ath10k: drop fragments with multicast DA for PCIe
  * CVE-2020-26141
    - ath10k: Fix TKIP Michael MIC verification for PCIe
  * CVE-2020-24588
    - mac80211: properly handle A-MSDUs that start with an RFC 1042 header
    - cfg80211: mitigate A-MSDU aggregation attacks
    - mac80211: drop A-MSDUs on old ciphers
    - ath10k: drop MPDU which has discard flag set by firmware for SDIO
  * CVE-2020-26139
    - mac80211: do not accept/forward invalid EAPOL frames
  * CVE-2020-24586 // CVE-2020-24587 // CVE-2020-24587 for such cases.
    - mac80211: extend protection against mixed key and fragment cache attacks
  * CVE-2020-24586 // CVE-2020-24587
    - mac80211: prevent mixed key and fragment cache attacks
    - mac80211: add fragment cache to sta_info
    - mac80211: check defrag PN against current frame
    - mac80211: prevent attacks on TKIP/WEP as well
  * CVE-2020-26147
    - mac80211: assure all fragments are encr...

This bug was fixed in the package linux-aws-5.4 - 5.4.0-1051.53~18.04.1

---------------
linux-aws-5.4 (5.4.0-1051.53~18.04.1) bionic; urgency=medium

[ Ubuntu: 5.4.0-1051.53 ]

* UAF on CAN J1939 j1939_can_recv (LP: #1932209)
    - SAUCE: can: j1939: delay release of j1939_priv after synchronize_rcu
  * UAF on CAN BCM bcm_rx_handler (LP: #1931855)
    - SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu
  * focal/linux: 5.4.0-76.85 -proposed tracker (LP: #1932123)
  * Upstream v5.9 introduced 'module' patches that removed exported symbols
    (LP: #1932065)
    - SAUCE: Revert "modules: inherit TAINT_PROPRIETARY_MODULE"
    - SAUCE: Revert "modules: return licensing information from find_symbol"
    - SAUCE: Revert "modules: rename the licence field in struct symsearch to
      license"
    - SAUCE: Revert "modules: unexport __module_address"
    - SAUCE: Revert "modules: unexport __module_text_address"
    - SAUCE: Revert "modules: mark each_symbol_section static"
    - SAUCE: Revert "modules: mark find_symbol static"
    - SAUCE: Revert "modules: mark ref_module static"

linux-aws-5.4 (5.4.0-1050.52~18.04.1) bionic; urgency=medium

* bionic/linux-aws-5.4: 5.4.0-1050.52~18.04.1 -proposed tracker (LP: #1930004)

[ Ubuntu: 5.4.0-1050.52 ]

* focal/linux-aws: 5.4.0-1050.52 -proposed tracker (LP: #1930005)
  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - [Packaging] update helper scripts
  * kvm: properly tear down PV features on hibernate (LP: #1920944)
    - Revert "UBUNTU: SAUCE: aws: kvm: double the size of hv_clock_boot"
  * focal/linux: 5.4.0-75.84 -proposed tracker (LP: #1930032)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * CVE-2021-33200
    - bpf: Wrap aux data inside bpf_sanitize_info container
    - bpf: Fix mask direction swap upon off reg sign change
    - bpf: No need to simulate speculative domain for immediates
  * Realtek USB hubs in Dell WD19SC/DC/TB fail to work after exiting s2idle
    (LP: #1928242)
    - USB: Verify the port status when timeout happens during port suspend
  * CVE-2020-26145
    - ath10k: drop fragments with multicast DA for SDIO
    - ath10k: add CCMP PN replay protection for fragmented frames for PCIe
    - ath10k: drop fragments with multicast DA for PCIe
  * CVE-2020-26141
    - ath10k: Fix TKIP Michael MIC verification for PCIe
  * CVE-2020-24588
    - mac80211: properly handle A-MSDUs that start with an RFC 1042 header
    - cfg80211: mitigate A-MSDU aggregation attacks
    - mac80211: drop A-MSDUs on old ciphers
    - ath10k: drop MPDU which has discard flag set by firmware for SDIO
  * CVE-2020-26139
    - mac80211: do not accept/forward invalid EAPOL frames
  * CVE-2020-24586 // CVE-2020-24587 // CVE-2020-24587 for such cases.
    - mac80211: extend protection against mixed key and fragment cache attacks
  * CVE-2020-24586 // CVE-2020-24587
    - mac80211: prevent mixed key and fragment cache attacks
    - mac80211: add fragment cache to sta_info
    - mac80211: check defrag PN against current frame
    - mac80211: prevent attacks on TKIP/WEP as well
  * CVE-2020-26147
    - mac80211: assure all fragments are encrypted
  * raid10: Block discard is very slow, causing severe delays for mkfs and
    fstrim operations (LP: #1896578)
    - md: add md_submit_discard_bio() for submitting discard bio
    - md/raid10: extend r10bio devs to raid disks
    - md/raid10: pull the code that wait for blocked dev into one function
    - md/raid10: improve raid10 discard request
    - md/raid10: improve discard request for far layout
    - dm raid: remove unnecessary discard limits for raid0 and raid10
  * [SRU] mpt3sas: only one vSES is handy even IOC has multi vSES (LP: #1926517)
    - scsi: mpt3sas: Only one vSES is present even when IOC has multi vSES
  * kvm: properly tear down PV features on hibernate (LP: #1920944)
    - x86/kvm: Fix pr_info() for async PF setup/teardown
    - x86/kvm: Teardown PV features on boot CPU as well
    - x86/kvm: Disable kvmclock on all CPUs on shutdown
    - x86/kvm: Disable all PV features on crash
    - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline()
  * Focal update: v5.4.119 upstream stable release (LP: #1929615)
    - Bluetooth: verify AMP hci_chan before amp_destroy
    - hsr: use netdev_err() instead of WARN_ONCE()
    - bluetooth: eliminate the potential race condition when removing the HCI
      controller
    - net/nfc: fix use-after-free llcp_sock_bind/connect
    - Revert "USB: cdc-acm: fix rounding error in TIOCSSERIAL"
    - tty: moxa: fix TIOCSSERIAL jiffies conversions
    - tty: amiserial: fix TIOCSSERIAL permission check
    - USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions
    - staging: greybus: uart: fix TIOCSSERIAL jiffies conversions
    - USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check
    - staging: fwserial: fix TIOCSSERIAL jiffies conversions
    - tty: moxa: fix TIOCSSERIAL permission check
    - staging: fwserial: fix TIOCSSERIAL permission check
    - usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply
    - usb: typec: tcpm: Address incorrect values of tcpm psy for pps supply
    - usb: typec: tcpm: update power supply once partner accepts
    - usb: xhci-mtk: remove or operator for setting schedule parameters
    - usb: xhci-mtk: improve bandwidth scheduling with TT
    - ASoC: samsung: tm2_wm5110: check of of_parse return value
    - ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function
    - MIPS: pci-mt7620: fix PLL lock check
    - MIPS: pci-rt2880: fix slot 0 configuration
    - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR
    - PCI: Allow VPD access for QLogic ISP2722
    - iio:accel:adis16201: Fix wrong axis assignment that prevents loading
    - misc: lis3lv02d: Fix false-positive WARN on various HP models
    - misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct
    - misc: vmw_vmci: explicitly initialize vmci_datagram payload
    - md/bitmap: wait for external bitmap writes to complete during tear down
    - md-cluster: fix use-after-free issue when removing rdev
    - md: split mddev_find
    - md: factor out a mddev_find_locked helper from mddev_find
    - md: md_open returns -EBUSY when entering racing area
    - md: Fix missing unused status line of /proc/mdstat
    - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext()
    - cfg80211: scan: drop entry from hidden_list on overflow
    - rtw88: Fix array overrun in rtw_get_tx_power_params()
    - drm/panfrost: Clear MMU irqs before handling the fault
    - drm/panfrost: Don't try to map pages that are already mapped
    - drm/radeon: fix copy of uninitialized variable back to userspace
    - drm/amd/display: Reject non-zero src_y and src_x for video planes
    - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries
    - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries
    - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries
    - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries
    - ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries
    - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries
    - ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries
    - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries
    - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries
    - ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries
    - ALSA: hda/realtek: Re-order ALC662 quirk table entries
    - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices
    - ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable
    - KVM: s390: split kvm_s390_logical_to_effective
    - KVM: s390: fix guarded storage control register handling
    - s390: fix detection of vector enhancements facility 1 vs. vector packed
      decimal facility
    - KVM: s390: split kvm_s390_real_to_abs
    - KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit
    - KVM: Stop looking for coalesced MMIO zones if the bus is destroyed
    - Revert "i3c master: fix missing destroy_workqueue() on error in
      i3c_master_register"
    - ovl: fix missing revert_creds() on error path
    - usb: gadget: pch_udc: Revert d3cb25a12138 completely
    - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
    - ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas family
    - ARM: dts: exynos: correct MUIC interrupt trigger level on Midas family
    - ARM: dts: exynos: correct PMIC interrupt trigger level on Midas family
    - ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 family
    - ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250
    - ARM: dts: exynos: correct PMIC interrupt trigger level on Snow
    - serial: stm32: fix incorrect characters on console
    - serial: stm32: fix tx_empty condition
    - usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS
    - regmap: set debugfs_name to NULL after it is freed
    - mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe()
    - mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC
    - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions()
    - mtd: rawnand: qcom: Return actual error code instead of -ENODEV
    - arm64: dts: qcom: sm8150: fix number of pins in 'gpio-ranges'
    - spi: stm32: drop devres version of spi_register_master
    - arm64: dts: renesas: r8a77980: Fix vin4-7 endpoint binding
    - x86/microcode: Check for offline CPUs before requesting new microcode
    - usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits()
    - usb: gadget: pch_udc: Check if driver is present before calling ->setup()
    - usb: gadget: pch_udc: Check for DMA mapping error
    - crypto: qat - don't release uninitialized resources
    - crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
    - fotg210-udc: Fix DMA on EP0 for length > max packet size
    - fotg210-udc: Fix EP0 IN requests bigger than two packets
    - fotg210-udc: Remove a dubious condition leading to fotg210_done
    - fotg210-udc: Mask GRP2 interrupts we don't handle
    - fotg210-udc: Don't DMA more than the buffer can take
    - fotg210-udc: Complete OUT requests on short packets
    - mtd: require write permissions for locking and badblock ioctls
    - bus: qcom: Put child node before return
    - soundwire: bus: Fix device found flag correctly
    - phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y,
      unconditionally
    - crypto: qat - fix error path in adf_isr_resource_alloc()
    - usb: gadget: aspeed: fix dma map failure
    - USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR()
    - memory: pl353: fix mask of ECC page_size config register
    - soundwire: stream: fix memory leak in stream config error path
    - m68k: mvme147,mvme16x: Don't wipe PCC timer config bits
    - mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init
    - irqchip/gic-v3: Fix OF_BAD_ADDR error handling
    - staging: rtl8192u: Fix potential infinite loop
    - staging: greybus: uart: fix unprivileged TIOCCSERIAL
    - PM / devfreq: Use more accurate returned new_freq as resume_freq
    - spi: Fix use-after-free with devm_spi_alloc_*
    - soc: qcom: mdt_loader: Validate that p_filesz < p_memsz
    - soc: qcom: mdt_loader: Detect truncated read of segments
    - ACPI: CPPC: Replace cppc_attr with kobj_attribute
    - crypto: qat - Fix a double free in adf_create_ring
    - cpufreq: armada-37xx: Fix setting TBG parent for load levels
    - clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock
    - cpufreq: armada-37xx: Fix the AVS value for load L1
    - clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz
    - clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0
    - cpufreq: armada-37xx: Fix driver cleanup when registration failed
    - cpufreq: armada-37xx: Fix determining base CPU frequency
    - spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware()
    - usb: gadget: r8a66597: Add missing null check on return from
      platform_get_resource
    - USB: cdc-acm: fix unprivileged TIOCCSERIAL
    - USB: cdc-acm: fix TIOCGSERIAL implementation
    - tty: fix return value for unsupported ioctls
    - serial: core: return early on unsupported ioctls
    - firmware: qcom-scm: Fix QCOM_SCM configuration
    - node: fix device cleanups in error handling code
    - usbip: vudc: fix missing unlock on error in usbip_sockfd_store()
    - platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with
      critclk_systems DMI table
    - x86/platform/uv: Fix !KEXEC build failure
    - usb: dwc2: Fix host mode hibernation exit with remote wakeup flow.
    - usb: dwc2: Fix hibernation between host and device modes.
    - ttyprintk: Add TTY hangup callback.
    - xen-blkback: fix compatibility bug with single page rings
    - soc: aspeed: fix a ternary sign expansion bug
    - media: vivid: fix assignment of dev->fbuf_out_flags
    - media: omap4iss: return error code when omap4iss_get() failed
    - media: aspeed: fix clock handling logic
    - media: platform: sunxi: sun6i-csi: fix error return code of
      sun6i_video_start_streaming()
    - media: m88rs6000t: avoid potential out-of-bounds reads on arrays
    - drm/amdkfd: fix build error with AMD_IOMMU_V2=m
    - x86/kprobes: Fix to check non boostable prefixes correctly
    - pata_arasan_cf: fix IRQ check
    - pata_ipx4xx_cf: fix IRQ check
    - sata_mv: add IRQ checks
    - ata: libahci_platform: fix IRQ check
    - nvme-tcp: block BH in sk state_change sk callback
    - nvmet-tcp: fix incorrect locking in state_change sk callback
    - nvme: retrigger ANA log update if group descriptor isn't found
    - media: v4l2-ctrls.c: fix race condition in hdl->requests list
    - vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer
    - clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback
    - clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE
    - clk: uniphier: Fix potential infinite loop
    - scsi: hisi_sas: Fix IRQ checks
    - scsi: jazz_esp: Add IRQ check
    - scsi: sun3x_esp: Add IRQ check
    - scsi: sni_53c710: Add IRQ check
    - scsi: ibmvfc: Fix invalid state machine BUG_ON()
    - mfd: stm32-timers: Avoid clearing auto reload register
    - nvme-pci: don't simple map sgl when sgls are disabled
    - HSI: core: fix resource leaks in hsi_add_client_from_dt()
    - x86/events/amd/iommu: Fix sysfs type mismatch
    - sched/debug: Fix cgroup_path[] serialization
    - drivers/block/null_blk/main: Fix a double free in null_init.
    - HID: plantronics: Workaround for double volume key presses
    - perf symbols: Fix dso__fprintf_symbols_by_name() to return the number of
      printed chars
    - net: lapbether: Prevent racing when checking whether the netif is running
    - powerpc/fadump: Mark fadump_calculate_reserve_size as __init
    - powerpc/prom: Mark identical_pvr_fixup as __init
    - inet: use bigger hash table for IP ID generation
    - powerpc: Fix HAVE_HARDLOCKUP_DETECTOR_ARCH build configuration
    - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
    - bug: Remove redundant condition check in report_bug
    - nfc: pn533: prevent potential memory corruption
    - net: hns3: Limiting the scope of vector_ring_chain variable
    - mips: bmips: fix syscon-reboot nodes
    - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
    - ASoC: simple-card: fix possible uninitialized single_cpu local variable
    - liquidio: Fix unintented sign extension of a left shift of a u16
    - powerpc/64s: Fix pte update for kernel memory on radix
    - powerpc/perf: Fix PMU constraint check for EBB events
    - powerpc: iommu: fix build when neither PCI or IBMVIO is set
    - mac80211: bail out if cipher schemes are invalid
    - mt7601u: fix always true expression
    - KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit
    - RDMA/qedr: Fix error return code in qedr_iw_connect()
    - IB/hfi1: Fix error return code in parse_platform_config()
    - cxgb4: Fix unintentional sign extension issues
    - net: thunderx: Fix unintentional sign extension issue
    - RDMA/srpt: Fix error return code in srpt_cm_req_recv()
    - i2c: img-scb: fix reference leak when pm_runtime_get_sync fails
    - i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails
    - i2c: omap: fix reference leak when pm_runtime_get_sync fails
    - i2c: sprd: fix reference leak when pm_runtime_get_sync fails
    - i2c: cadence: add IRQ check
    - i2c: emev2: add IRQ check
    - i2c: jz4780: add IRQ check
    - i2c: sh7760: add IRQ check
    - powerpc/xive: Fix xmon command "dxi"
    - ASoC: ak5558: correct reset polarity
    - drm/i915/gvt: Fix error code in intel_gvt_init_device()
    - perf beauty: Fix fsconfig generator
    - MIPS: pci-legacy: stop using of_pci_range_to_resource
    - powerpc/pseries: extract host bridge from pci_bus prior to bus removal
    - rtlwifi: 8821ae: upgrade PHY and RF parameters
    - i2c: sh7760: fix IRQ error path
    - mwl8k: Fix a double Free in mwl8k_probe_hw
    - vsock/vmci: log once the failed queue pair allocation
    - gro: fix napi_gro_frags() Fast GRO breakage due to IP alignment check
    - RDMA/cxgb4: add missing qpid increment
    - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails
    - ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails
    - net: davinci_emac: Fix incorrect masking of tx and rx error channel
    - net: renesas: ravb: Fix a stuck issue when a lot of frames are received
    - net: phy: intel-xway: enable integrated led functions
    - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
    - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock
    - powerpc/52xx: Fix an invalid ASM expression ('addi' used instead of 'add')
    - bnxt_en: fix ternary sign extension bug in bnxt_show_temp()
    - ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for
      RTL8211E
    - arm64: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for
      RTL8211E
    - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb
    - selftests: net: mirror_gre_vlan_bridge_1q: Make an FDB entry static
    - bnxt_en: Fix RX consumer index logic in the error path.
    - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
    - RDMA/siw: Fix a use after free in siw_alloc_mr
    - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res
    - net: bridge: mcast: fix broken length + header check for MRDv6 Adv.
    - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req
    - kfifo: fix ternary sign extension bugs
    - mm/sparse: add the missing sparse_buffer_fini() in error branch
    - mm/memory-failure: unnecessary amount of unmapping
    - net: Only allow init netns to set default tcp cong to a restricted algo
    - smp: Fix smp_call_function_single_async prototype
    - Revert "net/sctp: fix race condition in sctp_destroy_sock"
    - sctp: delay auto_asconf init until binding the first addr
    - Revert "of/fdt: Make sure no-map does not remove already reserved regions"
    - Revert "fdt: Properly handle "no-map" field in the memory region"
    - Linux 5.4.119
  * seccomp_bpf:syscall_faked from kselftests fail on s390x (LP: #1928522)
    - selftests/seccomp: s390 shares the syscall and return value register
  * Can't detect intel wifi 6235 (LP: #1920180)
    - SAUCE: iwlwifi: add new pci id for 6235
  * Mark kprobe_args_user.tc in kselftest/ftrace as unsupported (LP: #1929527)
    - selftests/ftrace: Return unsupported for the unconfigured features
  * pmtu.sh from net in ubuntu_kernel_selftests failed with no error message
    (LP: #1887661)
    - selftests: pmtu.sh: use $ksft_skip for skipped return code
  * alsa/sof: make sof driver work in the case of without i915 (focal kernel)
    (LP: #1927672)
    - SAUCE: ASoC: SOF: Intel: hda: move the probe_bus ahead of creation of mach
      device
  * Fix kdump failures (LP: #1927518)
    - video: hyperv_fb: Add ratelimit on error message
    - Drivers: hv: vmbus: Increase wait time for VMbus unload
    - Drivers: hv: vmbus: Initialize unload_event statically
  * Ubuntu 20.04 - 'Support flow counters offset for bulk counters'
    (LP: #1922494)
    - IB/mlx5: Support flow counters offset for bulk counters
  * Focal update: v5.4.118 upstream stable release (LP: #1928825)
    - s390/disassembler: increase ebpf disasm buffer size
    - ACPI: custom_method: fix potential use-after-free issue
    - ACPI: custom_method: fix a possible memory leak
    - ftrace: Handle commands when closing set_ftrace_filter file
    - ARM: 9056/1: decompressor: fix BSS size calculation for LLVM ld.lld
    - arm64: dts: marvell: armada-37xx: add syscon compatible to NB clk node
    - arm64: dts: mt8173: fix property typo of 'phys' in dsi node
    - ecryptfs: fix kernel panic with null dev_name
    - mtd: spinand: core: add missing MODULE_DEVICE_TABLE()
    - mtd: rawnand: atmel: Update ecc_stats.corrected counter
    - erofs: add unsupported inode i_format check
    - spi: spi-ti-qspi: Free DMA resources
    - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()
    - scsi: mpt3sas: Block PCI config access from userspace during reset
    - mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe()
    - mmc: uniphier-sd: Fix a resource leak in the remove function
    - mmc: sdhci: Check for reset prior to DMA address unmap
    - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based
      controllers
    - mmc: block: Update ext_csd.cache_ctrl if it was written
    - mmc: block: Issue a cache flush only when it's enabled
    - mmc: core: Do a power cycle when the CMD11 fails
    - mmc: core: Set read only for SD cards with permanent write protect bit
    - mmc: core: Fix hanging on I/O during system suspend for removable cards
    - modules: mark ref_module static
    - modules: mark find_symbol static
    - modules: mark each_symbol_section static
    - modules: unexport __module_text_address
    - modules: unexport __module_address
    - modules: rename the licence field in struct symsearch to license
    - modules: return licensing information from find_symbol
    - modules: inherit TAINT_PROPRIETARY_MODULE
    - irqchip/gic-v3: Do not enable irqs when handling spurious interrups
    - cifs: Return correct error code from smb2_get_enc_key
    - btrfs: fix metadata extent leak after failure to create subvolume
    - intel_th: pci: Add Rocket Lake CPU support
    - posix-timers: Preserve return value in clock_adjtime32()
    - fbdev: zero-fill colormap in fbcmap.c
    - bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first
    - staging: wimax/i2400m: fix byte-order issue
    - spi: ath79: always call chipselect function
    - spi: ath79: remove spi-master setup and cleanup assignment
    - crypto: api - check for ERR pointers in crypto_destroy_tfm()
    - crypto: qat - fix unmap invalid dma address
    - usb: gadget: uvc: add bInterval checking for HS mode
    - usb: webcam: Invalid size of Processing Unit Descriptor
    - genirq/matrix: Prevent allocation counter corruption
    - usb: gadget: f_uac2: validate input parameters
    - usb: gadget: f_uac1: validate input parameters
    - usb: dwc3: gadget: Ignore EP queue requests during bus reset
    - usb: xhci: Fix port minor revision
    - PCI: PM: Do not read power state in pci_enable_device_flags()
    - x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS)
    - tee: optee: do not check memref size on return from Secure World
    - perf/arm_pmu_platform: Fix error handling
    - usb: xhci-mtk: support quirk to disable usb2 lpm
    - xhci: check control context is valid before dereferencing it.
    - xhci: fix potential array out of bounds with several interrupters
    - spi: dln2: Fix reference leak to master
    - spi: omap-100k: Fix reference leak to master
    - spi: qup: fix PM reference leak in spi_qup_remove()
    - usb: musb: fix PM reference leak in musb_irq_work()
    - usb: core: hub: Fix PM reference leak in usb_port_resume()
    - tty: n_gsm: check error while registering tty devices
    - intel_th: Consistency and off-by-one fix
    - phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove()
    - crypto: stm32/hash - Fix PM reference leak on stm32-hash.c
    - crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c
    - crypto: omap-aes - Fix PM reference leak on omap-aes.c
    - platform/x86: intel_pmc_core: Don't use global pmcdev in quirks
    - btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s
    - drm: Added orientation quirk for OneGX1 Pro
    - drm/qxl: release shadow on shutdown
    - drm/amd/display: Check for DSC support instead of ASIC revision
    - drm/amd/display: Don't optimize bandwidth before disabling planes
    - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe
    - scsi: lpfc: Fix pt2pt connection does not recover after LOGO
    - scsi: target: pscsi: Fix warning in pscsi_complete_cmd()
    - media: ite-cir: check for receive overflow
    - media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB
    - media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt()
    - power: supply: bq27xxx: fix power_avg for newer ICs
    - extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has
      been unplugged
    - extcon: arizona: Fix various races on driver unbind
    - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs
    - media: gspca/sq905.c: fix uninitialized variable
    - power: supply: Use IRQF_ONESHOT
    - drm/amdgpu: mask the xgmi number of hops reported from psp to kfd
    - drm/amdkfd: Fix UBSAN shift-out-of-bounds warning
    - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f
    - drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool'
    - drm/amd/display: fix dml prefetch validation
    - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats()
    - drm/vkms: fix misuse of WARN_ON
    - scsi: qla2xxx: Fix use after free in bsg
    - mmc: sdhci-pci: Add PCI IDs for Intel LKF
    - ata: ahci: Disable SXS for Hisilicon Kunpeng920
    - scsi: smartpqi: Correct request leakage during reset operations
    - scsi: smartpqi: Add new PCI IDs
    - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
    - media: em28xx: fix memory leak
    - media: vivid: update EDID
    - clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return
    - power: supply: generic-adc-battery: fix possible use-after-free in
      gab_remove()
    - power: supply: s3c_adc_battery: fix possible use-after-free in
      s3c_adc_bat_remove()
    - media: tc358743: fix possible use-after-free in tc358743_remove()
    - media: adv7604: fix possible use-after-free in adv76xx_remove()
    - media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove()
    - media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove()
    - media: i2c: adv7842: fix possible use-after-free in adv7842_remove()
    - media: platform: sti: Fix runtime PM imbalance in regs_show
    - media: dvb-usb: fix memory leak in dvb_usb_adapter_init
    - media: gscpa/stv06xx: fix memory leak
    - sched/fair: Ignore percpu threads for imbalance pulls
    - drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal
    - drm/msm/mdp5: Do not multiply vclk line count by 100
    - drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug
    - amdgpu: avoid incorrect %hu format string
    - drm/amdgpu: fix NULL pointer dereference
    - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO
      response
    - scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode
    - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic
    - mfd: arizona: Fix rumtime PM imbalance on error
    - scsi: libfc: Fix a format specifier
    - s390/archrandom: add parameter check for s390_arch_random_generate
    - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
    - ALSA: hda/conexant: Re-order CX5066 quirk table entries
    - ALSA: sb: Fix two use after free in snd_sb_qsound_build
    - ALSA: usb-audio: Explicitly set up the clock selector
    - ALSA: usb-audio: More constifications
    - ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset
      PC 8
    - ALSA: hda/realtek: GA503 use same quirks as GA401
    - ALSA: hda/realtek: fix mic boost on Intel NUC 8
    - ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops
    - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx
    - btrfs: fix race when picking most recent mod log operation for an old root
    - arm64/vdso: Discard .note.gnu.property sections in vDSO
    - Makefile: Move -Wno-unused-but-set-variable out of GCC only block
    - virtiofs: fix memory leak in virtio_fs_probe()
    - ubifs: Only check replay with inode type to judge if inode linked
    - f2fs: fix to avoid out-of-bounds memory access
    - mlxsw: spectrum_mr: Update egress RIF list before route's action
    - openvswitch: fix stack OOB read while fragmenting IPv4 packets
    - ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure
    - NFS: Don't discard pNFS layout segments that are marked for return
    - NFSv4: Don't discard segments marked for return in _pnfs_return_layout()
    - Input: ili210x - add missing negation for touch indication on ili210x
    - jffs2: Fix kasan slab-out-of-bounds problem
    - powerpc/eeh: Fix EEH handling for hugepages in ioremap space.
    - powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h
    - intel_th: pci: Add Alder Lake-M support
    - tpm: efi: Use local variable for calculating final log size
    - tpm: vtpm_proxy: Avoid reading host log when using a virtual device
    - crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS
    - md/raid1: properly indicate failure when ending a failed write request
    - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload
      sequences
    - fuse: fix write deadlock
    - security: commoncap: fix -Wstringop-overread warning
    - Fix misc new gcc warnings
    - jffs2: check the validity of dstlen in jffs2_zlib_compress()
    - Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op")
    - x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported
    - kbuild: update config_data.gz only when the content of .config is changed
    - ext4: fix check to prevent false positive report of incorrect used inodes
    - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup()
    - ext4: fix error code in ext4_commit_super
    - media: dvbdev: Fix memory leak in dvb_media_device_free()
    - media: dvb-usb: Fix use-after-free access
    - media: dvb-usb: Fix memory leak at error in dvb_usb_device_init()
    - media: staging/intel-ipu3: Fix memory leak in imu_fmt
    - media: staging/intel-ipu3: Fix set_fmt error handling
    - media: staging/intel-ipu3: Fix race condition during set_fmt
    - usb: gadget: dummy_hcd: fix gpf in gadget_setup
    - usb: gadget: Fix double free of device descriptor pointers
    - usb: gadget/function/f_fs string table fix for multiple languages
    - usb: dwc3: gadget: Fix START_TRANSFER link state check
    - usb: dwc2: Fix session request interrupt handler
    - tty: fix memory leak in vc_deallocate
    - rsi: Use resume_noirq for SDIO
    - tracing: Map all PIDs to command lines
    - tracing: Restructure trace_clock_global() to never block
    - dm persistent data: packed struct should have an aligned() attribute too
    - dm space map common: fix division bug in sm_ll_find_free_block()
    - dm integrity: fix missing goto in bitmap_flush_interval error handling
    - dm rq: fix double free of blk_mq_tag_set in dev remove after table load
      fails
    - Linux 5.4.118
  * Focal update: v5.4.117 upstream stable release (LP: #1928823)
    - mips: Do not include hi and lo in clobber list for R6
    - ACPI: tables: x86: Reserve memory occupied by ACPI tables
    - ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade()
    - net: usb: ax88179_178a: initialize local variables before use
    - igb: Enable RSS for Intel I211 Ethernet Controller
    - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd()
    - bpf: Fix masking negation logic upon negative dst register
    - bpf: Fix leakage of uninitialized bpf stack under speculation
    - avoid __memcat_p link failure
    - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd()
    - perf data: Fix error return code in perf_data__create_dir()
    - perf ftrace: Fix access to pid in array when setting a pid filter
    - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX
    - USB: Add reset-resume quirk for WD19's Realtek Hub
    - platform/x86: thinkpad_acpi: Correct thermal sensor allocation
    - scsi: ufs: Unlock on a couple error paths
    - ovl: allow upperdir inside lowerdir
    - perf/core: Fix unconditional security_locked_down() call
    - vfio: Depend on MMU
    - Linux 5.4.117
  * r8152 tx status -71 (LP: #1922651) // Focal update: v5.4.117 upstream stable
    release (LP: #1928823)
    - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet
  * Focal update: v5.4.116 upstream stable release (LP: #1928821)
    - bpf: Move off_reg into sanitize_ptr_alu
    - bpf: Ensure off_reg has no mixed signed bounds for all types
    - bpf: Rework ptr_limit into alu_limit and add common error path
    - bpf: Improve verifier error messages for users
    - bpf: Refactor and streamline bounds check into helper
    - bpf: Move sanitize_val_alu out of op switch
    - bpf: Tighten speculative pointer arithmetic mask
    - bpf: Update selftests to reflect new error states
    - Linux 5.4.116
  * Focal update: v5.4.115 upstream stable release (LP: #1927997)
    - gpio: omap: Save and restore sysconfig
    - pinctrl: lewisburg: Update number of pins in community
    - arm64: dts: allwinner: Revert SD card CD GPIO for Pine64-LTS
    - perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3
    - perf/x86/kvm: Fix Broadwell Xeon stepping in isolation_ucodes[]
    - perf auxtrace: Fix potential NULL pointer dereference
    - HID: google: add don USB id
    - HID: alps: fix error return code in alps_input_configured()
    - HID: wacom: Assign boolean values to a bool variable
    - ARM: dts: Fix swapped mmc order for omap3
    - net: geneve: check skb is large enough for IPv4/IPv6 header
    - s390/entry: save the caller of psw_idle
    - xen-netback: Check for hotplug-status existence before watching
    - cavium/liquidio: Fix duplicate argument
    - csky: change a Kconfig symbol name to fix e1000 build error
    - ia64: fix discontig.c section mismatches
    - ia64: tools: remove duplicate definition of ia64_mf() on ia64
    - x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access
    - net: hso: fix NULL-deref on disconnect regression
    - USB: CDC-ACM: fix poison/unpoison imbalance
    - Linux 5.4.115

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Fri, 18 Jun 2021 10:51:30 -0300

Changed in linux-aws-5.4 (Ubuntu Bionic):
status:	New → Fix Released

Andy Whitcroft (apw) on 2022-06-06

tags:	removed: kernel-release-tracking-bug-live
Changed in kernel-sru-workflow:
status:	In Progress → Fix Released

Kernel SRU Workflow

bionic/linux-aws-5.4: 5.4.0-1050.52~18.04.1 -proposed tracker

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
Kernel SRU Workflow	Fix Released	Medium	Unassigned
Automated-testing	Fix Released	Medium	Canonical Kernel Team
Certification-testing	Invalid	Medium	Unassigned
Prepare-package	Fix Released	Medium	Khaled El Mously
Prepare-package-lrg	Fix Released	Medium	Khaled El Mously
Prepare-package-lrm	Fix Released	Medium	Khaled El Mously
Prepare-package-lrs	Fix Released	Medium	Khaled El Mously
Prepare-package-meta	Fix Released	Medium	Khaled El Mously
Promote-signing-to-proposed	Fix Released	Medium	Unassigned
Promote-to-proposed	Fix Released	Medium	Andy Whitcroft
Promote-to-security	New	Medium	Ubuntu Stable Release Updates Team
Promote-to-updates	New	Medium	Ubuntu Stable Release Updates Team
Regression-testing	Fix Released	Medium	Canonical Kernel Team
Security-signoff	Fix Released	Medium	Canonical Security Team
Sru-review	Fix Released	Medium	Andy Whitcroft
Verification-testing	Fix Released	Medium	Canonical Kernel Team
linux-aws-5.4 (Ubuntu)
Bionic	Fix Released	Medium	Unassigned