This bug was fixed in the package linux - 5.4.0-149.166 --------------- linux (5.4.0-149.166) focal; urgency=medium * focal/linux: 5.4.0-149.166 -proposed tracker (LP: #2016591) * Focal update: v5.4.233 upstream stable release (LP: #2015909) - dma-mapping: add generic helpers for mapping sgtable objects - scatterlist: add generic wrappers for iterating over sgtable objects - drm: etnaviv: fix common struct sg_table related issues - drm/etnaviv: don't truncate physical page address - wifi: rtl8xxxu: gen2: Turn on the rate control - powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G - random: always mix cycle counter in add_latent_entropy() - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception - can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len - powerpc: dts: t208x: Disable 10G on MAC1 and MAC2 - alarmtimer: Prevent starvation by small intervals and SIG_IGN - drm/i915/gvt: fix double free bug in split_2MB_gtt_entry - mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh - uaccess: Add speculation barrier to copy_from_user() - wifi: mwifiex: Add missing compatible string for SD8787 - ext4: Fix function prototype mismatch for ext4_feat_ktype - Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs" - bpf: add missing header file include - Linux 5.4.233 * selftest: fib_tests: Always cleanup before exit (LP: #2015956) - selftest: fib_tests: Always cleanup before exit * fib_tests.sh in ubuntu_kernel_selftests was skipped silently on Focal (LP: #2015440) - selftests: Fix the executable permissions for fib_tests.sh * Debian autoreconstruct Fix restoration of execute permissions (LP: #2015498) - [Debian] autoreconstruct - fix restoration of execute permissions * kernel: fix __clear_user() inline assembly constraints (LP: #2013088) - s390/uaccess: add missing earlyclobber annotations to __clear_user() * i/o error if next unused loop device is queried (LP: #1856871) - loop: fix I/O error on fsync() in detached loop devices * CVE-2023-1075 - net/tls: tls_is_tx_ready() checked list_entry * Focal update: v5.4.232 upstream stable release (LP: #2011625) - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX - scsi: Revert "scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT" - WRITE is "data source", not destination... - fix iov_iter_bvec() "direction" argument - fix "direction" argument of iov_iter_kvec() - netrom: Fix use-after-free caused by accept on already connected socket - netfilter: br_netfilter: disable sabotage_in hook after first suppression - squashfs: harden sanity check in squashfs_read_xattr_id_table - net: phy: meson-gxl: Add generic dummy stubs for MMD register access - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate - ata: libata: Fix sata_down_spd_limit() when no link speed is reported - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking - virtio-net: Keep stop() to follow mirror sequence of open() - net: openvswitch: fix flow memory leak in ovs_flow_cmd_new - efi: fix potential NULL deref in efi_mem_reserve_persistent - scsi: target: core: Fix warning on RT kernels - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress - i2c: rk3x: fix a bunch of kernel-doc warnings - net/x25: Fix to not accept on connected socket - iio: adc: stm32-dfsdm: fill module aliases - usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API - usb: dwc3: qcom: enable vbus override when in OTG dr-mode - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF - Input: i8042 - move __initconst to fix code styling warning - Input: i8042 - merge quirk tables - Input: i8042 - add TUXEDO devices to i8042 quirk tables - Input: i8042 - add Clevo PCX0DX to i8042 quirk table - fbcon: Check font dimension limits - watchdog: diag288_wdt: do not use stack buffers for hardware data - watchdog: diag288_wdt: fix __diag288() inline assembly - efi: Accept version 2 of memory attributes table - iio: hid: fix the retval in accel_3d_capture_sample - iio: adc: berlin2-adc: Add missing of_node_put() in error path - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others - parisc: Fix return code of pdc_iodc_print() - parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case - riscv: disable generation of unwind tables - mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() - mm/swapfile: add cond_resched() in get_swap_pages() - Squashfs: fix handling and sanity checking of xattr_ids count - nvmem: core: fix cell removal on error - mm: swap: properly update readahead statistics in unuse_pte_range() - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() - serial: 8250_dma: Fix DMA Rx completion race - serial: 8250_dma: Fix DMA Rx rearm race - powerpc/imc-pmu: Revert nest_init_lock to being a mutex - fbdev: smscufx: fix error handling code in ufx_usb_probe - f2fs: fix to do sanity check on i_extra_isize in is_alive() - wifi: brcmfmac: Check the count value of channel spec to prevent out-of- bounds reads - iio:adc:twl6030: Enable measurement of VAC - btrfs: limit device extents to the device size - btrfs: zlib: zero-initialize zlib workspace - ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control() - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw - can: j1939: do not wait 250 ms if the same addr was already claimed - IB/hfi1: Restore allocated resources on failed copyout - IB/IPoIB: Fix legacy IPoIB due to wrong number of queues - iommu: Add gfp parameter to iommu_ops::map - RDMA/usnic: use iommu_map_atomic() under spin_lock() - xfrm: fix bug with DSCP copy to v6 from v4 tunnel - bonding: fix error checking in bond_debug_reregister() - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY - ionic: clean interrupt before enabling queue to avoid credit race - ice: Do not use WQ_MEM_RECLAIM flag for workqueue - rds: rds_rm_zerocopy_callback() use list_first_entry() - selftests: forwarding: lib: quote the sysctl values - ALSA: pci: lx6464es: fix a debug loop - pinctrl: aspeed: Fix confusing types in return value - pinctrl: single: fix potential NULL dereference - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode - net: USB: Fix wrong-direction WARNING in plusb.c - usb: core: add quirk for Alcor Link AK9563 smartcard reader - usb: typec: altmodes/displayport: Fix probe pin assign check - ceph: flush cap releases when the session is flushed - riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive - arm64: dts: meson-g12-common: Make mmc host controller interrupts level- sensitive - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive - nvme-pci: Move enumeration by class to be last in the table - bpf: Always return target ifindex in bpf_fib_lookup - migrate: hugetlb: check for hugetlb shared PMD in node migration - selftests/bpf: Verify copy_register_state() preserves parent/live fields - ASoC: cs42l56: fix DT probe - tools/virtio: fix the vringh test for virtio ring changes - net/rose: Fix to not accept on connected socket - net: stmmac: do not stop RX_CLK in Rx LPI state for qcs404 SoC - net: sched: sch: Bounds check priority - s390/decompressor: specify __decompress() buf len to avoid overflow - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association - aio: fix mremap after fork null-deref - btrfs: free device in btrfs_close_devices for a single device filesystem - netfilter: nft_tproxy: restrict to prerouting hook - xfs: remove the xfs_efi_log_item_t typedef - xfs: remove the xfs_efd_log_item_t typedef - xfs: remove the xfs_inode_log_item_t typedef - xfs: factor out a xfs_defer_create_intent helper - xfs: merge the ->log_item defer op into ->create_intent - xfs: merge the ->diff_items defer op into ->create_intent - xfs: turn dfp_intent into a xfs_log_item - xfs: refactor xfs_defer_finish_noroll - xfs: log new intent items created as part of finishing recovered intent items - xfs: fix finobt btree block recovery ordering - xfs: proper replay of deferred ops queued during log recovery - xfs: xfs_defer_capture should absorb remaining block reservations - xfs: xfs_defer_capture should absorb remaining transaction reservation - xfs: clean up bmap intent item recovery checking - xfs: clean up xfs_bui_item_recover iget/trans_alloc/ilock ordering - xfs: fix an incore inode UAF in xfs_bui_recover - xfs: change the order in which child and parent defer ops are finished - xfs: periodically relog deferred intent items - xfs: expose the log push threshold - xfs: only relog deferred intent items if free space in the log gets low - xfs: fix missing CoW blocks writeback conversion retry - xfs: ensure inobt record walks always make forward progress - xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks - xfs: prevent UAF in xfs_log_item_in_current_chkpt - xfs: sync lazy sb accounting on quiesce of read-only mounts - Revert "ipv4: Fix incorrect route flushing when source address is deleted" - ipv4: Fix incorrect route flushing when source address is deleted - mmc: sdio: fix possible resource leaks in some error paths - mmc: mmc_spi: fix error handling in mmc_spi_probe() - ALSA: hda/conexant: add a new hda codec SN6180 - ALSA: hda/realtek - fixed wrong gpio assigned - sched/psi: Fix use-after-free in ep_remove_wait_queue() - hugetlb: check for undefined shift on 32 bit architectures - Revert "mm: Always release pages to the buddy allocator in memblock_free_late()." - net: Fix unwanted sign extension in netdev_stats_to_stats64() - revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" - ixgbe: allow to increase MTU to 3K with XDP enabled - i40e: add double of VLAN header when computing the max MTU - net: bgmac: fix BCM5358 support by setting correct flags - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list - dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions. - net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path - net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence - bnxt_en: Fix mqprio and XDP ring checking logic - net: stmmac: Restrict warning on disabling DMA store and fwd mode - ixgbe: add double of VLAN header when computing the max MTU - ipv6: Fix datagram socket connection with DSCP. - ipv6: Fix tcp socket connection with DSCP. - i40e: Add checking for null for nlmsg_find_attr() - kvm: initialize all of the kvm_debugregs structure before sending it to userspace - nilfs2: fix underflow in second superblock position calculations - ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak - net: sched: sch: Fix off by one in htb_activate_prios() - iommu/amd: Pass gfp flags to iommu_map_page() in amd_iommu_map() - Linux 5.4.232 * CVE-2023-1118 - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() -- Stefan Bader