This bug was fixed in the package linux-azure - 5.4.0-1064.67 --------------- linux-azure (5.4.0-1064.67) focal; urgency=medium * focal/linux-azure: 5.4.0-1064.67 -proposed tracker (LP: #1949816) * Packaging resync (LP: #1786013) - [Packaging] update Ubuntu.md * Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (LP: #1937078) - Drivers: hv: vmbus: Fix duplicate CPU assignments within a device * linux-azure: make mana.ko built-in (LP: #1949357) - [Config] CONFIG_MICROSOFT_MANA=y [ Ubuntu: 5.4.0-91.102 ] * focal/linux: 5.4.0-91.102 -proposed tracker (LP: #1949840) * Packaging resync (LP: #1786013) - [Packaging] update Ubuntu.md - debian/dkms-versions -- update from kernel-versions (main/2021.11.08) * KVM emulation failure when booting into VM crash kernel with multiple CPUs (LP: #1948862) - KVM: x86: Properly reset MMU context at vCPU RESET/INIT * aufs: kernel bug with apparmor and fuseblk (LP: #1948470) - SAUCE: aufs: bugfix, stop omitting path->mnt * ebpf: bpf_redirect fails with ip6 gre interfaces (LP: #1947164) - net: handle ARPHRD_IP6GRE in dev_is_mac_header_xmit() * require CAP_NET_ADMIN to attach N_HCI ldisc (LP: #1949516) - Bluetooth: hci_ldisc: require CAP_NET_ADMIN to attach N_HCI ldisc * ACL updates on OCFS2 are not revalidated (LP: #1947161) - ocfs2: fix remounting needed after setfacl command * ppc64 BPF JIT mod by 1 will not return 0 (LP: #1948351) - powerpc/bpf: Fix BPF_MOD when imm == 1 * Drop "UBUNTU: SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan is active" (LP: #1947709) - Revert "UBUNTU: SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan is active" * Reassign I/O Path of ConnectX-5 Port 1 before Port 2 causes NULL dereference (LP: #1943464) - s390/pci: fix leak of PCI device structure - s390/pci: fix use after free of zpci_dev - s390/pci: fix zpci_zdev_put() on reserve * [SRU][F] USB: serial: pl2303: add support for PL2303HXN (LP: #1948377) - USB: serial: pl2303: add support for PL2303HXN - USB: serial: pl2303: fix line-speed handling on newer chips * Focal update: v5.4.151 upstream stable release (LP: #1947888) - tty: Fix out-of-bound vmalloc access in imageblit - cpufreq: schedutil: Use kobject release() method to free sugov_tunables - cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory - usb: cdns3: fix race condition before setting doorbell - fs-verity: fix signed integer overflow with i_size near S64_MAX - hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field - hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field - hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field - scsi: ufs: Fix illegal offset in UPIU event trace - mac80211: fix use-after-free in CCMP/GCMP RX - x86/kvmclock: Move this_cpu_pvti into kvmclock.h - drm/amd/display: Pass PCI deviceid into DC - ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap - mac80211: mesh: fix potentially unaligned access - mac80211-hwsim: fix late beacon hrtimer handling - sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb - hwmon: (tmp421) report /PVLD condition as fault - hwmon: (tmp421) fix rounding for negative values - net: ipv4: Fix rtnexthop len when RTA_FLOW is present - e100: fix length calculation in e100_get_regs_len - e100: fix buffer overrun in e100_get_regs - selftests, bpf: test_lwt_ip_encap: Really disable rp_filter - scsi: csiostor: Add module softdep on cxgb4 - net: hns3: do not allow call hns3_nic_net_open repeatedly - net: sched: flower: protect fl_walk() with rcu - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses - perf/x86/intel: Update event constraints for ICX - elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings - debugfs: debugfs_create_file_size(): use IS_ERR to check for error - ipack: ipoctal: fix stack information leak - ipack: ipoctal: fix tty registration race - ipack: ipoctal: fix tty-registration error handling - ipack: ipoctal: fix missing allocation-failure check - ipack: ipoctal: fix module reference leak - ext4: fix loff_t overflow in ext4_max_bitmap_size() - ext4: fix reserved space counter leakage - ext4: fix potential infinite loop in ext4_dx_readdir() - HID: u2fzero: ignore incomplete packets without data - net: udp: annotate data race around udp_sk(sk)->corkflag - net: stmmac: don't attach interface until resume finishes - PCI: Fix pci_host_bridge struct device release/free handling - libnvdimm/pmem: Fix crash triggered when I/O in-flight during unbind - hso: fix bailout in error case of probe - usb: hso: fix error handling code of hso_create_net_device - usb: hso: remove the bailout parameter - crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() - HID: betop: fix slab-out-of-bounds Write in betop_probe - netfilter: ipset: Fix oversized kvmalloc() calls - HID: usbhid: free raw_report buffers in usbhid_stop - Linux 5.4.151 * Focal update: v5.4.150 upstream stable release (LP: #1947886) - usb: gadget: r8a66597: fix a loop in set_feature() - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() - cifs: fix incorrect check for null pointer in header_assemble - xen/x86: fix PV trap handling on secondary processors - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter - USB: cdc-acm: fix minor-number release - binder: make sure fd closes complete - staging: greybus: uart: fix tty use after free - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk - USB: serial: mos7840: remove duplicated 0xac24 device ID - USB: serial: option: add Telit LN920 compositions - USB: serial: option: remove duplicate USB device ID - USB: serial: option: add device id for Foxconn T99W265 - mcb: fix error handling in mcb_alloc_bus() - erofs: fix up erofs_lookup tracepoint - btrfs: prevent __btrfs_dump_space_info() to underflow its free space - serial: mvebu-uart: fix driver's tx_empty callback - net: hso: fix muxed tty registration - afs: Fix incorrect triggering of sillyrename on 3rd-party invalidation - platform/x86/intel: punit_ipc: Drop wrong use of ACPI_PTR() - enetc: Fix illegal access when reading affinity_hint - bnxt_en: Fix TX timeout when TX ring size is set to the smallest - net/smc: add missing error check in smc_clc_prfx_set() - gpio: uniphier: Fix void functions to remove return value - qed: rdma - don't wait for resources under hw error recovery flow - net/mlx4_en: Don't allow aRFS for encapsulated packets - scsi: iscsi: Adjust iface sysfs attr detection - tty: synclink_gt, drop unneeded forward declarations - tty: synclink_gt: rename a conflicting function name - fpga: machxo2-spi: Return an error on failure - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() - cifs: fix a sign extension bug - scsi: qla2xxx: Restore initiator in dual mode - scsi: lpfc: Use correct scnprintf() limit - irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build - irqchip/gic-v3-its: Fix potential VPE leak on error - md: fix a lock order reversal in md_alloc - blktrace: Fix uaf in blk_trace access after removing by sysfs - net: macb: fix use after free on rmmod - net: stmmac: allow CSR clock of 300MHz - m68k: Double cast io functions to unsigned long - ipv6: delay fib6_sernum increase in fib6_add - bpf: Add oversize check before call kvcalloc() - xen/balloon: use a kernel thread instead a workqueue - nvme-multipath: fix ANA state updates when a namespace is not present - sparc32: page align size in arch_dma_alloc - blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd - compiler.h: Introduce absolute_pointer macro - net: i825xx: Use absolute_pointer for memcpy from fixed memory location - sparc: avoid stringop-overread errors - qnx4: avoid stringop-overread errors - parisc: Use absolute_pointer() to define PAGE0 - arm64: Mark __stack_chk_guard as __ro_after_init - alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile - net: 6pack: Fix tx timeout and slot time - spi: Fix tegra20 build with CONFIG_PM=n - EDAC/synopsys: Fix wrong value type assignment for edac_mode - thermal/drivers/int340x: Do not set a wrong tcc offset on resume - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space - xen/balloon: fix balloon kthread freezing - qnx4: work around gcc false positive warning bug - Linux 5.4.150 * ACL updates on OCFS2 are not revalidated (LP: #1947161) // Focal update: v5.4.150 upstream stable release (LP: #1947886) - ocfs2: drop acl cache for directories too * Focal update: v5.4.149 upstream stable release (LP: #1947885) - PCI: pci-bridge-emul: Fix big-endian support - PCI: aardvark: Indicate error in 'val' when config read fails - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register - PCI: aardvark: Fix reporting CRS value - PCI/ACPI: Add Ampere Altra SOC MCFG quirk - KVM: remember position in kvm->vcpus array - console: consume APC, DM, DCS - s390/pci_mmio: fully validate the VMA before calling follow_pte() - ARM: Qualify enabling of swiotlb_init() - apparmor: remove duplicate macro list_entry_is_head() - ARM: 9077/1: PLT: Move struct plt_entries definition to header - ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link() - ARM: 9079/1: ftrace: Add MODULE_PLTS support - ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE - sctp: validate chunk size in __rcv_asconf_lookup - sctp: add param size validation for SCTP_PARAM_SET_PRIMARY - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() - um: virtio_uml: fix memory leak on init failures - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ - thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() - 9p/trans_virtio: Remove sysfs file on probe failure - prctl: allow to setup brk for et_dyn executables - nilfs2: use refcount_dec_and_lock() to fix potential UAF - profiling: fix shift-out-of-bounds bugs - pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered - phy: avoid unnecessary link-up delay in polling mode - net: stmmac: reset Tx desc base address before restarting Tx - Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH - thermal/core: Fix thermal_cooling_device_register() prototype - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() - parisc: Move pci_dev_is_behind_card_dino to where it is used - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE - dmaengine: ioat: depends on !UML - dmaengine: xilinx_dma: Set DMA mask for coherent APIs - ceph: request Fw caps before updating the mtime in ceph_write_iter - ceph: lockdep annotations for try_nonblocking_invalidate - btrfs: fix lockdep warning while mounting sprout fs - nilfs2: fix memory leak in nilfs_sysfs_create_device_group - nilfs2: fix NULL pointer in nilfs_##name##_attr_release - nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group - nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group - nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group - nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group - pwm: img: Don't modify HW state in .remove() callback - pwm: rockchip: Don't modify HW state in .remove() callback - pwm: stm32-lp: Don't modify HW state in .remove() callback - blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() - rtc: rx8010: select REGMAP_I2C - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV - Linux 5.4.149 -- Krzysztof Kozlowski