Ubuntu
linux-azure package

Azure: keys: Do not cache key in task struct if key is requested from kernel thread

Bug #2017801 reported by Tim Gardner on 2023-04-26

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux-azure (Ubuntu)	Fix Released	Undecided	Unassigned
	Focal	Fix Released	Medium	Tim Gardner

Bug Description

SRU Justification

[Impact]

The key which gets cached in task structure from a kernel thread does not
get invalidated even after expiry. Due to which, a new key request from
kernel thread will be served with the cached key if it's present in task
struct irrespective of the key validity.

[Fix]

commit 47f9e4c924025c5be87959d3335e66fcbb7f6b5c ('keys: Do not cache key in task struct if key is requested from kernel thread')
Fixes: 7743c48e54ee ("keys: Cache result of request_key*() temporarily in task_struct")

[Regression potential]

DNS keys used by CIFS could get confused.

[Other Info]

Though this commit is part of stable updates v5.4.240, MSFT has requested that it be applied in advance since Focal is only up to v5.4.233. Linux-azure 5.4 is the only kernel that does not have this patch.

SF: #00359129

See original description

Tags:

CVE References

Tim Gardner (timg-tpi) on 2023-04-26

affects:	linux (Ubuntu) → linux-azure (Ubuntu)
Changed in linux-azure (Ubuntu):
status:	New → Fix Released
Changed in linux-azure (Ubuntu Focal):
assignee:	nobody → Tim Gardner (timg-tpi)
importance:	Undecided → Medium
status:	New → In Progress
description:	updated

Revision history for this message

Tim Gardner (timg-tpi) wrote on 2023-04-26:

https://lists.ubuntu.com/archives/kernel-team/2023-April/139134.html

Tim Gardner (timg-tpi) on 2023-04-26

Changed in linux-azure (Ubuntu Focal):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-06-06:

This bug is awaiting verification that the linux-azure/5.4.0-1110.116 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-focal-linux-azure verification-needed-focal

Tim Gardner (timg-tpi) on 2023-06-08

tags:

added: verification-done-focal
removed: verification-needed-focal

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-06-21:

Download full text (198.7 KiB)

This bug was fixed in the package linux-azure - 5.4.0-1110.116

---------------
linux-azure (5.4.0-1110.116) focal; urgency=medium

* focal/linux-azure: 5.4.0-1110.116 -proposed tracker (LP: #2019349)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync getabis
    - debian/dkms-versions -- update from kernel-versions (main/2023.04.17)

  * Azure: keys: Do not cache key in task struct if key is requested from kernel
    thread (LP: #2017801)
    - keys: Do not cache key in task struct if key is requested from kernel thread

[ Ubuntu: 5.4.0-151.168 ]

This bug was fixed in the package linux-azure - 5.4.0-1110.116

---------------
linux-azure (5.4.0-1110.116) focal; urgency=medium

* focal/linux-azure: 5.4.0-1110.116 -proposed tracker (LP: #2019349)

* Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync getabis
    - debian/dkms-versions -- update from kernel-versions (main/2023.04.17)

* Azure: keys: Do not cache key in task struct if key is requested from kernel
    thread (LP: #2017801)
    - keys: Do not cache key in task struct if key is requested from kernel thread

[ Ubuntu: 5.4.0-151.168 ]

* focal/linux: 5.4.0-151.168 -proposed tracker (LP: #2019375)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - debian/dkms-versions -- update from kernel-versions (main/2023.05.15)
  * CVE-2023-32233
    - netfilter: nf_tables: deactivate anonymous set from preparation phase
  * CVE-2023-2612
    - SAUCE: shiftfs: prevent lock unbalance in shiftfs_create_object()
  * CVE-2023-31436
    - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
  * CVE-2023-1380
    - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
  * Focal update: Focal update: v5.4.235 upstream stable release (LP: #2017706)
    - HID: asus: Remove check for same LED brightness on set
    - HID: asus: use spinlock to protect concurrent accesses
    - HID: asus: use spinlock to safely schedule workers
    - ARM: OMAP2+: Fix memory leak in realtime_counter_init()
    - arm64: dts: qcom: qcs404: use symbol names for PCIe resets
    - ARM: zynq: Fix refcount leak in zynq_early_slcr_init
    - arm64: dts: meson-gx: Fix Ethernet MAC address unit name
    - arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name
    - arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address
    - arm64: dts: meson: remove CPU opps below 1GHz for G12A boards
    - ARM: OMAP1: call platform_device_put() in error case in
      omap1_dm_timer_init()
    - ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato
    - ARM: imx: Call ida_simple_remove() for ida_simple_get
    - arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
    - arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
    - arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible
    - arm64: dts: amlogic: meson-gx: add missing unit address to rng node name
    - arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node
      name
    - arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name
    - ARM: dts: imx7s: correct iomuxc gpr mux controller cells
    - arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
    - Revert "scsi: core: run queue if SCSI device queue isn't ready and queue is
      idle"
    - block: Limit number of items taken from the I/O scheduler in one go
    - blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx
    - blk-mq: wait on correct sbitmap_queue in blk_mq_mark_tag_wait
    - blk-mq: correct stale comment of .get_budget
    - s390/dasd: Prepare for additional path event handling
    - s390/dasd: Fix potential memleak in dasd_eckd_init()
    - sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity()
    - sched/rt: pick_next_rt_entity(): check list_entry
    - block: bio-integrity: Copy flags when bio_integrity_payload is cloned
    - wifi: rsi: Fix memory leak in rsi_coex_attach()
    - net/wireless: Delete unnecessary checks before the macro call
      “dev_kfree_skb”
    - wifi: iwlegacy: common: don't call dev_kfree_skb() under spin_lock_irqsave()
    - wifi: libertas: fix memory leak in lbs_init_adapter()
    - wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave()
    - rtlwifi: fix -Wpointer-sign warning
    - wifi: rtlwifi: Fix global-out-of-bounds bug in
      _rtl8812ae_phy_set_txpower_limit()
    - ipw2x00: switch from 'pci_' to 'dma_' API
    - wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave()
    - wifi: ipw2200: fix memory leak in ipw_wdev_init()
    - wilc1000: let wilc_mac_xmit() return NETDEV_TX_OK
    - wifi: wilc1000: fix potential memory leak in wilc_mac_xmit()
    - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
    - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
    - wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave()
    - wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave()
    - wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave()
    - wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave()
    - wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave()
    - crypto: x86/ghash - fix unaligned access in ghash_setkey()
    - ACPICA: Drop port I/O validation for some regions
    - genirq: Fix the return type of kstat_cpu_irqs_sum()
    - lib/mpi: Fix buffer overrun when SG is too long
    - ACPICA: nsrepair: handle cases without a return value correctly
    - wifi: orinoco: check return value of hermes_write_wordrec()
    - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback
      function
    - ath9k: hif_usb: simplify if-if to if-else
    - ath9k: htc: clean up statistics macros
    - wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
    - wifi: ath9k: Fix potential stack-out-of-bounds write in
      ath9k_wmi_rsp_callback()
    - ACPI: battery: Fix missing NUL-termination with large strings
    - crypto: ccp - Failure on re-initialization due to duplicate sysfs filename
    - crypto: essiv - remove redundant null pointer check before kfree
    - crypto: essiv - Handle EBUSY correctly
    - crypto: seqiv - Handle EBUSY correctly
    - powercap: fix possible name leak in powercap_register_zone()
    - net/mlx5: Enhance debug print in page allocation failure
    - irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains
    - irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe
    - irqchip/ti-sci: Fix refcount leak in ti_sci_intr_irq_domain_probe
    - mptcp: add sk_stop_timer_sync helper
    - net: add sock_init_data_uid()
    - tun: tun_chr_open(): correctly initialize socket uid
    - tap: tap_open(): correctly initialize socket uid
    - OPP: fix error checking in opp_migrate_dentry()
    - Bluetooth: L2CAP: Fix potential user-after-free
    - libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
    - rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
    - crypto: rsa-pkcs1pad - Use akcipher_request_complete
    - m68k: /proc/hardware should depend on PROC_FS
    - RISC-V: time: initialize hrtimer based broadcast clock event device
    - usb: gadget: udc: Avoid tasklet passing a global
    - wifi: iwl3945: Add missing check for create_singlethread_workqueue
    - wifi: iwl4965: Add missing check for create_singlethread_workqueue()
    - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
    - crypto: crypto4xx - Call dma_unmap_page when done
    - wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
    - thermal/drivers/hisi: Drop second sensor hi3660
    - can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a
      bus error
    - irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts
    - irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts
    - selftests/net: Interpret UDP_GRO cmsg data as an int value
    - drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats
    - drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
    - drm/bridge: megachips: Fix error handling in i2c_register_driver()
    - drm/vc4: dpi: Add option for inverting pixel clock and output enable
    - drm/vc4: dpi: Fix format mapping for RGB565
    - gpu: ipu-v3: common: Add of_node_put() for reference returned by
      of_graph_get_port_by_id()
    - drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
    - pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain
    - ASoC: fsl_sai: initialize is_dsp_mode flag
    - ALSA: hda/ca0132: minor fix for allocation size
    - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
    - drm/msm: use strscpy instead of strncpy
    - drm/msm/dpu: Add check for cstate
    - drm/msm/dpu: Add check for pstates
    - drm/exynos: Don't reset bridge->next
    - drm/bridge: Rename bridge helpers targeting a bridge chain
    - drm/bridge: Introduce drm_bridge_get_next_bridge()
    - drm: Initialize struct drm_crtc_state.no_vblank from device settings
    - drm/msm/mdp5: Add check for kzalloc
    - gpu: host1x: Don't skip assigning syncpoints to channels
    - drm/mediatek: remove cast to pointers passed to kfree
    - drm/mediatek: Use NULL instead of 0 for NULL pointer
    - drm/mediatek: Drop unbalanced obj unref
    - drm/mediatek: Clean dangling pointer on bind error path
    - ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress()
    - gpio: vf610: connect GPIO label to dev name
    - hwmon: (ltc2945) Handle error case in ltc2945_value_store
    - scsi: aic94xx: Add missing check for dma_map_single()
    - spi: bcm63xx-hsspi: fix pm_runtime
    - spi: bcm63xx-hsspi: Fix multi-bit mode setting
    - hwmon: (mlxreg-fan) Return zero speed for broken fan
    - dm: remove flush_scheduled_work() during local_exit()
    - spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one()
    - ASoC: dapm: declare missing structure prototypes
    - ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not declared
    - HID: bigben: use spinlock to protect concurrent accesses
    - HID: bigben_worker() remove unneeded check on report_field
    - HID: bigben: use spinlock to safely schedule workers
    - HID: asus: Only set EV_REP if we are adding a mapping
    - HID: asus: Add report_size to struct asus_touchpad_info
    - HID: asus: Add support for multi-touch touchpad on Medion Akoya E1239T
    - HID: asus: Fix mute and touchpad-toggle keys on Medion Akoya E1239T
    - hid: bigben_probe(): validate report count
    - nfsd: fix race to check ls_layouts
    - cifs: Fix lost destroy smbd connection when MR allocate failed
    - cifs: Fix warning and UAF when destroy the MR list
    - gfs2: jdata writepage fix
    - perf llvm: Fix inadvertent file creation
    - perf tools: Fix auto-complete on aarch64
    - sparc: allow PM configs for sparc32 COMPILE_TEST
    - mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()
    - clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents
    - clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents
    - mtd: rawnand: sunxi: Fix the size of the last OOB region
    - clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed
    - clk: renesas: cpg-mssr: Use enum clk_reg_layout instead of a boolean flag
    - clk: renesas: cpg-mssr: Remove superfluous check in resume code
    - Input: ads7846 - don't report pressure for ads7845
    - Input: ads7846 - don't check penirq immediately for 7845
    - clk: qcom: gpucc-sdm845: fix clk_dis_wait being programmed for CX GDSC
    - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE
    - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled()
    - powerpc/pseries/lpar: add missing RTAS retry status handling
    - powerpc/pseries/lparcfg: add missing RTAS retry status handling
    - powerpc/rtas: make all exports GPL
    - powerpc/rtas: ensure 4KB alignment for rtas_data_buf
    - powerpc/eeh: Small refactor of eeh_handle_normal_event()
    - powerpc/eeh: Set channel state after notifying the drivers
    - MIPS: SMP-CPS: fix build error when HOTPLUG_CPU not set
    - MIPS: vpe-mt: drop physical_memsize
    - remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers
    - media: platform: ti: Add missing check for devm_regulator_get
    - powerpc: Remove linker flag from KBUILD_AFLAGS
    - media: ov5675: Fix memleak in ov5675_init_controls()
    - media: i2c: ov772x: Fix memleak in ov772x_probe()
    - media: i2c: ov7670: 0 instead of -EINVAL was returned
    - media: usb: siano: Fix use after free bugs caused by do_submit_urb
    - rpmsg: glink: Avoid infinite loop on intent for missing channel
    - udf: Define EFSCORRUPTED error code
    - ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy
    - blk-iocost: fix divide by 0 error in calc_lcoefs()
    - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()
    - rcu: Suppress smp_processor_id() complaint in
      synchronize_rcu_expedited_wait()
    - thermal: intel: Fix unsigned comparison with less than zero
    - timers: Prevent union confusion from unexpected restart_syscall()
    - x86/bugs: Reset speculation control settings on init
    - wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-
      of-bounds
    - wifi: mt7601u: fix an integer underflow
    - inet: fix fast path in __inet_hash_connect()
    - ice: add missing checks for PF vsi type
    - ACPI: Don't build ACPICA with '-Os'
    - net: bcmgenet: Add a check for oversized packets
    - m68k: Check syscall_trace_enter() return code
    - wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup
    - ACPI: video: Fix Lenovo Ideapad Z570 DMI match
    - net/mlx5: fw_tracer: Fix debug print
    - coda: Avoid partial allocation of sig_inputArgs
    - uaccess: Add minimum bounds check on kernel buffer size
    - drm/amd/display: Fix potential null-deref in dm_resume
    - drm/omap: dsi: Fix excessive stack usage
    - HID: Add Mapping for System Microphone Mute
    - drm/radeon: free iio for atombios when driver shutdown
    - drm/msm/dsi: Add missing check for alloc_ordered_workqueue
    - docs/scripts/gdb: add necessary make scripts_gdb step
    - ASoC: kirkwood: Iterate over array indexes instead of using pointer math
    - regulator: max77802: Bounds check regulator id against opmode
    - regulator: s5m8767: Bounds check id indexing into arrays
    - hwmon: (coretemp) Simplify platform device handling
    - pinctrl: at91: use devm_kasprintf() to avoid potential leaks
    - drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5
    - dm thin: add cond_resched() to various workqueue loops
    - dm cache: add cond_resched() to various workqueue loops
    - nfsd: zero out pointers after putting nfsd_files on COPY setup error
    - wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
    - firmware: coreboot: framebuffer: Ignore reserved pixel color bits
    - rtc: pm8xxx: fix set-alarm race
    - ipmi_ssif: Rename idle state and check
    - s390: discard .interp section
    - s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler
    - s390/kprobes: fix current_kprobe never cleared after kprobes reenter
    - ARM: dts: exynos: correct HDMI phy compatible in Exynos4
    - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
    - fs: hfsplus: fix UAF issue in hfsplus_put_super
    - f2fs: fix information leak in f2fs_move_inline_dirents()
    - f2fs: fix cgroup writeback accounting with fs-layer encryption
    - ocfs2: fix defrag path triggering jbd2 ASSERT
    - ocfs2: fix non-auto defrag path not working issue
    - udf: Truncate added extents on failed expansion
    - udf: Do not bother merging very long extents
    - udf: Do not update file length for failed writes to inline files
    - udf: Preserve link count of system files
    - udf: Detect system inodes linked into directory hierarchy
    - udf: Fix file corruption when appending just after end of preallocated
      extent
    - KVM: Destroy target device if coalesced MMIO unregistration fails
    - KVM: s390: disable migration mode when dirty tracking is disabled
    - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows)
    - x86/crash: Disable virt in core NMI crash handler to avoid double shootdown
    - x86/reboot: Disable virtualization in an emergency if SVM is supported
    - x86/reboot: Disable SVM, not just VMX, when stopping CPUs
    - x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
    - x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe
      range
    - x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
    - x86/microcode/AMD: Add a @cpu parameter to the reloading functions
    - x86/microcode/AMD: Fix mixed steppings support
    - x86/speculation: Allow enabling STIBP with legacy IBRS
    - Documentation/hw-vuln: Document the interaction between IBRS and STIBP
    - ima: Align ima_file_mmap() parameters with mmap_file LSM hook
    - irqdomain: Fix association race
    - irqdomain: Fix disassociation race
    - irqdomain: Drop bogus fwspec-mapping error handling
    - ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls()
    - ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC
    - ext4: optimize ea_inode block expansion
    - ext4: refuse to create ea block when umounted
    - wifi: rtl8xxxu: Use a longer retry limit of 48
    - wifi: cfg80211: Fix use after free for wext
    - thermal: intel: powerclamp: Fix cur_state for multi package system
    - dm flakey: fix logic when corrupting a bio
    - dm flakey: don't corrupt the zero page
    - ARM: dts: exynos: correct TMU phandle in Exynos4
    - ARM: dts: exynos: correct TMU phandle in Odroid XU
    - rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
    - alpha: fix FEN fault handling
    - mips: fix syscall_get_nr
    - media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
    - mm: memcontrol: deprecate charge moving
    - mm/thp: check and bail out if page in deferred queue already
    - ktest.pl: Give back console on Ctrt^C on monitor
    - ktest.pl: Fix missing "end_monitor" when machine check fails
    - ktest.pl: Add RUN_TIMEOUT option with default unlimited
    - scsi: qla2xxx: Fix link failure in NPIV environment
    - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
    - scsi: qla2xxx: Fix erroneous link down
    - scsi: ses: Don't attach if enclosure has no components
    - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
    - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
    - scsi: ses: Fix possible desc_ptr out-of-bounds accesses
    - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
    - PCI/PM: Observe reset delay irrespective of bridge_d3
    - PCI: hotplug: Allow marking devices as disconnected during bind/unbind
    - PCI: Avoid FLR for AMD FCH AHCI adapters
    - drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv
    - drm/radeon: Fix eDP for single-display iMac11,2
    - wifi: ath9k: use proper statements in conditionals
    - kbuild: Port silent mode detection to future gnu make.
    - fs/jfs: fix shift exponent db_agl2size negative
    - pwm: sifive: Reduce time the controller lock is held
    - pwm: sifive: Always let the first pwm_apply_state succeed
    - pwm: stm32-lp: fix the check on arr and cmp registers update
    - f2fs: use memcpy_{to,from}_page() where possible
    - fs: f2fs: initialize fsdata in pagecache_write()
    - um: vector: Fix memory leak in vector_config
    - ubi: ensure that VID header offset + VID header size <= alloc, size
    - ubifs: Fix build errors as symbol undefined
    - ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
    - ubifs: Rectify space budget for ubifs_xrename()
    - ubifs: Fix wrong dirty space budget for dirty inode
    - ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
    - ubifs: Reserve one leb for each journal head while doing budget
    - ubi: Fix use-after-free when volume resizing failed
    - ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
    - ubifs: Fix memory leak in alloc_wbufs()
    - ubi: Fix possible null-ptr-deref in ubi_free_volume()
    - ubifs: Re-statistic cleaned znode count if commit failed
    - ubifs: dirty_cow_znode: Fix memleak in error handling path
    - ubifs: ubifs_writepage: Mark page dirty after writing inode failed
    - ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
    - ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
    - x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list
    - watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in
      error path
    - watchdog: Fix kmemleak in watchdog_cdev_register
    - watchdog: pcwd_usb: Fix attempting to access uninitialized memory
    - netfilter: ctnetlink: fix possible refcount leak in
      ctnetlink_create_conntrack()
    - ipv6: Add lwtunnel encap size of all siblings in nexthop calculation
    - sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop
    - net: fix __dev_kfree_skb_any() vs drop monitor
    - 9p/xen: fix version parsing
    - 9p/xen: fix connection sequence
    - 9p/rdma: unmap receive dma buffer in rdma_request()/post_recv()
    - net/mlx5: Geneve, Fix handling of Geneve object id as error code
    - nfc: fix memory leak of se_io context in nfc_genl_se_io
    - net/sched: act_sample: fix action bind logic
    - ARM: dts: spear320-hmi: correct STMPE GPIO compatible
    - tcp: tcp_check_req() can be called from process context
    - vc_screen: modify vcs_size() handling in vcs_read()
    - rtc: sun6i: Make external 32k oscillator optional
    - rtc: sun6i: Always export the internal oscillator
    - scsi: ipr: Work around fortify-string warning
    - thermal: intel: quark_dts: fix error pointer dereference
    - thermal: intel: BXT_PMIC: select REGMAP instead of depending on it
    - tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
    - firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
    - mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak
    - media: uvcvideo: Handle cameras with invalid descriptors
    - media: uvcvideo: Handle errors from calls to usb_string
    - media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910
    - media: uvcvideo: Silence memcpy() run-time false positive warnings
    - staging: emxx_udc: Add checks for dma_alloc_coherent()
    - tty: fix out-of-bounds access in tty_driver_lookup_tty()
    - tty: serial: fsl_lpuart: disable the CTS when send break signal
    - mei: bus-fixup:upon error print return values of send and receive
    - tools/iio/iio_utils:fix memory leak
    - iio: accel: mma9551_core: Prevent uninitialized variable in
      mma9551_read_status_word()
    - iio: accel: mma9551_core: Prevent uninitialized variable in
      mma9551_read_config_word()
    - usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer
      math
    - USB: ene_usb6250: Allocate enough memory for full object
    - usb: uvc: Enumerate valid values for color matching
    - kernel/fail_function: fix memory leak with using debugfs_lookup()
    - PCI: Add ACS quirk for Wangxun NICs
    - phy: rockchip-typec: Fix unsigned comparison with less than zero
    - net: tls: avoid hanging tasks on the tx_lock
    - x86/resctrl: Apply READ_ONCE/WRITE_ONCE to task_struct.{rmid,closid}
    - x86/resctl: fix scheduler confusion with 'current'
    - Bluetooth: hci_sock: purge socket queues in the destruct() callback
    - SAUCE: Revert "UBUNTU: SAUCE: Fix inet_csk_listen_start after CVE-2023-0461"
    - tcp: Fix listen() regression in 5.4.229.
    - media: uvcvideo: Provide sync and async uvc_ctrl_status_event
    - media: uvcvideo: Fix race condition with usb_kill_urb
    - dt-bindings: rtc: sun6i-a31-rtc: Loosen the requirements on the clocks
    - Linux 5.4.235
    - [Config] Drop mxsfb for armhf:generic-lpae
  * Focal update: v5.4.234 upstream stable release (LP: #2017691)
    - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc
    - ARM: dts: rockchip: add power-domains property to dp node on rk3288
    - ACPI: NFIT: fix a potential deadlock during NFIT teardown
    - btrfs: send: limit number of clones and allocated memory size
    - IB/hfi1: Assign npages earlier
    - neigh: make sure used and confirmed times are valid
    - HID: core: Fix deadloop in hid_apply_multiplier.
    - bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state
    - net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues().
    - vc_screen: don't clobber return value in vcs_read
    - dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size
    - USB: serial: option: add support for VW/Skoda "Carstick LTE"
    - USB: core: Don't hold device lock while reading the "descriptors" sysfs file
    - Linux 5.4.234
  * CVE-2023-30456
    - KVM: nVMX: add missing consistency checks for CR0 and CR4
  * CVE-2023-1859
    - 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race
      condition
  * CVE-2023-1670
    - xirc2ps_cs: Fix use after free bug in xirc2ps_detach

linux-azure (5.4.0-1109.115) focal; urgency=medium

* focal/linux-azure: 5.4.0-1109.115 -proposed tracker (LP: #2019656)

[ Ubuntu: 5.4.0-150.167 ]

* focal/linux: 5.4.0-150.167 -proposed tracker (LP: #2019682)
  * CVE-2023-32233
    - netfilter: nf_tables: deactivate anonymous set from preparation phase
  * CVE-2023-2612
    - SAUCE: shiftfs: prevent lock unbalance in shiftfs_create_object()
  * CVE-2023-31436
    - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
  * CVE-2023-1380
    - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
  * CVE-2023-30456
    - KVM: nVMX: add missing consistency checks for CR0 and CR4
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

linux-azure (5.4.0-1108.114) focal; urgency=medium

* focal/linux-azure: 5.4.0-1108.114 -proposed tracker (LP: #2016562)

[ Ubuntu: 5.4.0-149.166 ]

* focal/linux: 5.4.0-149.166 -proposed tracker (LP: #2016591)
  * Focal update: v5.4.233 upstream stable release (LP: #2015909)
    - dma-mapping: add generic helpers for mapping sgtable objects
    - scatterlist: add generic wrappers for iterating over sgtable objects
    - drm: etnaviv: fix common struct sg_table related issues
    - drm/etnaviv: don't truncate physical page address
    - wifi: rtl8xxxu: gen2: Turn on the rate control
    - powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G
    - random: always mix cycle counter in add_latent_entropy()
    - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception
    - can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len
    - powerpc: dts: t208x: Disable 10G on MAC1 and MAC2
    - alarmtimer: Prevent starvation by small intervals and SIG_IGN
    - drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
    - mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh
    - uaccess: Add speculation barrier to copy_from_user()
    - wifi: mwifiex: Add missing compatible string for SD8787
    - ext4: Fix function prototype mismatch for ext4_feat_ktype
    - Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo
      child qdiscs"
    - bpf: add missing header file include
    - Linux 5.4.233
  *  selftest: fib_tests: Always cleanup before exit  (LP: #2015956)
    - selftest: fib_tests: Always cleanup before exit
  * fib_tests.sh in ubuntu_kernel_selftests was skipped silently on Focal
    (LP: #2015440)
    - selftests: Fix the executable permissions for fib_tests.sh
  * Debian autoreconstruct Fix restoration of execute permissions (LP: #2015498)
    - [Debian] autoreconstruct - fix restoration of execute permissions
  * kernel: fix __clear_user() inline assembly constraints (LP: #2013088)
    - s390/uaccess: add missing earlyclobber annotations to __clear_user()
  * i/o error if next unused loop device is queried (LP: #1856871)
    - loop: fix I/O error on fsync() in detached loop devices
  * CVE-2023-1075
    - net/tls: tls_is_tx_ready() checked list_entry
  * Focal update: v5.4.232 upstream stable release (LP: #2011625)
    - firewire: fix memory leak for payload of request subaction to IEC 61883-1
      FCP region
    - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
    - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use
    - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
    - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX
    - scsi: Revert "scsi: core: map PQ=1, PDT=other values to
      SCSI_SCAN_TARGET_PRESENT"
    - WRITE is "data source", not destination...
    - fix iov_iter_bvec() "direction" argument
    - fix "direction" argument of iov_iter_kvec()
    - netrom: Fix use-after-free caused by accept on already connected socket
    - netfilter: br_netfilter: disable sabotage_in hook after first suppression
    - squashfs: harden sanity check in squashfs_read_xattr_id_table
    - net: phy: meson-gxl: Add generic dummy stubs for MMD register access
    - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate
    - ata: libata: Fix sata_down_spd_limit() when no link speed is reported
    - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning
    - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided
    - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy
      benchmarking
    - virtio-net: Keep stop() to follow mirror sequence of open()
    - net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
    - efi: fix potential NULL deref in efi_mem_reserve_persistent
    - scsi: target: core: Fix warning on RT kernels
    - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
    - i2c: rk3x: fix a bunch of kernel-doc warnings
    - net/x25: Fix to not accept on connected socket
    - iio: adc: stm32-dfsdm: fill module aliases
    - usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API
    - usb: dwc3: qcom: enable vbus override when in OTG dr-mode
    - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait
    - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
    - Input: i8042 - move __initconst to fix code styling warning
    - Input: i8042 - merge quirk tables
    - Input: i8042 - add TUXEDO devices to i8042 quirk tables
    - Input: i8042 - add Clevo PCX0DX to i8042 quirk table
    - fbcon: Check font dimension limits
    - watchdog: diag288_wdt: do not use stack buffers for hardware data
    - watchdog: diag288_wdt: fix __diag288() inline assembly
    - efi: Accept version 2 of memory attributes table
    - iio: hid: fix the retval in accel_3d_capture_sample
    - iio: adc: berlin2-adc: Add missing of_node_put() in error path
    - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others
    - parisc: Fix return code of pdc_iodc_print()
    - parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case
    - riscv: disable generation of unwind tables
    - mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
    - fpga: stratix10-soc: Fix return value check in s10_ops_write_init()
    - mm/swapfile: add cond_resched() in get_swap_pages()
    - Squashfs: fix handling and sanity checking of xattr_ids count
    - nvmem: core: fix cell removal on error
    - mm: swap: properly update readahead statistics in unuse_pte_range()
    - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
    - serial: 8250_dma: Fix DMA Rx completion race
    - serial: 8250_dma: Fix DMA Rx rearm race
    - powerpc/imc-pmu: Revert nest_init_lock to being a mutex
    - fbdev: smscufx: fix error handling code in ufx_usb_probe
    - f2fs: fix to do sanity check on i_extra_isize in is_alive()
    - wifi: brcmfmac: Check the count value of channel spec to prevent out-of-
      bounds reads
    - iio:adc:twl6030: Enable measurement of VAC
    - btrfs: limit device extents to the device size
    - btrfs: zlib: zero-initialize zlib workspace
    - ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()
    - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and
      trace_pipe_raw
    - can: j1939: do not wait 250 ms if the same addr was already claimed
    - IB/hfi1: Restore allocated resources on failed copyout
    - IB/IPoIB: Fix legacy IPoIB due to wrong number of queues
    - iommu: Add gfp parameter to iommu_ops::map
    - RDMA/usnic: use iommu_map_atomic() under spin_lock()
    - xfrm: fix bug with DSCP copy to v6 from v4 tunnel
    - bonding: fix error checking in bond_debug_reregister()
    - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY
    - ionic: clean interrupt before enabling queue to avoid credit race
    - ice: Do not use WQ_MEM_RECLAIM flag for workqueue
    - rds: rds_rm_zerocopy_callback() use list_first_entry()
    - selftests: forwarding: lib: quote the sysctl values
    - ALSA: pci: lx6464es: fix a debug loop
    - pinctrl: aspeed: Fix confusing types in return value
    - pinctrl: single: fix potential NULL dereference
    - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode
    - net: USB: Fix wrong-direction WARNING in plusb.c
    - usb: core: add quirk for Alcor Link AK9563 smartcard reader
    - usb: typec: altmodes/displayport: Fix probe pin assign check
    - ceph: flush cap releases when the session is flushed
    - riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte
    - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive
    - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-
      sensitive
    - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive
    - nvme-pci: Move enumeration by class to be last in the table
    - bpf: Always return target ifindex in bpf_fib_lookup
    - migrate: hugetlb: check for hugetlb shared PMD in node migration
    - selftests/bpf: Verify copy_register_state() preserves parent/live fields
    - ASoC: cs42l56: fix DT probe
    - tools/virtio: fix the vringh test for virtio ring changes
    - net/rose: Fix to not accept on connected socket
    - net: stmmac: do not stop RX_CLK in Rx LPI state for qcs404 SoC
    - net: sched: sch: Bounds check priority
    - s390/decompressor: specify __decompress() buf len to avoid overflow
    - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association
    - aio: fix mremap after fork null-deref
    - btrfs: free device in btrfs_close_devices for a single device filesystem
    - netfilter: nft_tproxy: restrict to prerouting hook
    - xfs: remove the xfs_efi_log_item_t typedef
    - xfs: remove the xfs_efd_log_item_t typedef
    - xfs: remove the xfs_inode_log_item_t typedef
    - xfs: factor out a xfs_defer_create_intent helper
    - xfs: merge the ->log_item defer op into ->create_intent
    - xfs: merge the ->diff_items defer op into ->create_intent
    - xfs: turn dfp_intent into a xfs_log_item
    - xfs: refactor xfs_defer_finish_noroll
    - xfs: log new intent items created as part of finishing recovered intent
      items
    - xfs: fix finobt btree block recovery ordering
    - xfs: proper replay of deferred ops queued during log recovery
    - xfs: xfs_defer_capture should absorb remaining block reservations
    - xfs: xfs_defer_capture should absorb remaining transaction reservation
    - xfs: clean up bmap intent item recovery checking
    - xfs: clean up xfs_bui_item_recover iget/trans_alloc/ilock ordering
    - xfs: fix an incore inode UAF in xfs_bui_recover
    - xfs: change the order in which child and parent defer ops are finished
    - xfs: periodically relog deferred intent items
    - xfs: expose the log push threshold
    - xfs: only relog deferred intent items if free space in the log gets low
    - xfs: fix missing CoW blocks writeback conversion retry
    - xfs: ensure inobt record walks always make forward progress
    - xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks
    - xfs: prevent UAF in xfs_log_item_in_current_chkpt
    - xfs: sync lazy sb accounting on quiesce of read-only mounts
    - Revert "ipv4: Fix incorrect route flushing when source address is deleted"
    - ipv4: Fix incorrect route flushing when source address is deleted
    - mmc: sdio: fix possible resource leaks in some error paths
    - mmc: mmc_spi: fix error handling in mmc_spi_probe()
    - ALSA: hda/conexant: add a new hda codec SN6180
    - ALSA: hda/realtek - fixed wrong gpio assigned
    - sched/psi: Fix use-after-free in ep_remove_wait_queue()
    - hugetlb: check for undefined shift on 32 bit architectures
    - Revert "mm: Always release pages to the buddy allocator in
      memblock_free_late()."
    - net: Fix unwanted sign extension in netdev_stats_to_stats64()
    - revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
    - ixgbe: allow to increase MTU to 3K with XDP enabled
    - i40e: add double of VLAN header when computing the max MTU
    - net: bgmac: fix BCM5358 support by setting correct flags
    - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list
    - dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.
    - net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
    - net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence
    - bnxt_en: Fix mqprio and XDP ring checking logic
    - net: stmmac: Restrict warning on disabling DMA store and fwd mode
    - ixgbe: add double of VLAN header when computing the max MTU
    - ipv6: Fix datagram socket connection with DSCP.
    - ipv6: Fix tcp socket connection with DSCP.
    - i40e: Add checking for null for nlmsg_find_attr()
    - kvm: initialize all of the kvm_debugregs structure before sending it to
      userspace
    - nilfs2: fix underflow in second superblock position calculations
    - ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak
    - net: sched: sch: Fix off by one in htb_activate_prios()
    - iommu/amd: Pass gfp flags to iommu_map_page() in amd_iommu_map()
    - Linux 5.4.232
  * CVE-2023-1118
    - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()

linux-azure (5.4.0-1107.113) focal; urgency=medium

* focal/linux-azure: 5.4.0-1107.113 -proposed tracker (LP: #2016750)

* CVE-2023-1829
    - [Config]: Make sure CONFIG_NET_CLS_TCINDEX is not available

[ Ubuntu: 5.4.0-148.165 ]

* focal/linux: 5.4.0-148.165 -proposed tracker (LP: #2016777)
  * CVE-2023-1829
    - net/sched: Retire tcindex classifier
    - [Config]: Make sure CONFIG_NET_CLS_TCINDEX is not available

linux-azure (5.4.0-1106.112) focal; urgency=medium

* focal/linux-azure: 5.4.0-1106.112 -proposed tracker (LP: #2011933)

[ Ubuntu: 5.4.0-147.164 ]

* focal/linux: 5.4.0-147.164 -proposed tracker (LP: #2011959)
  * CVE-2023-26545
    - net: mpls: fix stale pointer if allocation fails during device rename
  * CVE-2023-1281
    - rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer()
    - net/sched: tcindex: update imperfect hash filters respecting rcu
  * Focal update: v5.4.231 upstream stable release (LP: #2011226)
    - clk: generalize devm_clk_get() a bit
    - clk: Provide new devm_clk helpers for prepared and enabled clocks
    - memory: atmel-sdramc: Fix missing clk_disable_unprepare in
      atmel_ramc_probe()
    - memory: mvebu-devbus: Fix missing clk_disable_unprepare in
      mvebu_devbus_probe()
    - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts'
    - ARM: imx27: Retrieve the SYSCTRL base address from devicetree
    - ARM: imx31: Retrieve the IIM base address from devicetree
    - ARM: imx35: Retrieve the IIM base address from devicetree
    - ARM: imx: add missing of_node_put()
    - HID: intel_ish-hid: Add check for ishtp_dma_tx_map
    - EDAC/highbank: Fix memory leak in highbank_mc_probe()
    - tomoyo: fix broken dependency on *.conf.default
    - RDMA/core: Fix ib block iterator counter overflow
    - IB/hfi1: Reject a zero-length user expected buffer
    - IB/hfi1: Reserve user expected TIDs
    - IB/hfi1: Fix expected receive setup error exit issues
    - affs: initialize fsdata in affs_truncate()
    - amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent
    - amd-xgbe: Delay AN timeout during KR training
    - bpf: Fix pointer-leak due to insufficient speculative store bypass
      mitigation
    - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in
      rockchip_usb2phy_power_on()
    - net: nfc: Fix use-after-free in local_cleanup()
    - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs
    - gpio: mxc: Always set GPIOs used as interrupt source to INPUT mode
    - net/sched: sch_taprio: fix possible use-after-free
    - net: fix a concurrency bug in l2tp_tunnel_register()
    - l2tp: Serialize access to sk_user_data with sk_callback_lock
    - l2tp: Don't sleep and disable BH under writer-side sk_callback_lock
    - net: usb: sr9700: Handle negative len
    - net: mdio: validate parameter addr in mdiobus_get_phy()
    - HID: check empty report_list in hid_validate_values()
    - HID: check empty report_list in bigben_probe()
    - net: stmmac: fix invalid call to mdiobus_get_phy()
    - HID: revert CHERRY_MOUSE_000C quirk
    - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
    - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request
    - net: mlx5: eliminate anonymous module_init & module_exit
    - drm/panfrost: fix GENERIC_ATOMIC64 dependency
    - dmaengine: Fix double increment of client_count in dma_chan_get()
    - net: macb: fix PTP TX timestamp failure due to packet padding
    - HID: betop: check shape of output reports
    - dmaengine: xilinx_dma: use devm_platform_ioremap_resource()
    - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling
    - dmaengine: xilinx_dma: call of_node_put() when breaking out of
      for_each_child_of_node()
    - tcp: avoid the lookup process failing to get sk in ehash table
    - w1: fix deadloop in __w1_remove_master_device()
    - w1: fix WARNING after calling w1_process()
    - driver core: Fix test_async_probe_init saves device in wrong array
    - net: dsa: microchip: ksz9477: port map correction in ALU table entry
      register
    - tcp: fix rate_app_limited to default to 1
    - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist
    - ASoC: fsl_micfil: Correct the number of steps on SX controls
    - drm: Add orientation quirk for Lenovo ideapad D330-10IGL
    - s390/debug: add _ASM_S390_ prefix to header guard
    - cpufreq: armada-37xx: stop using 0 as NULL pointer
    - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC
    - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets
    - spi: spidev: remove debug messages that access spidev->spi without locking
    - KVM: s390: interrupt: use READ_ONCE() before cmpxchg()
    - scsi: hisi_sas: Set a port invalid only if there are no devices attached
      when refreshing port id
    - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD
    - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK
    - lockref: stop doing cpu_relax in the cmpxchg loop
    - mmc: sdhci-esdhc-imx: clear pending interrupt and halt cqhci
    - mmc: sdhci-esdhc-imx: disable the CMD CRC check for standard tuning
    - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting
    - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state
    - fs: reiserfs: remove useless new_opts in reiserfs_remount
    - Bluetooth: hci_sync: cancel cmd_timer if hci_open failed
    - scsi: hpsa: Fix allocation size for scsi_host_alloc()
    - module: Don't wait for GOING modules
    - tracing: Make sure trace_printk() can output as soon as it can be used
    - trace_events_hist: add check for return value of 'create_hist_field'
    - ftrace/scripts: Update the instructions for ftrace-bisect.sh
    - cifs: Fix oops due to uncleared server->smbd_conn in reconnect
    - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set
    - thermal: intel: int340x: Protect trip temperature from concurrent updates
    - ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment
    - EDAC/device: Respect any driver-supplied workqueue polling value
    - EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info
    - netlink: prevent potential spectre v1 gadgets
    - net: fix UaF in netns ops registration error path
    - netfilter: nft_set_rbtree: skip elements in transaction from garbage
      collection
    - netlink: annotate data races around nlk->portid
    - netlink: annotate data races around dst_portid and dst_group
    - netlink: annotate data races around sk_state
    - ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
    - ipv4: prevent potential spectre v1 gadget in fib_metrics_match()
    - netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE
    - netrom: Fix use-after-free of a listening socket.
    - net/sched: sch_taprio: do not schedule in taprio_reset()
    - sctp: fail if no bound addresses can be used for a given scope
    - net: ravb: Fix possible hang if RIS2_QFF1 happen
    - thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type()
    - net/tg3: resolve deadlock in tg3_reset_task() during EEH
    - net/phy/mdio-i2c: Move header file to include/linux/mdio
    - net: xgene: Move shared header file into include/linux
    - net: mdio-mux-meson-g12a: force internal PHY off on mux switch
    - Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI
      mode"
    - nfsd: Ensure knfsd shuts down when the "nfsd" pseudofs is unmounted
    - block: fix and cleanup bio_check_ro
    - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL
    - netfilter: conntrack: unify established states for SCTP paths
    - perf/x86/amd: fix potential integer overflow on shift of a int
    - clk: Fix pointer casting to prevent oops in devm_clk_release()
    - x86/asm: Fix an assembler warning with current binutils
    - ARM: dts: imx: Fix pca9547 i2c-mux node name
    - bpf: Skip task with pid=1 in send_signal_common()
    - blk-cgroup: fix missing pd_online_fn() while activating policy
    - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init
    - sysctl: add a new register_sysctl_init() interface
    - panic: unset panic_on_warn inside panic()
    - mm: kasan: do not panic if both panic_on_warn and kasan_multishot set
    - exit: Add and use make_task_dead.
    - objtool: Add a missing comma to avoid string concatenation
    - hexagon: Fix function name in die()
    - h8300: Fix build errors from do_exit() to make_task_dead() transition
    - csky: Fix function name in csky_alignment() and die()
    - ia64: make IA64_MCA_RECOVERY bool instead of tristate
    - exit: Put an upper limit on how often we can oops
    - exit: Expose "oops_count" to sysfs
    - exit: Allow oops_limit to be disabled
    - panic: Consolidate open-coded panic_on_warn checks
    - panic: Introduce warn_limit
    - panic: Expose "warn_count" to sysfs
    - docs: Fix path paste-o for /sys/kernel/warn_count
    - exit: Use READ_ONCE() for all oops/warn limit reads
    - ipv6: ensure sane device mtu in tunnels
    - Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt
    - usb: host: xhci-plat: add wakeup entry at sysfs
    - Revert "xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()"
    - Linux 5.4.231
  * CVE-2022-3903
    - USB: add usb_control_msg_send() and usb_control_msg_recv()
    - USB: correct API of usb_control_msg_send/recv
    - USB: move snd_usb_pipe_sanity_check into the USB core
    - media: mceusb: Use new usb_control_msg_*() routines
  * CVE-2022-3108
    - drm/amdkfd: Check for null pointer after calling kmemdup
  * Focal update: v5.4.230 upstream stable release (LP: #2008946)
    - pNFS/filelayout: Fix coalescing test for single DS
    - net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats
    - RDMA/srp: Move large values to a new enum for gcc13
    - f2fs: let's avoid panic if extent_tree is not created
    - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices
    - Add exception protection processing for vd in axi_chan_handle_err function
    - nilfs2: fix general protection fault in nilfs_btree_insert()
    - efi: fix userspace infinite retry read efivars after EFI runtime services
      page fault
    - drm/i915/gt: Reset twice
    - ALSA: hda/realtek - Turn on power early
    - xhci-pci: set the dma max_seg_size
    - usb: xhci: Check endpoint is valid before dereferencing it
    - xhci: Fix null pointer dereference when host dies
    - xhci: Add update_hub_device override for PCI xHCI hosts
    - xhci: Add a flag to disable USB3 lpm on a xhci root port level.
    - usb: acpi: add helper to check port lpm capability using acpi _DSM
    - xhci: Detect lpm incapable xHC USB3 roothub ports from ACPI tables
    - prlimit: do_prlimit needs to have a speculation check
    - USB: serial: option: add Quectel EM05-G (GR) modem
    - USB: serial: option: add Quectel EM05-G (CS) modem
    - USB: serial: option: add Quectel EM05-G (RS) modem
    - USB: serial: option: add Quectel EC200U modem
    - USB: serial: option: add Quectel EM05CN (SG) modem
    - USB: serial: option: add Quectel EM05CN modem
    - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100
    - misc: fastrpc: Don't remove map on creater_process and device_release
    - misc: fastrpc: Fix use-after-free race condition for maps
    - usb: core: hub: disable autosuspend for TI TUSB8041
    - comedi: adv_pci1760: Fix PWM instruction handling
    - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind
    - btrfs: fix race between quota rescan and disable leading to NULL pointer
      deref
    - cifs: do not include page data when checking signature
    - USB: serial: cp210x: add SCALANCE LPE-9000 device id
    - usb: host: ehci-fsl: Fix module alias
    - usb: typec: altmodes/displayport: Add pin assignment helper
    - usb: typec: altmodes/displayport: Fix pin assignment calculation
    - usb: gadget: g_webcam: Send color matching descriptor per frame
    - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
    - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210
    - dt-bindings: phy: g12a-usb3-pcie-phy: fix compatible string documentation
    - serial: pch_uart: Pass correct sg to dma_unmap_sg()
    - dmaengine: tegra210-adma: fix global intr clear
    - serial: atmel: fix incorrect baudrate setup
    - gsmi: fix null-deref in gsmi_get_variable
    - drm/i915: re-disable RC6p on Sandy Bridge
    - drm/amd/display: Fix set scaling doesn's work
    - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix
    - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN
    - mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma
    - Linux 5.4.230

[ Ubuntu: 5.4.0-146.163 ]

* focal/linux: 5.4.0-146.163 -proposed tracker (LP: #2012094)
  * NFS deathlock with last Kernel 5.4.0-144.161 and 5.15.0-67.74 (LP: #2009325)
    - NFS: Correct timing for assigning access cache timestamp

linux-azure (5.4.0-1105.111) focal; urgency=medium

* focal/linux-azure: 5.4.0-1105.111 -proposed tracker (LP: #2008363)

[ Ubuntu: 5.4.0-145.162 ]

* focal/linux: 5.4.0-145.162 -proposed tracker (LP: #2008389)
  * [SRU]Update ice driver to support E823 devices (LP: #1986717)
    - ice: Add device ids for E822 devices
    - ice: add support for E823 devices
  * btrfs/154: rename fails with EOVERFLOW when calculating item size during
    item key collision (LP: #2004132)
    - btrfs: correctly calculate item size used when item key collision happens
  * rtcpie in timers from ubuntu_kernel_selftests randomly failing
    (LP: #1814234)
    - SAUCE: selftest: rtcpie: Force passing unreliable subtest
  * [UBUNTU 20.04] KVM: s390: pv: don't allow userspace to set the clock under
    PV - kernel part (LP: #1999882)
    - KVM: s390x: fix SCK locking
    - KVM: s390: pv: don't allow userspace to set the clock under PV
  * CVE-2021-3669
    - ipc: replace costly bailout check in sysvipc_find_ipc()
  * net:fcnal-test.sh 'nettest' command not found on F/K (LP: #2006391)
    - selftests/net: Find nettest in current directory
  * xfs: Preallocated ioend transactions cause deadlock due to log buffer
    exhaustion (LP: #2007219)
    - xfs: drop submit side trans alloc for append ioends
  * CVE-2022-4382
    - USB: gadgetfs: Fix race between mounting and unmounting
  * CVE-2022-2196
    - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS
  * ubuntu_kernel_selftests: net:udpgso_bench.sh failed (LP: #1951447)
    - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs
  * net:fcnal-test.sh didn't return a non-zero value even with some sub-tests
    failed (LP: #2006692)
    - selftests: net/fcnal-test.sh: add exit code
  * Fix selftests/ftracetests/Meta-selftests in Focal (LP: #2006453)
    - SAUCE: Fix ftrace/Meta-selftests bashism check
  * CVE-2023-23559
    - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid

linux-azure (5.4.0-1104.110) focal; urgency=medium

* focal/linux-azure: 5.4.0-1104.110 -proposed tracker (LP: #2004360)

* Focal update: v5.4.226 upstream stable release (LP: #2003896)
    - [Config] azure: updateconfigs for INET_TABLE_PERTURB_ORDER

* Azure: Fix race on per-CQ variable napi_iperf panic fix (LP: #2003353)
    - net: mana: Use struct_size() in kzalloc()
    - net: mana: Fix a memory leak in an error handling path in
      'mana_create_txq()'
    - net: mana: Move NAPI from EQ to CQ
    - net: mana: Add support for EQ sharing
    - net: mana: Add WARN_ON_ONCE in case of CQE read overflow
    - net: mana: Prefer struct_size over open coded arithmetic
    - net: mana: Fix error handling in mana_create_rxq()
    - net: mana: Fix race on per-CQ variable napi work_done

* Azure: mana: Fix IRQ name - add PCI and queue number (LP: #2004604)
    - net: mana: Fix IRQ name - add PCI and queue number

[ Ubuntu: 5.4.0-144.161 ]

* focal/linux: 5.4.0-144.161 -proposed tracker (LP: #2004653)
  * CVE-2023-0461
    - SAUCE: Fix inet_csk_listen_start after CVE-2023-0461

[ Ubuntu: 5.4.0-143.160 ]

* focal/linux: 5.4.0-143.160 -proposed tracker (LP: #2004385)
  * NFS: client permission error after adding user to permissible group
    (LP: #2003053)
    - NFS: Clear the file access cache upon login
    - NFS: Judge the file access cache's timestamp in rcu path
    - NFS: Fix up a sparse warning
  * Focal update: v5.4.229 upstream stable release (LP: #2003914)
    - tracing/ring-buffer: Only do full wait when cpu != RING_BUFFER_ALL_CPUS
    - udf: Discard preallocation before extending file with a hole
    - udf: Fix preallocation discarding at indirect extent boundary
    - udf: Do not bother looking for prealloc extents if i_lenExtents matches
      i_size
    - udf: Fix extending file within last block
    - usb: gadget: uvc: Prevent buffer overflow in setup handler
    - USB: serial: option: add Quectel EM05-G modem
    - USB: serial: cp210x: add Kamstrup RF sniffer PIDs
    - USB: serial: f81232: fix division by zero on line-speed change
    - USB: serial: f81534: fix division by zero on line-speed change
    - igb: Initialize mailbox message for VF reset
    - xen-netback: move removal of "hotplug-status" to the right place
    - HID: ite: Add support for Acer S1002 keyboard-dock
    - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch 10E
    - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10
    - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk
    - net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
    - usb: musb: remove extra check in musb_gadget_vbus_draw
    - ARM: dts: qcom: apq8064: fix coresight compatible
    - arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias
    - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
    - arm: dts: spear600: Fix clcd interrupt
    - soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of
      pm_runtime_get_sync
    - soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe
    - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
    - perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init()
    - perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init()
    - arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators
    - arm64: dts: mt2712e: Fix unit address for pinctrl node
    - arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names
    - arm64: dts: mt2712-evb: Fix usb vbus regulators unit names
    - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
    - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: turris-omnia: Add ethernet aliases
    - ARM: dts: turris-omnia: Add switch port 6 node
    - arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC
    - pstore/ram: Fix error return code in ramoops_probe()
    - ARM: mmp: fix timer_read delay
    - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
    - tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
    - cpuidle: dt: Return the correct numbers of parsed idle states
    - alpha: fix syscall entry in !AUDUT_SYSCALL case
    - PM: hibernate: Fix mistake in kerneldoc comment
    - fs: don't audit the capability check in simple_xattr_list()
    - selftests/ftrace: event_triggers: wait longer for test_event_enable
    - perf: Fix possible memleak in pmu_dev_alloc()
    - timerqueue: Use rb_entry_safe() in timerqueue_getnext()
    - proc: fixup uptime selftest
    - lib/fonts: fix undefined behavior in bit shift for get_default_font
    - ocfs2: fix memory leak in ocfs2_stack_glue_init()
    - MIPS: vpe-mt: fix possible memory leak while module exiting
    - MIPS: vpe-cmp: fix possible memory leak while module exiting
    - selftests/efivarfs: Add checking of the test return value
    - PNP: fix name memory leak in pnp_alloc_dev()
    - perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
    - irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
    - EDAC/i10nm: fix refcount leak in pci_get_dev_wrapper()
    - nfsd: don't call nfsd_file_put from client states seqfile display
    - genirq/irqdesc: Don't try to remove non-existing sysfs files
    - cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()
    - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
    - lib/notifier-error-inject: fix error when writing -errno to debugfs file
    - docs: fault-injection: fix non-working usage of negative values
    - debugfs: fix error when writing negative value to atomic_t debugfs file
    - ocfs2: ocfs2_mount_volume does cleanup job before return error
    - ocfs2: rewrite error handling of ocfs2_fill_super
    - ocfs2: fix memory leak in ocfs2_mount_volume()
    - rapidio: fix possible name leaks when rio_add_device() fails
    - rapidio: rio: fix possible name leak in rio_register_mport()
    - clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled
    - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
    - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
    - xen/events: only register debug interrupt for 2-level events
    - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
    - x86/xen: Fix memory leak in xen_init_lock_cpu()
    - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
    - PM: runtime: Improve path in rpm_idle() when no callback
    - PM: runtime: Do not call __rpm_callback() from rpm_idle()
    - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
    - MIPS: BCM63xx: Add check for NULL for clk in clk_enable
    - MIPS: OCTEON: warn only once if deprecated link status is being used
    - fs: sysv: Fix sysv_nblocks() returns wrong value
    - rapidio: fix possible UAF when kfifo_alloc() fails
    - eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
    - relay: fix type mismatch when allocating memory in relay_create_buf()
    - hfs: Fix OOB Write in hfs_asc2mac
    - rapidio: devices: fix missing put_device in mport_cdev_open
    - wifi: ath9k: hif_usb: fix memory leak of urbs in
      ath9k_hif_usb_dealloc_tx_urbs()
    - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
    - wifi: rtl8xxxu: Fix reading the vendor of combo chips
    - pata_ipx4xx_cf: Fix unsigned comparison with less than zero
    - media: i2c: ad5820: Fix error path
    - can: kvaser_usb: do not increase tx statistics when sending error message
      frames
    - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
    - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to
      {leaf,usbcan}_cmd_can_error_event
    - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
    - can: kvaser_usb_leaf: Set Warning state even without bus errors
    - can: kvaser_usb_leaf: Fix improved state not being reported
    - can: kvaser_usb_leaf: Fix wrong CAN state after stopping
    - can: kvaser_usb_leaf: Fix bogus restart events
    - can: kvaser_usb: Add struct kvaser_usb_busparams
    - can: kvaser_usb: Compare requested bittiming parameters with actual
      parameters in do_set_{,data}_bittiming
    - clk: renesas: r9a06g032: Repair grave increment error
    - spi: Update reference to struct spi_controller
    - drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure
    - ima: Rename internal filter rule functions
    - ima: Fix fall-through warnings for Clang
    - ima: Handle -ESTALE returned by ima_filter_rule_match()
    - media: vivid: fix compose size exceed boundary
    - bpf: propagate precision in ALU/ALU64 operations
    - mtd: Fix device name leak when register device failed in add_mtd_device()
    - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port
    - media: camss: Clean up received buffers on failed start of streaming
    - net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write()
    - rxrpc: Fix ack.bufferSize to be 0 when generating an ack
    - drm/radeon: Add the missed acpi_put_table() to fix memory leak
    - drm/mediatek: Modify dpi power on/off sequence.
    - ASoC: pxa: fix null-pointer dereference in filter()
    - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
    - amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table()
    - integrity: Fix memory leakage in keyring allocation error path
    - ima: Fix misuse of dereference of pointer in template_desc_init_fields()
    - wifi: ath10k: Fix return value in ath10k_pci_init()
    - mtd: lpddr2_nvm: Fix possible null-ptr-deref
    - Input: elants_i2c - properly handle the reset GPIO when power is off
    - media: solo6x10: fix possible memory leak in solo_sysfs_init()
    - media: platform: exynos4-is: Fix error handling in fimc_md_init()
    - media: videobuf-dma-contig: use dma_mmap_coherent
    - bpf: Move skb->len == 0 checks into __bpf_redirect
    - HID: hid-sensor-custom: set fixed size for custom attributes
    - ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT
    - ALSA: seq: fix undefined behavior in bit shift for
      SNDRV_SEQ_FILTER_USE_EVENT
    - regulator: core: use kfree_const() to free space conditionally
    - clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
    - bonding: Export skip slave logic to function
    - bonding: Rename slave_arr to usable_slaves
    - bonding: fix link recovery in mode 2 when updelay is nonzero
    - mtd: maps: pxa2xx-flash: fix memory leak in probe
    - media: imon: fix a race condition in send_packet()
    - clk: imx8mn: correct the usb1_ctrl parent to be usb_bus
    - clk: imx: replace osc_hdmi with dummy
    - pinctrl: pinconf-generic: add missing of_node_put()
    - media: dvb-core: Fix ignored return value in dvb_register_frontend()
    - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
    - media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC
    - drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe()
    - ASoC: dt-bindings: wcd9335: fix reset line polarity in example
    - ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd
    - NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
    - NFSv4.2: Fix a memory stomp in decode_attr_security_label
    - NFSv4.2: Fix initialisation of struct nfs4_label
    - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
    - ALSA: asihpi: fix missing pci_disable_device()
    - wifi: iwlwifi: mvm: fix double free on tx path.
    - ASoC: mediatek: mt8173: Enable IRQ when pdata is ready
    - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
    - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
    - ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
    - netfilter: conntrack: set icmpv6 redirects as RELATED
    - bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data
    - bpf, sockmap: Fix data loss caused by using apply_bytes on ingress redirect
    - bonding: uninitialized variable in bond_miimon_inspect()
    - spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE
    - wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys()
      fails
    - regulator: core: fix module refcount leak in set_supply()
    - clk: qcom: clk-krait: fix wrong div2 functions
    - hsr: Avoid double remove of a node.
    - configfs: fix possible memory leak in configfs_create_dir()
    - regulator: core: fix resource leak in regulator_register()
    - bpf, sockmap: fix race in sock_map_free()
    - media: saa7164: fix missing pci_disable_device()
    - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
    - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
    - SUNRPC: Fix missing release socket in rpc_sockname()
    - NFSv4.x: Fail client initialisation if state manager thread can't run
    - mmc: alcor: fix return value check of mmc_add_host()
    - mmc: moxart: fix return value check of mmc_add_host()
    - mmc: mxcmmc: fix return value check of mmc_add_host()
    - mmc: pxamci: fix return value check of mmc_add_host()
    - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
    - mmc: toshsd: fix return value check of mmc_add_host()
    - mmc: vub300: fix return value check of mmc_add_host()
    - mmc: wmt-sdmmc: fix return value check of mmc_add_host()
    - mmc: atmel-mci: fix return value check of mmc_add_host()
    - mmc: omap_hsmmc: fix return value check of mmc_add_host()
    - mmc: meson-gx: fix return value check of mmc_add_host()
    - mmc: via-sdmmc: fix return value check of mmc_add_host()
    - mmc: wbsd: fix return value check of mmc_add_host()
    - mmc: mmci: fix return value check of mmc_add_host()
    - media: c8sectpfe: Add of_node_put() when breaking out of loop
    - media: coda: Add check for dcoda_iram_alloc
    - media: coda: Add check for kmalloc
    - clk: samsung: Fix memory leak in _samsung_clk_register_pll()
    - spi: spi-gpio: Don't set MOSI as an input if not 3WIRE mode
    - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
    - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
    - blktrace: Fix output non-blktrace event when blk_classic option enabled
    - clk: socfpga: clk-pll: Remove unused variable 'rc'
    - clk: socfpga: use clk_hw_register for a5/c5
    - clk: socfpga: Fix memory leak in socfpga_gate_init()
    - net: vmw_vsock: vmci: Check memcpy_from_msg()
    - net: defxx: Fix missing err handling in dfx_init()
    - net: stmmac: selftests: fix potential memleak in stmmac_test_arpoffload()
    - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
    - of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry()
      and find_dup_cset_prop()
    - ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
    - net: farsync: Fix kmemleak when rmmods farsync
    - net/tunnel: wait until all sk_user_data reader finish before releasing the
      sock
    - net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
    - net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
    - net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
    - net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
    - hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
    - net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
    - net: amd-xgbe: Fix logic around active and passive cables
    - net: amd-xgbe: Check only the minimum speed for active/passive cables
    - can: tcan4x5x: Remove invalid write in clear_interrupts
    - net: lan9303: Fix read error execution path
    - ntb_netdev: Use dev_kfree_skb_any() in interrupt context
    - Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
    - Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
    - Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave()
    - Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
    - Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
    - Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
    - Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
    - stmmac: fix potential division by 0
    - apparmor: fix a memleak in multi_transaction_new()
    - apparmor: fix lockdep warning when removing a namespace
    - apparmor: Fix abi check to include v8 abi
    - apparmor: Use pointer to struct aa_label for lbs_cred
    - RDMA/core: Fix order of nldev_exit call
    - f2fs: fix normal discard process
    - RDMA/siw: Fix immediate work request flush to completion queue
    - RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port
    - RDMA/siw: Set defined status for work completion with undefined status
    - scsi: scsi_debug: Fix a warning in resp_write_scat()
    - crypto: ccree - swap SHA384 and SHA512 larval hashes at build time
    - crypto: ccree - Remove debugfs when platform_driver_register failed
    - PCI: Check for alloc failure in pci_request_irq()
    - RDMA/hfi: Decrease PCI device reference count in error path
    - crypto: ccree - Make cc_debugfs_global_fini() available for module init
      function
    - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create
      failed
    - scsi: hpsa: Fix possible memory leak in hpsa_init_one()
    - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
    - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()
    - scsi: hpsa: Fix error handling in hpsa_add_sas_host()
    - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
    - scsi: fcoe: Fix possible name leak when device_register() fails
    - scsi: ipr: Fix WARNING in ipr_init()
    - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
    - scsi: snic: Fix possible UAF in snic_tgt_create()
    - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps()
    - f2fs: avoid victim selection from previous victim section
    - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe()
    - RDMA/hfi1: Fix error return code in parse_platform_config()
    - orangefs: Fix sysfs not cleanup when dev init failed
    - crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
    - hwrng: amd - Fix PCI device refcount leak
    - hwrng: geode - Fix PCI device refcount leak
    - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
    - drivers: dio: fix possible memory leak in dio_init()
    - tty: serial: tegra: Activate RX DMA transfer by request
    - serial: tegra: Read DMA status before terminating
    - class: fix possible memory leak in __class_register()
    - vfio: platform: Do not pass return buffer to ACPI _RST method
    - uio: uio_dmem_genirq: Fix missing unlock in irq configuration
    - uio: uio_dmem_genirq: Fix deadlock between irq config and handling
    - usb: fotg210-udc: Fix ages old endianness issues
    - staging: vme_user: Fix possible UAF in tsi148_dma_list_add
    - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit
    - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port()
    - serial: amba-pl011: avoid SBSA UART accessing DMACR register
    - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
    - serial: pch: Fix PCI device refcount leak in pch_request_dma()
    - tty: serial: clean up stop-tx part in altera_uart_tx_chars()
    - tty: serial: altera_uart_{r,t}x_chars() need only uart_port
    - serial: altera_uart: fix locking in polling mode
    - serial: sunsab: Fix error handling in sunsab_init()
    - test_firmware: fix memory leak in test_firmware_init()
    - misc: ocxl: fix possible name leak in ocxl_file_register_afu()
    - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
    - misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault
      and gru_handle_user_call_os
    - cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
    - cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
    - counter: stm32-lptimer-cnt: fix the check on arr and cmp registers update
    - usb: roles: fix of node refcount leak in usb_role_switch_is_parent()
    - usb: gadget: f_hid: optional SETUP/SET_REPORT mode
    - usb: gadget: f_hid: fix f_hidg lifetime vs cdev
    - usb: gadget: f_hid: fix refcount leak on error path
    - drivers: mcb: fix resource leak in mcb_probe()
    - mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
    - chardev: fix error handling in cdev_device_add()
    - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
    - staging: rtl8192u: Fix use after free in ieee80211_rx()
    - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
    - vme: Fix error not catched in fake_init()
    - i2c: ismt: Fix an out-of-bounds bug in ismt_access()
    - usb: storage: Add check for kcalloc
    - tracing/hist: Fix issue of losting command info in error_log
    - samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe()
    - fbdev: ssd1307fb: Drop optional dependency
    - fbdev: pm2fb: fix missing pci_disable_device()
    - fbdev: via: Fix error in via_core_init()
    - fbdev: vermilion: decrease reference count in error path
    - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
    - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
    - HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
    - power: supply: fix residue sysfs file in error handle route of
      __power_supply_register()
    - perf trace: Return error if a system call doesn't exist
    - perf trace: Separate 'struct syscall_fmt' definition from syscall_fmts
      variable
    - perf trace: Factor out the initialization of syscal_arg_fmt->scnprintf
    - perf trace: Add the syscall_arg_fmt pointer to syscall_arg
    - perf trace: Allow associating scnprintf routines with well known arg names
    - perf trace: Add a strtoul() method to 'struct syscall_arg_fmt'
    - perf trace: Use macro RAW_SYSCALL_ARGS_NUM to replace number
    - perf trace: Handle failure when trace point folder is missed
    - perf symbol: correction while adjusting symbol
    - HSI: omap_ssi_core: Fix error handling in ssi_init()
    - power: supply: fix null pointer dereferencing in
      power_supply_get_battery_info
    - RDMA/siw: Fix pointer cast warning
    - include/uapi/linux/swab: Fix potentially missing __always_inline
    - rtc: snvs: Allow a time difference on clock register read
    - rtc: pcf85063: Fix reading alarm
    - iommu/amd: Fix pci device refcount leak in ppr_notifier()
    - iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
    - macintosh: fix possible memory leak in macio_add_one_device()
    - macintosh/macio-adb: check the return value of ioremap()
    - powerpc/52xx: Fix a resource leak in an error handling path
    - cxl: Fix refcount leak in cxl_calc_capp_routing
    - powerpc/xive: add missing iounmap() in error path in
      xive_spapr_populate_irq_data()
    - powerpc/perf: callchain validate kernel stack pointer bounds
    - powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in
      of_fsl_spi_probe()
    - powerpc/hv-gpci: Fix hv_gpci event list
    - selftests/powerpc: Fix resource leaks
    - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held
    - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev()
    - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in
      adsp_alloc_memory_region()
    - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
    - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe()
    - nfsd: Define the file access mode enum for tracing
    - NFSD: Add tracepoints to NFSD's duplicate reply cache
    - nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
    - mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under
      spin_lock_irqsave()
    - mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under
      spin_lock_irqsave()
    - mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under
      spin_lock_irqsave()
    - nfc: pn533: Clear nfc_target before being used
    - r6040: Fix kmemleak in probe and remove
    - rtc: mxc_v2: Add missing clk_disable_unprepare()
    - openvswitch: Fix flow lookup to use unmasked key
    - skbuff: Account for tail adjustment during pull operations
    - mailbox: zynq-ipi: fix error handling while device_register() fails
    - net_sched: reject TCF_EM_SIMPLE case for complex ematch module
    - rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
    - myri10ge: Fix an error handling path in myri10ge_probe()
    - net: stream: purge sk_error_queue in sk_stream_kill_queues()
    - rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state()
    - binfmt_misc: fix shift-out-of-bounds in check_special_flags
    - fs: jfs: fix shift-out-of-bounds in dbAllocAG
    - udf: Avoid double brelse() in udf_rename()
    - fs: jfs: fix shift-out-of-bounds in dbDiscardAG
    - ACPICA: Fix error code path in acpi_ds_call_control_method()
    - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
    - acct: fix potential integer overflow in encode_comp_t()
    - hfs: fix OOB Read in __hfs_brec_find
    - drm/etnaviv: add missing quirks for GC300
    - brcmfmac: return error when getting invalid max_flowrings from dongle
    - wifi: ath9k: verify the expected usb_endpoints are present
    - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
    - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
    - ipmi: fix memleak when unload ipmi driver
    - bpf: make sure skb->len != 0 when redirecting to a tunneling device
    - net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
    - hamradio: baycom_epp: Fix return type of baycom_send_packet()
    - wifi: brcmfmac: Fix potential shift-out-of-bounds in
      brcmf_fw_alloc_request()
    - igb: Do not free q_vector unless new one was allocated
    - s390/ctcm: Fix return type of ctc{mp,}m_tx()
    - s390/netiucv: Fix return type of netiucv_tx()
    - s390/lcs: Fix return type of lcs_start_xmit()
    - drm/rockchip: Use drm_mode_copy()
    - drm/sti: Use drm_mode_copy()
    - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
    - md/raid1: stop mdx_raid1 thread when raid1 array run failed
    - net: add atomic_long_t to net_device_stats fields
    - mrp: introduce active flags to prevent UAF when applicant uninit
    - ppp: associate skb with a device at tx
    - bpf: Prevent decl_tag from being referenced in func_proto arg
    - media: dvb-frontends: fix leak of memory fw
    - media: dvbdev: adopts refcnt to avoid UAF
    - media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
    - blk-mq: fix possible memleak when register 'hctx' failed
    - regulator: core: fix use_count leakage when handling boot-on
    - mmc: f-sdh30: Add quirks for broken timeout clock capability
    - media: si470x: Fix use-after-free in si470x_int_in_callback()
    - clk: st: Fix memory leak in st_of_quadfs_setup()
    - hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
    - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
    - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
    - orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
    - orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
    - ALSA/ASoC: hda: move/rename snd_hdac_ext_stop_streams to hdac_stream.c
    - ALSA: hda: add snd_hdac_stop_streams() helper
    - ASoC: Intel: Skylake: Fix driver hang during shutdown
    - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in
      mt8173_rt5650_rt5514_dev_probe()
    - ASoC: audio-graph-card: fix refcount leak of cpu_ep in
      __graph_for_each_link()
    - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in
      rockchip_pdm_runtime_resume()
    - ASoC: wm8994: Fix potential deadlock
    - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in
      rk_spdif_runtime_resume()
    - ASoC: rt5670: Remove unbalanced pm_runtime_put()
    - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion
    - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
    - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB
    - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list
    - usb: dwc3: core: defer probe on ulpi_read_id timeout
    - HID: wacom: Ensure bootloader PID is usable in hidraw mode
    - reiserfs: Add missing calls to reiserfs_security_free()
    - iio: adc: ad_sigma_delta: do not use internal iio_dev lock
    - iio: adc128s052: add proper .data members in adc128_of_match table
    - regulator: core: fix deadlock on regulator enable
    - gcov: add support for checksum field
    - media: dvbdev: fix build warning due to comments
    - media: dvbdev: fix refcnt bug
    - cifs: fix oops during encryption
    - nvme-pci: fix doorbell buffer value endianness
    - ata: ahci: Fix PCS quirk application for suspend
    - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition
    - objtool: Fix SEGFAULT
    - powerpc/rtas: avoid device tree lookups in rtas_os_term()
    - powerpc/rtas: avoid scheduling in rtas_os_term()
    - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint
    - HID: plantronics: Additional PIDs for double volume key presses quirk
    - hfsplus: fix bug causing custom uid and gid being unable to be assigned with
      mount
    - ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
    - ALSA: line6: correct midi status byte when receiving data from podxt
    - ALSA: line6: fix stack overflow in line6_midi_transmit
    - pnode: terminate at peers of source
    - md: fix a crash in mempool_free
    - mm, compaction: fix fast_isolate_around() to stay within boundaries
    - f2fs: should put a page when checking the summary info
    - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
    - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
    - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
    - SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
    - net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO
    - net/af_packet: make sure to pull mac header
    - media: stv0288: use explicitly signed char
    - soc: qcom: Select REMAP_MMIO for LLCC driver
    - kest.pl: Fix grub2 menu handling for rebooting
    - ktest.pl minconfig: Unset configs instead of just removing them
    - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K
    - btrfs: fix resolving backrefs for inline extent followed by prealloc
    - ARM: ux500: do not directly dereference __iomem
    - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength
    - selftests: Use optional USERCFLAGS and USERLDFLAGS
    - cpufreq: Init completion before kobject_init_and_add()
    - binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf
    - binfmt: Fix error return code in load_elf_fdpic_binary()
    - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
    - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata
    - dm thin: Use last transaction's pmd->root when commit failed
    - dm thin: Fix UAF in run_timer_softirq()
    - dm integrity: Fix UAF in dm_integrity_dtr()
    - dm clone: Fix UAF in clone_dtr()
    - dm cache: Fix UAF in destroy()
    - dm cache: set needs_check flag after aborting metadata
    - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx'
    - x86/microcode/intel: Do not retry microcode reloading on the APs
    - tracing/hist: Fix wrong return value in parse_action_params()
    - tracing: Fix infinite loop in tracing_read_pipe on overflowed
      print_trace_line
    - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
    - media: dvb-core: Fix double free in dvb_register_device()
    - cifs: fix confusing debug message
    - cifs: fix missing display of three mount options
    - md/bitmap: Fix bitmap chunk size overflow issues
    - efi: Add iMac Pro 2017 to uefi skip cert quirk
    - ipmi: fix long wait in unload when IPMI disconnect
    - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type()
    - ima: Fix a potential NULL pointer access in ima_restore_measurement_list
    - ipmi: fix use after free in _ipmi_destroy_user()
    - PCI: Fix pci_device_is_present() for VFs by checking PF
    - PCI/sysfs: Fix double free in error path
    - crypto: n2 - add missing hash statesize
    - iommu/amd: Fix ivrs_acpihid cmdline parsing code
    - parisc: led: Fix potential null-ptr-deref in start_task()
    - device_cgroup: Roll back to original exceptions after copy failure
    - drm/connector: send hotplug uevent on connector cleanup
    - drm/vmwgfx: Validate the box size for the snooped cursor
    - ext4: add inode table check in __ext4_get_inode_loc to aovid possible
      infinite loop
    - ext4: fix undefined behavior in bit shift for ext4_check_flag_values
    - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
    - ext4: add helper to check quota inums
    - ext4: fix reserved cluster accounting in __es_remove_extent()
    - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
    - ext4: init quota for 'old.inode' in 'ext4_rename'
    - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
    - ext4: fix corruption when online resizing a 1K bigalloc fs
    - ext4: fix error code return to user-space in ext4_get_branch()
    - ext4: avoid BUG_ON when creating xattrs
    - ext4: fix inode leak in ext4_xattr_inode_create() on an error path
    - ext4: initialize quota before expanding inode in setproject ioctl
    - ext4: avoid unaccounted block allocation when expanding inode
    - ext4: allocate extended attribute value in vmalloc area
    - btrfs: replace strncpy() with strscpy()
    - PM/devfreq: governor: Add a private governor_data for governor
    - media: s5p-mfc: Fix to handle reference queue during finishing
    - media: s5p-mfc: Clear workbit to handle error condition
    - media: s5p-mfc: Fix in register read and write for H264
    - dm thin: resume even if in FAIL mode
    - perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
    - perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged
      data
    - KVM: x86: optimize more exit handlers in vmx.c
    - KVM: retpolines: x86: eliminate retpoline from vmx.c exit handlers
    - KVM: VMX: Rename INTERRUPT_PENDING to INTERRUPT_WINDOW
    - KVM: VMX: Rename NMI_PENDING to NMI_WINDOW
    - KVM: VMX: Fix the spelling of CPU_BASED_USE_TSC_OFFSETTING
    - KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1
    - ravb: Fix "failed to switch device to config mode" message during unbind
    - ext4: goto right label 'failed_mount3a'
    - ext4: correct inconsistent error msg in nojournal mode
    - mm/highmem: Lift memcpy_[to|from]_page to core
    - ext4: use memcpy_to_page() in pagecache_write()
    - fs: ext4: initialize fsdata in pagecache_write()
    - ext4: use kmemdup() to replace kmalloc + memcpy
    - mbcache: don't reclaim used entries
    - mbcache: add functions to delete entry if unused
    - ext4: remove EA inode entry from mbcache on inode eviction
    - ext4: unindent codeblock in ext4_xattr_block_set()
    - ext4: fix race when reusing xattr blocks
    - mbcache: automatically delete entries from cache on freeing
    - ext4: fix deadlock due to mbcache entry corruption
    - SUNRPC: ensure the matching upcall is in-flight upon downcall
    - bpf: pull before calling skb_postpull_rcsum()
    - nfsd: shut down the NFSv4 state objects before the filecache
    - net: hns3: add interrupts re-initialization while doing VF FLR
    - net: sched: fix memory leak in tcindex_set_parms
    - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
    - nfc: Fix potential resource leaks
    - vhost: fix range used in translate_desc()
    - net: amd-xgbe: add missed tasklet_kill
    - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
    - RDMA/uverbs: Silence shiftTooManyBitsSigned warning
    - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
    - net: sched: atm: dont intepret cls results when asked to drop
    - net: sched: cbq: dont intepret cls results when asked to drop
    - perf tools: Fix resources leak in perf_data__open_dir()
    - drivers/net/bonding/bond_3ad: return when there's no aggregator
    - usb: rndis_host: Secure rndis_query check against int overflow
    - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin()
    - caif: fix memory leak in cfctrl_linkup_request()
    - udf: Fix extension of the last extent in the file
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet
    - x86/bugs: Flush IBP in ib_prctl_set()
    - nfsd: fix handling of readdir in v4root vs. mount upcall timeout
    - riscv: uaccess: fix type of 0 variable on error in get_user()
    - ext4: don't allow journal inode to have encrypt flag
    - hfs/hfsplus: use WARN_ON for sanity check
    - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
    - mbcache: Avoid nesting of cache->c_list_lock under bit locks
    - parisc: Align parisc MADV_XXX constants with all other architectures
    - selftests: Fix kselftest O=objdir build from cluttering top level objdir
    - selftests: set the BUILD variable to absolute path
    - driver core: Fix bus_type.match() error handling in __driver_attach()
    - net: sched: disallow noqueue for qdisc classes
    - KVM: arm64: Fix S1PTW handling on RO memslots
    - efi: tpm: Avoid READ_ONCE() for accessing the event log
    - docs: Fix the docs build with Sphinx 6.0
    - perf auxtrace: Fix address filter duplicate symbol selection
    - s390/kexec: fix ipl report address for kdump
    - s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
    - net/ulp: prevent ULP without clone op from entering the LISTEN status
    - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list
    - cifs: Fix uninitialized memory read for smb311 posix symlink create
    - drm/msm/adreno: Make adreno quirks not overwrite each other
    - platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during
      probe
    - ixgbe: fix pci device refcount leak
    - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
    - wifi: wilc1000: sdio: fix module autoloading
    - usb: ulpi: defer ulpi_register on ulpi_read_id timeout
    - jbd2: use the correct print format
    - quota: Factor out setup of quota inode
    - ext4: fix bug_on in __es_tree_search caused by bad quota inode
    - ext4: lost matching-pair of trace in ext4_truncate
    - ext4: fix use-after-free in ext4_orphan_cleanup
    - ext4: fix uninititialized value in 'ext4_evict_inode'
    - netfilter: ipset: Fix overflow before widen in the bitmap_ip_create()
      function.
    - powerpc/imc-pmu: Fix use of mutex in IRQs disabled section
    - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
    - EDAC/device: Fix period calculation in edac_device_reset_delay_period()
    - regulator: da9211: Use irq handler when ready
    - tipc: improve throughput between nodes in netns
    - tipc: eliminate checking netns if node established
    - tipc: fix unexpected link reset due to discovery messages
    - hvc/xen: lock console list traversal
    - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
    - net/sched: act_mpls: Fix warning during failed attribute validation
    - net/mlx5: Rename ptp clock info
    - net/mlx5: Fix ptp max frequency adjustment range
    - iommu/mediatek-v1: Add error handle for mtk_iommu_probe
    - iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe()
    - x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent
      unnecessary IPI
    - x86/resctrl: Fix task CLOSID/RMID update race
    - drm/virtio: Fix GEM handle creation UAF
    - arm64: atomics: format whitespace consistently
    - arm64: atomics: remove LL/SC trampolines
    - arm64: cmpxchg_double*: hazard against entire exchange variable
    - efi: fix NULL-deref in init error path
    - mm: Always release pages to the buddy allocator in memblock_free_late().
    - Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout"
    - tipc: fix use-after-free in tipc_disc_rcv()
    - tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasn't started
    - tipc: Add a missing case of TIPC_DIRECT_MSG type
    - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown
    - tipc: call tipc_lxc_xmit without holding node_read_lock
    - Linux 5.4.229
  * Focal update: v5.4.229 upstream stable release (LP: #2003914) //
    CVE-2023-0266 was assigned for this issue.
    - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
  * Focal update: v5.4.229 upstream stable release (LP: #2003914) //
    CVE-2022-41218 is assigned to those bugs above.
    - media: dvb-core: Fix UAF due to refcount races at releasing
  * Focal update: v5.4.228 upstream stable release (LP: #2003904)
    - x86/smpboot: Move rcu_cpu_starting() earlier
    - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
    - block: unhash blkdev part inode when the part is deleted
    - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
    - pinctrl: meditatek: Startup with the IRQs disabled
    - can: sja1000: fix size of OCR_MODE_MASK define
    - can: mcba_usb: Fix termination command argument
    - ASoC: ops: Correct bounds check for second channel on SX controls
    - Linux 5.4.228
  * Focal update: v5.4.227 upstream stable release (LP: #2003901)
    - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4
      series
    - arm: dts: rockchip: fix node name for hym8563 rtc
    - ARM: dts: rockchip: fix ir-receiver node names
    - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name
    - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels
    - ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation
    - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188
    - 9p/fd: Use P9_HDRSZ for header size
    - regulator: slg51000: Wait after asserting CS pin
    - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
    - btrfs: send: avoid unaligned encoded writes when attempting to clone range
    - ASoC: soc-pcm: Add NULL check in BE reparenting
    - regulator: twl6030: fix get status of twl6032 regulators
    - fbcon: Use kzalloc() in fbcon_prepare_logo()
    - 9p/xen: check logical size for buffer size
    - net: usb: qmi_wwan: add u-blox 0x1342 composition
    - mm/khugepaged: take the right locks for page table retraction
    - mm/khugepaged: fix GUP-fast interaction by sending IPI
    - mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
    - xen/netback: do some code cleanup
    - xen/netback: don't call kfree_skb() with interrupts disabled
    - Revert "net: dsa: b53: Fix valid setting for MDB entries"
    - media: v4l2-dv-timings.c: fix too strict blanking sanity checks
    - memcg: fix possible use-after-free in memcg_write_event_control()
    - mm/gup: fix gup_pud_range() for dax
    - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
    - drm/shmem-helper: Remove errant put in error path
    - HID: usbhid: Add ALWAYS_POLL quirk for some mice
    - HID: hid-lg4ff: Add check for empty lbuf
    - HID: core: fix shift-out-of-bounds in hid_report_raw_event
    - can: af_can: fix NULL pointer dereference in can_rcv_filter
    - ieee802154: cc2520: Fix error return code in cc2520_hw_init()
    - ca8210: Fix crash by zero initializing data
    - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug
    - gpio: amd8111: Fix PCI device reference count leak
    - e1000e: Fix TX dispatch condition
    - igb: Allocate MSI-X vector when testing
    - af_unix: Get user_ns from in_skb in unix_diag_get_exact().
    - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn()
    - Bluetooth: Fix not cleanup led when bt_init fails
    - net: dsa: ksz: Check return value
    - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload
    - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
    - net: encx24j600: Add parentheses to fix precedence
    - net: encx24j600: Fix invalid logic in reading of MISTAT register
    - xen-netfront: Fix NULL sring after live migration
    - net: mvneta: Prevent out of bounds read in mvneta_config_rss()
    - i40e: Fix not setting default xps_cpus after reset
    - i40e: Fix for VF MAC address 0
    - i40e: Disallow ip4 and ip6 l4_4_bytes
    - NFC: nci: Bounds check struct nfc_target arrays
    - nvme initialize core quirks before calling nvme_init_subsystem
    - net: stmmac: fix "snps,axi-config" node property parsing
    - net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq
    - net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
    - net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
    - tipc: Fix potential OOB in tipc_link_proto_rcv()
    - ipv4: Fix incorrect route flushing when source address is deleted
    - ipv4: Fix incorrect route flushing when table ID 0 is used
    - ethernet: aeroflex: fix potential skb leak in greth_init_rings()
    - net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq()
    - ipv6: avoid use-after-free in ip6_fragment()
    - net: mvneta: Fix an out of bounds check
    - can: esd_usb: Allow REC and TEC to return to zero
    - Linux 5.4.227
  * 5.15.0-58.64 breaks xen bridge networking (pvh domU) (LP: #2002889) // Focal
    update: v5.4.227 upstream stable release (LP: #2003901)
    - xen/netback: fix build warning
  * Focal update: v5.4.226 upstream stable release (LP: #2003896)
    - wifi: mac80211: fix memory free error when registering wiphy fail
    - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
    - audit: fix undefined behavior in bit shift for AUDIT_BIT
    - wifi: mac80211: Fix ack frame idr leak when mesh has no route
    - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
    - drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
    - block, bfq: fix null pointer dereference in bfq_bio_bfqg()
    - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
    - RISC-V: vdso: Do not add missing symbols to version section in linker script
    - MIPS: pic32: treat port as signed integer
    - af_key: Fix send_acquire race with pfkey_register
    - ARM: dts: am335x-pcm-953: Define fixed regulators in root node
    - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
    - regulator: core: fix kobject release warning and memory leak in
      regulator_register()
    - regulator: core: fix UAF in destroy_regulator()
    - bus: sunxi-rsb: Support atomic transfers
    - tee: optee: fix possible memory leak in optee_register_device()
    - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
    - net: liquidio: simplify if expression
    - nfc/nci: fix race with opening and closing
    - net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
    - 9p/fd: fix issue of list_del corruption in p9_fd_cancel()
    - ARM: mxs: fix memory leak in mxs_machine_init()
    - net/mlx4: Check retval of mlx4_bitmap_init
    - net/qla3xxx: fix potential memleak in ql3xxx_send()
    - net: pch_gbe: fix pci device refcount leak while module exiting
    - nfp: add port from netdev validation for EEPROM access
    - Drivers: hv: vmbus: fix double free in the error path of
      vmbus_add_channel_work()
    - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
    - net/mlx5: Fix FW tracer timestamp calculation
    - tipc: set con sock in tipc_conn_alloc
    - tipc: add an extra conn_get in tipc_conn_alloc
    - tipc: check skb_linearize() return value in tipc_disc_rcv()
    - xfrm: Fix ignored return value in xfrm6_init()
    - NFC: nci: fix memory leak in nci_rx_data_packet()
    - regulator: twl6030: re-add TWL6032_SUBCLASS
    - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
    - dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
    - s390/dasd: fix no record found for raw_track_access
    - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
    - nfc: st-nci: fix memory leaks in EVT_TRANSACTION
    - net: thunderx: Fix the ACPI memory leak
    - s390/crashdump: fix TOD programmable field size
    - lib/vdso: use "grep -E" instead of "egrep"
    - usb: dwc3: exynos: Fix remove() function
    - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
    - iio: light: apds9960: fix wrong register for gesture gain
    - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
    - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
    - nios2: add FORCE for vmlinuz.gz
    - iio: ms5611: Simplify IO callback parameters
    - iio: pressure: ms5611: fixed value compensation bug
    - ceph: do not update snapshot context when there is no new snapshot
    - ceph: avoid putting the realm twice when decoding snaps fails
    - firmware: google: Release devices before unregistering the bus
    - firmware: coreboot: Register bus in module init
    - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
    - gcov: clang: fix the buffer overflow issue
    - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
    - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
    - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
    - xen/platform-pci: add missing free_irq() in error path
    - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
    - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
    - platform/x86: hp-wmi: Ignore Smart Experience App event
    - [Config] updateconfigs for INET_TABLE_PERTURB_ORDER
    - tcp: configurable source port perturb table size
    - net: usb: qmi_wwan: add Telit 0x103a composition
    - dm integrity: flush the journal on suspend
    - binder: avoid potential data leakage when copying txn
    - binder: read pre-translated fds from sender buffer
    - binder: defer copies of pre-patched txn data
    - binder: fix pointer cast warning
    - binder: Address corner cases in deferred copy and fixup
    - binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0
    - btrfs: free btrfs_path before copying root refs to userspace
    - btrfs: free btrfs_path before copying fspath to userspace
    - btrfs: free btrfs_path before copying subvol info to userspace
    - btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs()
    - drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
    - drm/amdgpu: always register an MMU notifier for userptr
    - fuse: lock inode unconditionally in fuse_fallocate()
    - btrfs: free btrfs_path before copying inodes to userspace
    - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock
    - btrfs: move QUOTA_ENABLED check to rescan_should_stop from
      btrfs_qgroup_rescan_worker
    - drm/amdgpu: update drm_display_info correctly when the edid is read
    - drm/amdgpu: Partially revert "drm/amdgpu: update drm_display_info correctly
      when the edid is read"
    - btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
    - iio: health: afe4403: Fix oob read in afe4403_read_raw
    - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
    - iio: light: rpr0521: add missing Kconfig dependencies
    - scripts/faddr2line: Fix regression in name resolution on ppc64le
    - hwmon: (i5500_temp) fix missing pci_disable_device()
    - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
    - of: property: decrement node refcount in of_fwnode_get_reference_args()
    - net/mlx5: Fix uninitialized variable bug in outlen_write()
    - net/mlx5e: Fix use-after-free when reverting termination table
    - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
    - can: cc770: cc770_isa_probe(): add missing free_cc770dev()
    - qlcnic: fix sleep-in-atomic-context bugs caused by msleep
    - wifi: cfg80211: fix buffer overflow in elem comparison
    - net: phy: fix null-ptr-deref while probe() failed
    - net: net_netdev: Fix error handling in ntb_netdev_init_module()
    - net/9p: Fix a potential socket leak in p9_socket_open
    - net: ethernet: nixge: fix NULL dereference
    - dsa: lan9303: Correct stat name
    - net: hsr: Fix potential use-after-free
    - afs: Fix fileserver probe RTT handling
    - net: tun: Fix use-after-free in tun_detach()
    - packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
    - sctp: fix memory leak in sctp_stream_outq_migrate()
    - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
    - hwmon: (coretemp) Check for null before removing sysfs attrs
    - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
    - net/mlx5: DR, Fix uninitialized var warning
    - error-injection: Add prompt for function error injection
    - tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep"
    - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
    - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3
    - pinctrl: intel: Save and restore pins in "direct IRQ" mode
    - mmc: mmc_test: Fix removal of debugfs file
    - mmc: core: Fix ambiguous TRIM and DISCARD arg
    - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check
    - mmc: sdhci-sprd: Fix no reset data and command after voltage switch
    - tracing: Free buffers when a used dynamic event is removed
    - arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM
      vectors
    - arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72
    - mm: Fix '.data.once' orphan section warning
    - ASoC: ops: Fix bounds check for _sx controls
    - pinctrl: single: Fix potential division by zero
    - iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
    - parisc: Increase size of gcc stack frame check
    - xtensa: increase size of gcc stack frame check
    - parisc: Increase FRAME_WARN to 2048 bytes on parisc
    - Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is
      enabled
    - selftests: net: add delete nexthop route warning test
    - selftests: net: fix nexthop warning cleanup double ip typo
    - ipv4: Handle attempt to delete multipath route when fib_info contains an nh
      reference
    - ipv4: Fix route deletion when nexthop info is not specified
    - tracing/ring-buffer: Have polling block on watermark
    - nvme: restrict management ioctls to admin
    - nvme: ensure subsystem reset is single threaded
    - x86/tsx: Add a feature bit for TSX control MSR support
    - x86/pm: Add enumeration check before spec MSRs save/restore setup
    - x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
    - Revert "clocksource/drivers/riscv: Events are stopped during CPU suspend"
    - char: tpm: Protect tpm_pm_suspend with locks
    - mmc: sdhci: use FIELD_GET for preset value bit masks
    - mmc: sdhci: Fix voltage switch delay
    - proc: avoid integer type confusion in get_proc_long
    - proc: proc_skip_spaces() shouldn't think it is working on C strings
    - v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails
    - ipc/sem: Fix dangling sem_array access in semtimedop race
    - Linux 5.4.226
  * CVE-2022-4139
    - drm/i915: fix TLB invalidation for Gen12 video and compute engines
  * Focal update: v5.4.225 upstream stable release (LP: #2002347)
    - xfs: preserve rmapbt swapext block reservation from freed blocks
    - xfs: rename xfs_bmap_is_real_extent to is_written_extent
    - xfs: redesign the reflink remap loop to fix blkres depletion crash
    - xfs: use MMAPLOCK around filemap_map_pages()
    - xfs: preserve inode versioning across remounts
    - xfs: drain the buf delwri queue before xfsaild idles
    - phy: stm32: fix an error code in probe
    - wifi: cfg80211: silence a sparse RCU warning
    - wifi: cfg80211: fix memory leak in query_regdb_file()
    - bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues
    - HID: hyperv: fix possible memory leak in mousevsc_probe()
    - net: gso: fix panic on frag_list with mixed head alloc types
    - net: tun: Fix memory leaks of napi_get_frags
    - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal()
    - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
    - net: fman: Unregister ethernet device on removal
    - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
    - net: lapbether: fix issue of dev reference count leakage in
      lapbeth_device_event()
    - hamradio: fix issue of dev reference count leakage in bpq_device_event()
    - drm/vc4: Fix missing platform_unregister_drivers() call in
      vc4_drm_register()
    - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
    - can: af_can: fix NULL pointer dereference in can_rx_register()
    - tipc: fix the msg->req tlv len check in
      tipc_nl_compat_name_table_dump_header
    - dmaengine: pxa_dma: use platform_get_irq_optional
    - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
    - drivers: net: xgene: disable napi when register irq failed in
      xgene_enet_open()
    - perf stat: Fix printing os->prefix in CSV metrics output
    - net: nixge: disable napi when enable interrupts failed in nixge_open()
    - net/mlx5: Allow async trigger completion execution on single CPU systems
    - net: cpsw: disable napi in cpsw_ndo_open()
    - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
    - cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in
      cxgb4vf_open()
    - ethernet: s2io: disable napi when start nic failed in s2io_card_up()
    - net: mv643xx_eth: disable napi when init rxq or txq failed in
      mv643xx_eth_open()
    - ethernet: tundra: free irq when alloc ring failed in tsi108_open()
    - net: macvlan: fix memory leaks of macvlan_common_newlink
    - riscv: process: fix kernel info leakage
    - arm64: efi: Fix handling of misaligned runtime regions and drop warning
    - MIPS: jump_label: Fix compat branch range check
    - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
    - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI
    - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI
    - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK
    - ALSA: hda: fix potential memleak in 'add_widget_node'
    - ALSA: usb-audio: Add quirk entry for M-Audio Micro
    - ALSA: usb-audio: Add DSD support for Accuphase DAC-60
    - vmlinux.lds.h: Fix placement of '.data..decrypted' section
    - nilfs2: fix deadlock in nilfs_count_free_blocks()
    - nilfs2: fix use-after-free bug of ns_writer on remount
    - drm/i915/dmabuf: fix sg_table handling in map_dma_buf
    - btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
    - udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
    - can: j1939: j1939_send_one(): fix missing CAN header initialization
    - cert host tools: Stop complaining about deprecated OpenSSL functions
    - dmaengine: at_hdmac: Fix at_lli struct definition
    - dmaengine: at_hdmac: Don't start transactions at tx_submit level
    - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
    - dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
    - dmaengine: at_hdmac: Fix impossible condition
    - dmaengine: at_hdmac: Check return code of dma_async_device_register
    - net: tun: call napi_schedule_prep() to ensure we own a napi
    - x86/cpu: Restore AMD's DE_CFG MSR after resume
    - ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in
      wm5102_probe"
    - ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in
      wm5110_probe"
    - ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in
      wm8997_probe"
    - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK
    - spi: intel: Fix the offset to get the 64K erase opcode
    - ASoC: codecs: jz4725b: add missed Line In power control bit
    - ASoC: codecs: jz4725b: fix reported volume for Master ctl
    - ASoC: codecs: jz4725b: use right control for Capture Volume
    - ASoC: codecs: jz4725b: fix capture selector naming
    - selftests/futex: fix build for clang
    - selftests/intel_pstate: fix build for ARCH=x86_64
    - NFSv4: Retry LOCK on OLD_STATEID during delegation return
    - i2c: i801: add lis3lv02d's I2C address for Vostro 5568
    - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
    - btrfs: remove pointless and double ulist frees in error paths of qgroup
      tests
    - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" ->
      "Route"
    - spi: stm32: Print summary 'callbacks suppressed' message
    - ASoC: core: Fix use-after-free in snd_soc_exit()
    - serial: 8250_omap: remove wait loop from Errata i202 workaround
    - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove()
    - serial: 8250: omap: Flush PM QOS work on remove
    - serial: imx: Add missing .thaw_noirq hook
    - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
    - ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
    - block: sed-opal: kmalloc the cmd/resp buffers
    - siox: fix possible memory leak in siox_device_add()
    - parport_pc: Avoid FIFO port location truncation
    - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
    - arm64: dts: imx8mm: Fix NAND controller size-cells
    - arm64: dts: imx8mn: Fix NAND controller size-cells
    - ata: libata-transport: fix double ata_host_put() in ata_tport_add()
    - net: bgmac: Drop free_netdev() from bgmac_enet_remove()
    - mISDN: fix possible memory leak in mISDN_dsp_element_register()
    - net: liquidio: release resources when liquidio driver open failed
    - mISDN: fix misuse of put_device() in mISDN_register_device()
    - net: macvlan: Use built-in RCU list checking
    - net: caif: fix double disconnect client in chnl_net_open()
    - bnxt_en: Remove debugfs when pci_register_driver failed
    - xen/pcpu: fix possible memory leak in register_pcpu()
    - drbd: use after free in drbd_create_device()
    - platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when
      virtualized
    - net/x25: Fix skb leak in x25_lapb_receive_frame()
    - cifs: Fix wrong return value checking when GETFLAGS
    - net: thunderbolt: Fix error handling in tbnet_init()
    - cifs: add check for returning value of SMB2_set_info_init
    - ftrace: Fix the possible incorrect kernel message
    - ftrace: Optimize the allocation for mcount entries
    - ftrace: Fix null pointer dereference in ftrace_add_mod()
    - ring_buffer: Do not deactivate non-existant pages
    - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
    - Revert "usb: dwc3: disable USB core PHY management"
    - slimbus: stream: correct presence rate frequencies
    - speakup: fix a segfault caused by switching consoles
    - USB: serial: option: add Sierra Wireless EM9191
    - USB: serial: option: remove old LARA-R6 PID
    - USB: serial: option: add u-blox LARA-R6 00B modem
    - USB: serial: option: add u-blox LARA-L6 modem
    - USB: serial: option: add Fibocom FM160 0x0111 composition
    - usb: add NO_LPM quirk for Realforce 87U Keyboard
    - usb: chipidea: fix deadlock in ci_otg_del_timer
    - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
    - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
    - iio: pressure: ms5611: changed hardcoded SPI speed to value limited
    - dm ioctl: fix misbehavior if list_versions races with module loading
    - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
    - serial: 8250_lpss: Configure DMA also w/o DMA filter
    - Input: iforce - invert valid length check when fetching device IDs
    - scsi: zfcp: Fix double free of FSF request when qdio send fails
    - mmc: core: properly select voltage range without power cycle
    - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce
      timeout
    - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
    - docs: update mediator contact information in CoC doc
    - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
    - serial: 8250: Flush DMA Rx on RLSI
    - ring-buffer: Include dropped pages in counting dirty patches
    - scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
    - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case
    - Input: i8042 - fix leaking of platform device on module removal
    - macvlan: enforce a consistent minimal mtu
    - tcp: cdg: allow tcp_cdg_release() to be called multiple times
    - kcm: avoid potential race in kcm_tx_work
    - bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
    - kcm: close race conditions on sk_receive_queue
    - 9p: trans_fd/p9_conn_cancel: drop client lock earlier
    - gfs2: Check sb_bsize_shift after reading superblock
    - gfs2: Switch from strlcpy to strscpy
    - 9p/trans_fd: always use O_NONBLOCK read/write
    - mm: fs: initialize fsdata passed to write_begin/write_end interface
    - ntfs: fix use-after-free in ntfs_attr_find()
    - ntfs: fix out-of-bounds read in ntfs_attr_find()
    - ntfs: check overflow when iterating ATTR_RECORDs
    - Linux 5.4.225
  * CVE-2022-47520
    - wifi: wilc1000: validate pairwise and authentication suite offsets
  * CVE-2022-3545
    - nfp: fix use-after-free in area_cache_get()

linux-azure (5.4.0-1103.109) focal; urgency=medium

* focal/linux-azure: 5.4.0-1103.109 -proposed tracker (LP: #2003463)

[ Ubuntu: 5.4.0-139.156 ]

* focal/linux: 5.4.0-139.156 -proposed tracker (LP: #2003486)
  * Revoke & rotate to new signing key (LP: #2002812)
    - [Packaging] Revoke and rotate to new signing key

linux-azure (5.4.0-1102.108) focal; urgency=medium

* focal/linux-azure: 5.4.0-1102.108 -proposed tracker (LP: #2001818)

* Focal update: v5.4.221 upstream stable release (LP: #1997993)
    - [Config] azure: updateconfigs for ARM64_ERRATUM_1742098

[ Ubuntu: 5.4.0-138.155 ]

* focal/linux: 5.4.0-138.155 -proposed tracker (LP: #2001845)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * Focal update: v5.4.224 upstream stable release (LP: #1999273)
    - RDMA/cma: Use output interface for net_dev check
    - IB/hfi1: Correctly move list in sc_disable()
    - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors
    - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
    - nfs4: Fix kmemleak when allocate slot failed
    - net: dsa: Fix possible memory leaks in dsa_loop_init()
    - RDMA/core: Fix null-ptr-deref in ib_core_cleanup()
    - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
    - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
    - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
    - net: fec: fix improper use of NETDEV_TX_BUSY
    - ata: pata_legacy: fix pdc20230_set_piomode()
    - net: sched: Fix use after free in red_enqueue()
    - net: tun: fix bugs for oversize packet when napi frags enabled
    - netfilter: nf_tables: release flow rule object from commit path
    - ipvs: use explicitly signed chars
    - ipvs: fix WARNING in __ip_vs_cleanup_batch()
    - ipvs: fix WARNING in ip_vs_app_net_cleanup()
    - rose: Fix NULL pointer dereference in rose_send_frame()
    - mISDN: fix possible memory leak in mISDN_register_device()
    - isdn: mISDN: netjet: fix wrong check of device registration
    - btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
    - btrfs: fix inode list leak during backref walking at find_parent_nodes()
    - btrfs: fix ulist leaks in error paths of qgroup self tests
    - Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
    - net: mdio: fix undefined behavior in bit shift for __mdiobus_register
    - net, neigh: Fix null-ptr-deref in neigh_table_clear()
    - ipv6: fix WARNING in ip6_route_net_exit_late()
    - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
    - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE
    - media: dvb-frontends/drxk: initialize err to 0
    - media: meson: vdec: fix possible refcount leak in vdec_probe()
    - scsi: core: Restrict legal sdev_state transitions via sysfs
    - HID: saitek: add madcatz variant of MMO7 mouse device ID
    - i2c: xiic: Add platform module alias
    - xfs: don't fail verifier on empty attr3 leaf block
    - xfs: use ordered buffers to initialize dquot buffers during quotacheck
    - xfs: gut error handling in xfs_trans_unreserve_and_mod_sb()
    - xfs: group quota should return EDQUOT when prj quota enabled
    - xfs: don't fail unwritten extent conversion on writeback due to edquot
    - xfs: Add the missed xfs_perag_put() for xfs_ifree_cluster()
    - Bluetooth: L2CAP: Fix attempting to access uninitialized memory
    - block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
    - binder: fix UAF of alloc->vma in race with munmap()
    - btrfs: fix type of parameter generation in btrfs_get_dentry
    - tcp/udp: Make early_demux back namespacified.
    - kprobe: reverse kp->flags when arm_kprobe failed
    - tools/nolibc/string: Fix memcmp() implementation
    - tracing/histogram: Update document for KEYS_MAX size
    - capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
    - fuse: add file_modified() to fallocate
    - efi: random: reduce seed size to 32 bytes
    - perf/x86/intel: Fix pebs event constraints for ICL
    - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[]
    - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
    - parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
    - parisc: Export iosapic_serial_irq() symbol for serial port driver
    - parisc: Avoid printing the hardware path twice
    - ext4: fix warning in 'ext4_da_release_space'
    - ext4: fix BUG_ON() when directory entry has invalid rec_len
    - KVM: x86: Mask off reserved bits in CPUID.8000001AH
    - KVM: x86: Mask off reserved bits in CPUID.80000008H
    - KVM: x86: emulator: em_sysexit should update ctxt->mode
    - KVM: x86: emulator: introduce emulator_recalc_and_set_mode
    - KVM: x86: emulator: update the emulation mode after CR0 write
    - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times
    - drm/rockchip: dsi: Force synchronous probe
    - drm/i915/sdvo: Filter out invalid outputs more sensibly
    - drm/i915/sdvo: Setup DDC fully before output init
    - wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
    - ipc: remove memcg accounting for sops objects in do_semtimedop()
    - Linux 5.4.224
  * Focal update: v5.4.223 upstream stable release (LP: #1999179)
    - can: j1939: transport: j1939_session_skb_drop_old():
      spin_unlock_irqrestore() before kfree_skb()
    - can: kvaser_usb: Fix possible completions during init_completion
    - ALSA: Use del_timer_sync() before freeing timer
    - ALSA: au88x0: use explicitly signed char
    - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
    - usb: dwc3: gadget: Stop processing more requests on IMI
    - usb: dwc3: gadget: Don't set IMI for no_interrupt
    - usb: bdc: change state when port disconnected
    - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96
      controller
    - mtd: rawnand: marvell: Use correct logic for nand-keep-config
    - xhci: Remove device endpoints from bandwidth list when freeing the device
    - tools: iio: iio_utils: fix digit calculation
    - iio: light: tsl2583: Fix module unloading
    - fbdev: smscufx: Fix several use-after-free bugs
    - mac802154: Fix LQI recording
    - drm/msm/dsi: fix memory corruption with too many bridges
    - drm/msm/hdmi: fix memory corruption with too many bridges
    - mmc: core: Fix kernel panic when remove non-standard SDIO card
    - kernfs: fix use-after-free in __kernfs_remove
    - perf auxtrace: Fix address filter symbol name match for modules
    - s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
    - s390/pci: add missing EX_TABLE entries to
      __pcistg_mio_inuser()/__pcilg_mio_inuser()
    - xfs: finish dfops on every insert range shift iteration
    - xfs: clear XFS_DQ_FREEING if we can't lock the dquot buffer to flush
    - xfs: force the log after remapping a synchronous-writes file
    - Xen/gntdev: don't ignore kernel unmapping error
    - xen/gntdev: Prevent leaking grants
    - mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
    - net: ieee802154: fix error return code in dgram_bind()
    - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
    - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
    - arc: iounmap() arg is volatile
    - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
    - tipc: fix a null-ptr-deref in tipc_topsrv_accept
    - net: netsec: fix error handling in netsec_register_mdio()
    - x86/unwind/orc: Fix unreliable stack dump with gcov
    - amd-xgbe: fix the SFP compliance codes check for DAC cables
    - amd-xgbe: add the bit rate quirk for Molex cables
    - kcm: annotate data-races around kcm->rx_psock
    - kcm: annotate data-races around kcm->rx_wait
    - net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed
    - net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY
    - tcp: fix indefinite deferral of RTO with SACK reneging
    - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error
      path
    - PM: hibernate: Allow hybrid sleep to work with s2idle
    - media: vivid: s_fbuf: add more sanity checks
    - media: vivid: dev->bitmap_cap wasn't freed in all cases
    - media: v4l2-dv-timings: add sanity checks for blanking values
    - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced'
    - i40e: Fix ethtool rx-flow-hash setting for X722
    - i40e: Fix VF hang when reset is triggered on another VF
    - i40e: Fix flow-type by setting GL_HASH_INSET registers
    - net: ksz884x: fix missing pci_disable_device() on error in pcidev_init()
    - PM: domains: Fix handling of unavailable/disabled idle states
    - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
    - ALSA: aoa: Fix I2S device accounting
    - openvswitch: switch from WARN to pr_warn
    - net: ehea: fix possible memory leak in ehea_register_port()
    - nh: fix scope used to find saddr when adding non gw nh
    - net/mlx5e: Do not increment ESN when updating IPsec ESN state
    - net/mlx5: Fix possible use-after-free in async command interface
    - net: enetc: survive memory pressure without crashing
    - can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global
      FIFO receive
    - Linux 5.4.223
  * Focal update: v5.4.222 upstream stable release (LP: #1997994)
    - once: fix section mismatch on clang builds
    - Linux 5.4.222
  * Focal update: v5.4.221 upstream stable release (LP: #1997993)
    - xfs: open code insert range extent split helper
    - xfs: rework insert range into an atomic operation
    - xfs: rework collapse range into an atomic operation
    - xfs: add a function to deal with corrupt buffers post-verifiers
    - xfs: xfs_buf_corruption_error should take __this_address
    - xfs: fix buffer corruption reporting when xfs_dir3_free_header_check fails
    - xfs: check owner of dir3 data blocks
    - xfs: check owner of dir3 blocks
    - xfs: Use scnprintf() for avoiding potential buffer overflow
    - xfs: remove the xfs_disk_dquot_t and xfs_dquot_t
    - xfs: remove the xfs_dq_logitem_t typedef
    - xfs: remove the xfs_qoff_logitem_t typedef
    - xfs: Replace function declaration by actual definition
    - xfs: factor out quotaoff intent AIL removal and memory free
    - xfs: fix unmount hang and memory leak on shutdown during quotaoff
    - xfs: preserve default grace interval during quotacheck
    - xfs: Lower CIL flush limit for large logs
    - xfs: Throttle commits on delayed background CIL push
    - xfs: factor common AIL item deletion code
    - xfs: tail updates only need to occur when LSN changes
    - xfs: don't write a corrupt unmount record to force summary counter recalc
    - xfs: trylock underlying buffer on dquot flush
    - xfs: factor out a new xfs_log_force_inode helper
    - xfs: reflink should force the log out if mounted with wsync
    - xfs: move inode flush to the sync workqueue
    - xfs: fix use-after-free on CIL context on shutdown
    - ocfs2: clear dinode links count in case of error
    - ocfs2: fix BUG when iput after ocfs2_mknod fails
    - x86/microcode/AMD: Apply the patch early on every logical thread
    - hwmon/coretemp: Handle large core ID value
    - ata: ahci-imx: Fix MODULE_ALIAS
    - ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS
    - KVM: arm64: vgic: Fix exit condition in scan_its_table()
    - media: venus: dec: Handle the case where find_format fails
    - [Config] updateconfigs for ARM64_ERRATUM_1742098
    - arm64: errata: Remove AES hwcap for COMPAT tasks
    - r8152: add PID for the Lenovo OneLink+ Dock
    - btrfs: fix processing of delayed data refs during backref walking
    - btrfs: fix processing of delayed tree block refs during backref walking
    - ACPI: extlog: Handle multiple records
    - tipc: Fix recognition of trial period
    - tipc: fix an information leak in tipc_topsrv_kern_subscr
    - HID: magicmouse: Do not set BTN_MOUSE on double report
    - net/atm: fix proc_mpc_write incorrect return value
    - net: phy: dp83867: Extend RX strap quirk for SGMII mode
    - net: sched: cake: fix null pointer access issue when cake_init() fails
    - net: hns: fix possible memory leak in hnae_ae_register()
    - iommu/vt-d: Clean up si_domain in the init_dmars() error path
    - arm64: topology: move store_cpu_topology() to shared code
    - riscv: topology: fix default topology reporting
    - ACPI: video: Force backlight native for more TongFang devices
    - Makefile.debug: re-enable debug info for .S files
    - hv_netvsc: Fix race between VF offering and VF association message from host
    - mm: /proc/pid/smaps_rollup: fix no vma's null-deref
    - Linux 5.4.221
  * Focal update: v5.4.220 upstream stable release (LP: #1996812)
    - ALSA: oss: Fix potential deadlock at unregistration
    - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
    - ALSA: usb-audio: Fix potential memory leaks
    - ALSA: usb-audio: Fix NULL dererence at error path
    - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
    - ALSA: hda/realtek: Correct pin configs for ASUS G533Z
    - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop
    - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys
    - mtd: rawnand: atmel: Unmap streaming DMA mappings
    - cifs: destage dirty pages before re-reading them for cache=none
    - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
    - iio: dac: ad5593r: Fix i2c read protocol requirements
    - iio: pressure: dps310: Refactor startup procedure
    - iio: pressure: dps310: Reset chip after timeout
    - usb: add quirks for Lenovo OneLink+ Dock
    - can: kvaser_usb: Fix use of uninitialized completion
    - can: kvaser_usb_leaf: Fix overread with an invalid command
    - can: kvaser_usb_leaf: Fix TX queue out of sync after restart
    - can: kvaser_usb_leaf: Fix CAN state after restart
    - mmc: sdhci-sprd: Fix minimum clock limit
    - fs: dlm: fix race between test_bit() and queue_work()
    - fs: dlm: handle -EBUSY first in lock arg validation
    - HID: multitouch: Add memory barriers
    - quota: Check next/prev free block number after reading from quota file
    - ASoC: wcd9335: fix order of Slimbus unprepare/disable
    - regulator: qcom_rpm: Fix circular deferral regression
    - RISC-V: Make port I/O string accessors actually work
    - parisc: fbdev/stifb: Align graphics memory size to 4MB
    - riscv: Allow PROT_WRITE-only mmap()
    - riscv: Pass -mno-relax only on lld < 15.0.0
    - UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
    - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
    - powerpc/boot: Explicitly disable usage of SPE instructions
    - fbdev: smscufx: Fix use-after-free in ufx_ops_open()
    - btrfs: fix race between quota enable and quota rescan ioctl
    - f2fs: increase the limit for reserve_root
    - f2fs: fix to do sanity check on destination blkaddr during recovery
    - f2fs: fix to do sanity check on summary info
    - nilfs2: fix use-after-free bug of struct nilfs_root
    - jbd2: wake up journal waiters in FIFO order, not LIFO
    - ext4: avoid crash when inline data creation follows DIO write
    - ext4: fix null-ptr-deref in ext4_write_info
    - ext4: make ext4_lazyinit_thread freezable
    - ext4: place buffer head allocation before handle start
    - livepatch: fix race between fork and KLP transition
    - ftrace: Properly unset FTRACE_HASH_FL_MOD
    - ring-buffer: Allow splice to read previous partially read pages
    - ring-buffer: Have the shortest_full queue be the shortest not longest
    - ring-buffer: Check pending waiters when doing wake ups as well
    - ring-buffer: Fix race between reset page and reading page
    - media: cedrus: Set the platform driver data earlier
    - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility
    - KVM: nVMX: Unconditionally purge queued/injected events on nested "exit"
    - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS
    - gcov: support GCC 12.1 and newer compilers
    - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()
    - selinux: use "grep -E" instead of "egrep"
    - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t
    - userfaultfd: open userfaultfds with O_RDONLY
    - sh: machvec: Use char[] for section boundaries
    - ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE
    - nfsd: Fix a memory leak in an error handling path
    - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
    - wifi: mac80211: allow bw change during channel switch in mesh
    - bpftool: Fix a wrong type cast in btf_dumper_int
    - x86/resctrl: Fix to restore to original value when re-enabling hardware
      prefetch register
    - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
    - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()
    - spi: qup: add missing clk_disable_unprepare on error in
      spi_qup_pm_resume_runtime()
    - wifi: rtl8xxxu: Fix skb misuse in TX queue selection
    - bpf: btf: fix truncated last_member_type_id in btf_struct_resolve
    - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
    - net: fs_enet: Fix wrong check in do_pd_setup
    - bpf: Ensure correct locking around vulnerable function find_vpid()
    - x86/microcode/AMD: Track patch allocation size explicitly
    - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
    - netfilter: nft_fib: Fix for rpath check with VRF devices
    - spi: s3c64xx: Fix large transfers with DMA
    - vhost/vsock: Use kvmalloc/kvfree for larger packets.
    - sctp: handle the error returned from sctp_auth_asoc_init_active_key
    - tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited
    - net: rds: don't hold sock lock when cancelling work from
      rds_tcp_reset_callbacks()
    - bnx2x: fix potential memory leak in bnx2x_tpa_stop()
    - net/ieee802154: reject zero-sized raw_sendmsg()
    - once: add DO_ONCE_SLOW() for sleepable contexts
    - net: mvpp2: fix mvpp2 debugfs leak
    - drm: bridge: adv7511: fix CEC power down control register offset
    - drm/mipi-dsi: Detach devices when removing the host
    - platform/chrome: fix double-free in chromeos_laptop_prepare()
    - platform/chrome: fix memory corruption in ioctl
    - platform/x86: msi-laptop: Fix old-ec check for backlight registering
    - platform/x86: msi-laptop: Fix resource cleanup
    - drm: fix drm_mipi_dbi build errors
    - drm/bridge: megachips: Fix a null pointer dereference bug
    - ASoC: rsnd: Add check for rsnd_mod_power_on
    - ALSA: hda: beep: Simplify keep-power-at-enable behavior
    - drm/omap: dss: Fix refcount leak bugs
    - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
    - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API
    - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx
    - ALSA: dmaengine: increment buffer pointer atomically
    - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
    - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
    - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
    - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
    - ALSA: hda/hdmi: Don't skip notification handling during PM operation
    - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
    - memory: of: Fix refcount leak bug in of_get_ddr_timings()
    - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
    - soc: qcom: smem_state: Add refcounting for the 'state->of_node'
    - ARM: dts: turris-omnia: Fix mpp26 pin name and comment
    - ARM: dts: kirkwood: lsxl: fix serial line
    - ARM: dts: kirkwood: lsxl: remove first ethernet port
    - ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family
    - ARM: Drop CMDLINE_* dependency on ATAGS
    - ARM: dts: exynos: fix polarity of VBUS GPIO of Origen
    - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
    - iio: adc: at91-sama5d2_adc: check return status for pressure and touch
    - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq
    - iio: inkern: only release the device node when done with it
    - iio: ABI: Fix wrong format of differential capacitance channel ABI.
    - clk: meson: Hold reference returned by of_get_parent()
    - clk: oxnas: Hold reference returned by of_get_parent()
    - clk: berlin: Add of_node_put() for of_get_parent()
    - clk: tegra: Fix refcount leak in tegra210_clock_init
    - clk: tegra: Fix refcount leak in tegra114_clock_init
    - clk: tegra20: Fix refcount leak in tegra20_clock_init
    - HSI: omap_ssi: Fix refcount leak in ssi_probe
    - HSI: omap_ssi_port: Fix dma_map_sg error check
    - media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop
    - tty: xilinx_uartps: Fix the ignore_status
    - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
    - RDMA/rxe: Fix "kernel NULL pointer dereference" error
    - RDMA/rxe: Fix the error caused by qp->sk
    - misc: ocxl: fix possible refcount leak in afu_ioctl()
    - dyndbg: fix module.dyndbg handling
    - dyndbg: let query-modname override actual module name
    - mtd: devices: docg3: check the return value of devm_ioremap() in the probe
    - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall.
    - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting()
    - ata: fix ata_id_has_devslp()
    - ata: fix ata_id_has_ncq_autosense()
    - ata: fix ata_id_has_dipm()
    - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
    - md/raid5: Ensure stripe_fill happens on non-read IO with journal
    - xhci: Don't show warning for reinit on known broken suspend
    - usb: gadget: function: fix dangling pnp_string in f_printer.c
    - drivers: serial: jsm: fix some leaks in probe
    - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
    - phy: qualcomm: call clk_disable_unprepare in the error handling
    - staging: vt6655: fix some erroneous memory clean-up loops
    - firmware: google: Test spinlock on panic path to avoid lockups
    - serial: 8250: Fix restoring termios speed after suspend
    - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
    - fsi: core: Check error number after calling ida_simple_get
    - mfd: intel_soc_pmic: Fix an error handling path in
      intel_soc_pmic_i2c_probe()
    - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq()
    - mfd: lp8788: Fix an error handling path in lp8788_probe()
    - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and
      lp8788_irq_init()
    - mfd: fsl-imx25: Fix check for platform_get_irq() errors
    - mfd: sm501: Add check for platform_driver_register()
    - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
    - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in
      __cleanup()
    - spmi: pmic-arb: correct duplicate APID to PPID mapping logic
    - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
    - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
    - clk: ast2600: BCLK comes from EPLL
    - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
    - powerpc/math_emu/efp: Include module.h
    - powerpc/sysdev/fsl_msi: Add missing of_node_put()
    - powerpc/pci_dn: Add missing of_node_put()
    - powerpc/powernv: add missing of_node_put() in opal_export_attrs()
    - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition
    - powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5
    - powerpc: Fix SPE Power ISA properties for e500v1 platforms
    - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
    - iommu/omap: Fix buffer overflow in debugfs
    - crypto: akcipher - default implementation for setting a private key
    - crypto: ccp - Release dma channels before dmaengine unrgister
    - iommu/iova: Fix module config properly
    - kbuild: remove the target in signal traps when interrupted
    - crypto: cavium - prevent integer overflow loading firmware
    - f2fs: fix race condition on setting FI_NO_EXTENT flag
    - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
    - MIPS: BCM47XX: Cast memcmp() of function to (void *)
    - powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
    - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to
      avoid crash
    - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data
    - wifi: brcmfmac: fix invalid address access when enabling SCAN log level
    - bpftool: Clear errno after libcap's checks
    - openvswitch: Fix double reporting of drops in dropwatch
    - openvswitch: Fix overreporting of drops in dropwatch
    - tcp: annotate data-race around tcp_md5sig_pool_populated
    - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
    - xfrm: Update ipcomp_scratches with NULL when freed
    - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
    - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()
    - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
    - can: bcm: check the result of can_send() in bcm_can_tx()
    - wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
    - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
    - wifi: rt2x00: set VGC gain for both chains of MT7620
    - wifi: rt2x00: set SoC wmac clock register
    - wifi: rt2x00: correctly set BBP register 86 for MT7620
    - net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory
    - Bluetooth: L2CAP: Fix user-after-free
    - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc()
    - drm: Use size_t type for len variable in drm_copy_field()
    - drm: Prevent drm_copy_field() to attempt copying a NULL pointer
    - drm/amd/display: fix overflow on MIN_I64 definition
    - drm/vc4: vec: Fix timings for VEC modes
    - drm: panel-orientation-quirks: Add quirk for Anbernic Win600
    - platform/x86: msi-laptop: Change DMI match / alias strings to fix module
      autoloading
    - drm/amdgpu: fix initial connector audio value
    - mmc: sdhci-msm: add compatible string check for sdm670
    - ARM: dts: imx7d-sdb: config the max pressure for tsc2046
    - ARM: dts: imx6q: add missing properties for sram
    - ARM: dts: imx6dl: add missing properties for sram
    - ARM: dts: imx6qp: add missing properties for sram
    - ARM: dts: imx6sl: add missing properties for sram
    - ARM: dts: imx6sll: add missing properties for sram
    - ARM: dts: imx6sx: add missing properties for sram
    - btrfs: scrub: try to fix super block errors
    - clk: zynqmp: Fix stack-out-of-bounds in strncpy`
    - media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
    - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
    - scsi: 3w-9xxx: Avoid disabling device if failing to enable it
    - nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
    - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()
    - staging: vt6655: fix potential memory leak
    - ata: libahci_platform: Sanity check the DT child nodes number
    - bcache: fix set_at_max_writeback_rate() for multiple attached devices
    - HID: roccat: Fix use-after-free in roccat_read()
    - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d
    - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
    - usb: musb: Fix musb_gadget.c rxstate overflow bug
    - Revert "usb: storage: Add quirk for Samsung Fit flash"
    - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()
    - nvme: copy firmware_rev on each init
    - nvmet-tcp: add bounds check on Transfer Tag
    - usb: idmouse: fix an uninit-value in idmouse_open
    - clk: bcm2835: Make peripheral PLLC critical
    - perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc
    - net: ieee802154: return -EINVAL for unknown addr type
    - Revert "net/ieee802154: reject zero-sized raw_sendmsg()"
    - net/ieee802154: don't warn zero-sized raw_sendmsg()
    - ext4: continue to expand file system when the target size doesn't reach
    - efi: libstub: drop pointless get_memory_map() call
    - inet: fully convert sk->sk_rx_dst to RCU rules
    - thermal: intel_powerclamp: Use first online CPU as control_cpu
    - Linux 5.4.220
  * Focal update: v5.4.219 upstream stable release (LP: #1996804)
    - Linux 5.4.219

linux-azure (5.4.0-1101.107) focal; urgency=medium

* focal/linux-azure: 5.4.0-1101.107 -proposed tracker (LP: #2001942)

[ Ubuntu: 5.4.0-137.154 ]

* focal/linux: 5.4.0-137.154 -proposed tracker (LP: #2001969)
  * CVE-2022-3643
    - xen/netback: Ensure protocol headers don't fall in the non-linear area
  * CVE-2022-43945
    - NFSD: Cap rsize_bop result based on send buffer size
  * CVE-2022-45934
    - Bluetooth: L2CAP: Fix u8 overflow
  * CVE-2022-42896
    - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
    - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

linux-azure (5.4.0-1100.106) focal; urgency=medium

* focal/linux-azure: 5.4.0-1100.106 -proposed tracker (LP: #1999429)

* ubuntu_bpf failed to build on F-azure-5.4 / B-azure-5.4 ( error:
    ‘bpf_object_open_opts’ undeclared) (LP: #1990794)
    - Revert "bpf, testing: Add selftest to read/write sockaddr from user space"

* Focal update: v5.4.214 upstream stable release (LP: #1993196)
    - [Config] azure: soc: fsl: select FSL_GUTS driver for DPIO

* Azure: hv_netvsc: Fix race between VF offering and VF association message
    from host (LP: #1994974)
    - hv_netvsc: Fix race between VF offering and VF association message from host

* Azure: RMB Patch to backport on the Azure Linux Images (LP: #1994987)
    - net: mana: Add rmb after checking owner bits

[ Ubuntu: 5.4.0-136.153 ]

* focal/linux: 5.4.0-136.153 -proposed tracker (LP: #1997835)
  * Expose built-in trusted and revoked certificates (LP: #1996892)
    - [Packaging] Expose built-in trusted and revoked certificates
  * [UBUNTU 20.04] KVM: PV: ext call delivered twice when receiver in PSW wait
    (LP: #1995941)
    - KVM: s390: pv: don't present the ecall interrupt twice
  * [UBUNTU 20.04] boot: Add s390x secure boot trailer (LP: #1996071)
    - s390/boot: add secure boot trailer
  * Fix rfkill causing soft blocked wifi (LP: #1996198)
    - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
  * md: Replace snprintf with scnprintf (LP: #1993315)
    - md: Replace snprintf with scnprintf
  * input/keyboard: the keyboard on some Asus laptops can't work (LP: #1992266)
    - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA
    - ACPI: resource: Add ASUS model S5402ZA to quirks
  * Focal update: v5.4.218 upstream stable release (LP: #1995530)
    - mm: pagewalk: Fix race between unmap and page walker
    - perf tools: Fixup get_current_dir_name() compilation
    - firmware: arm_scmi: Add SCMI PM driver remove routine
    - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property
    - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API
      failure
    - ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer
    - scsi: qedf: Fix a UAF bug in __qedf_probe()
    - net/ieee802154: fix uninit value bug in dgram_sendmsg
    - um: Cleanup syscall_handler_t cast in syscalls_32.h
    - um: Cleanup compiler warning in arch/x86/um/tls_32.c
    - arch: um: Mark the stack non-executable to fix a binutils warning
    - usb: mon: make mmapped memory read only
    - USB: serial: ftdi_sio: fix 300 bps rate for SIO
    - mmc: core: Replace with already defined values for readability
    - mmc: core: Terminate infinite loop in SD-UHS voltage switch
    - rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
    - nilfs2: fix leak of nilfs_root in case of writer thread creation failure
    - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
    - ceph: don't truncate file in atomic_open
    - random: clamp credited irq bits to maximum mixed
    - ALSA: hda: Fix position reporting on Poulsbo
    - efi: Correct Macmini DMI match in uefi cert quirk
    - USB: serial: qcserial: add new usb-id for Dell branded EM7455
    - random: restore O_NONBLOCK support
    - random: avoid reading two cache lines on irq randomness
    - random: use expired timer rather than wq for mixing fast pool
    - Input: xpad - add supported devices as contributed on github
    - Input: xpad - fix wireless 360 controller breaking after suspend
    - Linux 5.4.218
  * Focal update: v5.4.217 upstream stable release (LP: #1995528)
    - xfs: fix misuse of the XFS_ATTR_INCOMPLETE flag
    - xfs: introduce XFS_MAX_FILEOFF
    - xfs: truncate should remove all blocks, not just to the end of the page
      cache
    - xfs: fix s_maxbytes computation on 32-bit kernels
    - xfs: fix IOCB_NOWAIT handling in xfs_file_dio_aio_read
    - xfs: refactor remote attr value buffer invalidation
    - xfs: fix memory corruption during remote attr value buffer invalidation
    - xfs: move incore structures out of xfs_da_format.h
    - xfs: streamline xfs_attr3_leaf_inactive
    - xfs: fix uninitialized variable in xfs_attr3_leaf_inactive
    - xfs: remove unused variable 'done'
    - Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
    - docs: update mediator information in CoC docs
    - Linux 5.4.217
  * Focal update: v5.4.216 upstream stable release (LP: #1995526)
    - uas: add no-uas quirk for Hiksemi usb_disk
    - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS
    - uas: ignore UAS for Thinkplus chips
    - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
    - clk: ingenic-tcu: Properly enable registers before accessing timers
    - ARM: dts: integrator: Tag PCI host with device_type
    - ntfs: fix BUG_ON in ntfs_lookup_inode_by_name()
    - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
    - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width
    - mm/page_alloc: fix race condition between build_all_zonelists and page
      allocation
    - mm: prevent page_frag_alloc() from corrupting the memory
    - mm/migrate_device.c: flush TLB while holding PTL
    - mm: fix madivse_pageout mishandling on non-LRU page
    - media: dvb_vb2: fix possible out of bound access
    - ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver
    - ARM: dts: am33xx: Fix MMCHS0 dma properties
    - soc: sunxi: sram: Actually claim SRAM regions
    - soc: sunxi: sram: Prevent the driver from being unbound
    - soc: sunxi_sram: Make use of the helper function
      devm_platform_ioremap_resource()
    - soc: sunxi: sram: Fix probe function ordering issues
    - soc: sunxi: sram: Fix debugfs info for A64 SRAM C
    - Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in
      suspend/resume time"
    - Input: melfas_mip4 - fix return value check in mip4_probe()
    - usbnet: Fix memory leak in usbnet_disconnect()
    - nvme: add new line after variable declatation
    - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices
    - selftests: Fix the if conditions of in test_extra_filter()
    - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks
    - clk: iproc: Do not rely on node name for correct PLL setup
    - Linux 5.4.216
  * Focal update: v5.4.215 upstream stable release (LP: #1993203)
    - of: fdt: fix off-by-one error in unflatten_dt_nodes()
    - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0
    - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
    - drm/meson: Correct OSD1 global alpha value
    - drm/meson: Fix OSD1 RGB to YCbCr coefficient
    - parisc: ccio-dma: Add missing iounmap in error path in ccio_probe()
    - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
    - task_stack, x86/cea: Force-inline stack helpers
    - tracing: hold caller_addr to hardirq_{enable,disable}_ip
    - cifs: revalidate mapping when doing direct writes
    - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM
    - MAINTAINERS: add Chandan as xfs maintainer for 5.4.y
    - iomap: iomap that extends beyond EOF should be marked dirty
    - ASoC: nau8824: Fix semaphore unbalance at error paths
    - regulator: pfuze100: Fix the global-out-of-bounds access in
      pfuze100_regulator_probe()
    - rxrpc: Fix local destruction being repeated
    - rxrpc: Fix calc of resend age
    - ALSA: hda/sigmatel: Keep power up while beep is enabled
    - ALSA: hda/tegra: Align BDL entry to 4KB boundary
    - net: usb: qmi_wwan: add Quectel RM520N
    - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
    - MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping()
    - mksysmap: Fix the mismatch of 'L0' symbols in System.map
    - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
    - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
    - ALSA: hda/sigmatel: Fix unused variable warning for beep power change
    - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
    - usb: dwc3: Issue core soft reset before enabling run/stop
    - usb: dwc3: gadget: Prevent repeat pullup()
    - usb: dwc3: gadget: Refactor pullup()
    - usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup()
    - usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop
    - usb: xhci-mtk: get the microframe boundary for ESIT
    - usb: xhci-mtk: add only one extra CS for FS/LS INTR
    - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule
    - usb: xhci-mtk: add a function to (un)load bandwidth info
    - usb: xhci-mtk: add some schedule error number
    - usb: xhci-mtk: allow multiple Start-Split in a microframe
    - usb: xhci-mtk: relax TT periodic bandwidth allocation
    - wifi: mac80211: Fix UAF in ieee80211_scan_rx()
    - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data
    - serial: atmel: remove redundant assignment in rs485_config
    - tty: serial: atmel: Preserve previous USART mode if RS485 disabled
    - usb: add quirks for Lenovo OneLink+ Dock
    - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
    - usb: cdns3: fix issue with rearming ISO OUT endpoint
    - Revert "usb: add quirks for Lenovo OneLink+ Dock"
    - Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio"
    - USB: core: Fix RST error in hub.c
    - USB: serial: option: add Quectel BG95 0x0203 composition
    - USB: serial: option: add Quectel RM520N
    - ALSA: hda/tegra: set depop delay for tegra
    - ALSA: hda: add Intel 5 Series / 3400 PCI DID
    - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9
    - ALSA: hda/realtek: Re-arrange quirk table entries
    - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack
    - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
    - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop
    - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop
    - efi: libstub: check Shim mode using MokSBStateRT
    - mm/slub: fix to return errno if kmalloc() fails
    - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob
    - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz
    - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
    - netfilter: nf_conntrack_sip: fix ct_sip_walk_headers
    - netfilter: nf_conntrack_irc: Tighten matching on DCC message
    - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
    - iavf: Fix cached head and tail value for iavf_get_tx_pending
    - ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
    - net: team: Unsync device addresses on ndo_stop
    - MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko
    - MIPS: Loongson32: Fix PHY-mode being left unspecified
    - iavf: Fix bad page state
    - i40e: Fix set max_tx_rate when it is lower than 1 Mbps
    - of: mdio: Add of_node_put() when breaking out of for_each_xx
    - net/sched: taprio: avoid disabling offload when it was never enabled
    - net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child
      qdiscs
    - netfilter: ebtables: fix memory leak when blob is malformed
    - can: gs_usb: gs_can_open(): fix race dev->can.state condition
    - perf jit: Include program header in ELF files
    - perf kcore_copy: Do not check /proc/modules is unchanged
    - net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD
    - net: sched: fix possible refcount leak in tc_new_tfilter()
    - serial: Create uart_xmit_advance()
    - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting
    - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting
    - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
    - usb: xhci-mtk: fix issue of out-of-bounds array access
    - cifs: always initialize struct msghdr smb_msg completely
    - Drivers: hv: Never allocate anything besides framebuffer from framebuffer
      memory region
    - drm/amd/display: Limit user regamma to a valid value
    - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
    - workqueue: don't skip lockdep work dependency in cancel_work_sync()
    - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
    - xfs: replace -EIO with -EFSCORRUPTED for corrupt metadata
    - xfs: slightly tweak an assert in xfs_fs_map_blocks
    - xfs: add missing assert in xfs_fsmap_owner_from_rmap
    - xfs: range check ri_cnt when recovering log items
    - xfs: attach dquots and reserve quota blocks during unwritten conversion
    - xfs: convert EIO to EFSCORRUPTED when log contents are invalid
    - xfs: constify the buffer pointer arguments to error functions
    - xfs: always log corruption errors
    - xfs: fix some memory leaks in log recovery
    - xfs: stabilize insert range start boundary to avoid COW writeback race
    - xfs: use bitops interface for buf log item AIL flag check
    - xfs: refactor agfl length computation function
    - xfs: split the sunit parameter update into two parts
    - xfs: don't commit sunit/swidth updates to disk if that would cause repair
      failures
    - xfs: fix an ABBA deadlock in xfs_rename
    - xfs: fix use-after-free when aborting corrupt attr inactivation
    - ext4: make directory inode spreading reflect flexbg size
    - Linux 5.4.215
  * Focal update: v5.4.214 upstream stable release (LP: #1993196)
    - drm/msm/rd: Fix FIFO-full deadlock
    - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
    - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
    - tg3: Disable tg3 device on system reboot to avoid triggering AER
    - ieee802154: cc2520: add rc code in cc2520_tx()
    - Input: iforce - add support for Boeder Force Feedback Wheel
    - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
    - perf/arm_pmu_platform: fix tests for platform_get_irq() failure
    - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes
    - usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
    - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
    - net: dp83822: disable rx error interrupt
    - soc: fsl: select FSL_GUTS driver for DPIO
    - tracefs: Only clobber mode/uid/gid on remount if asked
    - Linux 5.4.214
  * Focal update: v5.4.213 upstream stable release (LP: #1992211)
    - efi: capsule-loader: Fix use-after-free in efi_capsule_write
    - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in
      il4965_rs_fill_link_cmd()
    - fs: only do a memory barrier for the first set_buffer_uptodate()
    - Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()"
    - net: dp83822: disable false carrier interrupt
    - drm/msm/dsi: fix the inconsistent indenting
    - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
    - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask
    - iio: adc: mcp3911: make use of the sign bit
    - ieee802154/adf7242: defer destroy_workqueue call
    - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
    - Revert "xhci: turn off port power in shutdown"
    - net: sched: tbf: don't call qdisc_put() while holding tree lock
    - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler
    - kcm: fix strp_init() order and cleanup
    - sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb
    - tcp: annotate data-race around challenge_timestamp
    - Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb"
    - net/smc: Remove redundant refcount increase
    - serial: fsl_lpuart: RS485 RTS polariy is inverse
    - staging: rtl8712: fix use after free bugs
    - powerpc: align syscall table for ppc32
    - vt: Clear selection before changing the font
    - tty: serial: lpuart: disable flow control while waiting for the transmit
      engine to complete
    - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
    - iio: adc: mcp3911: use correct formula for AD conversion
    - misc: fastrpc: fix memory corruption on probe
    - misc: fastrpc: fix memory corruption on open
    - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
    - binder: fix UAF of ref->proc caused by race condition
    - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
    - drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
    - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
    - Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"
    - clk: core: Fix runtime PM sequence in clk_core_unprepare()
    - Input: rk805-pwrkey - fix module autoloading
    - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
    - hwmon: (gpio-fan) Fix array out of bounds access
    - gpio: pca953x: Add mutex_lock for regcache sync in PM
    - thunderbolt: Use the actual buffer in tb_async_error()
    - xhci: Add grace period after xHC start to prevent premature runtime suspend.
    - USB: serial: cp210x: add Decagon UCA device id
    - USB: serial: option: add support for OPPO R11 diag port
    - USB: serial: option: add Quectel EM060K modem
    - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
    - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles
    - usb: dwc2: fix wrong order of phy_power_on and phy_init
    - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
    - usb-storage: Add ignore-residue quirk for NXP PN7462AU
    - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
    - s390: fix nospec table alignments
    - USB: core: Prevent nested device-reset calls
    - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
    - driver core: Don't probe devices after bus_type.match() probe deferral
    - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
    - net: mac802154: Fix a condition in the receive path
    - ALSA: seq: oss: Fix data-race for max_midi_devs access
    - ALSA: seq: Fix data-race at module auto-loading
    - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
    - btrfs: harden identification of a stale device
    - usb: dwc3: fix PHY disable sequence
    - usb: dwc3: disable USB core PHY management
    - USB: serial: ch341: fix lost character on LCR updates
    - USB: serial: ch341: fix disabled rx timer on older devices
    - scsi: megaraid_sas: Fix double kfree()
    - drm/gem: Fix GEM handle release errors
    - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup.
    - drm/radeon: add a force flush to delay work when radeon
    - parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources()
    - parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines
    - arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned
      fw_level
    - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
    - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
    - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
    - ALSA: aloop: Fix random zeros in capture data when using jiffies timer
    - ALSA: usb-audio: Fix an out-of-bounds bug in
      __snd_usb_parse_audio_interface()
    - kprobes: Prohibit probes in gate area
    - debugfs: add debugfs_lookup_and_remove()
    - nvmet: fix a use-after-free
    - scsi: mpt3sas: Fix use-after-free warning
    - scsi: lpfc: Add missing destroy_workqueue() in error path
    - cgroup: Optimize single thread migration
    - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an
      empty subtree
    - cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
    - smb3: missing inode locks in punch hole
    - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node
    - regulator: core: Clean up on enable failure
    - RDMA/cma: Fix arguments order in net device validation
    - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
    - RDMA/hns: Fix supported page size
    - netfilter: br_netfilter: Drop dst references before setting.
    - rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2()
    - afs: Use the operation issue time instead of the reply time for callbacks
    - sch_sfb: Don't assume the skb is still around after enqueueing to child
    - tipc: fix shift wrapping bug in map_get()
    - i40e: Fix kernel crash during module removal
    - RDMA/siw: Pass a pointer to virt_to_page()
    - ipv6: sr: fix out-of-bounds read when setting HMAC data.
    - RDMA/mlx5: Set local port to one when accessing counters
    - nvme-tcp: fix UAF when detecting digest errors
    - tcp: fix early ETIMEDOUT after spurious non-SACK RTO
    - sch_sfb: Also store skb len before calling child enqueue
    - x86/nospec: Fix i386 RSB stuffing
    - MIPS: loongson32: ls1c: Fix hang during startup
    - Linux 5.4.213
  * CVE-2022-2663
    - netfilter: nf_conntrack_irc: Fix forged IP logic
  * CVE-2022-3061
    - video: fbdev: i740fb: Error out if 'pixclock' equals zero

[ Ubuntu: 5.4.0-135.152 ]

* focal/linux: 5.4.0-135.152 -proposed tracker (LP: #1997412)
  * containerd sporadic timeouts (LP: #1996678)
    - epoll: call final ep_events_available() check under the lock
    - epoll: check for events when removing a timed out thread from the wait queue
    - Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
  * CVE-2022-3621
    - nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
  * CVE-2022-3565
    - mISDN: fix use-after-free bugs in l1oip timer handlers
  * CVE-2022-3566
    - tcp: Fix data races around icsk->icsk_af_ops.
  * CVE-2022-3567
    - ipv6: annotate some data-races around sk->sk_prot
    - ipv6: Fix data races around sk->sk_prot.
  * CVE-2022-3564
    - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
  * CVE-2022-3524
    - tcp/udp: Fix memory leak in ipv6_renew_options().
  * CVE-2022-3594
    - r8152: Rate limit overflow messages
  * CVE-2022-42703
    - mm/rmap.c: don't reuse anon_vma if we just want a copy

[ Ubuntu: 5.4.0-132.148 ]

* CVE-2022-42719
    - mac80211: mlme: find auth challenge directly
    - wifi: mac80211: don't parse mbssid in assoc response
    - wifi: mac80211: fix MBSSID parsing use-after-free
  * iavf: SR-IOV VFs error with no traffic flow when MTU greater than 1500
    (LP: #1983656)
    - iavf: Fix set max MTU size with port VLAN and jumbo frames
    - i40e: Fix VF set max MTU size
  * fib_nexthop_nongw.sh from ubuntu_kernel_selftests failed on B-5.4
    (LP: #1990800)
    - SAUCE: selftests/net: skipping tests for older ip command releases
  * CVE-2022-29901
    - Revert "x86/speculation: Add RSB VM Exit protections"
    - Revert "x86/cpu: Add a steppings field to struct x86_cpu_id"
    - x86/devicetable: Move x86 specific macro out of generic code
    - x86/cpu: Add consistent CPU match macros
    - x86/cpu: Add a steppings field to struct x86_cpu_id
    - x86/kvm/vmx: Make noinstr clean
    - x86/cpufeatures: Move RETPOLINE flags to word 11
    - x86/bugs: Report AMD retbleed vulnerability
    - x86/bugs: Add AMD retbleed= boot parameter
    - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
    - x86/entry: Remove skip_r11rcx
    - x86/entry: Add kernel IBRS implementation
    - x86/bugs: Optimize SPEC_CTRL MSR writes
    - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
    - x86/bugs: Split spectre_v2_select_mitigation() and
      spectre_v2_user_select_mitigation()
    - x86/bugs: Report Intel retbleed vulnerability
    - intel_idle: Disable IBRS during long idle
    - x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
    - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
    - x86/speculation: Fix firmware entry SPEC_CTRL handling
    - x86/speculation: Fix SPEC_CTRL write on SMT state change
    - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
    - x86/speculation: Remove x86_spec_ctrl_mask
    - KVM/VMX: Use TEST %REG,%REG instead of CMP $0,%REG in vmenter.S
    - KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw
    - KVM: VMX: Flatten __vmx_vcpu_run()
    - KVM: VMX: Convert launched argument to flags
    - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
    - KVM: VMX: Fix IBRS handling after vmexit
    - x86/speculation: Fill RSB on vmexit for IBRS
    - x86/common: Stamp out the stepping madness
    - x86/cpu/amd: Enumerate BTC_NO
    - x86/bugs: Add Cannon lake to RETBleed affected CPU list
    - x86/speculation: Disable RRSBA behavior
    - x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
    - x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
    - x86/speculation: Add RSB VM Exit protections
  * ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel
    systems (LP: #1990985)
    - ACPI: processor_idle: Skip dummy wait if kernel is in guest
    - ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel
      systems
  * cgroup: all controllers mounted when using 'cgroup_no_v1=' (LP: #1988584)
    - cgroup-v1: add disabled controller check in cgroup1_parse_param()
  * Focal update: v5.4.212 upstream stable release (LP: #1991156)
    - audit: fix potential double free on error path from fsnotify_add_inode_mark
    - parisc: Fix exception handler for fldw and fstw instructions
    - kernel/sys_ni: add compat entry for fadvise64_64
    - usb: cdns3: Fix issue for clear halt endpoint
    - pinctrl: amd: Don't save/restore interrupt status and wake status bits
    - sched/deadline: Unthrottle PI boosted threads while enqueuing
    - sched/deadline: Fix stale throttling on de-/boosted tasks
    - sched/deadline: Fix priority inheritance with multiple scheduling classes
    - kernel/sched: Remove dl_boosted flag comment
    - xfrm: fix refcount leak in __xfrm_policy_check()
    - SUNRPC: RPC level errors should set task->tk_rpc_status
    - rose: check NULL rose_loopback_neigh->loopback
    - net/mlx5e: Properly disable vlan strip on non-UL reps
    - net: moxa: get rid of asymmetry in DMA mapping/unmapping
    - bonding: 802.3ad: fix no transmission of LACPDUs
    - net: ipvtap - add __init/__exit annotations to module init/exit funcs
    - netfilter: ebtables: reject blobs that don't provide all entry points
    - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips
    - netfilter: nft_payload: report ERANGE for too long offset and length
    - netfilter: nft_payload: do not truncate csum_offset and csum_type
    - netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families
    - netfilter: nft_tunnel: restrict it to netdev family
    - net: Fix data-races around weight_p and dev_weight_[rt]x_bias.
    - net: Fix data-races around netdev_tstamp_prequeue.
    - ratelimit: Fix data-races in ___ratelimit().
    - net: Fix a data-race around sysctl_tstamp_allow_data.
    - net: Fix a data-race around sysctl_net_busy_poll.
    - net: Fix a data-race around sysctl_net_busy_read.
    - net: Fix a data-race around netdev_budget.
    - net: Fix a data-race around netdev_budget_usecs.
    - net: Fix a data-race around sysctl_somaxconn.
    - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
    - btrfs: fix silent failure when deleting root reference
    - btrfs: replace: drop assert for suspended replace
    - btrfs: add info when mount fails due to stale replace target
    - btrfs: check if root is readonly while setting security xattr
    - x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry
    - loop: Check for overflow while configuring loop
    - asm-generic: sections: refactor memory_intersects
    - s390: fix double free of GS and RI CBs on fork() failure
    - ACPI: processor: Remove freq Qos request for all CPUs
    - mm/hugetlb: fix hugetlb not supporting softdirty tracking
    - md: call __md_stop_writes in md_stop
    - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU
    - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq
    - mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
    - s390/mm: do not trigger write fault when vma does not allow VM_WRITE
    - x86/bugs: Add "unknown" reporting for MMIO Stale Data
    - kbuild: Fix include path in scripts/Makefile.modpost
    - Bluetooth: L2CAP: Fix build errors in some archs
    - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
    - udmabuf: Set the DMA mask for the udmabuf device (v2)
    - media: pvrusb2: fix memory leak in pvr_probe
    - HID: hidraw: fix memory leak in hidraw_release()
    - fbdev: fb_pm2fb: Avoid potential divide by zero error
    - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is
      dead
    - bpf: Don't redirect packets with invalid pkt_len
    - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
    - btrfs: introduce btrfs_lookup_match_dir
    - btrfs: do not pin logs too early during renames
    - btrfs: unify lookup return value when dir entry is missing
    - drm/amd/display: Avoid MPC infinite loop
    - drm/amd/display: clear optc underflow before turn off odm clock
    - neigh: fix possible DoS due to net iface start/stop loop
    - s390/hypfs: avoid error message under KVM
    - drm/amd/display: Fix pixel clock programming
    - netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
    - btrfs: tree-checker: check for overlapping extent items
    - lib/vdso: Let do_coarse() return 0 to simplify the callsite
    - lib/vdso: Mark do_hres() and do_coarse() as __always_inline
    - kprobes: don't call disarm_kprobe() for disabled kprobes
    - net/af_packet: check len when min_header_len equals to 0
    - net: neigh: don't call kfree_skb() under spin_lock_irqsave()
    - Linux 5.4.212
  * Focal update: v5.4.211 upstream stable release (LP: #1990190)
    - Makefile: link with -z noexecstack --no-warn-rwx-segments
    - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments
    - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover"
    - ALSA: bcd2000: Fix a UAF bug on the error path of probing
    - igc: Remove _I_PHY_ID checking
    - wifi: mac80211_hwsim: fix race condition in pending packet
    - wifi: mac80211_hwsim: add back erroneously removed cast
    - wifi: mac80211_hwsim: use 32-bit skb cookie
    - add barriers to buffer_uptodate and set_buffer_uptodate
    - HID: wacom: Only report rotation for art pen
    - HID: wacom: Don't register pad_input for touch switch
    - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case
    - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case
    - KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
    - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value
    - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
    - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP
    - mm/mremap: hold the rmap lock in write mode when moving page table entries.
    - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
    - ALSA: hda/cirrus - support for iMac 12,1 model
    - ALSA: hda/realtek: Add quirk for another Asus K42JZ model
    - tty: vt: initialize unicode screen buffer
    - vfs: Check the truncate maximum size in inode_newsize_ok()
    - fs: Add missing umask strip in vfs_tmpfile
    - thermal: sysfs: Fix cooling_device_stats_setup() error code path
    - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
    - usbnet: Fix linkwatch use-after-free on disconnect
    - ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh()
    - parisc: Fix device names in /proc/iomem
    - parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode
    - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error
    - drm/nouveau: fix another off-by-one in nvbios_addr
    - drm/amdgpu: Check BO's requested pinning domains against its
      preferred_domains
    - iio: light: isl29028: Fix the warning in isl29028_remove()
    - fuse: limit nsec
    - serial: mvebu-uart: uart2 error bits clearing
    - md-raid10: fix KASAN warning
    - ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr()
    - PCI: Add defines for normal and subtractive PCI bridges
    - powerpc/fsl-pci: Fix Class Code of PCIe Root Port
    - powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E
    - powerpc/powernv: Avoid crashing if rng is NULL
    - MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
    - coresight: Clear the connection field properly
    - USB: HCD: Fix URB giveback issue in tasklet function
    - ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC
    - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC
    - netfilter: nf_tables: fix null deref due to zeroed list head
    - epoll: autoremove wakers even more aggressively
    - x86: Handle idle=nomwait cmdline properly for x86_idle
    - arm64: Do not forget syscall when starting a new thread.
    - arm64: fix oops in concurrently setting insn_emulation sysctls
    - ext2: Add more validity checks for inode counts
    - genirq: Don't return error on missing optional irq_request_resources()
    - wait: Fix __wait_event_hrtimeout for RT/DL tasks
    - ARM: dts: imx6ul: add missing properties for sram
    - ARM: dts: imx6ul: change operating-points to uint32-matrix
    - ARM: dts: imx6ul: fix csi node compatible
    - ARM: dts: imx6ul: fix lcdif node compatible
    - ARM: dts: imx6ul: fix qspi node compatible
    - spi: synquacer: Add missing clk_disable_unprepare()
    - ARM: OMAP2+: display: Fix refcount leak bug
    - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
    - ACPI: PM: save NVS memory for Lenovo G40-45
    - ACPI: LPSS: Fix missing check in register_device_clock()
    - arm64: dts: qcom: ipq8074: fix NAND node name
    - arm64: dts: allwinner: a64: orangepi-win: Fix LED node name
    - ARM: shmobile: rcar-gen2: Increase refcount for new reference
    - PM: hibernate: defer device probing when resuming from hibernation
    - selinux: Add boundary check in put_entry()
    - spi: spi-rspi: Fix PIO fallback on RZ platforms
    - ARM: findbit: fix overflowing offset
    - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
    - ARM: bcm: Fix refcount leak in bcm_kona_smc_init
    - x86/pmem: Fix platform-device leak in error path
    - ARM: dts: ast2500-evb: fix board compatible
    - ARM: dts: ast2600-evb: fix board compatible
    - soc: fsl: guts: machine variable might be unset
    - ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg
    - ARM: OMAP2+: Fix refcount leak in omapdss_init_of
    - ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init
    - cpufreq: zynq: Fix refcount leak in zynq_get_revision
    - soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register
    - ARM: dts: qcom: pm8841: add required thermal-sensor-cells
    - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe()
    - arm64: dts: mt7622: fix BPI-R64 WPS button
    - erofs: avoid consecutive detection for Highmem memory
    - blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created
    - regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
    - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt()
    - thermal/tools/tmon: Include pthread and time headers in tmon.h
    - dm: return early from dm_pr_call() if DM device is suspended
    - ath10k: do not enforce interrupt trigger type
    - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
    - drm/mipi-dbi: align max_chunk to 2 in spi_transfer
    - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
    - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
    - drm: adv7511: override i2c address of cec before accessing it
    - i2c: Fix a potential use after free
    - media: tw686x: Register the irq at the end of probe
    - wifi: iwlegacy: 4965: fix potential off-by-one overflow in
      il4965_rs_fill_link_cmd()
    - drm: bridge: adv7511: Add check for mipi_dsi_driver_register
    - drm/mcde: Fix refcount leak in mcde_dsi_bind
    - media: hdpvr: fix error value returns in hdpvr_read
    - drm/vc4: plane: Remove subpixel positioning check
    - drm/vc4: plane: Fix margin calculations for the right/bottom edges
    - drm/vc4: dsi: Correct DSI divider calculations
    - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE
    - drm/rockchip: vop: Don't crash for invalid duplicate_state()
    - drm/rockchip: Fix an error handling path rockchip_dp_probe()
    - drm/mediatek: dpi: Remove output format of YUV
    - drm/mediatek: dpi: Only enable dpi after the bridge is enabled
    - drm: bridge: sii8620: fix possible off-by-one
    - drm/msm/mdp5: Fix global state lock backoff
    - crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq
    - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment
    - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
    - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed.
    - tcp: make retransmitted SKB fit into the send window
    - libbpf: Fix the name of a reused map
    - selftests: timers: valid-adjtimex: build fix for newer toolchains
    - selftests: timers: clocksource-switch: fix passing errors from child
    - fs: check FMODE_LSEEK to control internal pipe splicing
    - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
    - wifi: p54: Fix an error handling path in p54spi_probe()
    - wifi: p54: add missing parentheses in p54_flush()
    - selftests/bpf: fix a test for snprintf() overflow
    - can: pch_can: do not report txerr and rxerr during bus-off
    - can: rcar_can: do not report txerr and rxerr during bus-off
    - can: sja1000: do not report txerr and rxerr during bus-off
    - can: hi311x: do not report txerr and rxerr during bus-off
    - can: sun4i_can: do not report txerr and rxerr during bus-off
    - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
    - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
    - can: usb_8dev: do not report txerr and rxerr during bus-off
    - can: error: specify the values of data[5..7] of CAN error frames
    - can: pch_can: pch_can_error(): initialize errc before using it
    - Bluetooth: hci_intel: Add check for platform_driver_register
    - i2c: cadence: Support PEC for SMBus block read
    - i2c: mux-gpmux: Add of_node_put() when breaking out of loop
    - wifi: wil6210: debugfs: fix uninitialized variable use in
      `wil_write_file_wmi()`
    - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
    - wifi: libertas: Fix possible refcount leak in if_usb_probe()
    - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
    - crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
    - iavf: Fix max_rate limiting
    - netdevsim: Avoid allocation warnings triggered from user space
    - net: rose: fix netdev reference changes
    - dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
    - clk: renesas: r9a06g032: Fix UART clkgrp bitsel
    - mtd: maps: Fix refcount leak in of_flash_probe_versatile
    - mtd: maps: Fix refcount leak in ap_flash_init
    - mtd: rawnand: meson: Fix a potential double free issue
    - HID: cp2112: prevent a buffer overflow in cp2112_xfer()
    - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
    - mtd: partitions: Fix refcount leak in parse_redboot_of
    - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
    - fpga: altera-pr-ip: fix unsigned comparison with less than zero
    - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
    - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
    - usb: xhci: tegra: Fix error check
    - clk: mediatek: reset: Fix written reset bit offset
    - misc: rtsx: Fix an error handling path in rtsx_pci_probe()
    - driver core: fix potential deadlock in __driver_attach
    - clk: qcom: clk-krait: unlock spin after mux completion
    - usb: host: xhci: use snprintf() in xhci_decode_trb()
    - clk: qcom: ipq8074: fix NSS port frequency tables
    - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
    - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain
    - soundwire: bus_type: fix remove and shutdown support
    - intel_th: Fix a resource leak in an error handling path
    - intel_th: msu-sink: Potential dereference of null pointer
    - intel_th: msu: Fix vmalloced buffers
    - staging: rtl8192u: Fix sleep in atomic context bug in
      dm_fsync_timer_callback
    - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
    - memstick/ms_block: Fix some incorrect memory allocation
    - memstick/ms_block: Fix a memory leak
    - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
    - scsi: smartpqi: Fix DMA direction for RAID requests
    - usb: gadget: udc: amd5536 depends on HAS_DMA
    - RDMA/hns: Fix incorrect clearing of interrupt status register
    - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event
    - RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
    - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
    - mmc: cavium-octeon: Add of_node_put() when breaking out of loop
    - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
    - HID: alps: Declare U1_UNICORN_LEGACY support
    - PCI: tegra194: Fix Root Port interrupt handling
    - PCI: tegra194: Fix link up retry sequence
    - USB: serial: fix tty-port initialized comments
    - platform/olpc: Fix uninitialized data in debugfs write
    - mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
    - RDMA/rxe: Fix error unwind in rxe_create_qp()
    - null_blk: fix ida error handling in null_add_dev()
    - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction()
    - ext4: recover csum seed of tmp_inode after migrating to extents
    - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
    - opp: Fix error check in dev_pm_opp_attach_genpd()
    - ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe
    - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
    - ASoC: codecs: da7210: add check for i2c_add_driver
    - ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe
    - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty()
    - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV
    - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV
    - profiling: fix shift too large makes kernel panic
    - tty: n_gsm: fix non flow control frames during mux flow off
    - tty: n_gsm: fix packet re-transmission without open control channel
    - tty: n_gsm: fix race condition in gsmld_write()
    - remoteproc: qcom: wcnss: Fix handling of IRQs
    - vfio/ccw: Do not change FSM state in subchannel event
    - tty: n_gsm: fix wrong T1 retry count handling
    - tty: n_gsm: fix DM command
    - tty: n_gsm: fix missing corner cases in gsmld_poll()
    - iommu/exynos: Handle failed IOMMU device registration properly
    - rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
    - kfifo: fix kfifo_to_user() return type
    - mfd: t7l66xb: Drop platform disable callback
    - mfd: max77620: Fix refcount leak in max77620_initialise_fps
    - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
    - s390/zcore: fix race when reading from hardware system area
    - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp()
    - fuse: Remove the control interface for virtio-fs
    - ASoC: audio-graph-card: Add of_node_put() in fail path
    - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in
      armada_37xx_wdt_probe()
    - video: fbdev: amba-clcd: Fix refcount leak bugs
    - video: fbdev: sis: fix typos in SiS_GetModeID()
    - powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32
    - powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and
      alias
    - powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
    - powerpc/xive: Fix refcount leak in xive_get_max_prio
    - powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address
    - perf symbol: Fail to read phdr workaround
    - kprobes: Forbid probing on trampoline and BPF code areas
    - powerpc/pci: Fix PHB numbering when using opal-phbid
    - genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO
    - scripts/faddr2line: Fix vmlinux detection on arm64
    - x86/numa: Use cpumask_available instead of hardcoded NULL check
    - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
    - tools/thermal: Fix possible path truncations
    - video: fbdev: vt8623fb: Check the size of screen before memset_io()
    - video: fbdev: arkfb: Check the size of screen before memset_io()
    - video: fbdev: s3fb: Check the size of screen before memset_io()
    - scsi: zfcp: Fix missing auto port scan and thus missing target ports
    - scsi: qla2xxx: Fix discovery issues in FC-AL topology
    - scsi: qla2xxx: Turn off multi-queue for 8G adapters
    - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection
    - x86/olpc: fix 'logical not is only applied to the left hand side'
    - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
    - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature
      verification
    - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH
    - btrfs: reset block group chunk force if we have to wait
    - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
    - ext4: make sure ext4_append() always allocates new block
    - ext4: fix use-after-free in ext4_xattr_set_entry
    - ext4: update s_overhead_clusters in the superblock during an on-line resize
    - ext4: fix extent status tree race in writeback error recovery path
    - ext4: correct max_inline_xattr_value_size computing
    - ext4: correct the misjudgment in ext4_iget_extra_inode
    - intel_th: pci: Add Raptor Lake-S CPU support
    - intel_th: pci: Add Raptor Lake-S PCH support
    - intel_th: pci: Add Meteor Lake-P support
    - dm raid: fix address sanitizer warning in raid_resume
    - dm raid: fix address sanitizer warning in raid_status
    - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
    - dm writecache: set a default MAX_WRITEBACK_JOBS
    - ACPI: CPPC: Do not prevent CPPC from working in the future
    - timekeeping: contribute wall clock to rng on time change
    - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
    - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
    - btrfs: reject log replay if there is unsupported RO compat flag
    - KVM: Add infrastructure and macro to mark VM as bugged
    - KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq
    - KVM: x86: Avoid theoretical NULL pointer dereference in
      kvm_irq_delivery_to_apic_fast()
    - tcp: fix over estimation in sk_forced_mem_schedule()
    - scsi: sg: Allow waiting for commands to complete on removed device
    - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
    - net/9p: Initialize the iounit field during fid creation
    - net_sched: cls_route: disallow handle of 0
    - ALSA: info: Fix llseek return value when using callback
    - rds: add missing barrier to release_refill
    - ata: libata-eh: Add missing command name
    - mmc: pxamci: Fix another error handling path in pxamci_probe()
    - mmc: pxamci: Fix an error handling path in pxamci_probe()
    - btrfs: fix lost error handling when looking up extended ref on log replay
    - tracing: Have filter accept "common_cpu" to be consistent
    - can: ems_usb: fix clang's -Wunaligned-access warning
    - apparmor: fix quiet_denied for file rules
    - apparmor: fix absroot causing audited secids to begin with =
    - apparmor: Fix failed mount permission check error message
    - apparmor: fix aa_label_asxprint return check
    - apparmor: fix overlapping attachment computation
    - apparmor: fix reference count leak in aa_pivotroot()
    - apparmor: Fix memleak in aa_simple_write_to_buffer()
    - Documentation: ACPI: EINJ: Fix obsolete example
    - NFSv4.1: Don't decrease the value of seq_nr_highest_sent
    - NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
    - NFSv4: Fix races in the legacy idmapper upcall
    - NFSv4.1: RECLAIM_COMPLETE must handle EACCES
    - NFSv4/pnfs: Fix a use-after-free bug in open
    - can: mcp251x: Fix race condition on receive interrupt
    - sunrpc: fix expiry of auth creds
    - SUNRPC: Reinitialise the backchannel request buffers before reuse
    - devlink: Fix use-after-free after a failed reload
    - net: bgmac: Fix a BUG triggered by wrong bytes_compl
    - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
    - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
    - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO
    - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
    - geneve: do not use RT_TOS for IPv6 flowlabel
    - plip: avoid rcu debug splat
    - vsock: Fix memory leak in vsock_connect()
    - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout()
    - dt-bindings: arm: qcom: fix MSM8916 MTP compatibles
    - tools/vm/slabinfo: use alphabetic order when two values are equal
    - tools build: Switch to new openssl API for test-libcrypto
    - NTB: ntb_tool: uninitialized heap data in tool_fn_write()
    - nfp: ethtool: fix the display error of `ethtool -m DEVNAME`
    - xen/xenbus: fix return type in xenbus_file_read()
    - atm: idt77252: fix use-after-free bugs caused by tst_timer
    - dpaa2-eth: trace the allocated address instead of page struct
    - tee: add overflow check in register_shm_helper()
    - nios2: page fault et.al. are *not* restartable syscalls...
    - nios2: don't leave NULLs in sys_call_table[]
    - nios2: traced syscall does need to check the syscall number
    - nios2: fix syscall restart checks
    - nios2: restarts apply only to the first sigframe we build...
    - nios2: add force_successful_syscall_return()
    - iavf: Fix adminq error handling
    - clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks
    - netfilter: nf_tables: really skip inactive sets when allocating name
    - powerpc/pci: Fix get_phb_number() locking
    - net: dsa: mv88e6060: prevent crash on an unused port
    - net: moxa: pass pdev instead of ndev to DMA functions
    - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry
    - ice: Ignore EEXIST when setting promisc mode
    - i40e: Fix to stop tx_timeout recovery if GLOBR fails
    - fec: Fix timer capture timing in `fec_ptp_enable_pps()`
    - igb: Add lock to avoid data race
    - gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file
    - locking/atomic: Make test_and_*_bit() ordered on failure
    - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
    - PCI: Add ACS quirk for Broadcom BCM5750x NICs
    - usb: cdns3 fix use-after-free at workaround 2
    - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of
      uvcg_info
    - irqchip/tegra: Fix overflow implicit truncation warnings
    - drm/meson: Fix overflow implicit truncation warnings
    - usb: host: ohci-ppc-of: Fix refcount leak bug
    - usb: renesas: Fix refcount leak bug
    - vboxguest: Do not use devm for irq
    - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src
    - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user
      input
    - gadgetfs: ep_io - wait until IRQ finishes
    - cxl: Fix a memory leak in an error handling path
    - PCI/ACPI: Guard ARM64-specific mcfg_quirks
    - um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups
    - selftests/kprobe: Do not test for GRP/ without event failures
    - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed
    - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown
    - drivers:md:fix a potential use-after-free bug
    - ext4: avoid remove directory when directory is corrupted
    - ext4: avoid resizing to a partial cluster size
    - lib/list_debug.c: Detect uninitialized lists
    - tty: serial: Fix refcount leak bug in ucc_uart.c
    - vfio: Clear the caps->buf to NULL after free
    - mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
    - riscv: mmap with PROT_WRITE but no PROT_READ is invalid
    - RISC-V: Add fast call path of crash_kexec()
    - watchdog: export lockup_detector_reconfigure
    - powerpc/32: Don't always pass -mcpu=powerpc to the compiler
    - ALSA: core: Add async signal helpers
    - ALSA: timer: Use deferred fasync helper
    - f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()
    - smb3: check xattr value length earlier
    - powerpc/64: Init jump labels before parse_early_param()
    - video: fbdev: i740fb: Check the argument of i740_calc_vclk()
    - MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0
    - tracing/probes: Have kprobes and uprobes use $COMM too
    - can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with
      netdev_warn_once()
    - can: j1939: j1939_session_destroy(): fix memory leak of skbs
    - btrfs: only write the sectors in the vertical stripe which has data stripes
    - btrfs: raid56: don't trust any cached sector in __raid56_parity_recover()
    - Linux 5.4.211
  * CVE-2022-3028
    - af_key: Do not call xfrm_probe_algs in parallel
  * CVE-2022-2978
    - fs: fix UAF/GPF bug in nilfs_mdt_destroy
  * CVE-2022-40768
    - scsi: stex: Properly zero out the passthrough command structure

-- Tim Gardner <tim.gardner@canonical.com>  Fri, 02 Jun 2023 12:51:11 -0600

Changed in linux-azure (Ubuntu Focal):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux-azure package

Azure: keys: Do not cache key in task struct if key is requested from kernel thread

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux-azure package