This bug was fixed in the package linux - 5.8.0-59.66 --------------- linux (5.8.0-59.66) groovy; urgency=medium * UAF on CAN J1939 j1939_can_recv (LP: #1932209) - SAUCE: can: j1939: delay release of j1939_priv after synchronize_rcu * UAF on CAN BCM bcm_rx_handler (LP: #1931855) - SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu linux (5.8.0-57.64) groovy; urgency=medium * groovy/linux: 5.8.0-57.64 -proposed tracker (LP: #1932047) * pmtu.sh from selftests.net in linux ADT test failure with linux/5.8.0-56.63 (LP: #1931731) - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb linux (5.8.0-56.63) groovy; urgency=medium * groovy/linux: 5.8.0-56.63 -proposed tracker (LP: #1930052) * Packaging resync (LP: #1786013) - update dkms package versions * scsi: storvsc: Parameterize number hardware queues (LP: #1930626) - scsi: storvsc: Parameterize number hardware queues * CVE-2021-33200 - bpf: Wrap aux data inside bpf_sanitize_info container - bpf: Fix mask direction swap upon off reg sign change - bpf: No need to simulate speculative domain for immediates * CVE-2021-3490 - SAUCE: Revert "UBUNTU: SAUCE: bpf: verifier: fix ALU32 bounds tracking with bitwise ops" - gpf: Fix alu32 const subreg bound tracking on bitwise operations * CVE-2021-3489 - SAUCE: Revert "UBUNTU: SAUCE: bpf: prevent writable memory-mapping of read- only ringbuf pages" - bpf: Prevent writable memory-mapping of read-only ringbuf pages * Realtek USB hubs in Dell WD19SC/DC/TB fail to work after exiting s2idle (LP: #1928242) - USB: Verify the port status when timeout happens during port suspend * CVE-2020-26145 - ath10k: drop fragments with multicast DA for SDIO - ath10k: add CCMP PN replay protection for fragmented frames for PCIe - ath10k: drop fragments with multicast DA for PCIe * CVE-2020-26141 - ath10k: Fix TKIP Michael MIC verification for PCIe * CVE-2020-24587 - ath11k: Clear the fragment cache during key install * CVE-2020-24588 - mac80211: properly handle A-MSDUs that start with an RFC 1042 header - cfg80211: mitigate A-MSDU aggregation attacks - mac80211: drop A-MSDUs on old ciphers - ath10k: drop MPDU which has discard flag set by firmware for SDIO * CVE-2020-26139 - mac80211: do not accept/forward invalid EAPOL frames * CVE-2020-24586 // CVE-2020-24587 // CVE-2020-24587 for such cases. - mac80211: extend protection against mixed key and fragment cache attacks * CVE-2020-24586 // CVE-2020-24587 - mac80211: prevent mixed key and fragment cache attacks - mac80211: add fragment cache to sta_info - mac80211: check defrag PN against current frame - mac80211: prevent attacks on TKIP/WEP as well * CVE-2020-26147 - mac80211: assure all fragments are encrypted * raid10: Block discard is very slow, causing severe delays for mkfs and fstrim operations (LP: #1896578) - md: add md_submit_discard_bio() for submitting discard bio - md/raid10: extend r10bio devs to raid disks - md/raid10: pull the code that wait for blocked dev into one function - md/raid10: improve raid10 discard request - md/raid10: improve discard request for far layout - dm raid: remove unnecessary discard limits for raid0 and raid10 * [SRU] mpt3sas: only one vSES is handy even IOC has multi vSES (LP: #1926517) - scsi: mpt3sas: Only one vSES is present even when IOC has multi vSES * CVE-2021-23133 - sctp: delay auto_asconf init until binding the first addr * kvm: properly tear down PV features on hibernate (LP: #1920944) - x86/kvm: Fix pr_info() for async PF setup/teardown - x86/kvm: Teardown PV features on boot CPU as well - x86/kvm: Disable kvmclock on all CPUs on shutdown - x86/kvm: Disable all PV features on crash - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() * CVE-2021-31440 - bpf: Fix propagation of 32 bit unsigned bounds from 64 bit bounds * Can't detect intel wifi 6235 (LP: #1920180) - SAUCE: iwlwifi: add new pci id for 6235 * [SRU] Patch for flicker and glitching on common LCD display panels, intel framebuffer (LP: #1925685) - drm/i915: Try to use fast+narrow link on eDP again and fall back to the old max strategy on failure - drm/i915/dp: Use slow and wide link training for everything * pmtu.sh from net in ubuntu_kernel_selftests failed with no error message (LP: #1887661) - selftests: pmtu.sh: use $ksft_skip for skipped return code * IR Remote Keys Repeat Many Times Starting with Kernel 5.8.0-49 (LP: #1926030) - SAUCE: Revert "media: rc: ite-cir: fix min_timeout calculation" - SAUCE: Revert "media: rc: fix timeout handling after switch to microsecond durations" * Groovy update: upstream stable patchset 2021-05-20 (LP: #1929132) - Input: nspire-keypad - enable interrupts only when opened - gpio: sysfs: Obey valid_mask - dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback - dmaengine: idxd: fix delta_rec and crc size field for completion record - dmaengine: idxd: fix opcap sysfs attribute output - dmaengine: idxd: fix wq size store permission state - dmaengine: dw: Make it dependent to HAS_IOMEM - dmaengine: Fix a double free in dma_async_device_register - dmaengine: plx_dma: add a missing put_device() on error path - ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade() - ARM: dts: Drop duplicate sha2md5_fck to fix clk_disable race - ARM: dts: Fix moving mmc devices with aliases for omap4 & 5 - lockdep: Add a missing initialization hint to the "INFO: Trying to register non-static key" message - arc: kernel: Return -EFAULT if copy_to_user() fails - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() - xfrm: BEET mode doesn't support fragments for inner packets - ASoC: max98373: Added 30ms turn on/off time delay - gpu/xen: Fix a use after free in xen_drm_drv_init - neighbour: Disregard DEAD dst in neigh_update - ARM: keystone: fix integer overflow warning - ARM: omap1: fix building with clang IAS - drm/msm: Fix a5xx/a6xx timestamps - ASoC: fsl_esai: Fix TDM slot setup for I2S mode - scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state - iwlwifi: add support for Qu with AX201 device - net: ieee802154: stop dump llsec keys for monitors - net: ieee802154: forbid monitor for add llsec key - net: ieee802154: forbid monitor for del llsec key - net: ieee802154: stop dump llsec devs for monitors - net: ieee802154: forbid monitor for add llsec dev - net: ieee802154: forbid monitor for del llsec dev - net: ieee802154: stop dump llsec devkeys for monitors - net: ieee802154: forbid monitor for add llsec devkey - net: ieee802154: forbid monitor for del llsec devkey - net: ieee802154: stop dump llsec seclevels for monitors - net: ieee802154: forbid monitor for add llsec seclevel - pcnet32: Use pci_resource_len to validate PCI resource - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN - virt_wifi: Return micros for BSS TSF values - lib: fix kconfig dependency on ARCH_WANT_FRAME_POINTERS - Input: s6sy761 - fix coordinate read bit shift - Input: i8042 - fix Pegatron C15B ID entry - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices - dm verity fec: fix misaligned RS roots IO - readdir: make sure to verify directory entry for legacy interfaces too - arm64: fix inline asm in load_unaligned_zeropad() - arm64: alternatives: Move length validation in alternative_{insn, endif} - vfio/pci: Add missing range check in vfio_pci_mmap - riscv: Fix spelling mistake "SPARSEMEM" to "SPARSMEM" - scsi: libsas: Reset num_scatter if libata marks qc as NODATA - netfilter: flowtable: fix NAT IPv6 offload mangling - netfilter: conntrack: do not print icmpv6 as unknown via /proc - ice: Fix potential infinite loop when using u8 loop counter - libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC - netfilter: bridge: add pre_exit hooks for ebtable unregistration - netfilter: arp_tables: add pre_exit hook for table unregister - net: macb: fix the restore of cmp registers - net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta - netfilter: nft_limit: avoid possible divide error in nft_limit_init - net/mlx5e: Fix setting of RS FEC mode - net: davicom: Fix regulator not turned off on failed probe - net: sit: Unregister catch-all devices - net: ip6_tunnel: Unregister catch-all devices - mm: ptdump: fix build failure - net: Make tcp_allowed_congestion_control readonly in non-init netns - i40e: fix the panic when running bpf in xdpdrv mode - ia64: remove duplicate entries in generic_defconfig - ia64: tools: remove inclusion of ia64-specific version of errno.h header - ibmvnic: avoid calling napi_disable() twice - ibmvnic: remove duplicate napi_schedule call in do_reset function - ibmvnic: remove duplicate napi_schedule call in open function - gro: ensure frag0 meets IP header alignment - ARM: OMAP2+: Fix warning for omap_init_time_of() - ARM: footbridge: fix PCI interrupt mapping - ARM: OMAP2+: Fix uninitialized sr_inst - arm64: dts: allwinner: Fix SD card CD GPIO for SOPine systems - arm64: dts: allwinner: h6: beelink-gs1: Remove ext. 32 kHz osc reference - bpf: Use correct permission flag for mixed signed bounds arithmetic - r8169: tweak max read request size for newer chips also in jumbo mtu mode - r8169: don't advertise pause in jumbo mode - bpf: Ensure off_reg has no mixed signed bounds for all types - bpf: Move off_reg into sanitize_ptr_alu - ARM: 9071/1: uprobes: Don't hook on thumb instructions - bpf: Rework ptr_limit into alu_limit and add common error path - bpf: Improve verifier error messages for users - bpf: Move sanitize_val_alu out of op switch - net: phy: marvell: fix detection of PHY on Topaz switches - vhost-vdpa: protect concurrent access to vhost device iotlb - gpio: omap: Save and restore sysconfig - KEYS: trusted: Fix TPM reservation for seal/unseal - pinctrl: lewisburg: Update number of pins in community - arm64: dts: allwinner: Revert SD card CD GPIO for Pine64-LTS - bpf: Permits pointers on stack for helper calls - bpf: Refactor and streamline bounds check into helper - bpf: Tighten speculative pointer arithmetic mask - perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 - perf/x86/kvm: Fix Broadwell Xeon stepping in isolation_ucodes[] - perf auxtrace: Fix potential NULL pointer dereference - perf map: Fix error return code in maps__clone() - HID: google: add don USB id - HID: alps: fix error return code in alps_input_configured() - HID: wacom: Assign boolean values to a bool variable - ARM: dts: Fix swapped mmc order for omap3 - net: geneve: check skb is large enough for IPv4/IPv6 header - dmaengine: tegra20: Fix runtime PM imbalance on error - s390/entry: save the caller of psw_idle - arm64: kprobes: Restore local irqflag if kprobes is cancelled - xen-netback: Check for hotplug-status existence before watching - cavium/liquidio: Fix duplicate argument - kasan: fix hwasan build for gcc - csky: change a Kconfig symbol name to fix e1000 build error - ia64: fix discontig.c section mismatches - ia64: tools: remove duplicate definition of ia64_mf() on ia64 - x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access - net: hso: fix NULL-deref on disconnect regression - USB: CDC-ACM: fix poison/unpoison imbalance - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() - mei: me: add Alder Lake P device id. - bpf: Update selftests to reflect new error states - mips: Do not include hi and lo in clobber list for R6 - netfilter: conntrack: Make global sysctls readonly in non-init netns - net: usb: ax88179_178a: initialize local variables before use - igb: Enable RSS for Intel I211 Ethernet Controller - bpf: Fix masking negation logic upon negative dst register - bpf: Fix leakage of uninitialized bpf stack under speculation - net: qrtr: Avoid potential use after free in MHI send - perf data: Fix error return code in perf_data__create_dir() - capabilities: require CAP_SETFCAP to map uid 0 - perf ftrace: Fix access to pid in array when setting a pid filter - driver core: add a min_align_mask field to struct device_dma_parameters - swiotlb: add a IO_TLB_SIZE define - swiotlb: factor out an io_tlb_offset helper - swiotlb: factor out a nr_slots helper - swiotlb: clean up swiotlb_tbl_unmap_single - swiotlb: don't modify orig_addr in swiotlb_tbl_sync_single - ovl: fix leaked dentry - ovl: allow upperdir inside lowerdir - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX - USB: Add reset-resume quirk for WD19's Realtek Hub - platform/x86: thinkpad_acpi: Correct thermal sensor allocation - perf/core: Fix unconditional security_locked_down() call - vfio: Depend on MMU - avoid __memcat_p link failure * r8152 tx status -71 (LP: #1922651) // Groovy update: upstream stable patchset 2021-05-20 (LP: #1929132) - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet * Fix kdump failures (LP: #1927518) - video: hyperv_fb: Add ratelimit on error message - Drivers: hv: vmbus: Increase wait time for VMbus unload - Drivers: hv: vmbus: Initialize unload_event statically * Groovy update: upstream stable patchset 2021-05-13 (LP: #1928386) - ALSA: aloop: Fix initialization of controls - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 - ALSA: hda/conexant: Apply quirk for another HP ZBook G5 model - ASoC: intel: atom: Stop advertising non working S24LE support - nfc: fix refcount leak in llcp_sock_bind() - nfc: fix refcount leak in llcp_sock_connect() - nfc: fix memory leak in llcp_sock_connect() - nfc: Avoid endless loops caused by repeated llcp_sock_connect() - selinux: make nslot handling in avtab more robust - xen/evtchn: Change irq_info lock to raw_spinlock_t - net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh - net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock - net: dsa: lantiq_gswip: Don't use PHY auto polling - net: dsa: lantiq_gswip: Configure all remaining GSWIP_MII_CFG bits - drm/i915: Fix invalid access to ACPI _DSM objects - ACPI: processor: Fix build when CONFIG_ACPI_PROCESSOR=m - IB/hfi1: Fix probe time panic when AIP is enabled with a buggy BIOS - LOOKUP_MOUNTPOINT: we are cleaning "jumped" flag too late - gcov: re-fix clang-11+ support - ia64: fix user_stack_pointer() for ptrace() - nds32: flush_dcache_page: use page_mapping_file to avoid races with swapoff - ocfs2: fix deadlock between setattr and dio_end_io_write - fs: direct-io: fix missing sdio->boundary - ethtool: fix incorrect datatype in set_eee ops - of: property: fw_devlink: do not link ".*,nr-gpios" - parisc: parisc-agp requires SBA IOMMU driver - parisc: avoid a warning on u8 cast for cmpxchg on u8 pointers - ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin - batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field - ice: Increase control queue timeout - ice: prevent ice_open and ice_stop during reset - ice: remove DCBNL_DEVRESET bit from PF state - ice: Fix for dereference of NULL pointer - ice: Cleanup fltr list in case of allocation issues - iwlwifi: pcie: properly set LTR workarounds on 22000 devices - net: hso: fix null-ptr-deref during tty device unregistration - libbpf: Fix bail out from 'ringbuf_process_ring()' on error - bpf: Enforce that struct_ops programs be GPL-only - bpf: link: Refuse non-O_RDWR flags in BPF_OBJ_GET - ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx - libbpf: Only create rx and tx XDP rings when necessary - bpf, sockmap: Fix sk->prot unhash op reset - net: ensure mac header is set in virtio_net_hdr_to_skb() - i40e: Fix sparse warning: missing error code 'err' - i40e: Fix sparse error: 'vsi->netdev' could be null - i40e: Fix sparse errors in i40e_txrx.c - net: sched: sch_teql: fix null-pointer dereference - net: sched: fix action overwrite reference counting - mac80211: fix TXQ AC confusion - net: hsr: Reset MAC header for Tx path - net-ipv6: bugfix - raw & sctp - switch to ipv6_can_nonlocal_bind() - net: let skb_orphan_partial wake-up waiters. - usbip: add sysfs_lock to synchronize sysfs code paths - usbip: stub-dev synchronize sysfs code paths - usbip: vudc synchronize sysfs code paths - usbip: synchronize event handler with sysfs code paths - driver core: Fix locking bug in deferred_probe_timeout_work_func() - scsi: target: iscsi: Fix zero tag inside a trace event - i2c: turn recovery error on init to debug - ice: Refactor DCB related variables out of the ice_port_info struct - ice: Recognize 860 as iSCSI port in CEE mode - xfrm: interface: fix ipv4 pmtu check to honor ip header df - xfrm: Use actual socket sk instead of skb socket for xfrm_output_resume - regulator: bd9571mwv: Fix AVS and DVFS voltage range - ARM: OMAP4: Fix PMIC voltage domains for bionic - ARM: OMAP4: PM: update ROM return address for OSWR and OFF - net: xfrm: Localize sequence counter per network namespace - esp: delete NETIF_F_SCTP_CRC bit from features for esp offload - ASoC: SOF: Intel: HDA: fix core status verification - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips - xfrm: Fix NULL pointer dereference on policy lookup - virtchnl: Fix layout of RSS structures - i40e: Added Asym_Pause to supported link modes - i40e: Fix kernel oops when i40e driver removes VF's - hostfs: fix memory handling in follow_link() - amd-xgbe: Update DMA coherency values - sch_red: fix off-by-one checks in red_check_params() - arm64: dts: imx8mm/q: Fix pad control of SD1_DATA0 - xfrm: Provide private skb extensions for segmented and hw offloaded ESP packets - can: bcm/raw: fix msg_namelen values depending on CAN_REQUIRED_SIZE - mlxsw: spectrum: Fix ECN marking in tunnel decapsulation - ethernet: myri10ge: Fix a use after free in myri10ge_sw_tso - gianfar: Handle error code at MAC address change - cxgb4: avoid collecting SGE_QBASE regs during traffic - net:tipc: Fix a double free in tipc_sk_mcast_rcv - ARM: dts: imx6: pbab01: Set vmmc supply for both SD interfaces - net/ncsi: Avoid channel_monitor hrtimer deadlock - net: qrtr: Fix memory leak on qrtr_tx_wait failure - nfp: flower: ignore duplicate merge hints from FW - net: phy: broadcom: Only advertise EEE for supported modes - I2C: JZ4780: Fix bug for Ingenic X1000. - ASoC: sunxi: sun4i-codec: fill ASoC card owner - net/mlx5e: Fix ethtool indication of connector type - net/mlx5: Don't request more than supported EQs - net/rds: Fix a use after free in rds_message_map_pages - xdp: fix xdp_return_frame() kernel BUG throw for page_pool memory model - soc/fsl: qbman: fix conflicting alignment attributes - i40e: Fix display statistics for veb_tc - RDMA/rtrs-clt: Close rtrs client conn before destroying rtrs clt session files - drm/msm: Set drvdata to NULL when msm_drm_init() fails - net: udp: Add support for getsockopt(..., ..., UDP_GRO, ..., ...); - mptcp: forbit mcast-related sockopt on MPTCP sockets - scsi: ufs: core: Fix task management request completion timeout - scsi: ufs: core: Fix wrong Task Tag used in task management request UPIUs - net: cls_api: Fix uninitialised struct field bo->unlocked_driver_cb - net: macb: restore cmp registers on resume path - clk: fix invalid usage of list cursor in register - clk: fix invalid usage of list cursor in unregister - workqueue: Move the position of debug_work_activate() in __queue_work() - s390/cpcmd: fix inline assembly register clobbering - perf inject: Fix repipe usage - net: openvswitch: conntrack: simplify the return expression of ovs_ct_limit_get_default_limit() - openvswitch: fix send of uninitialized stack memory in ct limit reply - i2c: designware: Adjust bus_freq_hz when refuse high speed mode set - tipc: increment the tmp aead refcnt before attaching it - net: hns3: clear VF down state bit before request link status - net/mlx5: Fix placement of log_max_flow_counter - net/mlx5: Fix PPLM register mapping - net/mlx5: Fix PBMC register mapping - RDMA/cxgb4: check for ipv6 address properly while destroying listener - perf report: Fix wrong LBR block sorting - i40e: Fix parameters in aq_get_phy_register() - RDMA/addr: Be strict with gid size - RAS/CEC: Correct ce_add_elem()'s returned values - clk: socfpga: fix iomem pointer cast on 64-bit - lockdep: Address clang -Wformat warning printing for %hd - dt-bindings: net: ethernet-controller: fix typo in NVMEM - cfg80211: remove WARN_ON() in cfg80211_sme_connect - net: tun: set tun->dev->addr_len during TUNSETLINK processing - drivers: net: fix memory leak in atusb_probe - drivers: net: fix memory leak in peak_usb_create_dev - net: mac802154: Fix general protection fault - net: ieee802154: nl-mac: fix check on panid - net: ieee802154: fix nl802154 del llsec key - net: ieee802154: fix nl802154 del llsec dev - net: ieee802154: fix nl802154 add llsec key - net: ieee802154: fix nl802154 del llsec devkey - net: ieee802154: forbid monitor for set llsec params - net: ieee802154: forbid monitor for del llsec seclevel - net: ieee802154: stop dump llsec params for monitors - interconnect: core: fix error return code of icc_link_destroy() - gfs2: Flag a withdraw if init_threads() fails - KVM: arm64: Hide system instruction access to Trace registers - KVM: arm64: Disable guest access to trace filter controls - drm/imx: imx-ldb: fix out of bounds array access warning - gfs2: report "already frozen/thawed" errors - ftrace: Check if pages were allocated before calling free_pages() - tools/kvm_stat: Add restart delay - drm/tegra: dc: Don't set PLL clock to 0Hz - gpu: host1x: Use different lock classes for each client - block: only update parent bi_status when bio fail - radix tree test suite: Register the main thread with the RCU library - idr test suite: Take RCU read lock in idr_find_test_1 - idr test suite: Create anchor before launching throbber - io_uring: don't mark S_ISBLK async work as unbounded - riscv,entry: fix misaligned base for excp_vect_table - block: don't ignore REQ_NOWAIT for direct IO - perf map: Tighten snprintf() string precision to pass gcc check on some 32-bit arches - net: sfp: relax bitrate-derived mode check - net: sfp: cope with SFPs that set both LOS normal and LOS inverted - xen/events: fix setting irq affinity - perf tools: Use %zd for size_t printf formats on 32-bit -- Thadeu Lima de Souza Cascardo