Focal update: v5.4.119 upstream stable release

Bug #1929615 reported by Kamal Mostafa
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Kamal Mostafa

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       v5.4.119 upstream stable release
       from git://

Bluetooth: verify AMP hci_chan before amp_destroy
hsr: use netdev_err() instead of WARN_ONCE()
bluetooth: eliminate the potential race condition when removing the HCI controller
net/nfc: fix use-after-free llcp_sock_bind/connect
Revert "USB: cdc-acm: fix rounding error in TIOCSSERIAL"
tty: moxa: fix TIOCSSERIAL jiffies conversions
tty: amiserial: fix TIOCSSERIAL permission check
USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions
staging: greybus: uart: fix TIOCSSERIAL jiffies conversions
USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check
staging: fwserial: fix TIOCSSERIAL jiffies conversions
tty: moxa: fix TIOCSSERIAL permission check
staging: fwserial: fix TIOCSSERIAL permission check
usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply
usb: typec: tcpm: Address incorrect values of tcpm psy for pps supply
usb: typec: tcpm: update power supply once partner accepts
usb: xhci-mtk: remove or operator for setting schedule parameters
usb: xhci-mtk: improve bandwidth scheduling with TT
ASoC: samsung: tm2_wm5110: check of of_parse return value
ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function
MIPS: pci-mt7620: fix PLL lock check
MIPS: pci-rt2880: fix slot 0 configuration
FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR
PCI: Allow VPD access for QLogic ISP2722
iio:accel:adis16201: Fix wrong axis assignment that prevents loading
misc: lis3lv02d: Fix false-positive WARN on various HP models
misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct
misc: vmw_vmci: explicitly initialize vmci_datagram payload
md/bitmap: wait for external bitmap writes to complete during tear down
md-cluster: fix use-after-free issue when removing rdev
md: split mddev_find
md: factor out a mddev_find_locked helper from mddev_find
md: md_open returns -EBUSY when entering racing area
md: Fix missing unused status line of /proc/mdstat
ipw2x00: potential buffer overflow in libipw_wx_set_encodeext()
cfg80211: scan: drop entry from hidden_list on overflow
rtw88: Fix array overrun in rtw_get_tx_power_params()
drm/panfrost: Clear MMU irqs before handling the fault
drm/panfrost: Don't try to map pages that are already mapped
drm/radeon: fix copy of uninitialized variable back to userspace
drm/amd/display: Reject non-zero src_y and src_x for video planes
ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries
ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries
ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries
ALSA: hda/realtek: Re-order ALC269 HP quirk table entries
ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries
ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries
ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries
ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries
ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries
ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries
ALSA: hda/realtek: Re-order ALC662 quirk table entries
ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices
ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable
KVM: s390: split kvm_s390_logical_to_effective
KVM: s390: fix guarded storage control register handling
s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility
KVM: s390: split kvm_s390_real_to_abs
KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit
KVM: Stop looking for coalesced MMIO zones if the bus is destroyed
Revert "i3c master: fix missing destroy_workqueue() on error in i3c_master_register"
ovl: fix missing revert_creds() on error path
usb: gadget: pch_udc: Revert d3cb25a12138 completely
memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas family
ARM: dts: exynos: correct MUIC interrupt trigger level on Midas family
ARM: dts: exynos: correct PMIC interrupt trigger level on Midas family
ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 family
ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250
ARM: dts: exynos: correct PMIC interrupt trigger level on Snow
serial: stm32: fix incorrect characters on console
serial: stm32: fix tx_empty condition
usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS
regmap: set debugfs_name to NULL after it is freed
mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe()
mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC
mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions()
mtd: rawnand: qcom: Return actual error code instead of -ENODEV
arm64: dts: qcom: sm8150: fix number of pins in 'gpio-ranges'
spi: stm32: drop devres version of spi_register_master
arm64: dts: renesas: r8a77980: Fix vin4-7 endpoint binding
x86/microcode: Check for offline CPUs before requesting new microcode
usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits()
usb: gadget: pch_udc: Check if driver is present before calling ->setup()
usb: gadget: pch_udc: Check for DMA mapping error
crypto: qat - don't release uninitialized resources
crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
fotg210-udc: Fix DMA on EP0 for length > max packet size
fotg210-udc: Fix EP0 IN requests bigger than two packets
fotg210-udc: Remove a dubious condition leading to fotg210_done
fotg210-udc: Mask GRP2 interrupts we don't handle
fotg210-udc: Don't DMA more than the buffer can take
fotg210-udc: Complete OUT requests on short packets
mtd: require write permissions for locking and badblock ioctls
bus: qcom: Put child node before return
soundwire: bus: Fix device found flag correctly
phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally
crypto: qat - fix error path in adf_isr_resource_alloc()
usb: gadget: aspeed: fix dma map failure
USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR()
memory: pl353: fix mask of ECC page_size config register
soundwire: stream: fix memory leak in stream config error path
m68k: mvme147,mvme16x: Don't wipe PCC timer config bits
mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init
irqchip/gic-v3: Fix OF_BAD_ADDR error handling
staging: rtl8192u: Fix potential infinite loop
staging: greybus: uart: fix unprivileged TIOCCSERIAL
PM / devfreq: Use more accurate returned new_freq as resume_freq
spi: Fix use-after-free with devm_spi_alloc_*
soc: qcom: mdt_loader: Validate that p_filesz < p_memsz
soc: qcom: mdt_loader: Detect truncated read of segments
ACPI: CPPC: Replace cppc_attr with kobj_attribute
crypto: qat - Fix a double free in adf_create_ring
cpufreq: armada-37xx: Fix setting TBG parent for load levels
clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock
cpufreq: armada-37xx: Fix the AVS value for load L1
clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz
clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0
cpufreq: armada-37xx: Fix driver cleanup when registration failed
cpufreq: armada-37xx: Fix determining base CPU frequency
spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware()
usb: gadget: r8a66597: Add missing null check on return from platform_get_resource
USB: cdc-acm: fix unprivileged TIOCCSERIAL
USB: cdc-acm: fix TIOCGSERIAL implementation
tty: fix return value for unsupported ioctls
serial: core: return early on unsupported ioctls
firmware: qcom-scm: Fix QCOM_SCM configuration
node: fix device cleanups in error handling code
usbip: vudc: fix missing unlock on error in usbip_sockfd_store()
platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table
x86/platform/uv: Fix !KEXEC build failure
usb: dwc2: Fix host mode hibernation exit with remote wakeup flow.
usb: dwc2: Fix hibernation between host and device modes.
ttyprintk: Add TTY hangup callback.
xen-blkback: fix compatibility bug with single page rings
soc: aspeed: fix a ternary sign expansion bug
media: vivid: fix assignment of dev->fbuf_out_flags
media: omap4iss: return error code when omap4iss_get() failed
media: aspeed: fix clock handling logic
media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming()
media: m88rs6000t: avoid potential out-of-bounds reads on arrays
drm/amdkfd: fix build error with AMD_IOMMU_V2=m
x86/kprobes: Fix to check non boostable prefixes correctly
pata_arasan_cf: fix IRQ check
pata_ipx4xx_cf: fix IRQ check
sata_mv: add IRQ checks
ata: libahci_platform: fix IRQ check
nvme-tcp: block BH in sk state_change sk callback
nvmet-tcp: fix incorrect locking in state_change sk callback
nvme: retrigger ANA log update if group descriptor isn't found
media: v4l2-ctrls.c: fix race condition in hdl->requests list
vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer
clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback
clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE
clk: uniphier: Fix potential infinite loop
scsi: hisi_sas: Fix IRQ checks
scsi: jazz_esp: Add IRQ check
scsi: sun3x_esp: Add IRQ check
scsi: sni_53c710: Add IRQ check
scsi: ibmvfc: Fix invalid state machine BUG_ON()
mfd: stm32-timers: Avoid clearing auto reload register
nvme-pci: don't simple map sgl when sgls are disabled
HSI: core: fix resource leaks in hsi_add_client_from_dt()
x86/events/amd/iommu: Fix sysfs type mismatch
sched/debug: Fix cgroup_path[] serialization
drivers/block/null_blk/main: Fix a double free in null_init.
HID: plantronics: Workaround for double volume key presses
perf symbols: Fix dso__fprintf_symbols_by_name() to return the number of printed chars
net: lapbether: Prevent racing when checking whether the netif is running
powerpc/fadump: Mark fadump_calculate_reserve_size as __init
powerpc/prom: Mark identical_pvr_fixup as __init
inet: use bigger hash table for IP ID generation
powerpc: Fix HAVE_HARDLOCKUP_DETECTOR_ARCH build configuration
ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
bug: Remove redundant condition check in report_bug
nfc: pn533: prevent potential memory corruption
net: hns3: Limiting the scope of vector_ring_chain variable
mips: bmips: fix syscon-reboot nodes
ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
ASoC: simple-card: fix possible uninitialized single_cpu local variable
liquidio: Fix unintented sign extension of a left shift of a u16
powerpc/64s: Fix pte update for kernel memory on radix
powerpc/perf: Fix PMU constraint check for EBB events
powerpc: iommu: fix build when neither PCI or IBMVIO is set
mac80211: bail out if cipher schemes are invalid
mt7601u: fix always true expression
KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit
RDMA/qedr: Fix error return code in qedr_iw_connect()
IB/hfi1: Fix error return code in parse_platform_config()
cxgb4: Fix unintentional sign extension issues
net: thunderx: Fix unintentional sign extension issue
RDMA/srpt: Fix error return code in srpt_cm_req_recv()
i2c: img-scb: fix reference leak when pm_runtime_get_sync fails
i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails
i2c: omap: fix reference leak when pm_runtime_get_sync fails
i2c: sprd: fix reference leak when pm_runtime_get_sync fails
i2c: cadence: add IRQ check
i2c: emev2: add IRQ check
i2c: jz4780: add IRQ check
i2c: sh7760: add IRQ check
powerpc/xive: Fix xmon command "dxi"
ASoC: ak5558: correct reset polarity
drm/i915/gvt: Fix error code in intel_gvt_init_device()
perf beauty: Fix fsconfig generator
MIPS: pci-legacy: stop using of_pci_range_to_resource
powerpc/pseries: extract host bridge from pci_bus prior to bus removal
rtlwifi: 8821ae: upgrade PHY and RF parameters
i2c: sh7760: fix IRQ error path
mwl8k: Fix a double Free in mwl8k_probe_hw
vsock/vmci: log once the failed queue pair allocation
gro: fix napi_gro_frags() Fast GRO breakage due to IP alignment check
RDMA/cxgb4: add missing qpid increment
RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails
ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails
net: davinci_emac: Fix incorrect masking of tx and rx error channel
net: renesas: ravb: Fix a stuck issue when a lot of frames are received
net: phy: intel-xway: enable integrated led functions
ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock
powerpc/52xx: Fix an invalid ASM expression ('addi' used instead of 'add')
bnxt_en: fix ternary sign extension bug in bnxt_show_temp()
ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for RTL8211E
arm64: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for RTL8211E
net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb
selftests: net: mirror_gre_vlan_bridge_1q: Make an FDB entry static
bnxt_en: Fix RX consumer index logic in the error path.
net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
RDMA/siw: Fix a use after free in siw_alloc_mr
RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res
net: bridge: mcast: fix broken length + header check for MRDv6 Adv.
net:nfc:digital: Fix a double free in digital_tg_recv_dep_req
kfifo: fix ternary sign extension bugs
mm/sparse: add the missing sparse_buffer_fini() in error branch
mm/memory-failure: unnecessary amount of unmapping
net: Only allow init netns to set default tcp cong to a restricted algo
smp: Fix smp_call_function_single_async prototype
Revert "net/sctp: fix race condition in sctp_destroy_sock"
sctp: delay auto_asconf init until binding the first addr
Revert "of/fdt: Make sure no-map does not remove already reserved regions"
Revert "fdt: Properly handle "no-map" field in the memory region"
Linux 5.4.119
UBUNTU: upstream stable to v5.4.119

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Focal):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu):
status: Confirmed → Invalid
description: updated
Changed in linux (Ubuntu Focal):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (34.3 KiB)

This bug was fixed in the package linux - 5.4.0-77.86

linux (5.4.0-77.86) focal; urgency=medium

  * UAF on CAN J1939 j1939_can_recv (LP: #1932209)
    - SAUCE: can: j1939: delay release of j1939_priv after synchronize_rcu

  * UAF on CAN BCM bcm_rx_handler (LP: #1931855)
    - SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu

linux (5.4.0-76.85) focal; urgency=medium

  * focal/linux: 5.4.0-76.85 -proposed tracker (LP: #1932123)

  * Upstream v5.9 introduced 'module' patches that removed exported symbols
    (LP: #1932065)
    - SAUCE: Revert "modules: inherit TAINT_PROPRIETARY_MODULE"
    - SAUCE: Revert "modules: return licensing information from find_symbol"
    - SAUCE: Revert "modules: rename the licence field in struct symsearch to
    - SAUCE: Revert "modules: unexport __module_address"
    - SAUCE: Revert "modules: unexport __module_text_address"
    - SAUCE: Revert "modules: mark each_symbol_section static"
    - SAUCE: Revert "modules: mark find_symbol static"
    - SAUCE: Revert "modules: mark ref_module static"

linux (5.4.0-75.84) focal; urgency=medium

  * focal/linux: 5.4.0-75.84 -proposed tracker (LP: #1930032)

  * Packaging resync (LP: #1786013)
    - update dkms package versions

  * CVE-2021-33200
    - bpf: Wrap aux data inside bpf_sanitize_info container
    - bpf: Fix mask direction swap upon off reg sign change
    - bpf: No need to simulate speculative domain for immediates

  * Realtek USB hubs in Dell WD19SC/DC/TB fail to work after exiting s2idle
    (LP: #1928242)
    - USB: Verify the port status when timeout happens during port suspend

  * CVE-2020-26145
    - ath10k: drop fragments with multicast DA for SDIO
    - ath10k: add CCMP PN replay protection for fragmented frames for PCIe
    - ath10k: drop fragments with multicast DA for PCIe

  * CVE-2020-26141
    - ath10k: Fix TKIP Michael MIC verification for PCIe

  * CVE-2020-24588
    - mac80211: properly handle A-MSDUs that start with an RFC 1042 header
    - cfg80211: mitigate A-MSDU aggregation attacks
    - mac80211: drop A-MSDUs on old ciphers
    - ath10k: drop MPDU which has discard flag set by firmware for SDIO

  * CVE-2020-26139
    - mac80211: do not accept/forward invalid EAPOL frames

  * CVE-2020-24586 // CVE-2020-24587 // CVE-2020-24587 for such cases.
    - mac80211: extend protection against mixed key and fragment cache attacks

  * CVE-2020-24586 // CVE-2020-24587
    - mac80211: prevent mixed key and fragment cache attacks
    - mac80211: add fragment cache to sta_info
    - mac80211: check defrag PN against current frame
    - mac80211: prevent attacks on TKIP/WEP as well

  * CVE-2020-26147
    - mac80211: assure all fragments are encrypted

  * raid10: Block discard is very slow, causing severe delays for mkfs and
    fstrim operations (LP: #1896578)
    - md: add md_submit_discard_bio() for submitting discard bio
    - md/raid10: extend r10bio devs to raid disks
    - md/raid10: pull the code that wait for blocked dev into one function
    - md/raid10: improve raid10 discard request
    - md/raid10: improve discard request for far layout
    - dm raid: remove unnecessary discard limi...

Changed in linux (Ubuntu Focal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers