Focal update: v5.4.119 upstream stable release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Medium
|
Kamal Mostafa |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
v5.4.119 upstream stable release
from git://git.
Bluetooth: verify AMP hci_chan before amp_destroy
hsr: use netdev_err() instead of WARN_ONCE()
bluetooth: eliminate the potential race condition when removing the HCI controller
net/nfc: fix use-after-free llcp_sock_
Revert "USB: cdc-acm: fix rounding error in TIOCSSERIAL"
tty: moxa: fix TIOCSSERIAL jiffies conversions
tty: amiserial: fix TIOCSSERIAL permission check
USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions
staging: greybus: uart: fix TIOCSSERIAL jiffies conversions
USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check
staging: fwserial: fix TIOCSSERIAL jiffies conversions
tty: moxa: fix TIOCSSERIAL permission check
staging: fwserial: fix TIOCSSERIAL permission check
usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply
usb: typec: tcpm: Address incorrect values of tcpm psy for pps supply
usb: typec: tcpm: update power supply once partner accepts
usb: xhci-mtk: remove or operator for setting schedule parameters
usb: xhci-mtk: improve bandwidth scheduling with TT
ASoC: samsung: tm2_wm5110: check of of_parse return value
ASoC: Intel: kbl_da7219_
MIPS: pci-mt7620: fix PLL lock check
MIPS: pci-rt2880: fix slot 0 configuration
FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR
PCI: Allow VPD access for QLogic ISP2722
iio:accel:
misc: lis3lv02d: Fix false-positive WARN on various HP models
misc: vmw_vmci: explicitly initialize vmci_notify_
misc: vmw_vmci: explicitly initialize vmci_datagram payload
md/bitmap: wait for external bitmap writes to complete during tear down
md-cluster: fix use-after-free issue when removing rdev
md: split mddev_find
md: factor out a mddev_find_locked helper from mddev_find
md: md_open returns -EBUSY when entering racing area
md: Fix missing unused status line of /proc/mdstat
ipw2x00: potential buffer overflow in libipw_
cfg80211: scan: drop entry from hidden_list on overflow
rtw88: Fix array overrun in rtw_get_
drm/panfrost: Clear MMU irqs before handling the fault
drm/panfrost: Don't try to map pages that are already mapped
drm/radeon: fix copy of uninitialized variable back to userspace
drm/amd/display: Reject non-zero src_y and src_x for video planes
ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries
ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries
ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries
ALSA: hda/realtek: Re-order ALC269 HP quirk table entries
ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries
ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries
ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries
ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries
ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries
ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries
ALSA: hda/realtek: Re-order ALC662 quirk table entries
ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices
ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable
KVM: s390: split kvm_s390_
KVM: s390: fix guarded storage control register handling
s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility
KVM: s390: split kvm_s390_
KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit
KVM: Stop looking for coalesced MMIO zones if the bus is destroyed
Revert "i3c master: fix missing destroy_workqueue() on error in i3c_master_
ovl: fix missing revert_creds() on error path
usb: gadget: pch_udc: Revert d3cb25a12138 completely
memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas family
ARM: dts: exynos: correct MUIC interrupt trigger level on Midas family
ARM: dts: exynos: correct PMIC interrupt trigger level on Midas family
ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 family
ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250
ARM: dts: exynos: correct PMIC interrupt trigger level on Snow
serial: stm32: fix incorrect characters on console
serial: stm32: fix tx_empty condition
usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS
regmap: set debugfs_name to NULL after it is freed
mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe()
mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC
mtd: Handle possible -EPROBE_DEFER from parse_mtd_
mtd: rawnand: qcom: Return actual error code instead of -ENODEV
arm64: dts: qcom: sm8150: fix number of pins in 'gpio-ranges'
spi: stm32: drop devres version of spi_register_master
arm64: dts: renesas: r8a77980: Fix vin4-7 endpoint binding
x86/microcode: Check for offline CPUs before requesting new microcode
usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits()
usb: gadget: pch_udc: Check if driver is present before calling ->setup()
usb: gadget: pch_udc: Check for DMA mapping error
crypto: qat - don't release uninitialized resources
crypto: qat - ADF_STATUS_
fotg210-udc: Fix DMA on EP0 for length > max packet size
fotg210-udc: Fix EP0 IN requests bigger than two packets
fotg210-udc: Remove a dubious condition leading to fotg210_done
fotg210-udc: Mask GRP2 interrupts we don't handle
fotg210-udc: Don't DMA more than the buffer can take
fotg210-udc: Complete OUT requests on short packets
mtd: require write permissions for locking and badblock ioctls
bus: qcom: Put child node before return
soundwire: bus: Fix device found flag correctly
phy: marvell: ARMADA375_
crypto: qat - fix error path in adf_isr_
usb: gadget: aspeed: fix dma map failure
USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR()
memory: pl353: fix mask of ECC page_size config register
soundwire: stream: fix memory leak in stream config error path
m68k: mvme147,mvme16x: Don't wipe PCC timer config bits
mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init
irqchip/gic-v3: Fix OF_BAD_ADDR error handling
staging: rtl8192u: Fix potential infinite loop
staging: greybus: uart: fix unprivileged TIOCCSERIAL
PM / devfreq: Use more accurate returned new_freq as resume_freq
spi: Fix use-after-free with devm_spi_alloc_*
soc: qcom: mdt_loader: Validate that p_filesz < p_memsz
soc: qcom: mdt_loader: Detect truncated read of segments
ACPI: CPPC: Replace cppc_attr with kobj_attribute
crypto: qat - Fix a double free in adf_create_ring
cpufreq: armada-37xx: Fix setting TBG parent for load levels
clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock
cpufreq: armada-37xx: Fix the AVS value for load L1
clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz
clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0
cpufreq: armada-37xx: Fix driver cleanup when registration failed
cpufreq: armada-37xx: Fix determining base CPU frequency
spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_
usb: gadget: r8a66597: Add missing null check on return from platform_
USB: cdc-acm: fix unprivileged TIOCCSERIAL
USB: cdc-acm: fix TIOCGSERIAL implementation
tty: fix return value for unsupported ioctls
serial: core: return early on unsupported ioctls
firmware: qcom-scm: Fix QCOM_SCM configuration
node: fix device cleanups in error handling code
usbip: vudc: fix missing unlock on error in usbip_sockfd_
platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table
x86/platform/uv: Fix !KEXEC build failure
usb: dwc2: Fix host mode hibernation exit with remote wakeup flow.
usb: dwc2: Fix hibernation between host and device modes.
ttyprintk: Add TTY hangup callback.
xen-blkback: fix compatibility bug with single page rings
soc: aspeed: fix a ternary sign expansion bug
media: vivid: fix assignment of dev->fbuf_out_flags
media: omap4iss: return error code when omap4iss_get() failed
media: aspeed: fix clock handling logic
media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_
media: m88rs6000t: avoid potential out-of-bounds reads on arrays
drm/amdkfd: fix build error with AMD_IOMMU_V2=m
x86/kprobes: Fix to check non boostable prefixes correctly
pata_arasan_cf: fix IRQ check
pata_ipx4xx_cf: fix IRQ check
sata_mv: add IRQ checks
ata: libahci_platform: fix IRQ check
nvme-tcp: block BH in sk state_change sk callback
nvmet-tcp: fix incorrect locking in state_change sk callback
nvme: retrigger ANA log update if group descriptor isn't found
media: v4l2-ctrls.c: fix race condition in hdl->requests list
vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer
clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback
clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE
clk: uniphier: Fix potential infinite loop
scsi: hisi_sas: Fix IRQ checks
scsi: jazz_esp: Add IRQ check
scsi: sun3x_esp: Add IRQ check
scsi: sni_53c710: Add IRQ check
scsi: ibmvfc: Fix invalid state machine BUG_ON()
mfd: stm32-timers: Avoid clearing auto reload register
nvme-pci: don't simple map sgl when sgls are disabled
HSI: core: fix resource leaks in hsi_add_
x86/events/
sched/debug: Fix cgroup_path[] serialization
drivers/
HID: plantronics: Workaround for double volume key presses
perf symbols: Fix dso__fprintf_
net: lapbether: Prevent racing when checking whether the netif is running
powerpc/fadump: Mark fadump_
powerpc/prom: Mark identical_pvr_fixup as __init
inet: use bigger hash table for IP ID generation
powerpc: Fix HAVE_HARDLOCKUP
ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
bug: Remove redundant condition check in report_bug
nfc: pn533: prevent potential memory corruption
net: hns3: Limiting the scope of vector_ring_chain variable
mips: bmips: fix syscon-reboot nodes
ALSA: usb-audio: Add error checks for usb_driver_
ASoC: simple-card: fix possible uninitialized single_cpu local variable
liquidio: Fix unintented sign extension of a left shift of a u16
powerpc/64s: Fix pte update for kernel memory on radix
powerpc/perf: Fix PMU constraint check for EBB events
powerpc: iommu: fix build when neither PCI or IBMVIO is set
mac80211: bail out if cipher schemes are invalid
mt7601u: fix always true expression
KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit
RDMA/qedr: Fix error return code in qedr_iw_connect()
IB/hfi1: Fix error return code in parse_platform_
cxgb4: Fix unintentional sign extension issues
net: thunderx: Fix unintentional sign extension issue
RDMA/srpt: Fix error return code in srpt_cm_req_recv()
i2c: img-scb: fix reference leak when pm_runtime_get_sync fails
i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails
i2c: omap: fix reference leak when pm_runtime_get_sync fails
i2c: sprd: fix reference leak when pm_runtime_get_sync fails
i2c: cadence: add IRQ check
i2c: emev2: add IRQ check
i2c: jz4780: add IRQ check
i2c: sh7760: add IRQ check
powerpc/xive: Fix xmon command "dxi"
ASoC: ak5558: correct reset polarity
drm/i915/gvt: Fix error code in intel_gvt_
perf beauty: Fix fsconfig generator
MIPS: pci-legacy: stop using of_pci_
powerpc/pseries: extract host bridge from pci_bus prior to bus removal
rtlwifi: 8821ae: upgrade PHY and RF parameters
i2c: sh7760: fix IRQ error path
mwl8k: Fix a double Free in mwl8k_probe_hw
vsock/vmci: log once the failed queue pair allocation
gro: fix napi_gro_frags() Fast GRO breakage due to IP alignment check
RDMA/cxgb4: add missing qpid increment
RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails
ALSA: usb: midi: don't return -ENOMEM when usb_urb_
net: davinci_emac: Fix incorrect masking of tx and rx error channel
net: renesas: ravb: Fix a stuck issue when a lot of frames are received
net: phy: intel-xway: enable integrated led functions
ath9k: Fix error check in ath9k_hw_
ath10k: Fix ath10k_
powerpc/52xx: Fix an invalid ASM expression ('addi' used instead of 'add')
bnxt_en: fix ternary sign extension bug in bnxt_show_temp()
ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for RTL8211E
arm64: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for RTL8211E
net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb
selftests: net: mirror_
bnxt_en: Fix RX consumer index logic in the error path.
net:emac/emac-mac: Fix a use after free in emac_mac_
RDMA/siw: Fix a use after free in siw_alloc_mr
RDMA/bnxt_re: Fix a double free in bnxt_qplib_
net: bridge: mcast: fix broken length + header check for MRDv6 Adv.
net:nfc:digital: Fix a double free in digital_
kfifo: fix ternary sign extension bugs
mm/sparse: add the missing sparse_
mm/memory-failure: unnecessary amount of unmapping
net: Only allow init netns to set default tcp cong to a restricted algo
smp: Fix smp_call_
Revert "net/sctp: fix race condition in sctp_destroy_sock"
sctp: delay auto_asconf init until binding the first addr
Revert "of/fdt: Make sure no-map does not remove already reserved regions"
Revert "fdt: Properly handle "no-map" field in the memory region"
Linux 5.4.119
UBUNTU: upstream stable to v5.4.119
CVE References
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
tags: | added: kernel-stable-tracking-bug |
Changed in linux (Ubuntu Focal): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
Changed in linux (Ubuntu): | |
status: | Confirmed → Invalid |
description: | updated |
Changed in linux (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
This bug was fixed in the package linux - 5.4.0-77.86
---------------
linux (5.4.0-77.86) focal; urgency=medium
* UAF on CAN J1939 j1939_can_recv (LP: #1932209)
- SAUCE: can: j1939: delay release of j1939_priv after synchronize_rcu
* UAF on CAN BCM bcm_rx_handler (LP: #1931855)
- SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu
linux (5.4.0-76.85) focal; urgency=medium
* focal/linux: 5.4.0-76.85 -proposed tracker (LP: #1932123)
* Upstream v5.9 introduced 'module' patches that removed exported symbols RY_MODULE" text_address"
(LP: #1932065)
- SAUCE: Revert "modules: inherit TAINT_PROPRIETA
- SAUCE: Revert "modules: return licensing information from find_symbol"
- SAUCE: Revert "modules: rename the licence field in struct symsearch to
license"
- SAUCE: Revert "modules: unexport __module_address"
- SAUCE: Revert "modules: unexport __module_
- SAUCE: Revert "modules: mark each_symbol_section static"
- SAUCE: Revert "modules: mark find_symbol static"
- SAUCE: Revert "modules: mark ref_module static"
linux (5.4.0-75.84) focal; urgency=medium
* focal/linux: 5.4.0-75.84 -proposed tracker (LP: #1930032)
* Packaging resync (LP: #1786013)
- update dkms package versions
* CVE-2021-33200
- bpf: Wrap aux data inside bpf_sanitize_info container
- bpf: Fix mask direction swap upon off reg sign change
- bpf: No need to simulate speculative domain for immediates
* Realtek USB hubs in Dell WD19SC/DC/TB fail to work after exiting s2idle
(LP: #1928242)
- USB: Verify the port status when timeout happens during port suspend
* CVE-2020-26145
- ath10k: drop fragments with multicast DA for SDIO
- ath10k: add CCMP PN replay protection for fragmented frames for PCIe
- ath10k: drop fragments with multicast DA for PCIe
* CVE-2020-26141
- ath10k: Fix TKIP Michael MIC verification for PCIe
* CVE-2020-24588
- mac80211: properly handle A-MSDUs that start with an RFC 1042 header
- cfg80211: mitigate A-MSDU aggregation attacks
- mac80211: drop A-MSDUs on old ciphers
- ath10k: drop MPDU which has discard flag set by firmware for SDIO
* CVE-2020-26139
- mac80211: do not accept/forward invalid EAPOL frames
* CVE-2020-24586 // CVE-2020-24587 // CVE-2020-24587 for such cases.
- mac80211: extend protection against mixed key and fragment cache attacks
* CVE-2020-24586 // CVE-2020-24587
- mac80211: prevent mixed key and fragment cache attacks
- mac80211: add fragment cache to sta_info
- mac80211: check defrag PN against current frame
- mac80211: prevent attacks on TKIP/WEP as well
* CVE-2020-26147
- mac80211: assure all fragments are encrypted
* raid10: Block discard is very slow, causing severe delays for mkfs and discard_ bio() for submitting discard bio
fstrim operations (LP: #1896578)
- md: add md_submit_
- md/raid10: extend r10bio devs to raid disks
- md/raid10: pull the code that wait for blocked dev into one function
- md/raid10: improve raid10 discard request
- md/raid10: improve discard request for far layout
- dm raid: remove unnecessary discard limi...