This bug was fixed in the package linux - 5.11.0-25.27 --------------- linux (5.11.0-25.27) hirsute; urgency=medium * CVE-2021-33909 - SAUCE: seq_file: Disallow extremely large seq buffer allocations linux (5.11.0-24.25) hirsute; urgency=medium * test_pmtu_vti4_link_add_mtu() test from net/pmtu.sh in ubuntu_kernel_selftests cannot finish properly on 5.11 and 5.8 (LP: #1933969) - ip6_gre: proper dev_{hold|put} in ndo_[un]init methods - sit: proper dev_{hold|put} in ndo_[un]init methods - ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods - ipv6: remove extra dev_hold() for fallback tunnels linux (5.11.0-23.24) hirsute; urgency=medium * hirsute/linux: 5.11.0-23.24 -proposed tracker (LP: #1932420) * Packaging resync (LP: #1786013) - [Packaging] resync getabis - [Packaging] update helper scripts - update dkms package versions * Disable hv-kvp-daemon.service on certain instance types (LP: #1932081) - [Packaging]: Add kernel command line condition to hv-kvp-daemon service * Add support for IO functions of AAEON devices (LP: #1929504) - ODM: mfd: Add support for IO functions of AAEON devices - ODM: gpio: add driver for AAEON devices - ODM: watchdog: add driver for AAEON devices - ODM: hwmon: add driver for AAEON devices - ODM: leds: add driver for AAEON devices - ODM: [Config] update config for AAEON devices * Add support for selective build of special drivers (LP: #1912789) - [Packaging] Add support for ODM drivers - [Packaging] Turn on ODM support for amd64 - [Packaging] Fix ODM support in actual build - [Packaging] Fix ODM DRIVERS Kconfig * Mute/Mic mute LEDs and right speaker are not work on HP platforms (LP: #1932055) - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Elite Dragonfly G2 - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP EliteBook x360 1040 G8 - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 840 Aero G8 - ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power G8 * SD card initialization on insertion fails (LP: #1929444) - misc: rtsx: separate aspm mode into MODE_REG and MODE_CFG * Fix non-working GPU on Some HP desktops (LP: #1931147) - PCI: Coalesce host bridge contiguous apertures * CirrusLogic: The default input volume is "0%" on Dell Warlock (LP: #1929803) - ALSA: hda/cirrus: Set Initial DMIC volume to -26 dB * Mic-mute/mute LEDs not work on some HP platforms (LP: #1930707) - ALSA: hda/realtek: fix mute/micmute LEDs for HP 855 G8 - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook G8 - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 15 G8 - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 17 G8 * [UBUNTU 21.04] tools/kvm_stat: Add restart delay (LP: #1921870) - [Packaging] install kvm_stat systemd service * Fix ICL PCH no picture after S3 (LP: #1930582) - drm/i915/icp+: Use icp_hpd_irq_setup() instead of spt_hpd_irq_setup() * Hirsute update: v5.11.22 upstream stable release (LP: #1931292) - KEYS: trusted: Fix memory leak on object td - tpm: fix error return code in tpm2_get_cc_attrs_tbl() - tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() - tpm, tpm_tis: Reserve locality in tpm_tis_resume() - KVM: SVM: Make sure GHCB is mapped before updating - KVM: x86/mmu: Remove the defunct update_pte() paging hook - KVM/VMX: Invoke NMI non-IST entry instead of IST entry - ACPI: PM: Add ACPI ID of Alder Lake Fan - PM: runtime: Fix unpaired parent child_count for force_resume - cpufreq: intel_pstate: Use HWP if enabled by platform firmware - kvm: Cap halt polling at kvm->max_halt_poll_ns - ath11k: fix thermal temperature read - ALSA: usb-audio: Add Pioneer DJM-850 to quirks-table - fs: dlm: fix debugfs dump - fs: dlm: fix mark setting deadlock - fs: dlm: add errno handling to check callback - fs: dlm: add check if dlm is currently running - fs: dlm: change allocation limits - fs: dlm: check on minimum msglen size - fs: dlm: flush swork on shutdown - fs: dlm: add shutdown hook - tipc: convert dest node's address to network order - ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF - net/mlx5e: Use net_prefetchw instead of prefetchw in MPWQE TX datapath - net: stmmac: Set FIFO sizes for ipq806x - ASoC: rsnd: core: Check convert rate in rsnd_hw_params - Bluetooth: Fix incorrect status handling in LE PHY UPDATE event - i2c: bail out early when RDWR parameters are wrong - ALSA: hdsp: don't disable if not enabled - ALSA: hdspm: don't disable if not enabled - ALSA: rme9652: don't disable if not enabled - ALSA: bebob: enable to deliver MIDI messages for multiple ports - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default - Bluetooth: initialize skb_queue_head at l2cap_chan_create() - net/sched: cls_flower: use ntohs for struct flow_dissector_key_ports - net: bridge: when suppression is enabled exclude RARP packets - Bluetooth: check for zapped sk before connecting - selftests/powerpc: Fix L1D flushing tests for Power10 - powerpc/32: Statically initialise first emergency context - net: hns3: remediate a potential overflow risk of bd_num_list - net: hns3: add handling for xmit skb with recursive fraglist - ip6_vti: proper dev_{hold|put} in ndo_[un]init methods - ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet - ice: handle increasing Tx or Rx ring sizes - Bluetooth: btusb: Enable quirk boolean flag for Mediatek Chip. - ASoC: rt5670: Add a quirk for the Dell Venue 10 Pro 5055 - selftests: mptcp: launch mptcp_connect with timeout - i2c: Add I2C_AQ_NO_REP_START adapter quirk - Bluetooth: Do not set cur_adv_instance in adv param MGMT request - MIPS: Loongson64: Use _CACHE_UNCACHED instead of _CACHE_UNCACHED_ACCELERATED - coresight: Do not scan for graph if none is present - IB/hfi1: Correct oversized ring allocation - mac80211: Set priority and queue mapping for injected frames - mac80211: clear the beacon's CRC after channel switch - ASoC: soc-compress: lock pcm_mutex to resolve lockdep error - pinctrl: samsung: use 'int' for register masks in Exynos - rtw88: 8822c: add LC calibration for RTL8822C - mt76: mt7615: fix key set/delete issues - mt76: mt7615: support loading EEPROM for MT7613BE - mt76: mt76x0: disable GTK offloading - mt76: mt7915: always check return value from mt7915_mcu_alloc_wtbl_req - mt76: mt7915: fix key set/delete issue - mt76: mt7915: fix txpower init for TSSI off chips - mt76: mt7915: add wifi subsystem reset - i2c: imx: Fix PM reference leak in i2c_imx_reg_slave() - fuse: invalidate attrs when page writeback completes - virtiofs: fix userns - cuse: prevent clone - iwlwifi: pcie: make cfg vs. trans_cfg more robust - iwlwifi: queue: avoid memory leak in reset flow - powerpc/mm: Add cond_resched() while removing hpte mappings - ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() - Revert "iommu/amd: Fix performance counter initialization" - iommu/amd: Remove performance counter pre-initialization test - drm/amd/display: Force vsync flip when reconfiguring MPCC - selftests: Set CC to clang in lib.mk if LLVM is set - kconfig: nconf: stop endless search loops - ALSA: hda/realtek: Add quirk for Lenovo Ideapad S740 - ASoC: Intel: sof_sdw: add quirk for new ADL-P Rvp - ALSA: hda/hdmi: fix race in handling acomp ELD notification at resume - sctp: Fix out-of-bounds warning in sctp_process_asconf_param() - flow_dissector: Fix out-of-bounds warning in __skb_flow_bpf_to_target() - powerpc/xive: Use the "ibm, chip-id" property only under PowerNV - powerpc/smp: Set numa node before updating mask - wilc1000: Bring MAC address setting in line with typical Linux behavior - mac80211: properly drop the connection in case of invalid CSA IE - ASoC: rt286: Generalize support for ALC3263 codec - ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user() - net: sched: tapr: prevent cycle_time == 0 in parse_taprio_schedule - samples/bpf: Fix broken tracex1 due to kprobe argument change - powerpc/pseries: Stop calling printk in rtas_stop_self() - drm/amd/display: fixed divide by zero kernel crash during dsc enablement - drm/amd/display: add handling for hdcp2 rx id list validation - drm/amdgpu: Add mem sync flag for IB allocated by SA - mt76: mt7615: fix entering driver-own state on mt7663 - crypto: ccp: Free SEV device if SEV init fails - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join - qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth - powerpc/iommu: Annotate nested lock for lockdep - iavf: remove duplicate free resources calls - net: ethernet: mtk_eth_soc: fix RX VLAN offload - selftests: mlxsw: Increase the tolerance of backlog buildup - selftests: mlxsw: Fix mausezahn invocation in ERSPAN scale test - kbuild: generate Module.symvers only when vmlinux exists - bnxt_en: Add PCI IDs for Hyper-V VF devices. - ia64: module: fix symbolizer crash on fdescr - watchdog: rename __touch_watchdog() to a better descriptive name - watchdog: explicitly update timestamp when reporting softlockup - watchdog/softlockup: remove logic that tried to prevent repeated reports - watchdog: fix barriers when printing backtraces from all CPUs - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable - thermal: thermal_of: Fix error return code of thermal_of_populate_bind_params() - PCI/RCEC: Fix RCiEP device to RCEC association - f2fs: fix to allow migrating fully valid segment - f2fs: fix panic during f2fs_resize_fs() - f2fs: fix a redundant call to f2fs_balance_fs if an error occurs - remoteproc: qcom_q6v5_mss: Validate p_filesz in ELF loader - PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() - PCI: Release OF node in pci_scan_device()'s error path - ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook - f2fs: fix to align to section for fallocate() on pinned file - f2fs: fix to update last i_size if fallocate partially succeeds - PCI: endpoint: Make *_get_first_free_bar() take into account 64 bit BAR - PCI: endpoint: Add helper API to get the 'next' unreserved BAR - PCI: endpoint: Make *_free_bar() to return error codes on failure - PCI: endpoint: Fix NULL pointer dereference for ->get_features() - f2fs: fix to avoid touching checkpointed data in get_victim() - f2fs: fix to cover __allocate_new_section() with curseg_lock - fs: 9p: fix v9fs_file_open writeback fid error check - f2fs: Fix a hungtask problem in atomic write - nfs: Subsequent READDIR calls should carry non-zero cookieverifier - NFS: Fix handling of cookie verifier in uncached_readdir() - NFS: Only change the cookie verifier if the directory page cache is empty - f2fs: fix to avoid accessing invalid fio in f2fs_allocate_data_block() - rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() - NFS: nfs4_bitmask_adjust() must not change the server global bitmasks - NFS: Fix attribute bitmask in _nfs42_proc_fallocate() - NFSv4.2: Always flush out writes in nfs42_proc_fallocate() - NFS: Deal correctly with attribute generation counter overflow - PCI: endpoint: Fix missing destroy_workqueue() - remoteproc: pru: Fixup interrupt-parent logic for fw events - remoteproc: pru: Fix wrong success return value for fw events - remoteproc: pru: Fix and cleanup firmware interrupt mapping logic - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() - NFSv4.2 fix handling of sr_eof in SEEK's reply - SUNRPC: Move fault injection call sites - SUNRPC: Remove trace_xprt_transmit_queued - SUNRPC: Handle major timeout in xprt_adjust_timeout() - thermal/drivers/tsens: Fix missing put_device error - NFSv4.x: Don't return NFS4ERR_NOMATCHING_LAYOUT if we're unmounting - nfsd: ensure new clients break delegations - rtc: fsl-ftm-alarm: add MODULE_TABLE() - dmaengine: idxd: Fix potential null dereference on pointer status - dmaengine: idxd: fix dma device lifetime - dmaengine: idxd: cleanup pci interrupt vector allocation management - dmaengine: idxd: removal of pcim managed mmio mapping - dma: idxd: use DEFINE_MUTEX() for mutex lock - dmaengine: idxd: use ida for device instance enumeration - dmaengine: idxd: fix idxd conf_dev 'struct device' lifetime - dmaengine: idxd: fix wq conf_dev 'struct device' lifetime - dmaengine: idxd: fix engine conf_dev lifetime - dmaengine: idxd: fix group conf_dev lifetime - dmaengine: idxd: fix cdev setup and free device lifetime issues - SUNRPC: fix ternary sign expansion bug in tracing - SUNRPC: Fix null pointer dereference in svc_rqst_free() - pwm: atmel: Fix duty cycle calculation in .get_state() - xprtrdma: Avoid Receive Queue wrapping - xprtrdma: Fix cwnd update ordering - xprtrdma: rpcrdma_mr_pop() already does list_del_init() - swiotlb: Fix the type of index - ceph: fix inode leak on getattr error in __fh_to_dentry - scsi: qla2xxx: Prevent PRLI in target mode - scsi: ufs: core: Do not put UFS power into LPM if link is broken - scsi: ufs: core: Cancel rpm_dev_flush_recheck_work during system suspend - scsi: ufs: core: Narrow down fast path in system suspend path - rtc: ds1307: Fix wday settings for rx8130 - net: hns3: fix incorrect configuration for igu_egu_hw_err - net: hns3: initialize the message content in hclge_get_link_mode() - net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() - net: hns3: fix for vxlan gpe tx checksum bug - net: hns3: use netif_tx_disable to stop the transmit queue - net: hns3: disable phy loopback setting in hclge_mac_start_phy - sctp: do asoc update earlier in sctp_sf_do_dupcook_a - RISC-V: Fix error code returned by riscv_hartid_to_cpuid() - sunrpc: Fix misplaced barrier in call_decode - libbpf: Fix signed overflow in ringbuf_process_ring - block/rnbd-clt: Change queue_depth type in rnbd_clt_session to size_t - block/rnbd-clt: Check the return value of the function rtrs_clt_query - ata: ahci_brcm: Fix use of BCM7216 reset controller - PCI: brcmstb: Use reset/rearm instead of deassert/assert - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit - sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b - netfilter: xt_SECMARK: add new revision to fix structure layout - xsk: Fix for xp_aligned_validate_desc() when len == chunk_size - net: stmmac: Clear receive all(RA) bit when promiscuous mode is off - drm/radeon: Fix off-by-one power_state index heap overwrite - drm/radeon: Avoid power table parsing memory leaks - arm64: entry: factor irq triage logic into macros - arm64: entry: always set GIC_PRIO_PSR_I_SET during entry - khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate() - mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts() - mm/migrate.c: fix potential indeterminate pte entry in migrate_vma_insert_page() - ksm: fix potential missing rmap_item for stable_node - mm/gup: check every subpage of a compound page during isolation - mm/gup: return an error on migration failure - mm/gup: check for isolation errors - ethtool: fix missing NLM_F_MULTI flag when dumping - net: fix nla_strcmp to handle more then one trailing null character - smc: disallow TCP_ULP in smc_setsockopt() - netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check - netfilter: nftables: Fix a memleak from userdata error path in new objects - can: mcp251xfd: mcp251xfd_probe(): add missing can_rx_offload_del() in error path - can: mcp251x: fix resume from sleep before interface was brought up - can: m_can: m_can_tx_work_queue(): fix tx_skb race condition - sched: Fix out-of-bound access in uclamp - sched/fair: Fix unfairness caused by missing load decay - net: ipa: fix inter-EE IRQ register definitions - fs/proc/generic.c: fix incorrect pde_is_permanent check - kernel: kexec_file: fix error return code of kexec_calculate_store_digests() - kernel/resource: make walk_system_ram_res() find all busy IORESOURCE_SYSTEM_RAM resources - kernel/resource: make walk_mem_res() find all busy IORESOURCE_MEM resources - netfilter: nftables: avoid overflows in nft_hash_buckets() - i40e: fix broken XDP support - i40e: Fix use-after-free in i40e_client_subtask() - i40e: fix the restart auto-negotiation after FEC modified - i40e: Fix PHY type identifiers for 2.5G and 5G adapters - mptcp: fix splat when closing unaccepted socket - ARC: entry: fix off-by-one error in syscall number validation - ARC: mm: PAE: use 40-bit physical page mask - ARC: mm: Use max_high_pfn as a HIGHMEM zone border - sh: Remove unused variable - powerpc/64s: Fix crashes when toggling stf barrier - powerpc/64s: Fix crashes when toggling entry flush barrier - hfsplus: prevent corruption in shrinking truncate - squashfs: fix divide error in calculate_skip() - userfaultfd: release page in error path to avoid BUG_ON - kasan: fix unit tests with CONFIG_UBSAN_LOCAL_BOUNDS enabled - mm/hugetlb: fix F_SEAL_FUTURE_WRITE - blk-iocost: fix weight updates of inner active iocgs - x86, sched: Fix the AMD CPPC maximum performance value on certain AMD Ryzen generations - arm64: mte: initialize RGSR_EL1.SEED in __cpu_setup - arm64: Fix race condition on PG_dcache_clean in __sync_icache_dcache() - btrfs: fix deadlock when cloning inline extents and using qgroups - btrfs: fix race leading to unpersisted data and metadata on fsync - drm/amd/display: Initialize attribute for hdcp_srm sysfs file - drm/i915: Avoid div-by-zero on gen2 - kvm: exit halt polling on need_resched() as well - drm/msm: fix LLC not being enabled for mmu500 targets - KVM: LAPIC: Accurately guarantee busy wait for timer to expire when using hv_timer - drm/msm/dp: initialize audio_comp when audio starts - KVM: x86: Cancel pvclock_gtod_work on module removal - KVM: x86: Prevent deadlock against tk_core.seq - dax: Add an enum for specifying dax wakup mode - dax: Add a wakeup mode parameter to put_unlocked_entry() - dax: Wake up all waiters after invalidating dax entry - xen/unpopulated-alloc: fix error return code in fill_list() - perf tools: Fix dynamic libbpf link - usb: dwc3: gadget: Free gadget structure only after freeing endpoints - iio: light: gp2ap002: Fix rumtime PM imbalance on error - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error - iio: hid-sensors: select IIO_TRIGGERED_BUFFER under HID_SENSOR_IIO_TRIGGER - iio: core: return ENODEV if ioctl is unknown - usb: fotg210-hcd: Fix an error message - hwmon: (occ) Fix poll rate limiting - usb: musb: Fix an error message - hwmon: (ltc2992) Put fwnode in error case during ->probe() - ACPI: scan: Fix a memory leak in an error handling path - kyber: fix out of bounds access when preempted - nvmet: add lba to sect conversion helpers - nvmet: fix inline bio check for bdev-ns - nvmet: fix inline bio check for passthru - nvmet-rdma: Fix NULL deref when SEND is completed with error - f2fs: compress: fix to free compress page correctly - f2fs: compress: fix race condition of overwrite vs truncate - f2fs: compress: fix to assign cc.cluster_idx correctly - nbd: Fix NULL pointer in flush_workqueue - blk-mq: plug request for shared sbitmap - blk-mq: Swap two calls in blk_mq_exit_queue() - usb: dwc3: omap: improve extcon initialization - usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield - usb: xhci: Increase timeout for HC halt - usb: dwc2: Fix gadget DMA unmap direction - usb: core: hub: fix race condition about TRSMRCY of resume - usb: dwc3: gadget: Enable suspend events - usb: dwc3: gadget: Return success always for kick transfer in ep queue - usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4 - usb: typec: ucsi: Put fwnode in any case during ->probe() - xhci-pci: Allow host runtime PM as default for Intel Alder Lake xHCI - xhci: Do not use GFP_KERNEL in (potentially) atomic context - xhci: Add reset resume quirk for AMD xhci controller. - iio: core: fix ioctl handlers removal - iio: gyro: mpu3050: Fix reported temperature value - iio: tsl2583: Fix division by a zero lux_val - cdc-wdm: untangle a circular dependency between callback and softint - xen/gntdev: fix gntdev_mmap() error exit path - KVM: x86: Emulate RDPID only if RDTSCP is supported - KVM: x86: Move RDPID emulation intercept to its own enum - KVM: nVMX: Always make an attempt to map eVMCS after migration - KVM: VMX: Do not advertise RDPID if ENABLE_RDTSCP control is unsupported - KVM: VMX: Disable preemption when probing user return MSRs - mm: fix struct page layout on 32-bit systems - MIPS: Reinstate platform `__div64_32' handler - MIPS: Avoid DIVU in `__div64_32' is result would be zero - MIPS: Avoid handcoded DIVU in `__div64_32' altogether - clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue - clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940 - usb: typec: tcpm: Fix error while calculating PPS out values - kobject_uevent: remove warning in init_uevent_argv() - drm/i915/gt: Fix a double free in gen8_preallocate_top_level_pdp - drm/msm/dp: check sink_count before update is_connected status - drm/i915: Read C0DRB3/C1DRB3 as 16 bits again - drm/i915/overlay: Fix active retire callback alignment - drm/i915: Fix crash in auto_retire - clk: exynos7: Mark aclk_fsys1_200 as critical - soc: mediatek: pm-domains: Add a meaningful power domain name - soc: mediatek: pm-domains: Add a power domain names for mt8183 - soc: mediatek: pm-domains: Add a power domain names for mt8192 - media: rkvdec: Remove of_match_ptr() - i2c: mediatek: Fix send master code at more than 1MHz - dt-bindings: media: renesas,vin: Make resets optional on R-Car Gen1 - dt-bindings: thermal: rcar-gen3-thermal: Support five TSC nodes on r8a779a0 - dt-bindings: serial: 8250: Remove duplicated compatible strings - dt-bindings: PCI: rcar-pci-host: Document missing R-Car H1 support - debugfs: Make debugfs_allow RO after init - ext4: fix debug format string warning - nvme: do not try to reconfigure APST when the controller is not live - ASoC: rsnd: check all BUSIF status when error - Linux 5.11.22 * scsi: storvsc: Parameterize number hardware queues (LP: #1930626) - scsi: storvsc: Parameterize number hardware queues -- Thadeu Lima de Souza Cascardo