This bug was fixed in the package linux - 5.4.0-124.140 --------------- linux (5.4.0-124.140) focal; urgency=medium * CVE-2022-2586 - SAUCE: netfilter: nf_tables: do not allow SET_ID to refer to another table - SAUCE: netfilter: nf_tables: do not allow RULE_ID to refer to another chain * CVE-2022-2588 - SAUCE: net_sched: cls_route: remove from list when handle is 0 * CVE-2022-34918 - netfilter: nf_tables: stricter validation of element data linux (5.4.0-123.139) focal; urgency=medium * focal/linux: 5.4.0-123.139 -proposed tracker (LP: #1981284) * Packaging resync (LP: #1786013) - debian/dkms-versions -- update from kernel-versions (main/2022.07.11) * Hairpin traffic does not work with centralized NAT gw (LP: #1967856) - net: openvswitch: fix misuse of the cached connection on tuple changes * [UBUNTU 20.04] Include patches to avoid self-detected stall with Secure Execution (LP: #1979296) - KVM: s390: pv: add macros for UVC CC values - KVM: s390: pv: avoid stalls when making pages secure - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm * Focal update: v5.4.195 upstream stable release (LP: #1980407) - batman-adv: Don't skb_split skbuffs with frag_list - hwmon: (tmp401) Add OF device ID table - mac80211: Reset MBSSID parameters upon connection - net: Fix features skip in for_each_netdev_feature() - ipv4: drop dst in multicast routing path - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() - netlink: do not reset transport header in netlink_recvmsg() - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection - dim: initialize all struct fields - hwmon: (ltq-cputemp) restrict it to SOC_XWAY - s390/ctcm: fix variable dereferenced before check - s390/ctcm: fix potential memory leak - s390/lcs: fix variable dereferenced before check - net/sched: act_pedit: really ensure the skb is writable - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() - gfs2: Fix filesystem block deallocation for short writes - hwmon: (f71882fg) Fix negative temperature - ASoC: max98090: Reject invalid values in custom control put() - ASoC: max98090: Generate notifications on changes for custom control - ASoC: ops: Validate input values in snd_soc_put_volsw_range() - s390: disable -Warray-bounds - net: emaclite: Don't advertise 1000BASE-T and do auto negotiation - tcp: resalt the secret every 10 seconds - tty: n_gsm: fix mux activation issues in gsm_config() - usb: cdc-wdm: fix reading stuck on device close - usb: typec: tcpci: Don't skip cleanup in .remove() on error - USB: serial: pl2303: add device id for HP LM930 Display - USB: serial: qcserial: add support for Sierra Wireless EM7590 - USB: serial: option: add Fibocom L610 modem - USB: serial: option: add Fibocom MA510 modem - slimbus: qcom: Fix IRQ check in qcom_slim_probe - serial: 8250_mtk: Fix UART_EFR register address - serial: 8250_mtk: Fix register address for XON/XOFF character - drm/nouveau/tegra: Stop using iommu_present() - i40e: i40e_main: fix a missing check on list iterator - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() - drm/vmwgfx: Initialize drm_mode_fb_cmd2 - MIPS: fix build with gcc-12 - net: phy: Fix race condition on link status change - arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map - ping: fix address binding wrt vrf - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() - Linux 5.4.195 * Focal update: v5.4.194 upstream stable release (LP: #1980399) - MIPS: Use address-of operator on section symbols - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit - drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types - drm/i915: Cast remain to unsigned long in eb_relocate_vma - nfp: bpf: silence bitwise vs. logical OR warning - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs - can: grcan: only use the NAPI poll budget for RX - arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL - [Config] updateconfigs for ARCH_HAS_HOLES_MEMORYMODEL - KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() - x86/asm: Allow to pass macros to __ASM_FORM() - x86: xen: kvm: Gather the definition of emulate prefixes - x86: xen: insn: Decode Xen and KVM emulate-prefix signature - x86: kprobes: Prohibit probing on instruction which has emulate prefix - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id - Bluetooth: Fix the creation of hdev->name - mm: fix missing cache flush for all tail pages of compound page - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() - Linux 5.4.194 * Focal update: v5.4.193 upstream stable release (LP: #1979566) - MIPS: Fix CP0 counter erratum detection for R4k CPUs - parisc: Merge model and model name into one line in /proc/cpuinfo - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' - Revert "SUNRPC: attempt AF_LOCAL connect on setup" - firewire: fix potential uaf in outbound_phy_packet_callback() - firewire: remove check of list iterator against head past the loop body - firewire: core: extend card->lock in fw_core_handle_bus_reset - ACPICA: Always create namespace nodes using acpi_ns_create_node() - genirq: Synchronize interrupt thread startup - ASoC: da7219: Fix change notifications for tone generator frequency - ASoC: wm8958: Fix change notifications for DSP controls - ASoC: meson: Fix event generation for G12A tohdmi mux - s390/dasd: fix data corruption for ESE devices - s390/dasd: prevent double format of tracks for ESE devices - s390/dasd: Fix read for ESE with blksize < 4k - s390/dasd: Fix read inconsistency for ESE DASD devices - can: grcan: grcan_close(): fix deadlock - can: grcan: use ofdev->dev when allocating DMA memory - nfc: replace improper check device_is_registered() in netlink related functions - NFC: netlink: fix sleep in atomic bug when firmware download timeout - hwmon: (adt7470) Fix warning on module removal - ASoC: dmaengine: Restore NULL prepare_slave_config() callback - RDMA/siw: Fix a condition race issue in MPA request processing - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() - net: emaclite: Add error handling for of_address_to_resource() - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag - smsc911x: allow using IRQ0 - btrfs: always log symlinks in full mode - net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() - drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu - NFSv4: Don't invalidate inode attributes on delegation return - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised - net: ipv6: ensure we call ipv6_mc_down() at most once - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern - mm: fix unexpected zeroed page mapping with zram swap - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls - ALSA: pcm: Fix races among concurrent read/write and buffer changes - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls - ALSA: pcm: Fix races among concurrent prealloc proc writes - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock - tcp: make sure treq->af_specific is initialized - dm: fix mempool NULL pointer race when completing IO - dm: interlock pending dm_io and dm_wait_for_bios_completion - PCI: aardvark: Clear all MSIs at setup - PCI: aardvark: Fix reading MSI interrupt number - mmc: rtsx: add 74 Clocks in power on flow - Linux 5.4.193 * CVE-2022-1679 - SAUCE: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb * CVE-2022-28893 - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() - SUNRPC: Don't leak sockets in xs_local_connect() * CVE-2022-1734 - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs * CVE-2022-1652 - floppy: use a statically allocated error counter -- Thadeu Lima de Souza Cascardo