Ubuntu
linux package

Focal update: v5.4.204 upstream stable release

Bug #1988212 reported by Kamal Mostafa on 2022-08-30

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Focal	Fix Released	Medium	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

v5.4.204 upstream stable release
from git://git.kernel.org/

ipv6: take care of disable_policy when restoring routes
nvdimm: Fix badblocks clear off-by-one error
powerpc/prom_init: Fix kernel config grep
powerpc/bpf: Fix use of user_pt_regs in uapi
dm raid: fix accesses beyond end of raid member array
dm raid: fix KASAN warning in raid5_add_disks
s390/archrandom: simplify back to earlier design and initialize earlier
SUNRPC: Fix READ_PLUS crasher
net: rose: fix UAF bugs caused by timer handler
net: usb: ax88179_178a: Fix packet receiving
virtio-net: fix race between ndo_open() and virtio_device_ready()
selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
net: tun: unlink NAPI from device on destruction
net: tun: stop NAPI when detaching queues
RDMA/qedr: Fix reporting QP timeout attribute
linux/dim: Fix divide by 0 in RDMA DIM
usbnet: fix memory allocation in helpers
net: ipv6: unexport __init-annotated seg6_hmac_net_init()
caif_virtio: fix race between virtio_device_ready() and ndo_open()
PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events
s390: remove unneeded 'select BUILD_BIN2C'
netfilter: nft_dynset: restore set element counter when failing to update
net/sched: act_api: Notify user space if any actions were flushed before error
net: bonding: fix possible NULL deref in rlb code
net: bonding: fix use-after-free after 802.3ad slave unbind
nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
NFC: nxp-nci: Don't issue a zero length i2c_master_read()
net: tun: avoid disabling NAPI twice
xen/gntdev: Avoid blocking in unmap_grant_pages()
hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails
net: dsa: bcm_sf2: force pause link settings
sit: use min
ipv6/sit: fix ipip6_tunnel_get_prl return value
rseq/selftests,x86_64: Add rseq_offset_deref_addv()
selftests/rseq: remove ARRAY_SIZE define from individual tests
selftests/rseq: introduce own copy of rseq uapi header
selftests/rseq: Remove useless assignment to cpu variable
selftests/rseq: Remove volatile from __rseq_abi
selftests/rseq: Introduce rseq_get_abi() helper
selftests/rseq: Introduce thread pointer getters
selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35
selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian
selftests/rseq: Fix ppc32 missing instruction selection "u" and "x" for load/store
selftests/rseq: Fix ppc32 offsets by using long rather than off_t
selftests/rseq: Fix warnings about #if checks of undefined tokens
selftests/rseq: Remove arm/mips asm goto compiler work-around
selftests/rseq: Fix: work-around asm goto compiler bugs
selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area
selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area
selftests/rseq: Change type of rseq_offset to ptrdiff_t
xen/blkfront: fix leaking data in shared pages
xen/netfront: fix leaking data in shared pages
xen/netfront: force data bouncing when backend is untrusted
xen/blkfront: force data bouncing when backend is untrusted
xen/arm: Fix race in RB-tree based P2M accounting
net: usb: qmi_wwan: add Telit 0x1060 composition
net: usb: qmi_wwan: add Telit 0x1070 composition
clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup()
Linux 5.4.204
UBUNTU: Upstream stable to v5.4.204

See original description

Tags:

CVE References

2022-3176

Kamal Mostafa (kamalmostafa) on 2022-08-30

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status:	Confirmed → Invalid
Changed in linux (Ubuntu Focal):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Kamal Mostafa (kamalmostafa)
description:	updated

Stefan Bader (smb) on 2022-09-14

Changed in linux (Ubuntu Focal):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-10-10:

Download full text (19.8 KiB)

This bug was fixed in the package linux - 5.4.0-128.144

---------------
linux (5.4.0-128.144) focal; urgency=medium

* focal/linux: 5.4.0-128.144 -proposed tracker (LP: #1990152)

* CVE-2022-3176
- io_uring: disable polling pollfree files

  * ip/nexthop: fix default address selection for connected nexthop
    (LP: #1988809)
    - selftests/net: test nexthop without gw

  * ip/nexthop: fix default address selection for connected nexthop
    (LP: #1988809) // icmp_redirect.sh in ubuntu_kernel_selftests failed on
    Jammy 5.15.0-49.55 (LP: #1990124)
    - ip: fix triggering of 'icmp redirect'

linux (5.4.0-127.143) focal; urgency=medium

* focal/linux: 5.4.0-127.143 -proposed tracker (LP: #1989892)

* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2022.09.19)

  * [UBUNTU 20.04] mlx5 driver crashes on accessing device attributes during
    recovery (LP: #1987287)
    - net/mlx5: Avoid processing commands before cmdif is ready

  * Focal update: v5.4.210 upstream stable release (LP: #1989230)
    - thermal: Fix NULL pointer dereferences in of_thermal_ functions
    - ACPI: video: Force backlight native for some TongFang devices
    - ACPI: video: Shortening quirk list by identifying Clevo by board_name only
    - ACPI: APEI: Better fix to avoid spamming the console with old error logs
    - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()
    - selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads
    - bpf: Test_verifier, #70 error message updates for 32-bit right shift
    - KVM: Don't null dereference ops->destroy
    - selftests: KVM: Handle compiler optimizations in ucall
    - media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
    - macintosh/adb: fix oob read in do_adb_query() function
    - x86/speculation: Add RSB VM Exit protections
    - x86/speculation: Add LFENCE to RSB fill sequence
    - Linux 5.4.210

This bug was fixed in the package linux - 5.4.0-128.144

---------------
linux (5.4.0-128.144) focal; urgency=medium

* focal/linux: 5.4.0-128.144 -proposed tracker (LP: #1990152)

* CVE-2022-3176
    - io_uring: disable polling pollfree files

* ip/nexthop: fix default address selection for connected nexthop
    (LP: #1988809)
    - selftests/net: test nexthop without gw

linux (5.4.0-127.143) focal; urgency=medium

* focal/linux: 5.4.0-127.143 -proposed tracker (LP: #1989892)

* Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2022.09.19)

* [UBUNTU 20.04] mlx5 driver crashes on accessing device attributes during
    recovery (LP: #1987287)
    - net/mlx5: Avoid processing commands before cmdif is ready

* Focal update: v5.4.209 upstream stable release (LP: #1989228)
    - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
    - ntfs: fix use-after-free in ntfs_ucsncmp()
    - s390/archrandom: prevent CPACF trng invocations in interrupt context
    - tcp: Fix data-races around sysctl_tcp_dsack.
    - tcp: Fix a data-race around sysctl_tcp_app_win.
    - tcp: Fix a data-race around sysctl_tcp_adv_win_scale.
    - tcp: Fix a data-race around sysctl_tcp_frto.
    - tcp: Fix a data-race around sysctl_tcp_nometrics_save.
    - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS)
    - ice: do not setup vlan for loopback VSI
    - scsi: ufs: host: Hold reference returned by of_parse_phandle()
    - tcp: Fix a data-race around sysctl_tcp_limit_output_bytes.
    - tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.
    - net: ping6: Fix memleak in ipv6_renew_options().
    - ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr
    - igmp: Fix data-races around sysctl_igmp_qrv.
    - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent()
    - tcp: Fix a data-race around sysctl_tcp_min_tso_segs.
    - tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen.
    - tcp: Fix a data-race around sysctl_tcp_autocorking.
    - tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit.
    - Documentation: fix sctp_wmem in ip-sysctl.rst
    - tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns.
    - tcp: Fix a data-race around sysctl_tcp_comp_sack_nr.
    - i40e: Fix interface init with MSI interrupts (no MSI-X)
    - sctp: fix sleep in atomic context bug in timer handlers
    - virtio-net: fix the race between refill work and close
    - perf symbol: Correct address for bss symbols
    - sfc: disable softirqs for ptp TX
    - sctp: leave the err path free in sctp_stream_init to sctp_stream_free
    - ARM: crypto: comment out gcc warning that breaks clang builds
    - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle.
    - scsi: core: Fix race between handling STS_RESOURCE and completion
    - Linux 5.4.209

* Focal update: v5.4.208 upstream stable release (LP: #1988225)
    - pinctrl: stm32: fix optional IRQ support to gpios
    - riscv: add as-options for modules with assembly compontents
    - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication
    - lockdown: Fix kexec lockdown bypass with ima policy
    - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
    - PCI: hv: Fix multi-MSI to allow more than one MSI vector
    - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI
    - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
    - PCI: hv: Fix interrupt mapping for multi-MSI
    - serial: mvebu-uart: correctly report configured baudrate value
    - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in
      xfrm_bundle_lookup()
    - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
    - pinctrl: ralink: Check for null return of devm_kcalloc
    - perf/core: Fix data race between perf_event_set_output() and
      perf_mmap_close()
    - igc: Reinstate IGC_REMOVED logic and implement it properly
    - ip: Fix data-races around sysctl_ip_no_pmtu_disc.
    - ip: Fix data-races around sysctl_ip_fwd_use_pmtu.
    - ip: Fix data-races around sysctl_ip_nonlocal_bind.
    - ip: Fix a data-race around sysctl_fwmark_reflect.
    - tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.
    - tcp: Fix data-races around sysctl_tcp_mtu_probing.
    - tcp: Fix data-races around sysctl_tcp_base_mss.
    - tcp: Fix data-races around sysctl_tcp_min_snd_mss.
    - tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor.
    - tcp: Fix a data-race around sysctl_tcp_probe_threshold.
    - tcp: Fix a data-race around sysctl_tcp_probe_interval.
    - i2c: cadence: Change large transfer count reset logic to be unconditional
    - net: stmmac: fix dma queue left shift overflow issue
    - net/tls: Fix race in TLS device down flow
    - igmp: Fix data-races around sysctl_igmp_llm_reports.
    - igmp: Fix a data-race around sysctl_igmp_max_memberships.
    - tcp: Fix data-races around sysctl_tcp_syncookies.
    - tcp: Fix data-races around sysctl_tcp_reordering.
    - tcp: Fix data-races around some timeout sysctl knobs.
    - tcp: Fix a data-race around sysctl_tcp_notsent_lowat.
    - tcp: Fix a data-race around sysctl_tcp_tw_reuse.
    - tcp: Fix data-races around sysctl_max_syn_backlog.
    - tcp: Fix data-races around sysctl_tcp_fastopen.
    - iavf: Fix handling of dummy receive descriptors
    - i40e: Fix erroneous adapter reinitialization during recovery process
    - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero
    - gpio: pca953x: only use single read/write for No AI mode
    - be2net: Fix buffer overflow in be_get_module_eeprom
    - ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh.
    - udp: Fix a data-race around sysctl_udp_l3mdev_accept.
    - tcp: Fix data-races around sysctl knobs related to SYN option.
    - tcp: Fix a data-race around sysctl_tcp_early_retrans.
    - tcp: Fix data-races around sysctl_tcp_recovery.
    - tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.
    - tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.
    - tcp: Fix a data-race around sysctl_tcp_retrans_collapse.
    - tcp: Fix a data-race around sysctl_tcp_stdurg.
    - tcp: Fix a data-race around sysctl_tcp_rfc1337.
    - tcp: Fix data-races around sysctl_tcp_max_reordering.
    - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA
      transfers
    - mm/mempolicy: fix uninit-value in mpol_rebind_policy()
    - bpf: Make sure mac_header was set before using it
    - dlm: fix pending remove if msg allocation fails
    - ima: remove the IMA_TEMPLATE Kconfig option
    - [Config] updateconfigs for IMA_TEMPLATE
    - locking/refcount: Define constants for saturation and max refcount values
    - locking/refcount: Ensure integer operands are treated as signed
    - locking/refcount: Remove unused refcount_*_checked() variants
    - locking/refcount: Move the bulk of the REFCOUNT_FULL implementation into the
      <linux/refcount.h> header
    - locking/refcount: Improve performance of generic REFCOUNT_FULL code
    - locking/refcount: Move saturation warnings out of line
    - locking/refcount: Consolidate REFCOUNT_{MAX,SATURATED} definitions
    - locking/refcount: Consolidate implementations of refcount_t
    - [Config] updateconfigs for REFCOUNT_FULL
    - x86: get rid of small constant size cases in raw_copy_{to,from}_user()
    - x86/uaccess: Implement macros for CMPXCHG on user addresses
    - mmap locking API: initial implementation as rwsem wrappers
    - x86/mce: Deduplicate exception handling
    - bitfield.h: Fix "type of reg too small for mask" test
    - ALSA: memalloc: Align buffer allocations in page size
    - Bluetooth: Add bt_skb_sendmsg helper
    - Bluetooth: Add bt_skb_sendmmsg helper
    - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg
    - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg
    - Bluetooth: Fix passing NULL to PTR_ERR
    - Bluetooth: SCO: Fix sco_send_frame returning skb->len
    - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks
    - tty: drivers/tty/, stop using tty_schedule_flip()
    - tty: the rest, stop using tty_schedule_flip()
    - tty: drop tty_schedule_flip()
    - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()
    - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
    - x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm()
    - Linux 5.4.208

* Focal update: v5.4.207 upstream stable release (LP: #1988219)
    - ALSA: hda - Add fixup for Dell Latitidue E5430
    - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
    - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
    - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
    - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
    - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
    - tracing/histograms: Fix memory leak problem
    - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale
      pointer
    - ip: fix dflt addr selection for connected nexthop
    - ARM: 9213/1: Print message about disabled Spectre workarounds only once
    - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction
    - wifi: mac80211: fix queue selection for mesh/OCB interfaces
    - cgroup: Use separate src/dst nodes when preloading css_sets for migration
    - drm/panfrost: Fix shrinker list corruption by madvise IOCTL
    - nilfs2: fix incorrect masking of permission flags for symlinks
    - Revert "evm: Fix memleak in init_desc"
    - sched/rt: Disable RT_RUNTIME_SHARE by default
    - ext4: fix race condition between ext4_write and ext4_convert_inline_data
    - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count
    - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle
    - ARM: 9210/1: Mark the FDT_FIXED sections as shareable
    - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
    - ima: Fix a potential integer overflow in ima_appraise_measurement
    - ASoC: sgtl5000: Fix noise on shutdown/remove
    - net: stmmac: dwc-qos: Disable split header for Tegra194
    - inetpeer: Fix data-races around sysctl.
    - net: Fix data-races around sysctl_mem.
    - cipso: Fix data-races around sysctl.
    - icmp: Fix data-races around sysctl.
    - ipv4: Fix a data-race around sysctl_fib_sync_mem.
    - ARM: dts: at91: sama5d2: Fix typo in i2s1 node
    - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
    - drm/i915/gt: Serialize TLB invalidates with GT resets
    - icmp: Fix a data-race around sysctl_icmp_ratelimit.
    - icmp: Fix a data-race around sysctl_icmp_ratemask.
    - raw: Fix a data-race around sysctl_raw_l3mdev_accept.
    - ipv4: Fix data-races around sysctl_ip_dynaddr.
    - net: ftgmac100: Hold reference returned by of_get_child_by_name()
    - sfc: fix use after free when disabling sriov
    - seg6: fix skb checksum evaluation in SRH encapsulation/insertion
    - seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors
    - seg6: bpf: fix skb checksum in bpf_push_seg6_encap()
    - sfc: fix kernel panic when creating VF
    - mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE
    - virtio_mmio: Add missing PM calls to freeze/restore
    - virtio_mmio: Restore guest page size on resume
    - netfilter: br_netfilter: do not skip all hooks with 0 priority
    - cpufreq: pmac32-cpufreq: Fix refcount leak bug
    - platform/x86: hp-wmi: Ignore Sanitization Mode event
    - net: tipc: fix possible refcount leak in tipc_sk_create()
    - NFC: nxp-nci: don't print header length mismatch on i2c error
    - nvme: fix regression when disconnect a recovering ctrl
    - net: sfp: fix memory leak in sfp_probe()
    - ASoC: ops: Fix off by one in range control validation
    - ASoC: wm5110: Fix DRE control
    - ASoC: cs47l15: Fix event generation for low power mux control
    - ASoC: madera: Fix event generation for OUT1 demux
    - ASoC: madera: Fix event generation for rate controls
    - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware
    - x86: Clear .brk area at early boot
    - soc: ixp4xx/npe: Fix unused match warning
    - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151
    - signal handling: don't use BUG_ON() for debugging
    - USB: serial: ftdi_sio: add Belimo device ids
    - usb: typec: add missing uevent when partner support PD
    - usb: dwc3: gadget: Fix event pending check
    - tty: serial: samsung_tty: set dma burst_size to 1
    - serial: 8250: fix return error code in serial8250_request_std_resource()
    - serial: stm32: Clear prev values before setting RTS delays
    - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
    - can: m_can: m_can_tx_handler(): fix use after free of skb
    - Linux 5.4.207

* Focal update: v5.4.206 upstream stable release (LP: #1988215)
    - Linux 5.4.206

* Focal update: v5.4.205 upstream stable release (LP: #1988214)
    - esp: limit skb_page_frag_refill use to a single page
    - mm/slub: add missing TID updates on slab deactivation
    - can: bcm: use call_rcu() instead of costly synchronize_rcu()
    - can: grcan: grcan_probe(): remove extra of_node_get()
    - can: gs_usb: gs_usb_open/close(): fix memory leak
    - usbnet: fix memory leak in error case
    - net: rose: fix UAF bug caused by rose_t0timer_expiry
    - iommu/vt-d: Fix PCI bus rescan device hot add
    - fbdev: fbmem: Fix logo center image dx issue
    - video: of_display_timing.h: include errno.h
    - powerpc/powernv: delay rng platform device creation until later in boot
    - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info
    - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression
    - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
    - xfs: remove incorrect ASSERT in xfs_rename
    - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
    - pinctrl: sunxi: a83t: Fix NAND function name for some pins
    - pinctrl: sunxi: sunxi_pconf_set: use correct offset
    - ARM: at91: pm: use proper compatible for sama5d2's rtc
    - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
    - ibmvnic: Properly dispose of all skbs during a failover.
    - selftests: forwarding: fix flood_unicast_test when h2 supports
      IFF_UNICAST_FLT
    - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT
    - selftests: forwarding: fix error message in learning_test
    - i2c: cadence: Unregister the clk notifier in error path
    - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs
    - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer
    - misc: rtsx_usb: use separate command and response buffers
    - misc: rtsx_usb: set return value in rsp_buf alloc err path
    - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
    - ida: don't use BUG_ON() for debugging
    - dmaengine: pl330: Fix lockdep warning about non-static key
    - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly
    - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
    - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate
    - Linux 5.4.205

* Focal update: v5.4.204 upstream stable release (LP: #1988212)
    - ipv6: take care of disable_policy when restoring routes
    - nvdimm: Fix badblocks clear off-by-one error
    - powerpc/prom_init: Fix kernel config grep
    - powerpc/bpf: Fix use of user_pt_regs in uapi
    - dm raid: fix accesses beyond end of raid member array
    - dm raid: fix KASAN warning in raid5_add_disks
    - s390/archrandom: simplify back to earlier design and initialize earlier
    - SUNRPC: Fix READ_PLUS crasher
    - net: rose: fix UAF bugs caused by timer handler
    - net: usb: ax88179_178a: Fix packet receiving
    - virtio-net: fix race between ndo_open() and virtio_device_ready()
    - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
    - net: tun: unlink NAPI from device on destruction
    - net: tun: stop NAPI when detaching queues
    - RDMA/qedr: Fix reporting QP timeout attribute
    - linux/dim: Fix divide by 0 in RDMA DIM
    - usbnet: fix memory allocation in helpers
    - net: ipv6: unexport __init-annotated seg6_hmac_net_init()
    - caif_virtio: fix race between virtio_device_ready() and ndo_open()
    - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events
    - s390: remove unneeded 'select BUILD_BIN2C'
    - netfilter: nft_dynset: restore set element counter when failing to update
    - net/sched: act_api: Notify user space if any actions were flushed before
      error
    - net: bonding: fix possible NULL deref in rlb code
    - net: bonding: fix use-after-free after 802.3ad slave unbind
    - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
    - NFC: nxp-nci: Don't issue a zero length i2c_master_read()
    - net: tun: avoid disabling NAPI twice
    - xen/gntdev: Avoid blocking in unmap_grant_pages()
    - hwmon: (ibmaem) don't call platform_device_del() if platform_device_add()
      fails
    - net: dsa: bcm_sf2: force pause link settings
    - sit: use min
    - ipv6/sit: fix ipip6_tunnel_get_prl return value
    - rseq/selftests,x86_64: Add rseq_offset_deref_addv()
    - selftests/rseq: remove ARRAY_SIZE define from individual tests
    - selftests/rseq: introduce own copy of rseq uapi header
    - selftests/rseq: Remove useless assignment to cpu variable
    - selftests/rseq: Remove volatile from __rseq_abi
    - selftests/rseq: Introduce rseq_get_abi() helper
    - selftests/rseq: Introduce thread pointer getters
    - selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35
    - selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian
    - selftests/rseq: Fix ppc32 missing instruction selection "u" and "x" for
      load/store
    - selftests/rseq: Fix ppc32 offsets by using long rather than off_t
    - selftests/rseq: Fix warnings about #if checks of undefined tokens
    - selftests/rseq: Remove arm/mips asm goto compiler work-around
    - selftests/rseq: Fix: work-around asm goto compiler bugs
    - selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread
      area
    - selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread
      area
    - selftests/rseq: Change type of rseq_offset to ptrdiff_t
    - xen/blkfront: fix leaking data in shared pages
    - xen/netfront: fix leaking data in shared pages
    - xen/netfront: force data bouncing when backend is untrusted
    - xen/blkfront: force data bouncing when backend is untrusted
    - xen/arm: Fix race in RB-tree based P2M accounting
    - net: usb: qmi_wwan: add Telit 0x1060 composition
    - net: usb: qmi_wwan: add Telit 0x1070 composition
    - clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from
      ixp4xx_timer_setup()
    - Linux 5.4.204

-- Stefan Bader <stefan.bader@canonical.com>  Tue, 20 Sep 2022 11:19:18 +0200

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-11-18:

This bug is awaiting verification that the linux-xilinx-zynqmp/5.4.0-1019.22 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2022-12-15

tags:

removed: verification-needed-focal

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package