Ubuntu
linux package

Focal update: v5.4.270 upstream stable release

Bug #2060019 reported by Manuel Diewald
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Unassigned
Focal
Fix Released
Medium
Manuel Diewald

Bug Description

    SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       v5.4.270 upstream stable release
       from git://git.kernel.org/

KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table()
KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
net/sched: Retire CBQ qdisc
UBUNTU: [Config] updateconfigs for NET_SCH_CBQ
net/sched: Retire ATM qdisc
UBUNTU: [Config] updateconfigs for NET_SCH_ATM
net/sched: Retire dsmark qdisc
UBUNTU: [Config] updateconfigs for NET_SCH_DSMARK
sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock()
nilfs2: replace WARN_ONs for invalid DAT metadata block requests
userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
sched/rt: Fix sysctl_sched_rr_timeslice intial value
sched/rt: Disallow writing invalid values to sched_rt_period_us
scsi: target: core: Add TMF to tmr_list handling
dmaengine: shdma: increase size of 'dev_id'
dmaengine: fsl-qdma: increase size of 'irq_name'
wifi: cfg80211: fix missing interfaces when dumping
wifi: mac80211: fix race condition on enabling fast-xmit
fbdev: savage: Error out if pixclock equals zero
fbdev: sis: Error out if pixclock equals zero
ahci: asm1166: correct count of reported ports
ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
regulator: pwm-regulator: Add validity checks in continuous .get_voltage
nvmet-tcp: fix nvme tcp ida memory leak
ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new
nvmet-fc: abort command when there is no binding
hwmon: (coretemp) Enlarge per package core count limit
scsi: lpfc: Use unsigned type for num_sge
firewire: core: send bus reset promptly on gap count error
virtio-blk: Ensure no requests in virtqueues before deleting vqs.
s390/qeth: Fix potential loss of L3-IP@ in case of network issues
pmdomain: renesas: r8a77980-sysc: CR7 must be always on
tcp: factor out __tcp_close() helper
tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit
tcp: add annotations around sk->sk_shutdown accesses
pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours
pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
spi: mt7621: Fix an error message in mt7621_spi_probe()
net: bridge: clear bridge's private skb space on xmit
selftests/bpf: Avoid running unprivileged tests with alignment requirements
Revert "drm/sun4i: dsi: Change the start delay calculation"
drm/amdgpu: Check for valid number of registers to read
x86/alternatives: Disable KASAN in apply_alternatives()
dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata()
iomap: Set all uptodate bits for an Uptodate page
drm/amdgpu: Fix type of second parameter in trans_msg() callback
arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node
PCI: tegra: Fix reporting GPIO error value
PCI: tegra: Fix OF node reference leak
IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
dm-crypt: don't modify the data when using authenticated encryption
gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
PCI/MSI: Prevent MSI hardware interrupt number truncation
l2tp: pass correct message length to ip6_append_data
ARM: ep93xx: Add terminator to gpiod_lookup_table
usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()
usb: cdns3: fix memory double free when handle zero packet
usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
usb: roles: don't get/set_role() when usb_role_switch is unregistered
IB/hfi1: Fix a memleak in init_credit_return
RDMA/bnxt_re: Return error for SRQ resize
RDMA/srpt: Make debug output more detailed
RDMA/srpt: fix function pointer cast warnings
scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions
bpf, scripts: Correct GPL license name
scsi: jazz_esp: Only build if SCSI core is builtin
nouveau: fix function cast warnings
ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid
ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
afs: Increase buffer size in afs_update_volume_status()
ipv6: sr: fix possible use-after-free and null-ptr-deref
packet: move from strlcpy with unused retval to strscpy
s390: use the correct count for __iowrite64_copy()
tls: rx: jump to a more appropriate label
tls: rx: drop pointless else after goto
tls: stop recv() if initial process_rx_list gave us non-DATA
netfilter: nf_tables: set dormant flag on hook register failure
drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3
drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set
fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
scripts/bpf: Fix xdp_md forward declaration typo
Linux 5.4.270
UBUNTU: Upstream stable to v5.4.270

See original description
Manuel Diewald (diewald)
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Manuel Diewald (diewald)
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in linux (Ubuntu Focal):
assignee: nobody → Manuel Diewald (diewald)
importance: Undecided → Medium
status: New → In Progress
description: updated
Roxana Nicolescu (roxanan)
Changed in linux (Ubuntu Focal):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (8.6 KiB)

This bug was fixed in the package linux - 5.4.0-186.206

---------------
linux (5.4.0-186.206) focal; urgency=medium

  * focal/linux: 5.4.0-186.206 -proposed tracker (LP: #2063812)

  * Mount CIFS fails with Permission denied (LP: #2061986)
    - cifs: fix ntlmssp auth when there is no key exchange

  * USB stick can't be detected (LP: #2040948)
    - usb: Disable USB3 LPM at shutdown

  * CVE-2024-26733
    - net: dev: Convert sa_data to flexible array in struct sockaddr
    - arp: Prevent overflow in arp_req_get().
    - stddef: Introduce DECLARE_FLEX_ARRAY() helper

  * CVE-2024-26712
    - powerpc/kasan: Fix addr error caused by page alignment

  * CVE-2023-52530
    - wifi: mac80211: fix potential key use-after-free

  * CVE-2021-47063
    - drm: bridge/panel: Cleanup connector on bridge detach

  * [Ubuntu 22.04.4/linux-image-6.5.0-26-generic] Kernel output "UBSAN: array-
    index-out-of-bounds in /build/linux-hwe-6.5-34pCLi/linux-
    hwe-6.5-6.5.0/drivers/net/hyperv/netvsc.c:1445:41" multiple times,
    especially during boot. (LP: #2058477)
    - hv: hyperv.h: Replace one-element array with flexible-array member

  * CVE-2024-26614
    - tcp: make sure init the accept_queue's spinlocks once
    - ipv6: init the accept_queue's spinlocks in inet6_create

  * Focal update: v5.4.271 upstream stable release (LP: #2060216)
    - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
    - net: ip_tunnel: prevent perpetual headroom growth
    - tun: Fix xdp_rxq_info's queue_index when detaching
    - ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
    - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is
      detected
    - net: usb: dm9601: fix wrong return value in dm9601_mdio_read
    - Bluetooth: Avoid potential use-after-free in hci_error_reset
    - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
    - Bluetooth: Enforce validation on max value of connection interval
    - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
    - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
    - efi/capsule-loader: fix incorrect allocation size
    - power: supply: bq27xxx-i2c: Do not free non existing IRQ
    - ALSA: Drop leftover snd-rtctimer stuff from Makefile
    - afs: Fix endless loop in directory parsing
    - gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
    - wifi: nl80211: reject iftype change with mesh ID change
    - btrfs: dev-replace: properly validate device names
    - dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
    - dmaengine: fsl-qdma: init irq after reg initialization
    - mmc: core: Fix eMMC initialization with 1-bit bus connection
    - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers
    - cachefiles: fix memory leak in cachefiles_add_cache()
    - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
    - gpio: 74x164: Enable output pins after registers are reset
    - Linux 5.4.271

  * Focal update: v5.4.270 upstream stable release (LP: #2060019)
    - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table()
    - KVM: arm64: vgic-its: Test for valid...

Read more...

Changed in linux (Ubuntu Focal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.