Ubuntu
linux package

Jammy update: v5.15.151 upstream stable release

Bug #2060209 reported by Manuel Diewald on 2024-04-04

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Jammy	Fix Released	Medium	Manuel Diewald

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

v5.15.151 upstream stable release
from git://git.kernel.org/

netfilter: nf_tables: disallow timeout for anonymous sets
mtd: spinand: gigadevice: Fix the get ecc status issue
netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
net: ip_tunnel: prevent perpetual headroom growth
tun: Fix xdp_rxq_info's queue_index when detaching
cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back
net: veth: clear GRO when clearing XDP even when down
ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected
net: enable memcg accounting for veth queues
veth: try harder when allocating queue memory
net: usb: dm9601: fix wrong return value in dm9601_mdio_read
uapi: in6: replace temporary label with rfc9486
stmmac: Clear variable when destroying workqueue
Bluetooth: Avoid potential use-after-free in hci_error_reset
Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR
Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
netfilter: nfnetlink_queue: silence bogus compiler warning
netfilter: core: move ip_ct_attach indirection to struct nf_ct_hook
netfilter: make function op structures const
netfilter: let reset rules clean out conntrack entries
netfilter: bridge: confirm multicast packets before passing them up the stack
rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
igb: extend PTP timestamp adjustments to i211
tls: rx: don't store the record type in socket context
tls: rx: don't store the decryption status in socket context
tls: rx: don't issue wake ups when data is decrypted
tls: rx: refactor decrypt_skb_update()
tls: hw: rx: use return value of tls_device_decrypted() to carry status
tls: rx: drop unnecessary arguments from tls_setup_from_iter()
tls: rx: don't report text length from the bowels of decrypt
tls: rx: wrap decryption arguments in a structure
tls: rx: factor out writing ContentType to cmsg
tls: rx: don't track the async count
tls: rx: move counting TlsDecryptErrors for sync
tls: rx: assume crypto always calls our callback
tls: rx: use async as an in-out argument
tls: decrement decrypt_pending if no async completion will be called
efi/capsule-loader: fix incorrect allocation size
power: supply: bq27xxx-i2c: Do not free non existing IRQ
ALSA: Drop leftover snd-rtctimer stuff from Makefile
fbcon: always restore the old font data in fbcon_do_set_font()
afs: Fix endless loop in directory parsing
riscv: Sparse-Memory/vmemmap out-of-bounds fix
tomoyo: fix UAF write bug in tomoyo_write_control()
ALSA: firewire-lib: fix to check cycle continuity
gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
wifi: nl80211: reject iftype change with mesh ID change
btrfs: dev-replace: properly validate device names
dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
dmaengine: ptdma: use consistent DMA masks
dmaengine: fsl-qdma: init irq after reg initialization
mmc: core: Fix eMMC initialization with 1-bit bus connection
mmc: sdhci-xenon: add timeout for PHY init complete
mmc: sdhci-xenon: fix PHY init clock stability
pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation
x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers
mptcp: move __mptcp_error_report in protocol.c
mptcp: process pending subflow error on close
mptcp: rename timer related helper to less confusing names
selftests: mptcp: add missing kconfig for NF Filter
selftests: mptcp: add missing kconfig for NF Filter in v6
mptcp: clean up harmless false expressions
mptcp: add needs_id for netlink appending addr
mptcp: push at DSS boundaries
mptcp: fix possible deadlock in subflow diag
cachefiles: fix memory leak in cachefiles_add_cache()
fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
Revert "drm/bridge: lt8912b: Register and attach our DSI device at probe"
af_unix: Drop oob_skb ref before purging queue in GC.
gpio: 74x164: Enable output pins after registers are reset
gpiolib: Fix the error path order in gpiochip_add_data_with_key()
gpio: fix resource unwinding order in error path
Revert "interconnect: Fix locking for runpm vs reclaim"
Revert "interconnect: Teach lockdep about icc_bw_lock order"
bpf: Add BPF_FIB_LOOKUP_SKIP_NEIGH for bpf_fib_lookup
bpf: Add table ID to bpf_fib_lookup BPF helper
bpf: Derive source IP addr via bpf_*_fib_lookup()
net: tls: fix async vs NIC crypto offload
Revert "tls: rx: move counting TlsDecryptErrors for sync"
mptcp: fix double-free on socket dismantle
Linux 5.15.151
UBUNTU: Upstream stable to v5.15.151

See original description

Tags:

CVE References

Manuel Diewald (diewald) on 2024-04-04

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug

Manuel Diewald (diewald) on 2024-04-04

Changed in linux (Ubuntu):
status:	Confirmed → Invalid
Changed in linux (Ubuntu Jammy):
assignee:	nobody → Manuel Diewald (diewald)
importance:	Undecided → Medium
status:	New → In Progress
description:	updated

Roxana Nicolescu (roxanan) on 2024-04-22

Changed in linux (Ubuntu Jammy):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-06-06:

Download full text (47.3 KiB)

This bug was fixed in the package linux - 5.15.0-112.122

---------------
linux (5.15.0-112.122) jammy; urgency=medium

* jammy/linux: 5.15.0-112.122 -proposed tracker (LP: #2065898)

  * CVE-2024-21823
    - dmanegine: idxd: reformat opcap output to match bitmap_parse() input
    - dmaengine: idxd: add WQ operation cap restriction support
    - dmaengine: idxd: add knob for enqcmds retries
    - VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist
    - dmaengine: idxd: add a new security check to deal with a hardware erratum
    - dmaengine: idxd: add a write() method for applications to submit work

linux (5.15.0-111.121) jammy; urgency=medium

* jammy/linux: 5.15.0-111.121 -proposed tracker (LP: #2063763)

  * RTL8852BE fw security fail then lost WIFI function during suspend/resume
    cycle (LP: #2063096)
    - wifi: rtw89: download firmware with five times retry

* Mount CIFS fails with Permission denied (LP: #2061986)
- cifs: fix ntlmssp auth when there is no key exchange

* USB stick can't be detected (LP: #2040948)
- usb: Disable USB3 LPM at shutdown

This bug was fixed in the package linux - 5.15.0-112.122

---------------
linux (5.15.0-112.122) jammy; urgency=medium

* jammy/linux: 5.15.0-112.122 -proposed tracker (LP: #2065898)

linux (5.15.0-111.121) jammy; urgency=medium

* jammy/linux: 5.15.0-111.121 -proposed tracker (LP: #2063763)

* RTL8852BE fw security fail then lost WIFI function during suspend/resume
    cycle (LP: #2063096)
    - wifi: rtw89: download firmware with five times retry

* Mount CIFS fails with Permission denied (LP: #2061986)
    - cifs: fix ntlmssp auth when there is no key exchange

* USB stick can't be detected (LP: #2040948)
    - usb: Disable USB3 LPM at shutdown

* Jammy update: v5.15.153 upstream stable release (LP: #2063290)
    - io_uring/unix: drop usage of io_uring socket
    - io_uring: drop any code related to SCM_RIGHTS
    - selftests: tls: use exact comparison in recv_partial
    - ASoC: rt5645: Make LattePanda board DMI match more precise
    - x86/xen: Add some null pointer checking to smp.c
    - MIPS: Clear Cause.BD in instruction_pointer_set
    - HID: multitouch: Add required quirk for Synaptics 0xcddc device
    - gen_compile_commands: fix invalid escape sequence warning
    - RDMA/mlx5: Fix fortify source warning while accessing Eth segment
    - RDMA/mlx5: Relax DEVX access upon modify commands
    - riscv: dts: sifive: add missing #interrupt-cells to pmic
    - x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h
    - x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
    - net/iucv: fix the allocation size of iucv_path_table array
    - parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check
    - block: sed-opal: handle empty atoms when parsing response
    - dm-verity, dm-crypt: align "struct bvec_iter" correctly
    - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready
    - ALSA: hda/realtek - ALC285 reduce pop noise from Headphone port
    - drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series
    - Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
    - firewire: core: use long bus reset on gap count error
    - ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet
    - Input: gpio_keys_polled - suppress deferred probe error for gpio
    - ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC
    - ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode
    - ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll
    - do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
    - s390/dasd: put block allocation in separate function
    - s390/dasd: add query PPRC function
    - s390/dasd: add copy pair setup
    - s390/dasd: add autoquiesce feature
    - s390/dasd: Use dev_*() for device log messages
    - s390/dasd: fix double module refcount decrement
    - fs/select: rework stack allocation hack for clang
    - md: Don't clear MD_CLOSING when the raid is about to stop
    - lib/cmdline: Fix an invalid format specifier in an assertion msg
    - time: test: Fix incorrect format specifier
    - rtc: test: Fix invalid format specifier.
    - aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
    - timekeeping: Fix cross-timestamp interpolation on counter wrap
    - timekeeping: Fix cross-timestamp interpolation corner case decision
    - timekeeping: Fix cross-timestamp interpolation for non-x86
    - sched/fair: Take the scheduling domain into account in select_idle_core()
    - wifi: ath10k: fix NULL pointer dereference in
      ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()
    - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
    - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled
    - wifi: b43: Stop correct queue in DMA worker when QoS is disabled
    - wifi: b43: Disable QoS for bcm4331
    - wifi: wilc1000: fix declarations ordering
    - wifi: wilc1000: fix RCU usage in connect path
    - wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
    - wifi: wilc1000: fix multi-vif management when deleting a vif
    - wifi: mwifiex: debugfs: Drop unnecessary error check for
      debugfs_create_dir()
    - cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
    - cpufreq: Explicitly include correct DT includes
    - cpufreq: mediatek-hw: Wait for CPU supplies before probing
    - sock_diag: annotate data-races around sock_diag_handlers[family]
    - inet_diag: annotate data-races around inet_diag_table[]
    - bpftool: Silence build warning about calloc()
    - af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc().
    - cpufreq: mediatek-hw: Don't error out if supply is not found
    - arm64: dts: imx8mm-kontron: Disable pullups for I2C signals on SL/BL i.MX8MM
    - arm64: dts: imx8mm-kontron: Disable pullups for onboard UART signals on BL
      board
    - arm64: dts: imx8mm-kontron: Add support for ultra high speed modes on SD
      card
    - arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch SD card IO
      voltage
    - arm64: dts: imx8mm-kontron: Disable pull resistors for SD card signals on BL
      board
    - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
    - wifi: iwlwifi: mvm: report beacon protection failures
    - wifi: iwlwifi: dbg-tlv: ensure NUL termination
    - wifi: iwlwifi: fix EWRD table validity check
    - arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS
    - pwm: atmel-hlcdc: Convert to platform remove callback returning void
    - pwm: atmel-hlcdc: Use consistent variable naming
    - pwm: atmel-hlcdc: Fix clock imbalance related to suspend support
    - net: blackhole_dev: fix build warning for ethh set but not used
    - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
    - pwm: sti: Implement .apply() callback
    - pwm: sti: Fix capture for st,pwm-num-chan < st,capture-num-chan
    - wifi: iwlwifi: mvm: don't set replay counters to 0xff
    - s390/vdso: drop '-fPIC' from LDFLAGS
    - ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()
    - arm64: dts: mt8183: kukui: Add Type C node
    - arm64: dts: mt8183: kukui: Split out keyboard node and describe detachables
    - arm64: dts: mt8183: Move CrosEC base detection node to kukui-based DTs
    - arm64: dts: mediatek: mt7622: add missing "device_type" to memory nodes
    - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly
    - wireless: Remove redundant 'flush_workqueue()' calls
    - wifi: wilc1000: prevent use-after-free on vif when cleaning up all
      interfaces
    - ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
    - bus: tegra-aconnect: Update dependency to ARCH_TEGRA
    - [Config]: update CONFIG_TEGRA_ACONNECT
    - iommu/amd: Mark interrupt as managed
    - wifi: brcmsmac: avoid function pointer casts
    - net: ena: Remove ena_select_queue
    - ARM: dts: arm: realview: Fix development chip ROM compatible value
    - arm64: dts: renesas: r8a779a0: Update to R-Car Gen4 compatible values
    - arm64: dts: renesas: r8a779a0: Correct avb[01] reg sizes
    - ARM: dts: imx6dl-yapp4: Move phy reset into switch node
    - ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address
    - ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node
    - arm64: dts: marvell: reorder crypto interrupts on Armada SoCs
    - ACPI: resource: Add Infinity laptops to irq1_edge_low_force_override
    - ACPI: resource: Do IRQ override on Lunnen Ground laptops
    - ACPI: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override
    - ACPI: scan: Fix device check notification handling
    - x86, relocs: Ignore relocations in .notes section
    - SUNRPC: fix some memleaks in gssx_dec_option_array
    - mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove
      function
    - wifi: rtw88: 8821c: Fix false alarm count
    - PCI: Make pci_dev_is_disconnected() helper public for other drivers
    - iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected
    - igb: move PEROUT and EXTTS isr logic to separate functions
    - igb: Fix missing time sync events
    - Bluetooth: Remove superfluous call to hci_conn_check_pending()
    - Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855
    - Bluetooth: hci_qca: don't use IS_ERR_OR_NULL() with gpiod_get_optional()
    - Bluetooth: hci_core: Fix possible buffer overflow
    - sr9800: Add check for usbnet_get_endpoints
    - bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
    - bpf: Fix hashtab overflow check on 32-bit arches
    - bpf: Fix stackmap overflow check on 32-bit arches
    - ipv6: fib6_rules: flush route cache when rule is changed
    - net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
    - net: phy: fix phy_get_internal_delay accessing an empty array
    - net: hns3: fix kernel crash when 1588 is received on HIP08 devices
    - net: hns3: fix port duplex configure error in IMP reset
    - net: phy: DP83822: enable rgmii mode if phy_interface_is_rgmii
    - net: phy: dp83822: Fix RGMII TX delay configuration
    - OPP: debugfs: Fix warning around icc_get_name()
    - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function
    - net: Change sock_getsockopt() to take the sk ptr instead of the sock ptr
    - bpf: net: Change sk_getsockopt() to take the sockptr_t argument
    - bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument
    - ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt()
      function
    - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt()
      function
    - udp: fix incorrect parameter validation in the udp_lib_getsockopt() function
    - net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function
    - net/x25: fix incorrect parameter validation in the x25_getsockopt() function
    - nfp: flower: handle acti_netdevs allocation failure
    - dm raid: fix false positive for requeue needed during reshape
    - dm: call the resume method on internal suspend
    - drm/tegra: dsi: Add missing check for of_find_device_by_node
    - drm/tegra: dpaux: Populate AUX bus
    - drm/tegra: dpaux: Fix PM disable depth imbalance in tegra_dpaux_probe
    - drm/tegra: dsi: Make use of the helper function dev_err_probe()
    - drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe()
    - drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path
      of tegra_dsi_probe()
    - drm/tegra: dc: rgb: Allow changing PLLD rate on Tegra30+
    - drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe()
    - drm/tegra: rgb: Fix missing clk_put() in the error handling paths of
      tegra_dc_rgb_probe()
    - drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths
      of tegra_output_probe()
    - drm/rockchip: inno_hdmi: Fix video timing
    - drm: Don't treat 0 as -1 in drm_fixp2int_ceil
    - drm/ttm: add ttm_resource_fini v2
    - drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node
    - drm/rockchip: lvds: do not overwrite error code
    - drm/rockchip: lvds: do not print scary message when probing defer
    - drm/lima: fix a memleak in lima_heap_alloc
    - dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA
    - [Config]: update CONFIG_TEGRA210_ADMA
    - media: tc358743: register v4l2 async device only after successful setup
    - PCI/DPC: Print all TLP Prefixes, not just the first
    - perf record: Fix possible incorrect free in record__switch_output()
    - HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd
    - drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()'
    - drm/amd/display: Fix potential NULL pointer dereferences in
      'dcn10_set_output_transfer_func()'
    - perf evsel: Fix duplicate initialization of data->id in
      evsel__parse_sample()
    - clk: meson: Add missing clocks to axg_clk_regmaps
    - media: em28xx: annotate unchecked call to media_device_register()
    - media: v4l2-tpg: fix some memleaks in tpg_alloc
    - media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
    - media: edia: dvbdev: fix a use-after-free
    - pinctrl: mediatek: Drop bogus slew rate register range for MT8192
    - clk: qcom: reset: Commonize the de/assert functions
    - clk: qcom: reset: Ensure write completion on reset de/assertion
    - quota: simplify drop_dquot_ref()
    - quota: Fix potential NULL pointer dereference
    - quota: Fix rcu annotations of inode dquot pointers
    - PCI/P2PDMA: Fix a sleeping issue in a RCU read section
    - PCI: switchtec: Fix an error handling path in switchtec_pci_probe()
    - crypto: xilinx - call finalize with bh disabled
    - perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str()
    - drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode()
    - ALSA: seq: fix function cast warnings
    - perf stat: Avoid metric-only segv
    - ASoC: meson: Use dev_err_probe() helper
    - ASoC: meson: aiu: fix function pointer type mismatch
    - ASoC: meson: t9015: fix function pointer type mismatch
    - powerpc: Force inlining of arch_vmap_p{u/m}d_supported()
    - PCI: endpoint: Support NTB transfer between RC and EP
    - [Config]: update CONFIG_PCI_EPF_VNTB
    - NTB: EPF: fix possible memory leak in pci_vntb_probe()
    - NTB: fix possible name leak in ntb_register_device()
    - media: sun8i-di: Fix coefficient writes
    - media: sun8i-di: Fix power on/off sequences
    - media: sun8i-di: Fix chroma difference threshold
    - media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
    - media: go7007: add check of return value of go7007_read_addr()
    - media: pvrusb2: remove redundant NULL check
    - media: pvrusb2: fix pvr2_stream_callback casts
    - clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times
    - drm/mediatek: dsi: Fix DSI RGB666 formats and definitions
    - PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
    - clk: hisilicon: hi3519: Release the correct number of gates in
      hi3519_clk_unregister()
    - clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()
    - drm/tegra: put drm_gem_object ref on error in tegra_fb_create
    - mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref
    - mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a
      ref
    - crypto: arm/sha - fix function cast warnings
    - drm/tidss: Fix initial plane zpos values
    - mtd: maps: physmap-core: fix flash size larger than 32-bit
    - mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
    - ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs
    - ASoC: meson: axg-tdm-interface: add frame rate constraint
    - HID: amd_sfh: Update HPD sensor structure elements
    - drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int()
    - media: pvrusb2: fix uaf in pvr2_context_set_notify
    - media: dvb-frontends: avoid stack overflow warnings with clang
    - media: go7007: fix a memleak in go7007_load_encoder
    - media: ttpci: fix two memleaks in budget_av_attach
    - media: mediatek: vcodec: avoid -Wcast-function-type-strict warning
    - drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip
    - powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks
    - drm/msm/dpu: add division of drm_display_mode's hskew parameter
    - module: Add support for default value for module async_probe
    - modules: wait do_free_init correctly
    - powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc.
    - leds: aw2013: Unlock mutex before destroying it
    - leds: sgm3140: Add missing timer cleanup and flash gpio control
    - backlight: lm3630a: Initialize backlight_properties on init
    - backlight: lm3630a: Don't set bl->props.brightness in get_brightness
    - backlight: da9052: Fully initialize backlight_properties during probe
    - backlight: lm3639: Fully initialize backlight_properties during probe
    - backlight: lp8788: Fully initialize backlight_properties during probe
    - sparc32: Fix section mismatch in leon_pci_grpci
    - clk: Fix clk_core_get NULL dereference
    - clk: zynq: Prevent null pointer dereference caused by kmalloc failure
    - ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops
    - ALSA: usb-audio: Stop parsing channels bits when all channels are found.
    - RDMA/srpt: Do not register event handler until srpt device is fully setup
    - f2fs: multidevice: support direct IO
    - f2fs: invalidate META_MAPPING before IPU/DIO write
    - f2fs: replace congestion_wait() calls with io_schedule_timeout()
    - f2fs: fix to invalidate META_MAPPING before DIO write
    - f2fs: invalidate meta pages only for post_read required inode
    - f2fs: reduce stack memory cost by using bitfield in struct f2fs_io_info
    - f2fs: compress: fix to cover normal cluster write with cp_rwsem
    - f2fs: compress: fix to check unreleased compressed cluster
    - scsi: csiostor: Avoid function pointer casts
    - RDMA/device: Fix a race between mad_client and cm_client init
    - RDMA/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store()
    - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
    - net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
    - NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
    - NFSv4.2: fix listxattr maximum XDR buffer size
    - watchdog: stm32_iwdg: initialize default timeout
    - NFS: Fix an off by one in root_nfs_cat()
    - f2fs: compress: fix reserve_cblocks counting error when out of space
    - afs: Revert "afs: Hide silly-rename files from userspace"
    - comedi: comedi_test: Prevent timers rescheduling during deletion
    - remoteproc: stm32: use correct format strings on 64-bit
    - remoteproc: stm32: Fix incorrect type in assignment for va
    - remoteproc: stm32: Fix incorrect type assignment returned by
      stm32_rproc_get_loaded_rsc_tablef
    - tty: vt: fix 20 vs 0x20 typo in EScsiignore
    - serial: max310x: fix syntax error in IRQ error message
    - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
    - arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells
    - kconfig: fix infinite loop when expanding a macro at the end of file
    - rtc: mt6397: select IRQ_DOMAIN instead of depending on it
    - serial: 8250_exar: Don't remove GPIO device on suspend
    - staging: greybus: fix get_channel_from_mode() failure path
    - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin
    - io_uring: don't save/restore iowait state
    - nouveau: reset the bo resource bus info after an eviction
    - octeontx2-af: Use matching wake_up API variant in CGX command interface
    - s390/vtime: fix average steal time calculation
    - soc: fsl: dpio: fix kcalloc() argument order
    - hsr: Fix uninit-value access in hsr_get_node()
    - net: mtk_eth_soc: move MAC_MCR setting to mac_finish()
    - net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up
    - net: ethernet: mtk_eth_soc: fix PPE hanging issue
    - packet: annotate data-races around ignore_outgoing
    - net: veth: do not manipulate GRO when using XDP
    - net: dsa: mt7530: prevent possible incorrect XTAL frequency selection
    - vdpa/mlx5: Allow CVQ size changes
    - wireguard: receive: annotate data-race around receiving_counter.counter
    - rds: introduce acquire/release ordering in acquire/release_in_xmit()
    - hsr: Handle failures in module init
    - net: phy: fix phy_read_poll_timeout argument type in genphy_loopback
    - net/bnx2x: Prevent access to a freed page in page_pool
    - octeontx2-af: Use separate handlers for interrupts
    - netfilter: nf_tables: do not compare internal table flags on updates
    - rcu: add a helper to report consolidated flavor QS
    - net: report RCU QS on threaded NAPI repolling
    - bpf: report RCU QS in cpumap kthread
    - net: dsa: mt7530: fix handling of LLDP frames
    - net: dsa: mt7530: fix handling of 802.1X PAE frames
    - net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports
    - net: dsa: mt7530: fix handling of all link-local frames
    - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
    - regmap: Add missing map->bus check
    - remoteproc: stm32: fix incorrect optional pointers

* Jammy update: v5.15.152 upstream stable release (LP: #2063276)
    - mmc: mmci: stm32: use a buffer for unaligned DMA requests
    - mmc: mmci: stm32: fix DMA API overlapping mappings warning
    - net: lan78xx: fix runtime PM count underflow on link stop
    - ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able
    - i40e: disable NAPI right after disabling irqs when handling xsk_pool
    - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string
    - geneve: make sure to pull inner header in geneve_rx()
    - net: sparx5: Fix use after free inside sparx5_del_mact_entry
    - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
    - net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
    - cpumap: Zero-initialise xdp_rxq_info struct before running XDP program
    - net/rds: fix WARNING in rds_conn_connect_if_down
    - netfilter: nft_ct: fix l3num expectations with inet pseudo family
    - netfilter: nf_conntrack_h323: Add protection for bmp length out of range
    - erofs: apply proper VMA alignment for memory mapped files on THP
    - netrom: Fix a data-race around sysctl_netrom_default_path_quality
    - netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser
    - netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser
    - netrom: Fix a data-race around sysctl_netrom_transport_timeout
    - netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries
    - netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay
    - netrom: Fix a data-race around sysctl_netrom_transport_busy_delay
    - netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size
    - netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout
    - netrom: Fix a data-race around sysctl_netrom_routing_control
    - netrom: Fix a data-race around sysctl_netrom_link_fails_count
    - netrom: Fix data-races around sysctl_net_busy_read
    - ALSA: usb-audio: Refcount multiple accesses on the single clock
    - ALSA: usb-audio: Clear fixed clock rate at closing EP
    - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (take#2)
    - ALSA: usb-audio: Properly refcounting clock rate
    - ALSA: usb-audio: Apply mutex around snd_usb_endpoint_set_params()
    - ALSA: usb-audio: Correct the return code from snd_usb_endpoint_set_params()
    - ALSA: usb-audio: Avoid superfluous endpoint setup
    - ALSA: usb-audio: Add quirk for Tascam Model 12
    - ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless
    - ALSA: usb-audio: Fix microphone sound on Nexigo webcam.
    - ALSA: usb-audio: add quirk for RODE NT-USB+
    - drm/amd/display: Fix uninitialized variable usage in core_link_ 'read_dpcd()
      & write_dpcd()' functions
    - nfp: flower: add goto_chain_index for ct entry
    - nfp: flower: add hardware offload check for post ct entry
    - selftests/mm: switch to bash from sh
    - selftests: mm: fix map_hugetlb failure on 64K page size systems
    - xhci: process isoc TD properly when there was a transaction error mid TD.
    - xhci: handle isoc Babble and Buffer Overrun events properly
    - serial: max310x: use regmap methods for SPI batch operations
    - serial: max310x: use a separate regmap for each port
    - serial: max310x: prevent infinite while() loop in port startup
    - drm/amd/pm: do not expose the API used internally only in kv_dpm.c
    - drm/amdgpu: Reset IH OVERFLOW_CLEAR bit
    - selftests: mptcp: decrease BW in simult flows
    - hv_netvsc: use netif_is_bond_master() instead of open code
    - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
    - drm/amd/display: Re-arrange FPU code structure for dcn2x
    - drm/amd/display: move calcs folder into DML
    - drm/amd/display: remove DML Makefile duplicate lines
    - drm/amd/display: Increase frame-larger-than for all display_mode_vba files
    - getrusage: add the "signal_struct *sig" local variable
    - getrusage: move thread_group_cputime_adjusted() outside of
      lock_task_sighand()
    - getrusage: use __for_each_thread()
    - getrusage: use sig->stats_lock rather than lock_task_sighand()
    - proc: Use task_is_running() for wchan in /proc/$pid/stat
    - fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of
      lock_task_sighand()
    - ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all
    - ALSA: usb-audio: Always initialize fixed_rate in
      snd_usb_find_implicit_fb_sync_format()
    - ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610 Wireless
    - ALSA: usb-audio: Sort quirk table entries
    - regmap: allow to define reg_update_bits for no bus configuration
    - regmap: Add bulk read/write callbacks into regmap_config
    - serial: max310x: make accessing revision id interface-agnostic
    - serial: max310x: fix IO data corruption in batched operations
    - Linux 5.15.152

* CVE-2024-26809
    - netfilter: nft_set_pipapo: release elements in clone only from destroy path

* CVE-2024-26792
    - btrfs: fix double free of anonymous device after snapshot creation failure

* CVE-2023-52530
    - wifi: mac80211: fix potential key use-after-free

* CVE-2023-52447
    - bpf: Defer the free of inner map when necessary
    - rcu-tasks: Provide rcu_trace_implies_rcu_gp()

* Avoid creating non-working backlight sysfs knob from ASUS board
    (LP: #2060422)
    - platform/x86: asus-wmi: Consider device is absent when the read is ~0

* [Ubuntu 22.04.4/linux-image-6.5.0-26-generic] Kernel output "UBSAN: array-
    index-out-of-bounds in /build/linux-hwe-6.5-34pCLi/linux-
    hwe-6.5-6.5.0/drivers/net/hyperv/netvsc.c:1445:41" multiple times,
    especially during boot. (LP: #2058477)
    - hv: hyperv.h: Replace one-element array with flexible-array member

* Jammy update: v5.15.151 upstream stable release (LP: #2060209)
    - netfilter: nf_tables: disallow timeout for anonymous sets
    - mtd: spinand: gigadevice: Fix the get ecc status issue
    - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
    - net: ip_tunnel: prevent perpetual headroom growth
    - tun: Fix xdp_rxq_info's queue_index when detaching
    - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call
      back
    - net: veth: clear GRO when clearing XDP even when down
    - ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
    - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is
      detected
    - net: enable memcg accounting for veth queues
    - veth: try harder when allocating queue memory
    - net: usb: dm9601: fix wrong return value in dm9601_mdio_read
    - uapi: in6: replace temporary label with rfc9486
    - stmmac: Clear variable when destroying workqueue
    - Bluetooth: Avoid potential use-after-free in hci_error_reset
    - Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR
    - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
    - netfilter: nfnetlink_queue: silence bogus compiler warning
    - netfilter: core: move ip_ct_attach indirection to struct nf_ct_hook
    - netfilter: make function op structures const
    - netfilter: let reset rules clean out conntrack entries
    - netfilter: bridge: confirm multicast packets before passing them up the
      stack
    - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
    - igb: extend PTP timestamp adjustments to i211
    - efi/capsule-loader: fix incorrect allocation size
    - power: supply: bq27xxx-i2c: Do not free non existing IRQ
    - ALSA: Drop leftover snd-rtctimer stuff from Makefile
    - fbcon: always restore the old font data in fbcon_do_set_font()
    - afs: Fix endless loop in directory parsing
    - riscv: Sparse-Memory/vmemmap out-of-bounds fix
    - ALSA: firewire-lib: fix to check cycle continuity
    - gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
    - wifi: nl80211: reject iftype change with mesh ID change
    - btrfs: dev-replace: properly validate device names
    - dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
    - dmaengine: ptdma: use consistent DMA masks
    - dmaengine: fsl-qdma: init irq after reg initialization
    - mmc: core: Fix eMMC initialization with 1-bit bus connection
    - mmc: sdhci-xenon: add timeout for PHY init complete
    - mmc: sdhci-xenon: fix PHY init clock stability
    - pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation
    - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers
    - mptcp: move __mptcp_error_report in protocol.c
    - mptcp: process pending subflow error on close
    - mptcp: rename timer related helper to less confusing names
    - selftests: mptcp: add missing kconfig for NF Filter
    - selftests: mptcp: add missing kconfig for NF Filter in v6
    - mptcp: clean up harmless false expressions
    - mptcp: add needs_id for netlink appending addr
    - mptcp: push at DSS boundaries
    - mptcp: fix possible deadlock in subflow diag
    - cachefiles: fix memory leak in cachefiles_add_cache()
    - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
    - Revert "drm/bridge: lt8912b: Register and attach our DSI device at probe"
    - af_unix: Drop oob_skb ref before purging queue in GC.
    - gpio: 74x164: Enable output pins after registers are reset
    - gpiolib: Fix the error path order in gpiochip_add_data_with_key()
    - gpio: fix resource unwinding order in error path
    - Revert "interconnect: Fix locking for runpm vs reclaim"
    - Revert "interconnect: Teach lockdep about icc_bw_lock order"
    - bpf: Add BPF_FIB_LOOKUP_SKIP_NEIGH for bpf_fib_lookup
    - bpf: Add table ID to bpf_fib_lookup BPF helper
    - bpf: Derive source IP addr via bpf_*_fib_lookup()
    - Linux 5.15.151

* Jammy update: v5.15.151 upstream stable release (LP: #2060209) //
    CVE-2024-26782
    - mptcp: fix double-free on socket dismantle

* Jammy update: v5.15.151 upstream stable release (LP: #2060209) // Fix
    bluetooth connections with 3.0 device (LP: #2063067)
    - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST

* Jammy update: v5.15.150 upstream stable release (LP: #2060142)
    - net/sched: Retire CBQ qdisc
    - [Config] updateconfigs for NET_SCH_CBQ
    - net/sched: Retire ATM qdisc
    - [Config] updateconfigs for NET_SCH_ATM
    - net/sched: Retire dsmark qdisc
    - [Config] updateconfigs for NET_SCH_DSMARK
    - smb: client: fix potential OOBs in smb2_parse_contexts()
    - smb: client: fix parsing of SMB3.1.1 POSIX create context
    - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
    - PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq()
    - bpf: Merge printk and seq_printf VARARG max macros
    - bpf: Add struct for bin_args arg in bpf_bprintf_prepare
    - bpf: Do cleanup in bpf_bprintf_cleanup only when needed
    - bpf: Remove trace_printk_lock
    - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
    - zonefs: Improve error handling
    - x86/fpu: Stop relying on userspace for info to fault in xsave buffer
    - sched/rt: Fix sysctl_sched_rr_timeslice intial value
    - sched/rt: Disallow writing invalid values to sched_rt_period_us
    - scsi: target: core: Add TMF to tmr_list handling
    - dmaengine: shdma: increase size of 'dev_id'
    - dmaengine: fsl-qdma: increase size of 'irq_name'
    - wifi: cfg80211: fix missing interfaces when dumping
    - wifi: mac80211: fix race condition on enabling fast-xmit
    - fbdev: savage: Error out if pixclock equals zero
    - fbdev: sis: Error out if pixclock equals zero
    - spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected
    - ahci: asm1166: correct count of reported ports
    - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers
    - MIPS: reserve exception vector space ONLY ONCE
    - platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet
    - ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap
      corrupt
    - ext4: avoid allocating blocks from corrupted group in
      ext4_mb_try_best_found()
    - ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
    - dmaengine: ti: edma: Add some null pointer checks to the edma_probe
    - regulator: pwm-regulator: Add validity checks in continuous .get_voltage
    - nvmet-tcp: fix nvme tcp ida memory leak
    - ALSA: usb-audio: Check presence of valid altsetting control
    - ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
    - spi: sh-msiof: avoid integer overflow in constants
    - Input: xpad - add Lenovo Legion Go controllers
    - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in
      sctp_new
    - ALSA: usb-audio: Ignore clock selector errors for single connection
    - nvme-fc: do not wait in vain when unloading module
    - nvmet-fcloop: swap the list_add_tail arguments
    - nvmet-fc: release reference on target port
    - nvmet-fc: defer cleanup using RCU properly
    - nvmet-fc: hold reference on hostport match
    - nvmet-fc: abort command when there is no binding
    - nvmet-fc: avoid deadlock on delete association path
    - nvmet-fc: take ref count on tgtport before delete assoc
    - ext4: correct the hole length returned by ext4_map_blocks()
    - Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table
    - fs/ntfs3: Modified fix directory element type detection
    - fs/ntfs3: Improve ntfs_dir_count
    - fs/ntfs3: Correct hard links updating when dealing with DOS names
    - fs/ntfs3: Print warning while fixing hard links count
    - fs/ntfs3: Fix detected field-spanning write (size 8) of single field
      "le->name"
    - fs/ntfs3: Add NULL ptr dereference checking at the end of
      attr_allocate_frame()
    - fs/ntfs3: Disable ATTR_LIST_ENTRY size check
    - fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache
    - fs/ntfs3: Prevent generic message "attempt to access beyond end of device"
    - fs/ntfs3: Correct function is_rst_area_valid
    - fs/ntfs3: Update inode->i_size after success write into compressed file
    - fs/ntfs3: Fix oob in ntfs_listxattr
    - wifi: mac80211: adding missing drv_mgd_complete_tx() call
    - efi: runtime: Fix potential overflow of soft-reserved region size
    - efi: Don't add memblocks for soft-reserved memory
    - hwmon: (coretemp) Enlarge per package core count limit
    - scsi: lpfc: Use unsigned type for num_sge
    - firewire: core: send bus reset promptly on gap count error
    - drm/amdgpu: skip to program GFXDEC registers for suspend abort
    - drm/amdgpu: reset gpu for s3 suspend abort case
    - virtio-blk: Ensure no requests in virtqueues before deleting vqs.
    - pmdomain: mediatek: fix race conditions with genpd
    - ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails
    - pmdomain: renesas: r8a77980-sysc: CR7 must be always on
    - erofs: fix lz4 inplace decompression
    - IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
    - drm/ttm: Fix an invalid freeing on already freed page in error path
    - dm-crypt: don't modify the data when using authenticated encryption
    - platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler
    - platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names
    - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
    - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table()
    - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
    - PCI/MSI: Prevent MSI hardware interrupt number truncation
    - l2tp: pass correct message length to ip6_append_data
    - ARM: ep93xx: Add terminator to gpiod_lookup_table
    - Revert "x86/ftrace: Use alternative RET encoding"
    - x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR
    - x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch()
    - x86/ftrace: Use alternative RET encoding
    - x86/returnthunk: Allow different return thunks
    - Revert "x86/alternative: Make custom return thunk unconditional"
    - x86/alternative: Make custom return thunk unconditional
    - serial: amba-pl011: Fix DMA transmission in RS485 mode
    - usb: dwc3: gadget: Don't disconnect if not started
    - usb: cdnsp: blocked some cdns3 specific code
    - usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers
    - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()
    - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
    - usb: roles: fix NULL pointer issue when put module's reference
    - usb: roles: don't get/set_role() when usb_role_switch is unregistered
    - mptcp: fix lockless access in subflow ULP diag
    - clk: imx: imx8mp: add shared clk gate for usb suspend clk
    - clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents
    - clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents
    - mtd: rawnand: sunxi: Fix the size of the last OOB region
    - RISC-V: fix funct4 definition for c.jalr in parse_asm.h
    - Input: iqs269a - drop unused device node references
    - Input: iqs269a - configure device with a single block write
    - Input: iqs269a - increase interrupt handler return delay
    - clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed
    - Input: ads7846 - don't report pressure for ads7845
    - clk: renesas: cpg-mssr: Remove superfluous check in resume code
    - clk: imx: avoid memory leak
    - Input: ads7846 - always set last command to PWRDOWN
    - Input: ads7846 - don't check penirq immediately for 7845
    - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE
    - clk: qcom: gpucc-sc7180: fix clk_dis_wait being programmed for CX GDSC
    - clk: qcom: gpucc-sdm845: fix clk_dis_wait being programmed for CX GDSC
    - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled()
    - powerpc/pseries/lparcfg: add missing RTAS retry status handling
    - powerpc/perf/hv-24x7: add missing RTAS retry status handling
    - powerpc/pseries/lpar: add missing RTAS retry status handling
    - MIPS: SMP-CPS: fix build error when HOTPLUG_CPU not set
    - MIPS: vpe-mt: drop physical_memsize
    - vdpa/mlx5: Don't clear mr struct on destroy MR
    - ARM: dts: BCM53573: Drop nonexistent #usb-cells
    - RDMA/siw: Balance the reference of cep->kref in the error path
    - RDMA/siw: Correct wrong debug message
    - clk: linux/clk-provider.h: fix kernel-doc warnings and typos
    - platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute
    - acpi: property: Let args be NULL in __acpi_node_get_property_reference
    - ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger
    - tools headers UAPI: Sync linux/fscrypt.h with the kernel sources
    - perf beauty: Update copy of linux/socket.h with the kernel sources
    - tools/virtio: fix build
    - drm/amdgpu: init iommu after amdkfd device init
    - f2fs: don't set GC_FAILURE_PIN for background GC
    - f2fs: write checkpoint during FG_GC
    - drm/i915/dg1: Update DMC_DEBUG3 register
    - kernel/sched: Remove dl_boosted flag comment
    - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl()
    - serial: 8250: Remove serial_rs485 sanitization from em485
    - clk: imx8mp: Add DISP2 pixel clock
    - clk: imx8mp: add clkout1/2 support
    - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock
    - net: ethernet: ti: add missing of_node_put before return
    - powerpc/rtas: make all exports GPL
    - powerpc/rtas: ensure 4KB alignment for rtas_data_buf
    - powerpc/eeh: Small refactor of eeh_handle_normal_event()
    - powerpc/eeh: Set channel state after notifying the drivers
    - PM: core: Redefine pm_ptr() macro
    - PM: core: Add new *_PM_OPS macros, deprecate old ones
    - mmc: jz4740: Use the new PM macros
    - mmc: mxc: Use the new PM macros
    - PM: core: Remove static qualifier in DEFINE_SIMPLE_DEV_PM_OPS macro
    - Input: iqs269a - switch to DEFINE_SIMPLE_DEV_PM_OPS() and pm_sleep_ptr()
    - Input: iqs269a - do not poll during suspend or resume
    - Input: iqs269a - do not poll during ATI
    - net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs
    - netfilter: nf_tables: add rescheduling points during loop detection walks
    - debugobjects: Recheck debug_objects_enabled before reporting
    - nbd: Add the maximum limit of allocated index in nbd_dev_add
    - md: fix data corruption for raid456 when reshape restart while grow up
    - md/raid10: prevent soft lockup while flush writes
    - posix-timers: Ensure timer ID search-loop limit is valid
    - btrfs: add xxhash to fast checksum implementations
    - ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A
    - ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3
    - ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad X131e (3371
      AMD version)
    - arm64: set __exception_irq_entry with __irq_entry as a default
    - arm64: mm: fix VA-range sanity check
    - sched/fair: Don't balance task to its current running CPU
    - wifi: ath11k: fix registration of 6Ghz-only phy without the full channel
      range
    - bpf: Address KCSAN report on bpf_lru_list
    - devlink: report devlink_port_type_warn source device
    - wifi: wext-core: Fix -Wstringop-overflow warning in
      ioctl_standard_iw_point()
    - wifi: iwlwifi: mvm: avoid baid size integer overflow
    - exfat: support dynamic allocate bh for exfat_entry_set_cache
    - arm64: dts: rockchip: fix regulator name on rk3399-rock-4
    - arm64: dts: rockchip: add ES8316 codec for ROCK Pi 4
    - arm64: dts: rockchip: add SPDIF node for ROCK Pi 4
    - ARM: dts: BCM53573: Describe on-SoC BCM53125 rev 4 switch
    - ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1 and iMac12,2
    - ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA
    - ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks
    - ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA
    - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA
    - xhci: cleanup xhci_hub_control port references
    - xhci: move port specific items such as state completions to port structure
    - xhci: rename resume_done to resume_timestamp
    - xhci: clear usb2 resume related variables in one place.
    - xhci: decouple usb2 port resume and get_port_status request handling
    - xhci: track port suspend state correctly in unsuccessful resume cases
    - cifs: add a warning when the in-flight count goes negative
    - IB/hfi1: Fix a memleak in init_credit_return
    - RDMA/bnxt_re: Return error for SRQ resize
    - RDMA/irdma: Fix KASAN issue with tasklet
    - RDMA/irdma: Validate max_send_wr and max_recv_wr
    - RDMA/irdma: Set the CQ read threshold for GEN 1
    - RDMA/irdma: Add AE for too many RNRS
    - RDMA/srpt: Support specifying the srpt_service_guid parameter
    - RDMA/qedr: Fix qedr_create_user_qp error flow
    - arm64: dts: rockchip: set num-cs property for spi on px30
    - RDMA/srpt: fix function pointer cast warnings
    - bpf, scripts: Correct GPL license name
    - scsi: jazz_esp: Only build if SCSI core is builtin
    - nouveau: fix function cast warnings
    - net: stmmac: Fix incorrect dereference in interrupt handlers
    - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid
    - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
    - ata: libahci_platform: Convert to using devm bulk clocks API
    - ata: libahci_platform: Introduce reset assertion/deassertion methods
    - ata: ahci_ceva: fix error handling for Xilinx GT PHY support
    - bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel
    - drm/nouveau/instmem: fix uninitialized_var.cocci warning
    - octeontx2-af: Consider the action set by PF
    - s390: use the correct count for __iowrite64_copy()
    - netfilter: nf_tables: set dormant flag on hook register failure
    - netfilter: flowtable: simplify route logic
    - netfilter: nft_flow_offload: reset dst in route object after setting up flow
    - netfilter: nft_flow_offload: release dst in case direct xmit path is used
    - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set
    - drm/amd/display: Fix memory leak in dm_sw_fini()
    - i2c: imx: Add timer for handling the stop condition
    - i2c: imx: when being a target, mark the last read as processed
    - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
    - netfilter: nf_tables: fix scheduling-while-atomic splat
    - ext4: regenerate buddy after block freeing failed if under fc replay
    - ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks()
    - netfilter: nf_tables: can't schedule in nft_chain_validate
    - r8169: use new PM macros
    - Linux 5.15.150

* Jammy update: v5.15.150 upstream stable release (LP: #2060142) //
    CVE-2024-26733
    - packet: move from strlcpy with unused retval to strscpy
    - net: dev: Convert sa_data to flexible array in struct sockaddr
    - arp: Prevent overflow in arp_req_get().

* Jammy update: v5.15.150 upstream stable release (LP: #2060142) //
    CVE-2024-26735
    - ipv6: sr: fix possible use-after-free and null-ptr-deref

* Jammy update: v5.15.150 upstream stable release (LP: #2060142) //
    CVE-2024-26736
    - afs: Increase buffer size in afs_update_volume_status()

* Jammy update: v5.15.150 upstream stable release (LP: #2060142) //
    CVE-2024-26748
    - usb: cdns3: fix memory double free when handle zero packet

* CVE-2023-47233
    - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach

* CVE-2024-26584
    - net: tls: handle backlogging of crypto requests

* CVE-2024-26585
    - tls: fix race between tx work scheduling and socket close

* CVE-2024-26583
    - tls: rx: jump to a more appropriate label
    - tls: rx: drop pointless else after goto
    - tls: stop recv() if initial process_rx_list gave us non-DATA
    - tls: rx: don't store the record type in socket context
    - tls: rx: don't store the decryption status in socket context
    - tls: rx: don't issue wake ups when data is decrypted
    - tls: rx: refactor decrypt_skb_update()
    - tls: hw: rx: use return value of tls_device_decrypted() to carry status
    - tls: rx: drop unnecessary arguments from tls_setup_from_iter()
    - tls: rx: don't report text length from the bowels of decrypt
    - tls: rx: wrap decryption arguments in a structure
    - tls: rx: factor out writing ContentType to cmsg
    - tls: rx: don't track the async count
    - tls: rx: move counting TlsDecryptErrors for sync
    - tls: rx: assume crypto always calls our callback
    - tls: rx: use async as an in-out argument
    - tls: decrement decrypt_pending if no async completion will be called
    - net: tls: fix async vs NIC crypto offload
    - Revert "tls: rx: move counting TlsDecryptErrors for sync"
    - tls: rx: simplify async wait
    - tls: rx: return the already-copied data on crypto error
    - tls: rx: allow only one reader at a time
    - tls: rx: release the sock lock on locking timeout
    - tls: extract context alloc/initialization out of tls_set_sw_offload
    - net: tls: factor out tls_*crypt_async_wait()
    - tls: fix race between async notify and socket close

* CVE-2024-26622
    - tomoyo: fix UAF write bug in tomoyo_write_control()

-- Roxana Nicolescu <roxana.nicolescu@canonical.com>  Thu, 23 May 2024 09:20:33 +0200

Changed in linux (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package