Jammy update: v5.15.162 upstream stable release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Medium
|
Portia Stephens |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
v5.15.162 upstream stable release
from git://git.
wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
wifi: mac80211: Fix deadlock in ieee80211_
wifi: cfg80211: Lock wiphy in cfg80211_
wifi: cfg80211: pmsr: use correct nla_get_uX functions
wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64
wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef
wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
wifi: iwlwifi: mvm: don't read past the mfuart notifcation
wifi: mac80211: correctly parse Spatial Reuse Parameter Set element
net/ncsi: Simplify Kconfig/dts control flow
net/ncsi: Fix the multi thread manner of NCSI driver
ipv6: sr: block BH in seg6_output_core() and seg6_input_core()
bpf: Set run context for rawtp test_run callback
octeontx2-af: Always allocate PF entries from low prioriy zone
net: sched: sch_multiq: fix possible OOB write in multiq_tune()
vxlan: Fix regression when dropping packets due to invalid src addresses
tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB
net/sched: taprio: always validate TCA_TAPRIO_
ptp: Fix error message on failed pin verification
af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer.
af_unix: Annodate data-races around sk->sk_state for writers.
af_unix: Annotate data-race of sk->sk_state in unix_inq_len().
af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll().
net: inline sock_prot_
net: drop nopreempt requirement on sock_prot_
af_unix: Annotate data-race of sk->sk_state in unix_stream_
af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg().
af_unix: Annotate data-race of sk->sk_state in unix_stream_
af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG.
af_unix: Annotate data-race of net->unx.
af_unix: Use unix_recvq_
af_unix: annotate lockless accesses to sk->sk_err
af_unix: Use skb_queue_
af_unix: Use skb_queue_
af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill().
ipv6: fix possible race in __fib6_
usb: gadget: f_fs: use io_data->status consistently
usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete
iio: accel: mxc4005: Reset chip on probe() and resume()
drm/amd/display: Handle Y carry-over in VCP X.Y calculation
drm/amd/display: Clean up some inconsistent indenting
drm/amd/display: drop unnecessary NULL checks in debugfs
drm/amd/display: Fix incorrect DSC instance for MST
pvpanic: Keep single style across modules
pvpanic: Indentation fixes here and there
misc/pvpanic: deduplicate common code
misc/pvpanic-pci: register attributes via pci_driver
skbuff: introduce skb_pull_data
Bluetooth: hci_qca: mark OF related data as maybe unused
Bluetooth: btqca: use le32_to_cpu for ver.soc_id
Bluetooth: btqca: Add WCN3988 support
Bluetooth: qca: use switch case for soc type behavior
Bluetooth: qca: add support for QCA2066
Bluetooth: qca: fix info leak when fetching fw build id
serial: sc16is7xx: replace hardcoded divisor value with BIT() macro
serial: sc16is7xx: fix bug in sc16is7xx_
x86/ibt,ftrace: Search for __fentry__ location
ftrace: Fix possible use-after-free issue in ftrace_location()
mmc: davinci_mmc: Convert to platform remove callback returning void
mmc: davinci: Don't strip remove function when driver is builtin
i2c: add fwnode APIs
i2c: acpi: Unbind mux adapters before delete
cma: factor out minimum alignment requirement
mm/cma: drop incorrect alignment check in cma_init_
selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages
selftests/mm: conform test to TAP format output
selftests/mm: compaction_test: fix bogus test success on Aarch64
wifi: ath10k: fix QCOM_RPROC_COMMON dependency
btrfs: fix leak of qgroup extent records after transaction abort
nilfs2: Remove check for PageError
nilfs2: return the mapped address from nilfs_get_page()
nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state
mei: me: release irq in mei_me_pci_resume error path
jfs: xattr: fix buffer overflow for invalid xattr
xhci: Set correct transferred length for cancelled bulk transfers
xhci: Apply reset resume quirk to Etron EJ188 xHCI host
xhci: Handle TD clearing for multiple streams case
xhci: Apply broken streams quirk to Etron EJ188 xHCI host
scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory
powerpc/uaccess: Fix build errors seen with GCC 13/14
Input: try trimming too long modalias strings
clk: sifive: Do not register clkdevs for PRCI clocks
SUNRPC: return proper error from gss_wrap_req_priv
platform/x86: dell-smbios-base: Use sysfs_emit()
platform/x86: dell-smbios: Fix wrong token data in sysfs
gpio: tqmx86: fix typo in Kconfig label
gpio: tqmx86: store IRQ trigger type and unmask status separately
HID: core: remove unnecessary WARN_ON() in implement()
iommu/amd: Introduce pci segment structure
iommu/amd: Fix sysfs leak in iommu init
iommu: Return right value in iommu_sva_
HID: logitech-dj: Fix memory leak in logi_dj_
drm/vmwgfx: 3D disabled should not effect STDU memory limits
net: sfp: Always call `sfp_sm_
net: hns3: fix kernel crash problem in concurrent scenario
net: hns3: add cond_resched() to hns3 ring buffer init process
liquidio: Adjust a NULL pointer handling path in lio_vf_
drm/komeda: check for error-valued pointer
drm/bridge/panel: Fix runtime warning on panel bridge release
tcp: fix race in tcp_v6_
net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets
Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_
netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type
net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs parameters
net/ipv6: Fix the RT cache flush via sysctl using a previous delay
ionic: fix use after netif_napi_del()
af_unix: Read with MSG_PEEK loops if the first unread byte is OOB
iio: adc: ad9467: fix scan type sign
iio: dac: ad5592r: fix temperature channel scaling value
iio: imu: inv_icm42600: delete unneeded update watermark call
drivers: core: synchronize really_probe() and dev_uevent()
drm/exynos/vidi: fix memory leak in .get_modes()
drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found
mptcp: ensure snd_una is properly initialized on connect
tracing/selftests: Fix kprobe event name test for .isra. functions
null_blk: Print correct max open zones limit in null_init_
sock_map: avoid race between sock_map_close and sk_psock_put
vmci: prevent speculation leaks by sanitizing event in event_deliver()
spmi: hisi-spmi-
knfsd: LOOKUP can return an illegal error value
fs/proc: fix softlockup in __read_vmcore
ocfs2: use coarse time for new created files
ocfs2: fix races between hole punching and AIO+DIO
PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id
dmaengine: axi-dmac: fix possible race in remove()
intel_th: pci: Add Granite Rapids support
intel_th: pci: Add Granite Rapids SOC support
intel_th: pci: Add Sapphire Rapids SOC support
intel_th: pci: Add Meteor Lake-S support
intel_th: pci: Add Lunar Lake support
nilfs2: fix potential kernel bug due to lack of writeback flag waiting
tick/nohz_full: Don't abuse smp_call_
scsi: mpi3mr: Fix ATA NCQ priority support
mm/huge_memory: don't unpoison huge_zero_folio
serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level
hugetlb_encode.h: fix undefined behaviour (34 << 26)
mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID
mptcp: pm: update add_addr counters after connect
kbuild: Remove support for Clang's ThinLTO caching
greybus: Fix use-after-free bug in gb_interface_
usb-storage: alauda: Check whether the media is initialized
i2c: at91: Fix the functionality flags of the slave-only interface
i2c: designware: Fix the functionality flags of the slave-only interface
zap_pid_
Bluetooth: qca: Fix error code in qca_read_
Bluetooth: qca: fix info leak when fetching board id
padata: Disable BH when taking works lock on MT path
crypto: hisilicon/sec - Fix memory leak for sec resource release
rcutorture: Fix rcu_torture_
rcutorture: Make stall-tasks directly exit when rcutorture tests end
rcutorture: Fix invalid context warning when enable srcu barrier testing
block/ioctl: prefer different overflow check
selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh
selftests/bpf: Fix flaky test btf_map_
batman-adv: bypass empty buckets in batadv_
wifi: ath9k: work around memset overflow warning
af_packet: avoid a false positive warning in packet_setsockopt()
drop_monitor: replace spin_lock by raw_spin_lock
scsi: qedi: Fix crash while reading debugfs attribute
kselftest: arm64: Add a null pointer check
netpoll: Fix race condition in netpoll_
HID: Add quirk for Logitech Casa touchpad
ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7
Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl
drm/amd/display: Exit idle optimizations before HDCP execution
drm/lima: add mask irq callback to gp and pp
drm/lima: mask irqs in timeout path before hard reset
powerpc/pseries: Enforce hcall result buffer validity and size
powerpc/io: Avoid clang null pointer arithmetic warnings
power: supply: cros_usbpd: provide ID table for avoiding fallback match
iommu/arm-smmu-v3: Free MSIs in case of ENOMEM
f2fs: remove clear SB_INLINECRYPT flag in default_options
usb: misc: uss720: check for incompatible versions of the Belkin F5U002
Avoid hw_desc array overrun in dw-axi-dmac
udf: udftime: prevent overflow in udf_disk_
PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
MIPS: Octeon: Add PCIe link status check
serial: imx: Introduce timeout when waiting on transmitter empty
serial: exar: adding missing CTI and Exar PCI ids
MIPS: Routerboard 532: Fix vendor retry check code
mips: bmips: BCM6358: make sure CBR is correctly set
tracing: Build event generation tests only as modules
cipso: fix total option length computation
netrom: Fix a memory leak in nr_heartbeat_
ipv6: prevent possible NULL deref in fib6_nh_init()
ipv6: prevent possible NULL dereference in rt6_probe()
xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
netns: Make get_net_ns() handle zero refcount net
qca_spi: Make interrupt remembering atomic
net/sched: act_api: rely on rcu in tcf_idr_check_alloc
net/sched: act_api: fix possible infinite loop in tcf_idr_
tipc: force a dst refcount before doing decryption
net/sched: act_ct: set 'net' pointer when creating new nf_flow_table
sched: act_ct: add netns into the key of tcf_ct_flow_table
ptp: fix integer overflow in max_vclocks_store
net: stmmac: No need to calculate speed divider when offload is disabled
virtio_net: checksum offloading handling fix
octeontx2-pf: Add error handling to VLAN unoffload handling
netfilter: ipset: Fix suspicious rcu_dereference
seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors
bnxt_en: Restore PTP tx_avail count in case of skb_pad() error
net: usb: rtl8150 fix unintiatilzed variables in rtl8150_
regulator: core: Fix modpost error "regulator_
dmaengine: idxd: Fix possible Use-After-Free in irq_process_
dmaengine: ioat: switch from 'pci_' to 'dma_' API
dmaengine: ioat: Drop redundant pci_enable_
dmaengine: ioatdma: Fix leaking on version mismatch
dmaengine: ioat: use PCI core macros for PCIe Capability
dmaengine: ioatdma: Fix error path in ioat3_dma_probe()
dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe()
dmaengine: ioatdma: Fix missing kmem_cache_
regulator: bd71815: fix ramp values
ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
RDMA/mlx5: Add check for srq max_sge attribute
serial: stm32: rework RX over DMA
net: do not leave a dangling sk pointer, when socket creation fails
btrfs: retry block group reclaim without infinite loop
KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes
ALSA: hda/realtek: Limit mic boost on N14AP7
drm/i915/mso: using joiner is not possible with eDP MSO
drm/radeon: fix UBSAN warning in kv_dpm.c
gcov: add support for GCC 14
kcov: don't lose track of remote references during softirqs
tcp: clear tp->retrans_stamp in tcp_rcv_
i2c: ocores: set IACK bit after core is enabled
dt-bindings: i2c: google,
arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc
drm/amd/display: revert Exit idle optimizations before HDCP execution
perf: script: add raw|disasm arguments to --insn-trace option
perf script: Show also errors for --insn-trace option
ARM: dts: samsung: smdkv310: fix keypad no-autorepeat
ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat
ARM: dts: samsung: smdk4412: fix keypad no-autorepeat
rtlwifi: rtl8192de: Style clean-ups
wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power
pmdomain: ti-sci: Fix duplicate PD referrals
bcache: fix variable length array abuse in btree_iter
tracing: Add MODULE_
x86/cpu/vfm: Add new macros to work with (vendor/
x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL
ksmbd: ignore trailing slashes in share paths
drm/i915/gt: Only kick the signal worker if there's been an update
drm/i915/gt: Disarm breadcrumbs if engines are already idle
Revert "kheaders: substituting --sort in archive creation"
kheaders: explicitly define file modes for archived headers
riscv: mm: init: try best to use IS_ENABLED(
riscv: fix overlap of allocated page and PTR_ERR
perf/core: Fix missing wakeup when waiting for context reference
PCI: Add PCI_ERROR_RESPONSE and related definitions
x86/amd_nb: Check for invalid SMN reads
smb: client: fix deadlock in smb2_find_
ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable
ACPI: x86: Force StorageD3Enable on more products
gve: Add RX context.
gve: Clear napi->skb before dev_kfree_skb_any()
Input: ili210x - fix ili251x_
pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins
pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins
pinctrl: rockchip: use dedicated pinctrl type for RK3328
pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set
cifs: fix typo in module parameter enable_gcm_256
drm/amdgpu: fix UBSAN warning in kv_dpm.c
net: mdio: add helpers to extract clause 45 regad and devad fields
net: stmmac: Assign configured channel value to EXTTS event
ASoC: fsl-asoc-card: set priv->pdev before using it
net: dsa: microchip: fix initial port flush problem
ibmvnic: Free any outstanding tx skbs during scrq reset
net: phy: micrel: add Microchip KSZ 9477 to the device table
xdp: Remove WARN() from __xdp_reg_
tcp: Use BPF timeout setting for SYN ACK RTO
Fix race for duplicate reqsk on identical SYN
sparc: fix old compat_sys_select()
sparc: fix compat recv/recvfrom syscalls
parisc: use correct compat recv/recvfrom syscalls
tcp: fix tcp_rcv_
netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers
bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()
drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep
vduse: validate block features only with block devices
vduse: Temporarily fail if control queue feature requested
x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup
mtd: partitions: redboot: Added conversion of operands to a larger type
bpf: Add a check for struct bpf_fib_lookup size
RDMA/restrack: Fix potential invalid address access
net/iucv: Avoid explicit cpumask var allocation on stack
net/dpaa2: Avoid explicit cpumask var allocation on stack
crypto: ecdh - explicitly zeroize private_key
ALSA: emux: improve patch ioctl data validation
media: dvbdev: Initialize sbuf
soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message
drm/radeon/
nvme: fixup comment for nvme RDMA Provider Type
drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA
gpio: davinci: Validate the obtained number of IRQs
gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1)
x86: stop playing stack games in profile_pc()
parisc: use generic sys_fanotify_mark implementation
ocfs2: fix DIO failure due to insufficient transaction credits
mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos
mmc: sdhci: Do not invert write-protect twice
mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro()
i2c: testunit: don't erase registers after STOP
i2c: testunit: discard write requests while old command is running
iio: adc: ad7266: Fix variable checking bug
iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF
iio: chemical: bme680: Fix pressure value output
iio: chemical: bme680: Fix calibration data variable
iio: chemical: bme680: Fix overflows in compensate() functions
iio: chemical: bme680: Fix sensor data read operation
net: usb: ax88179_178a: improve link status logs
usb: gadget: printer: SS+ support
usb: gadget: printer: fix races against disable
usb: musb: da8xx: fix a resource leak in probe()
usb: atm: cxacru: fix endpoint checking in cxacru_bind()
usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock
serial: 8250_omap: Implementation of Errata i2310
tty: mcf: MCF54418 has 10 UARTS
net: can: j1939: Initialize unused data in j1939_send_one()
net: can: j1939: recover socket queue on CAN bus error during BAM transmission
net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_
cpu/hotplug: Fix dynstate assignment in __cpuhp_
kbuild: Install dtb files as 0644 in Makefile.dtbinst
sh: rework sync_file_range ABI
csky, hexagon: fix broken sys_sync_file_range
hexagon: fix fadvise64_64 calling conventions
drm/nouveau/
drm/amdgpu: avoid using null object of framebuffer
drm/i915/gt: Fix potential UAF by revoke of fence registers
drm/nouveau/
batman-adv: Don't accept TT entries for out-of-spec VIDs
ata: ahci: Clean up sysfs file on error
ata: libata-core: Fix double free on error
ftruncate: pass a signed offset
syscalls: fix compat_
syscalls: fix sys_fanotify_mark prototype
pwm: stm32: Refuse too small period requests
nfs: Leave pages in the pagecache if readpage failed
drivers: fix typo in firmware/
efi: Correct comment on efi_memmap_alloc
efi: memmap: Move manipulation routines into x86 arch tree
efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures
efi/x86: Free EFI memory map only when installing a new one.
KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption
ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node
arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E
arm64: dts: rockchip: Add sound-dai-cells for RK3368
serial: 8250_omap: Fix Errata i2310 with RX FIFO level check
tracing/net_sched: NULL pointer dereference in perf_trace_
Linux 5.15.162
UBUNTU: Upstream stable to v5.15.162
CVE References
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
tags: | added: kernel-stable-tracking-bug |
Changed in linux (Ubuntu): | |
status: | Confirmed → Invalid |
Changed in linux (Ubuntu Jammy): | |
assignee: | nobody → Portia Stephens (portias) |
importance: | Undecided → Medium |
status: | New → In Progress |
description: | updated |
Changed in linux (Ubuntu Jammy): | |
status: | In Progress → Fix Committed |
This bug was fixed in the package linux - 5.15.0-119.129
---------------
linux (5.15.0-119.129) jammy; urgency=medium
* jammy/linux: 5.15.0-119.129 -proposed tracker (LP: #2075665)
* Virtualbox Guru meditation on VM start caused by kernel commit in v6.9-rc4
(LP: #2073267)
- SAUCE: Revert "randomize_kstack: Improve entropy diffusion"
* CVE-2024-26921
- inet: inet_defrag: prevent sk release while still in use
* Jammy update: v5.15.162 upstream stable release (LP: #2073765) //
CVE-2024-39484
- mmc: davinci: Don't strip remove function when driver is builtin
* Jammy update: v5.15.162 upstream stable release (LP: #2073765)
- mmc: davinci_mmc: Convert to platform remove callback returning void
* CVE-2024-39292
- um: Add winch to winch_handlers before registering winch IRQ
* CVE-2024-36901
- ipv6: prevent NULL dereference in ip6_output()
* CVE-2024-26830
- i40e: Do not allow untrusted VF to remove administratively set MAC
* CVE-2024-26680
- net: atlantic: Fix DMA mapping for PTP hwts ring
* CVE-2023-52760
- gfs2: Fix slab-use-after-free in gfs2_qd_dealloc
* CVE-2023-52629
- sh: push-switch: Reorder cleanup operations to avoid use-after-free bug
-- Manuel Diewald <email address hidden> Fri, 02 Aug 2024 16:15:36 +0200