Ubuntu
linux package

Jammy update: v5.15.177 upstream stable release

Bug #2097298 reported by Noah Wager
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Unassigned
Jammy
Fix Released
Medium
Noah Wager

Bug Description

    SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       v5.15.177 upstream stable release
       from git://git.kernel.org/

ceph: give up on paths longer than PATH_MAX
jbd2: flush filesystem device before updating tail sequence
dm array: fix releasing a faulty array block twice in dm_array_cursor_end
dm array: fix unreleased btree blocks on closing a faulty array cursor
dm array: fix cursor index when skipping across block boundaries
exfat: fix the infinite loop in exfat_readdir()
exfat: fix the infinite loop in __exfat_free_cluster()
ASoC: mediatek: disable buffer pre-allocation
ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
net: 802: LLC+SNAP OID:PID lookup on start of skb data
tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
tcp/dccp: allow a connection when sk_max_ack_backlog is zero
net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
bnxt_en: Fix possible memory leak when hwrm_req_replace fails
cxgb4: Avoid removal of uninserted tid
tls: Fix tls_sw_sendmsg error handling
netfilter: nf_tables: imbalance in flowtable binding
netfilter: conntrack: clamp maximum hashtable size to INT_MAX
drm/mediatek: Add support for 180-degree rotation in the display driver
ksmbd: fix a missing return value check bug
afs: Fix the maximum cell name length
dm thin: make get_first_thin use rcu-safe list first function
dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
sctp: sysctl: rto_min/max: avoid using current->nsproxy
sctp: sysctl: auth_enable: avoid using current->nsproxy
sctp: sysctl: udp_port: avoid using current->nsproxy
sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
drm/amd/display: Add check for granularity in dml ceil/floor helpers
riscv: Fix sleeping in invalid context in die()
ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[]
drm/amd/display: increase MAX_SURFACES to the value supported by hw
scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity
USB: serial: option: add MeiG Smart SRM815
USB: serial: option: add Neoway N723-EA support
staging: iio: ad9834: Correct phase range check
staging: iio: ad9832: Correct phase range check
usb-storage: Add max sectors quirk for Nokia 208
USB: serial: cp210x: add Phoenix Contact UPS Device
usb: dwc3: gadget: fix writing NYET threshold
topology: Keep the cpumask unchanged when printing cpumap
USB: usblp: return error when setting unsupported protocol
USB: core: Disable LPM only for non-suspended ports
usb: fix reference leak in usb_new_device()
usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
iio: pressure: zpa2326: fix information leak in triggered buffer
iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer
iio: light: vcnl4035: fix information leak in triggered buffer
iio: imu: kmx61: fix information leak in triggered buffer
iio: adc: ti-ads8688: fix information leak in triggered buffer
iio: gyro: fxas21002c: Fix missing data update in trigger handler
iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
iio: adc: at91: call input_free_device() on allocated iio_dev
iio: inkern: call iio_device_put() only on mapped devices
iio: adc: ad7124: Disable all channels at probe time
block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
arm64: dts: rockchip: add hevc power domain clock to rk3328
of: unittest: Add bus address range parsing tests
of/address: Add support for 3 address cell bus
of: address: Fix address translation when address-size is greater than 2
of: address: Remove duplicated functions
of: address: Store number of bus flag cells rather than bool
of: address: Preserve the flags portion on 1:1 dma-ranges mapping
phy: usb: Add "wake on" functionality for newer Synopsis XHCI controllers
phy: usb: Toggle the PHY power during init
ocfs2: correct return value of ocfs2_local_free_info()
ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
mptcp: drop port parameter of mptcp_pm_add_addr_signal
mptcp: fix TCP options overflow.
phy: usb: Use slow clock for wake enabled suspend
phy: usb: Fix clock imbalance for suspend/resume
net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
bpf: Fix bpf_sk_select_reuseport() memory leak
pktgen: Avoid out-of-bounds access in get_imix_entries
net: add exit_batch_rtnl() method
gtp: use exit_batch_rtnl() method
gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
gtp: Destroy device along with udp socket's netns dismantle.
nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
net: xilinx: axienet: Fix IRQ coalescing packet count overflow
net/mlx5: Add priorities for counters in RDMA namespaces
net/mlx5: Refactor mlx5_get_flow_namespace
net/mlx5: Fix RDMA TX steering prio
drm/v3d: Ensure job pointer is set to NULL after job completion
Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data"
i2c: mux: demux-pinctrl: check initial mux selection, too
i2c: rcar: fix NACK handling when being a target
mac802154: check local interfaces before deleting sdata list
hfs: Sanity check the root record
fs: fix missing declaration of init_files
kheaders: Ignore silly-rename files
ACPI: resource: acpi_dev_irq_override(): Check DMI match last
poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll()
nvmet: propagate npwg topology
net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
vsock/virtio: cancel close work in the destructor
vsock: reset socket state when de-assigning the transport
vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
filemap: avoid truncating 64-bit offset to 32 bits
fs/proc: fix softlockup in __read_vmcore (part 2)
gpiolib: cdev: Fix use after free in lineinfo_changed_notify
irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
hrtimers: Handle CPU state correctly on hotplug
drm/i915/fb: Relax clear color alignment to 64 bytes
iio: imu: inv_icm42600: fix spi burst write not supported
iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
iio: adc: rockchip_saradc: fix information leak in triggered buffer
Revert "drm/amdgpu: rework resume handling for display (v2)"
Revert "regmap: detach regmap from dev on regmap_exit"
blk-cgroup: Fix UAF in blkcg_unpin_online()
vsock/virtio: discard packets if the transport changes
ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
nfsd: add list_head nf_gc to struct nfsd_file
x86/xen: fix SLS mitigation in xen_hypercall_iret()
scsi: sg: Fix slab-use-after-free read in sg_release()
net: fix data-races around sk->sk_forward_alloc
xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals
Linux 5.15.177
UBUNTU: Upstream stable to v5.15.177

See original description

CVE References

Noah Wager (nwager)
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in linux (Ubuntu Jammy):
assignee: nobody → Noah Wager (nwager)
importance: Undecided → Medium
status: New → In Progress
description: updated
Koichiro Den (koichiroden)
Changed in linux (Ubuntu Jammy):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (75.4 KiB)

This bug was fixed in the package linux - 5.15.0-135.146

---------------
linux (5.15.0-135.146) jammy; urgency=medium

  * jammy/linux: 5.15.0-135.146 -proposed tracker (LP: #2098300)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2025.02.10)

  * Jammy update: v5.15.178 upstream stable release (LP: #2098441)
    - ASoC: wm8994: Add depends on MFD core
    - ASoC: samsung: Add missing selects for MFD_WM8994
    - seccomp: Stub for !CONFIG_SECCOMP
    - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
    - irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
    - ASoC: samsung: Add missing depends on I2C
    - regmap: detach regmap from dev on regmap_exit
    - mptcp: don't always assume copied data in mptcp_cleanup_rbuf()
    - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
    - net: sched: fix ets qdisc OOB Indexing
    - vfio/platform: check the bounds of read/write syscalls
    - fs/ntfs3: Additional check in ntfs_file_release
    - platform/chrome: cros_ec_typec: Check for EC driver
    - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
    - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
    - wifi: iwlwifi: add a few rate index validity checks
    - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
    - ALSA: usb-audio: Add delay quirk for USB Audio Device
    - Input: atkbd - map F23 key to support default copilot shortcut
    - Input: xpad - add unofficial Xbox 360 wireless receiver clone
    - Input: xpad - add support for wooting two he (arm)
    - drm/v3d: Assign job pointer to NULL before signaling the fence
    - Linux 5.15.178

  * CVE-2024-49925
    - fbdev: efifb: Register sysfs groups through driver core

  * Jammy update: v5.15.177 upstream stable release (LP: #2097298)
    - ceph: give up on paths longer than PATH_MAX
    - jbd2: flush filesystem device before updating tail sequence
    - dm array: fix releasing a faulty array block twice in dm_array_cursor_end
    - dm array: fix unreleased btree blocks on closing a faulty array cursor
    - dm array: fix cursor index when skipping across block boundaries
    - exfat: fix the infinite loop in exfat_readdir()
    - exfat: fix the infinite loop in __exfat_free_cluster()
    - ASoC: mediatek: disable buffer pre-allocation
    - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
    - net: 802: LLC+SNAP OID:PID lookup on start of skb data
    - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
    - tcp/dccp: allow a connection when sk_max_ack_backlog is zero
    - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
    - bnxt_en: Fix possible memory leak when hwrm_req_replace fails
    - cxgb4: Avoid removal of uninserted tid
    - tls: Fix tls_sw_sendmsg error handling
    - netfilter: nf_tables: imbalance in flowtable binding
    - netfilter: conntrack: clamp maximum hashtable size to INT_MAX
    - drm/mediatek: Add support for 180-degree rotation in the display driver
    - ksmbd: fix a missing return value check bug
    - afs: Fix the maximum cell name l...

Changed in linux (Ubuntu Jammy):
status: Fix Committed → Fix Released
Juerg Haefliger (juergh)
tags: added: kernel-daily-bug
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.