Ubuntu
linux package

Jammy update: v5.15.178 upstream stable release

Bug #2098441 reported by Noah Wager on 2025-02-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Jammy	Fix Released	Medium	Noah Wager

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

v5.15.178 upstream stable release
from git://git.kernel.org/

ASoC: wm8994: Add depends on MFD core
ASoC: samsung: Add missing selects for MFD_WM8994
seccomp: Stub for !CONFIG_SECCOMP
scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
ASoC: samsung: Add missing depends on I2C
regmap: detach regmap from dev on regmap_exit
mptcp: don't always assume copied data in mptcp_cleanup_rbuf()
gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
net: sched: fix ets qdisc OOB Indexing
vfio/platform: check the bounds of read/write syscalls
fs/ntfs3: Additional check in ntfs_file_release
platform/chrome: cros_ec_typec: Check for EC driver
ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
wifi: iwlwifi: add a few rate index validity checks
USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
ALSA: usb-audio: Add delay quirk for USB Audio Device
Input: atkbd - map F23 key to support default copilot shortcut
Input: xpad - add unofficial Xbox 360 wireless receiver clone
Input: xpad - add support for wooting two he (arm)
drm/v3d: Assign job pointer to NULL before signaling the fence
Linux 5.15.178
UBUNTU: Upstream stable to v5.15.178

See original description

Tags:

CVE References

Noah Wager (nwager) on 2025-02-14

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status:	Confirmed → Invalid
Changed in linux (Ubuntu Jammy):
assignee:	nobody → Noah Wager (nwager)
importance:	Undecided → Medium
status:	New → In Progress
description:	updated

Koichiro Den (koichiroden) on 2025-02-14

Changed in linux (Ubuntu Jammy):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2025-03-24:

Download full text (75.4 KiB)

This bug was fixed in the package linux - 5.15.0-135.146

---------------
linux (5.15.0-135.146) jammy; urgency=medium

* jammy/linux: 5.15.0-135.146 -proposed tracker (LP: #2098300)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2025.02.10)

  * Jammy update: v5.15.178 upstream stable release (LP: #2098441)
    - ASoC: wm8994: Add depends on MFD core
    - ASoC: samsung: Add missing selects for MFD_WM8994
    - seccomp: Stub for !CONFIG_SECCOMP
    - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
    - irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
    - ASoC: samsung: Add missing depends on I2C
    - regmap: detach regmap from dev on regmap_exit
    - mptcp: don't always assume copied data in mptcp_cleanup_rbuf()
    - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
    - net: sched: fix ets qdisc OOB Indexing
    - vfio/platform: check the bounds of read/write syscalls
    - fs/ntfs3: Additional check in ntfs_file_release
    - platform/chrome: cros_ec_typec: Check for EC driver
    - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
    - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
    - wifi: iwlwifi: add a few rate index validity checks
    - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
    - ALSA: usb-audio: Add delay quirk for USB Audio Device
    - Input: atkbd - map F23 key to support default copilot shortcut
    - Input: xpad - add unofficial Xbox 360 wireless receiver clone
    - Input: xpad - add support for wooting two he (arm)
    - drm/v3d: Assign job pointer to NULL before signaling the fence
    - Linux 5.15.178

* CVE-2024-49925
- fbdev: efifb: Register sysfs groups through driver core

This bug was fixed in the package linux - 5.15.0-135.146

---------------
linux (5.15.0-135.146) jammy; urgency=medium

* jammy/linux: 5.15.0-135.146 -proposed tracker (LP: #2098300)

* Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2025.02.10)

* CVE-2024-49925
    - fbdev: efifb: Register sysfs groups through driver core

* Jammy update: v5.15.177 upstream stable release (LP: #2097298)
    - ceph: give up on paths longer than PATH_MAX
    - jbd2: flush filesystem device before updating tail sequence
    - dm array: fix releasing a faulty array block twice in dm_array_cursor_end
    - dm array: fix unreleased btree blocks on closing a faulty array cursor
    - dm array: fix cursor index when skipping across block boundaries
    - exfat: fix the infinite loop in exfat_readdir()
    - exfat: fix the infinite loop in __exfat_free_cluster()
    - ASoC: mediatek: disable buffer pre-allocation
    - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
    - net: 802: LLC+SNAP OID:PID lookup on start of skb data
    - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
    - tcp/dccp: allow a connection when sk_max_ack_backlog is zero
    - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
    - bnxt_en: Fix possible memory leak when hwrm_req_replace fails
    - cxgb4: Avoid removal of uninserted tid
    - tls: Fix tls_sw_sendmsg error handling
    - netfilter: nf_tables: imbalance in flowtable binding
    - netfilter: conntrack: clamp maximum hashtable size to INT_MAX
    - drm/mediatek: Add support for 180-degree rotation in the display driver
    - ksmbd: fix a missing return value check bug
    - afs: Fix the maximum cell name length
    - dm thin: make get_first_thin use rcu-safe list first function
    - dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
    - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
    - sctp: sysctl: rto_min/max: avoid using current->nsproxy
    - sctp: sysctl: auth_enable: avoid using current->nsproxy
    - sctp: sysctl: udp_port: avoid using current->nsproxy
    - sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
    - drm/amd/display: Add check for granularity in dml ceil/floor helpers
    - riscv: Fix sleeping in invalid context in die()
    - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
    - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[]
    - drm/amd/display: increase MAX_SURFACES to the value supported by hw
    - scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity
    - USB: serial: option: add MeiG Smart SRM815
    - USB: serial: option: add Neoway N723-EA support
    - staging: iio: ad9834: Correct phase range check
    - staging: iio: ad9832: Correct phase range check
    - usb-storage: Add max sectors quirk for Nokia 208
    - USB: serial: cp210x: add Phoenix Contact UPS Device
    - usb: dwc3: gadget: fix writing NYET threshold
    - topology: Keep the cpumask unchanged when printing cpumap
    - USB: usblp: return error when setting unsupported protocol
    - USB: core: Disable LPM only for non-suspended ports
    - usb: fix reference leak in usb_new_device()
    - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
    - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
    - iio: pressure: zpa2326: fix information leak in triggered buffer
    - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered
      buffer
    - iio: light: vcnl4035: fix information leak in triggered buffer
    - iio: imu: kmx61: fix information leak in triggered buffer
    - iio: adc: ti-ads8688: fix information leak in triggered buffer
    - iio: gyro: fxas21002c: Fix missing data update in trigger handler
    - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
    - iio: adc: at91: call input_free_device() on allocated iio_dev
    - iio: inkern: call iio_device_put() only on mapped devices
    - iio: adc: ad7124: Disable all channels at probe time
    - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
    - arm64: dts: rockchip: add hevc power domain clock to rk3328
    - of: unittest: Add bus address range parsing tests
    - of/address: Add support for 3 address cell bus
    - of: address: Fix address translation when address-size is greater than 2
    - of: address: Remove duplicated functions
    - of: address: Store number of bus flag cells rather than bool
    - of: address: Preserve the flags portion on 1:1 dma-ranges mapping
    - phy: usb: Add "wake on" functionality for newer Synopsis XHCI controllers
    - phy: usb: Toggle the PHY power during init
    - ocfs2: correct return value of ocfs2_local_free_info()
    - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
    - mptcp: drop port parameter of mptcp_pm_add_addr_signal
    - mptcp: fix TCP options overflow.
    - phy: usb: Use slow clock for wake enabled suspend
    - phy: usb: Fix clock imbalance for suspend/resume
    - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
    - bpf: Fix bpf_sk_select_reuseport() memory leak
    - pktgen: Avoid out-of-bounds access in get_imix_entries
    - net: add exit_batch_rtnl() method
    - gtp: use exit_batch_rtnl() method
    - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
    - gtp: Destroy device along with udp socket's netns dismantle.
    - nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
    - net: xilinx: axienet: Fix IRQ coalescing packet count overflow
    - net/mlx5: Add priorities for counters in RDMA namespaces
    - net/mlx5: Refactor mlx5_get_flow_namespace
    - net/mlx5: Fix RDMA TX steering prio
    - drm/v3d: Ensure job pointer is set to NULL after job completion
    - Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data"
    - i2c: mux: demux-pinctrl: check initial mux selection, too
    - i2c: rcar: fix NACK handling when being a target
    - mac802154: check local interfaces before deleting sdata list
    - hfs: Sanity check the root record
    - fs: fix missing declaration of init_files
    - kheaders: Ignore silly-rename files
    - ACPI: resource: acpi_dev_irq_override(): Check DMI match last
    - poll_wait: add mb() to fix theoretical race between waitqueue_active() and
      .poll()
    - nvmet: propagate npwg topology
    - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
    - vsock/virtio: cancel close work in the destructor
    - vsock: reset socket state when de-assigning the transport
    - vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
    - filemap: avoid truncating 64-bit offset to 32 bits
    - fs/proc: fix softlockup in __read_vmcore (part 2)
    - gpiolib: cdev: Fix use after free in lineinfo_changed_notify
    - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
    - hrtimers: Handle CPU state correctly on hotplug
    - drm/i915/fb: Relax clear color alignment to 64 bytes
    - iio: imu: inv_icm42600: fix spi burst write not supported
    - iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
    - iio: adc: rockchip_saradc: fix information leak in triggered buffer
    - Revert "drm/amdgpu: rework resume handling for display (v2)"
    - Revert "regmap: detach regmap from dev on regmap_exit"
    - vsock/virtio: discard packets if the transport changes
    - ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
    - nfsd: add list_head nf_gc to struct nfsd_file
    - x86/xen: fix SLS mitigation in xen_hypercall_iret()
    - scsi: sg: Fix slab-use-after-free read in sg_release()
    - net: fix data-races around sk->sk_forward_alloc
    - xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
    - Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM
      conditionals
    - Linux 5.15.177

* CVE-2024-46784
    - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup

* CVE-2024-44938
    - jfs: Fix shift-out-of-bounds in dbDiscardAG

* CVE-2024-43900
    - media: xc2028: avoid use-after-free in load_firmware_cb()

* Jammy update: v5.15.176 upstream stable release (LP: #2095327)
    - ALSA: usb: Fix UBSAN warning in parse_audio_unit()
    - usb: cdns3: Add quirk flag to enable suspend residency
    - ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP
    - PCI: vmd: Create domain symlink before pci_bus_add_devices()
    - PCI: Add ACS quirk for Broadcom BCM5760X NIC
    - MIPS: Loongson64: DTS: Fix msi node for ls7a
    - usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with
      iommu enabled
    - i2c: pnx: Fix timeout in wait functions
    - erofs: fix incorrect symlink detection in fast symlink
    - net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll
    - ionic: use ee->offset when returning sprom data
    - net: hinic: Fix cleanup in create_rxqs/txqs()
    - net: ethernet: bgmac-platform: fix an OF node reference leak
    - netfilter: ipset: Fix for recursive locking warning
    - net: mdiobus: fix an OF node reference leak
    - mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk
    - chelsio/chtls: prevent potential integer overflow on 32bit
    - i2c: riic: Always round-up when calculating bus period
    - efivarfs: Fix error on non-existent file
    - USB: serial: option: add TCL IK512 MBIM & ECM
    - USB: serial: option: add MeiG Smart SLM770A
    - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready
    - USB: serial: option: add MediaTek T7XX compositions
    - USB: serial: option: add Telit FE910C04 rmnet compositions
    - hwmon: (tmp513) Don't use "proxy" headers
    - hwmon: (tmp513) Simplify with dev_err_probe()
    - hwmon: (tmp513) Use SI constants from units.h
    - hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit
      Registers
    - hwmon: (tmp513) Fix Current Register value interpretation
    - hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit
      Registers
    - hwmon: (tmp513) Fix division of negative numbers
    - sh: clk: Fix clk_enable() to return 0 on NULL clk
    - zram: refuse to use zero sized block device as backing device
    - btrfs: tree-checker: reject inline extent items with 0 ref count
    - tracing: Fix test_event_printk() to process entire print argument
    - tracing: Add missing helper functions in event pointer dereference check
    - tracing: Add "%s" check in test_event_printk()
    - NFS/pnfs: Fix a live lock between recalled layouts and layoutget
    - of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one()
    - udmabuf: also check for F_SEAL_FUTURE_WRITE
    - of: Fix error path in of_parse_phandle_with_args_map()
    - of: Fix refcount leakage for OF node returned by __of_get_dma_parent()
    - ceph: validate snapdirname option length when mounting
    - epoll: Add synchronous wakeup support for ep_poll_callback
    - drm/amdgpu: Handle NULL bo->tbo.resource (again) in amdgpu_vm_bo_update
    - mm/vmstat: fix a W=1 clang compiler warning
    - tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress()
    - tcp_bpf: Add sk_rmem_alloc related logic for tcp_bpf ingress redirection
    - bpf: Check negative offsets in __bpf_skb_min_len()
    - nfsd: restore callback functionality for NFSv4.0
    - mtd: diskonchip: Cast an operand to prevent potential overflow
    - mtd: rawnand: arasan: Fix double assertion of chip-select
    - mtd: rawnand: arasan: Fix missing de-registration of NAND
    - phy: core: Fix an OF node refcount leakage in _of_phy_get()
    - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup()
    - phy: core: Fix that API devm_phy_put() fails to release the phy
    - phy: core: Fix that API devm_of_phy_provider_unregister() fails to
      unregister the phy provider
    - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy
    - dmaengine: mv_xor: fix child node refcount handling in early exit
    - dmaengine: dw: Select only supported masters for ACPI devices
    - mtd: rawnand: fix double free in atmel_pmecc_create_user()
    - tracing/kprobe: Make trace_kprobe's module callback called after jump_label
      update
    - watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04
    - scsi: qla1280: Fix hw revision numbering for ISP1020/1040
    - ALSA: hda/conexant: fix Z60MR100 startup pop issue
    - regmap: Use correct format specifier for logging range errors
    - platform/x86: asus-nb-wmi: Ignore unknown event 0xCF
    - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load
      time
    - scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN
      as an error
    - virtio-blk: don't keep queue frozen during system suspend
    - vmalloc: fix accounting with i915
    - MIPS: Probe toolchain support of -msym32
    - arm64: mm: Rename asid2idx() to ctxid2asid()
    - arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit
      ASIDs
    - drm/dp_mst: Verify request type in the corresponding down message reply
    - lib: stackinit: hide never-taken branch from compiler
    - ksmbd: fix racy issue from session lookup and expire
    - tracing: Constify string literal data member in struct trace_event_call
    - btrfs: avoid monopolizing a core when activating a swap file
    - x86/hyperv: Fix hv tsc page based sched_clock for hibernation
    - selinux: ignore unknown extended permissions
    - tracing: Have process_string() also allow arrays
    - thunderbolt: Add support for Intel Raptor Lake
    - thunderbolt: Add support for Intel Meteor Lake
    - thunderbolt: Add Intel Barlow Ridge PCI ID
    - thunderbolt: Add support for Intel Lunar Lake
    - thunderbolt: Add support for Intel Panther Lake-M/P
    - xhci: retry Stop Endpoint on buggy NEC controllers
    - usb: xhci: Limit Stop Endpoint retries
    - xhci: Turn NEC specific quirk for handling Stop Endpoint errors generic
    - RDMA/mlx5: Enforce same type port association for multiport RoCE
    - RDMA/bnxt_re: Add check for path mtu in modify_qp
    - RDMA/bnxt_re: Fix reporting hw_ver in query_device
    - RDMA/bnxt_re: Fix max_qp_wrs reported
    - RDMA/bnxt_re: Fix the locking while accessing the QP table
    - drm/bridge: adv7511_audio: Update Audio InfoFrame properly
    - RDMA/hns: Remove redundant 'attr_mask' in modify_qp_init_to_init()
    - RDMA/hns: Remove redundant 'bt_level' for hem_list_alloc_item()
    - RDMA/hns: Fix mapping error of zero-hop WQE buffer
    - RDMA/hns: Fix warning storm caused by invalid input in IO path
    - RDMA/hns: Fix missing flush CQE for DWQE
    - net: stmmac: platform: provide devm_stmmac_probe_config_dt()
    - net: stmmac: don't create a MDIO bus if unnecessary
    - net: stmmac: restructure the error path of stmmac_probe_config_dt()
    - drm/i915/dg1: Fix power gate sequence.
    - net: llc: reset skb->transport_header
    - ALSA: usb-audio: US16x08: Initialize array before use
    - eth: bcmsysport: fix call balance of priv->clk handling routines
    - net: mv643xx_eth: fix an OF node reference leak
    - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init()
    - btrfs: rename and export __btrfs_cow_block()
    - btrfs: sysfs: convert scnprintf and snprintf to sysfs_emit
    - btrfs: sysfs: fix direct super block member reads
    - wifi: mac80211: wake the queues in case of failure in resume
    - sound: usb: enable DSD output for ddHiFi TC44C
    - sound: usb: format: don't warn that raw DSD is unsupported
    - bpf: fix potential error return
    - net: usb: qmi_wwan: add Telit FE910C04 compositions
    - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base
    - ARC: build: Try to guess GCC variant of cross compiler
    - usb: xhci: Avoid queuing redundant Stop Endpoint commands
    - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host
    - modpost: fix the missed iteration for the max bit in do_input()
    - kcov: mark in_softirq_really() as __always_inline
    - sky2: Add device ID 11ab:4373 for Marvell 88E8075
    - net/sctp: Prevent autoclose integer overflow in sctp_association_init()
    - drm: adv7511: Drop dsi single lane support
    - dt-bindings: display: adi,adv7533: Drop single lane support
    - Linux 5.15.176

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-57884
    - mm: vmscan: account for free pages to prevent infinite Loop in
      throttle_direct_reclaim()

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-57889
    - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-57890
    - RDMA/uverbs: Prevent integer overflow issue

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-57896
    - btrfs: flush delalloc workers queue before stopping cleaner kthread during
      unmount

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-57897
    - drm/amdkfd: Correct the migration DMA map direction

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-56759
    - btrfs: fix use-after-free when COWing tree bock and tracing is enabled

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-57900
    - ila: serialize calls to nf_register_net_hooks()

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-57901
    - af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-57902
    - af_packet: fix vlan_get_tci() vs MSG_PEEK

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-57903
    - net: restrict SO_REUSEPORT to inet sockets

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-36476
    - RDMA/rtrs: Ensure 'ib_sge list' is accessible

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-57802
    - netrom: check buffer length before accessing it

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-57841
    - net: fix memory leak in tcp_conn_request()

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-49998
    - net: dsa: improve shutdown sequence

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-50121
    - nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-57792
    - power: supply: gpio-charger: Fix set charge current limits

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-56763
    - tracing: Prevent bad count for tracing_cpumask_write

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-56626
    - ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-56627
    - ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-56616
    - drm/dp_mst: Fix MST sideband message body length check

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-53099
    - bpf: Check validity of link->type in bpf_link_show_fdinfo()

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-57807
    - scsi: megaraid_sas: Fix for a potential deadlock

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-56767
    - dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-56769
    - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-53690
    - nilfs2: prevent use of deleted inode

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-55881
    - KVM: x86: Play nice with protected guests in complete_hypercall_exit()

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-55916
    - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-56369
    - drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-56715
    - ionic: Fix netdev notifier unregister on failure

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-56716
    - netdevsim: prevent bad user input in nsim_dev_health_break_write()

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-57791
    - net/smc: check return value of sock_recvmsg when draining clc data

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-47408
    - net/smc: check smcd_v2_ext_offset when receiving proposal msg

* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
    CVE-2024-49571
    - net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal
      msg

* Jammy update: v5.15.175 upstream stable release (LP: #2095302)
    - tcp: check space before adding MPTCP SYN options
    - ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5
    - usb: host: max3421-hcd: Correctly abort a USB request.
    - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys()
    - usb: dwc2: Fix HCD resume
    - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature
    - usb: dwc2: Fix HCD port connection race
    - usb: ehci-hcd: fix call balance of clocks handling routines
    - drm/i915: Fix memory leak by correcting cache object name in error handler
    - xfs: update btree keys correctly when _insrec splits an inode root block
    - xfs: don't drop errno values when we fail to ficlone the entire range
    - xfs: return from xfs_symlink_verify early on V4 filesystems
    - xfs: fix scrub tracepoints when inode-rooted btrees are involved
    - bpf, sockmap: Fix update element with same
    - batman-adv: Do not send uninitialized TT changes
    - batman-adv: Remove uninitialized data in full table TT response
    - batman-adv: Do not let TT changes list grows indefinitely
    - tipc: fix NULL deref in cleanup_bearer()
    - selftests: mlxsw: sharedbuffer: Remove h1 ingress test case
    - selftests: mlxsw: sharedbuffer: Remove duplicate test cases
    - ptp: kvm: Use decrypted memory in confidential guest on x86
    - ptp: kvm: x86: Return EOPNOTSUPP instead of ENODEV from kvm_arch_ptp_init()
    - net: sparx5: fix FDMA performance issue
    - net: sparx5: fix the maximum frame length register
    - ACPI: resource: Fix memory resource type union access
    - cxgb4: use port number to set mac addr
    - qca_spi: Fix clock speed for multiple QCA7000
    - qca_spi: Make driver probing reliable
    - Documentation: PM: Clarify pm_runtime_resume_and_get() return value
    - bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
    - team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
    - ACPICA: events/evxfregn: don't release the ContextMutex that was never
      acquired
    - blk-iocost: Avoid using clamp() on inuse in __propagate_weights()
    - tracing/kprobes: Skip symbol counting logic for module symbols in
      create_local_trace_kprobe()
    - xen/netfront: fix crash when removing device
    - x86: make get_cpu_vendor() accessible from Xen code
    - objtool/x86: allow syscall instruction
    - x86/static-call: provide a way to do very early static-call updates
    - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0
    - x86/asm: Make serialize() always_inline
    - x86/xen: don't do PV iret hypercall through hypercall page
    - x86/xen: add central hypercall functions
    - x86/xen: use new hypercall functions instead of hypercall page
    - x86/xen: remove hypercall page
    - ALSA: usb-audio: Fix a DMA to stack memory bug
    - x86/static-call: fix 32-bit build
    - Linux 5.15.175

* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
    CVE-2024-53125
    - bpf: sync_linked_regs() must preserve subreg_def

* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
    CVE-2024-56770
    - net/sched: netem: account for backlog updates from child qdisc

* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
    CVE-2024-56659
    - net: lapb: increase LAPB_HEADER_LEN

* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
    CVE-2024-56662
    - acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl

* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
    CVE-2024-42315
    - exfat: fix potential deadlock on __exfat_get_dentry_set

* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
    CVE-2024-53119
    - virtio/vsock: Fix accept_queue memory leak

* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
    CVE-2024-56670
    - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to
      accessing null pointer

* Jammy update: v5.15.174 upstream stable release (LP: #2095283)
    - arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer
    - media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled
    - media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate()
    - media: uvcvideo: Stop stream during unregister
    - vmstat: call fold_vm_zone_numa_events() before show per zone NUMA event
    - iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables
    - leds: lp55xx: Remove redundant test for invalid channel number
    - clk: qcom: gcc-qcs404: fix initial rate of GPLL3
    - samples: pktgen: correct dev to DEV
    - ARM: 9419/1: mm: Fix kernel memory mapping for xip kernels
    - x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y
    - vdpa/mlx5: Fix PA offset with unaligned starting iotlb map
    - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled
    - ocfs2: fix UBSAN warning in ocfs2_verify_volume()
    - drm/bridge: tc358768: Fix DSI command tx
    - mmc: sunxi-mmc: Add D1 MMC variant
    - mmc: sunxi-mmc: Fix A100 compatible description
    - lib/buildid: Fix build ID parsing logic
    - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set
    - NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point
    - NFSD: Async COPY result needs to return a write verifier
    - NFSD: Initialize struct nfsd4_copy earlier
    - NFSD: Never decrement pending_async_copies on error
    - mm: revert "mm: shmem: fix data-race in shmem_getattr()"
    - mm: avoid unsafe VMA hook invocation when error arises on mmap hook
    - mm: unconditionally close VMAs on error
    - mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling
    - NFS: nfs_async_write_reschedule_io must not recurse into the writeback code
    - ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec
    - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet
    - ASoC: Intel: sst: Support LPE0F28 ACPI HID
    - wifi: iwlwifi: mvm: Use the sync timepoint API in suspend
    - mac80211: fix user-power when emulating chanctx
    - usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver
    - selftests/watchdog-test: Fix system accidentally reset after watchdog-test
    - ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13
    - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB
    - net: usb: qmi_wwan: add Quectel RG650V
    - soc: qcom: Add check devm_kasprintf() returned value
    - regulator: rk808: Add apply_bit for BUCK3 on RK809
    - platform/x86: dell-smbios-base: Extends support to Alienware products
    - platform/x86: dell-wmi-base: Handle META key Lock/Unlock events
    - can: j1939: fix error in J1939 documentation.
    - ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate()
    - ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div()
    - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
    - ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry
    - ARM: 9420/1: smp: Fix SMP for xip kernels
    - ipmr: Fix access to mfc_cache_list without lock held
    - nvme: fix metadata handling in nvme-passthrough
    - x86/barrier: Do not serialize MSR accesses on AMD
    - kselftest/arm64: mte: fix printf type warnings about longs
    - s390/cio: Do not unregister the subchannel based on DNV
    - brd: remove brd_devices_mutex mutex
    - mips: asm: fix warning when disabling MIPS_FP_SUPPORT
    - m68k: mvme147: Fix SCSI controller IRQ numbers
    - m68k: mvme16x: Add and use "mvme16x.h"
    - m68k: mvme147: Reinstate early console
    - arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG
    - acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block()
    - s390/syscalls: Avoid creation of arch/arch/ directory
    - firmware: google: Unregister driver_info on failure
    - crypto: qat - remove faulty arbiter config reset
    - thermal: core: Initialize thermal zones before registering them
    - EDAC/fsl_ddr: Fix bad bit shift operations
    - crypto: cavium - Fix the if condition to exit loop after timeout
    - ACPI: CPPC: Fix _CPC register setting issue
    - crypto: caam - add error check to caam_rsa_set_priv_key_form
    - crypto: cavium - Fix an error handling path in cpt_ucode_load_fw()
    - time: Fix references to _msecs_to_jiffies() handling of values
    - timekeeping: Consolidate fast timekeeper
    - seqlock/latch: Provide raw_read_seqcount_latch_retry()
    - kcsan, seqlock: Support seqcount_latch_t
    - kcsan, seqlock: Fix incorrect assumption in read_seqbegin()
    - clocksource/drivers:sp804: Make user selectable
    - spi: spi-fsl-lpspi: downgrade log level for pio mode
    - spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq()
    - soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq()
    - mmc: mmc_spi: drop buggy snprintf()
    - tpm: fix signed/unsigned bug when checking event logs
    - arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4
    - arm64: dts: mt8183: kukui: Fix the address of eeprom at i2c4
    - arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source
      trackpad
    - Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline"
    - cgroup/bpf: only cgroup v2 can be attached by bpf programs
    - arm64: dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns
    - arm64: dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns
    - arm64: dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns
    - pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle
    - ARM: dts: cubieboard4: Fix DCDC5 regulator constraints
    - pmdomain: ti-sci: Add missing of_node_put() for args.np
    - spi: tegra210-quad: Avoid shift-out-of-bounds
    - spi: zynqmp-gqspi: Undo runtime PM changes at driver exit time
    - regmap: irq: Set lockdep class for hierarchical IRQ domains
    - arm64: dts: mt8183: jacuzzi: remove unused ddc-i2c-bus
    - arm64: dts: mt8183: jacuzzi: Move panel under aux-bus
    - arm64: dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names
    - arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed
      regulators
    - selftests/resctrl: Protect against array overrun during iMC config parsing
    - media: venus: venc: Use pmruntime autosuspend
    - media: venus: vdec: decoded picture buffer handling during reconfig sequence
    - media: venus : Addition of EOS Event support for Encoder
    - media: venus : Addition of support for VIDIOC_TRY_ENCODER_CMD
    - venus: venc: add handling for VIDIOC_ENCODER_CMD
    - media: venus: provide ctx queue lock for ioctl synchronization
    - media: atomisp: remove #ifdef HAS_NO_HMEM
    - platform/x86: panasonic-laptop: Replace snprintf in show functions with
      sysfs_emit
    - platform/x86: panasonic-laptop: Return errno correctly in show callback
    - drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused
    - drm/omap: Fix possible NULL dereference
    - drm/omap: Fix locking in omap_gem_new_dmabuf()
    - wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq()
    - wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
    - drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq()
    - drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq()
    - drm/v3d: Address race-condition in MMU flush
    - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1
    - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2
    - dt-bindings: vendor-prefixes: Add NeoFidelity, Inc
    - ASoC: fsl_micfil: Drop unnecessary register read
    - ASoC: fsl_micfil: do not define SHIFT/MASK for single bits
    - ASoC: fsl_micfil: use GENMASK to define register bit fields
    - ASoC: fsl_micfil: fix regmap_write_bits usage
    - ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode
    - drm/bridge: anx7625: Drop EDID cache on bridge power off
    - libbpf: Fix output .symtab byte-order during linking
    - bpf: Fix the xdp_adjust_tail sample prog issue
    - libbpf: fix sym_is_subprog() logic for weak global subprogs
    - xfrm: rename xfrm_state_offload struct to allow reuse
    - xfrm: store and rely on direction to construct offload flags
    - netdevsim: rely on XFRM state direction instead of flags
    - netdevsim: copy addresses for both in and out paths
    - drm/bridge: tc358767: Fix link properties discovery
    - selftests/bpf: Fix msg_verify_data in test_sockmap
    - selftests/bpf: Fix txmsg_redir of test_txmsg_pull in test_sockmap
    - drm: fsl-dcu: enable PIXCLK on LS1021A
    - drm/panfrost: Remove unused id_mask from struct panfrost_model
    - drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
    - drm/etnaviv: Request pages from DMA32 zone on addressing_limited
    - drm/etnaviv: fix power register offset on GC300
    - drm/etnaviv: hold GPU lock across perfmon sampling
    - wifi: wfx: Fix error handling in wfx_core_init()
    - drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk()
    - netfilter: nf_tables: skip transaction if update object is not implemented
    - netfilter: nf_tables: must hold rcu read lock while iterating object type
      list
    - netlink: typographical error in nlmsg_type constants definition
    - selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap
    - selftests/bpf: Fix SENDPAGE data logic in test_sockmap
    - selftests, bpf: Add one test for sockmap with strparser
    - selftests/bpf: Fix total_bytes in msg_loop_rx in test_sockmap
    - selftests/bpf: Add push/pop checking for msg_verify_data in test_sockmap
    - bpf, sockmap: Several fixes to bpf_msg_push_data
    - bpf, sockmap: Fix sk_msg_reset_curr
    - selftests: net: really check for bg process completion
    - drm/amdkfd: Fix wrong usage of INIT_WORK()
    - net: rfkill: gpio: Add check for clk_enable()
    - driver core: Introduce device_find_any_child() helper
    - netpoll: Use rcu_access_pointer() in netpoll_poll_lock
    - wireguard: selftests: load nf_conntrack if not present
    - trace/trace_event_perf: remove duplicate samples on the first tracepoint
      event
    - pinctrl: zynqmp: drop excess struct member description
    - powerpc/vdso: Flag VDSO64 entry points as functions
    - mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race
    - mfd: da9052-spi: Change read-mask to write-mask
    - mfd: intel_soc_pmic_bxtwc: Use dev_err_probe()
    - cpufreq: loongson2: Unregister platform_driver on failure
    - mtd: rawnand: atmel: Fix possible memory leak
    - RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey
    - clk: imx: lpcg-scu: SW workaround for errata (e10858)
    - clk: imx: clk-scu: fix clk enable state save and restore
    - mfd: rt5033: Fix missing regmap_del_irq_chip()
    - scsi: fusion: Remove unused variable 'rc'
    - RDMA/hns: Fix out-of-order issue of requester when setting FENCE
    - powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static
    - powerpc/kexec: Fix return of uninitialized variable
    - fbdev/sh7760fb: Alloc DMA memory from hardware device
    - dt-bindings: clock: axi-clkgen: include AXI clk
    - clk: clk-axi-clkgen: make sure to enable the AXI bus clock
    - pinctrl: k210: Undef K210_PC_DEFAULT
    - mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb()
    - perf cs-etm: Don't flush when packet_queue fills up
    - perf probe: Fix libdw memory leak
    - perf probe: Correct demangled symbols in C++ program
    - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads
    - PCI: cpqphp: Fix PCIBIOS_* return value confusion
    - f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block
    - f2fs: remove struct segment_allocation default_salloc_ops
    - f2fs: open code allocate_segment_by_default
    - f2fs: remove the unused flush argument to change_curseg
    - f2fs: check curseg->inited before write_sum_page in change_curseg
    - perf trace: avoid garbage when not printing a trace event's arguments
    - m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x
    - m68k: coldfire/device.c: only build FEC when HW macros are defined
    - perf trace: Do not lose last events in a race
    - perf trace: Avoid garbage when not printing a syscall's arguments
    - rpmsg: glink: Add TX_DATA_CONT command while sending
    - rpmsg: glink: Send READ_NOTIFY command in FIFO full case
    - rpmsg: glink: Fix GLINK command prefix
    - rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length
    - remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region
    - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
    - sunrpc: simplify two-level sysctl registration for svcrdma_parm_table
    - NFSD: Fix nfsd4_shutdown_copy()
    - hwmon: (tps23861) Fix reporting of negative temperatures
    - vdpa/mlx5: Fix suboptimal range on iotlb iteration
    - selftests/mount_setattr: Fix failures on 64K PAGE_SIZE kernels
    - fs_parser: update mount_api doc to match function signature
    - power: supply: core: Remove might_sleep() from power_supply_put()
    - power: supply: bq27xxx: Fix registers of bq27426
    - net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
    - tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
    - net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL
      configuration
    - net: mdio-ipq4019: add missing error check
    - marvell: pxa168_eth: fix call balance of pep->clk handling routines
    - net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
    - octeontx2-af: RPM: Fix mismatch in lmac type
    - spi: atmel-quadspi: Fix register name in verbose logging function
    - net: hsr: fix hsr_init_sk() vs network/transport headers.
    - bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down
    - iio: light: al3010: Fix an error handling path in al3010_probe()
    - usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()
    - usb: yurex: make waiting on yurex_write interruptible
    - USB: chaoskey: fail open after removal
    - USB: chaoskey: Fix possible deadlock chaoskey_list_lock
    - misc: apds990x: Fix missing pm_runtime_disable()
    - counter: stm32-timer-cnt: Add check for clk_enable()
    - ALSA: hda/realtek: Update ALC256 depop procedure
    - apparmor: fix 'Do simple duplicate message elimination'
    - usb: ehci-spear: fix call balance of sehci clk handling routines
    - Revert "drivers: clk: zynqmp: update divider round rate logic"
    - ASoC: Intel: sst: Fix used of uninitialized ctx to log an error
    - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe()
    - ext4: supress data-race warnings in ext4_free_inodes_{count,set}()
    - ext4: fix FS_IOC_GETFSMAP handling
    - jfs: xattr: check invalid xattr size more strictly
    - ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata()
    - perf/x86/intel/pt: Fix buffer full but size is 0 case
    - crypto: x86/aegis128 - access 32-bit arguments as 32-bit
    - powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector
    - KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status
    - fsnotify: fix sending inotify event with unexpected filename
    - tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler
    - locking/lockdep: Avoid creating new name string literals in
      lockdep_set_subclass()
    - exfat: fix uninit-value in __exfat_get_dentry_set
    - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}()
    - usb: xhci: Fix TD invalidation under pending Set TR Dequeue
    - Revert "usb: gadget: composite: fix OS descriptors w_value logic"
    - serial: sh-sci: Clean sci_ports[0] after at earlycon exit
    - Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit"
    - gpio: exar: set value when external pull-up or pull-down is present
    - spi: Fix acpi deferred irq probe
    - mtd: spi-nor: core: replace dummy buswidth from addr to data
    - cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power()
    - platform/chrome: cros_ec_typec: fix missing fwnode reference decrement
    - ubi: wl: Put source PEB into correct list if trying locking LEB failed
    - serial: 8250: omap: Move pm_runtime_get_sync
    - arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled
    - block: fix ordering between checking BLK_MQ_S_STOPPED request adding
    - HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
    - soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting()
    - media: v4l2-core: v4l2-dv-timings: check cvt/gtf result
    - ALSA: hda/realtek: Update ALC225 depop procedure
    - ALSA: hda/realtek: Set PCBeep to default value for ALC274
    - ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max
    - ALSA: hda/realtek: Apply quirk for Medion E15433
    - usb: dwc3: gadget: Fix checking for number of TRBs left
    - lib: string_helpers: silence snprintf() output truncation warning
    - rpmsg: glink: Propagate TX failures in intentless mode as well
    - um: Fix the return value of elf_core_copy_task_fpregs
    - um: Always dump trace for specified task in show_stack
    - rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq()
    - rtc: abx80x: Fix WDT bit position of the status register
    - ubifs: Correct the total block count by deducting journal reservation
    - jffs2: fix use of uninitialized variable
    - block: return unsigned int from bdev_io_min
    - 9p/xen: fix init sequence
    - rtc: ab-eoz9: don't fail temperature reads on undervoltage notification
    - modpost: remove incorrect code in do_eisa_entry()
    - nfs: ignore SB_RDONLY when mounting nfs
    - sunrpc: remove unnecessary test in rpc_task_set_client()
    - SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE
    - ASoC: fsl_micfil: fix the naming style for mask definition
    - xfs: fix log recovery when unknown rocompat bits are set
    - xfs: remove unknown compat feature check in superblock write validation
    - btrfs: add might_sleep() annotations
    - util_macros.h: fix/rework find_closest() macros
    - scsi: ufs: exynos: Fix hibern8 notify callbacks
    - PCI: keystone: Add link up check to ks_pcie_other_map_bus()
    - ovl: properly handle large files in ovl_security_fileattr
    - dm thin: Add missing destroy_work_on_stack()
    - PCI: rockchip-ep: Fix address translation unit programming
    - drm/etnaviv: flush shader L1 cache after user commandstream
    - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
    - watchdog: mediatek: Make sure system reset gets asserted in
      mtk_wdt_restart()
    - can: peak_usb: CANFD: store 64-bits hw timestamps
    - can: do not increase rx statistics when generating a CAN rx error message
      frame
    - can: c_can: c_can_handle_bus_err(): update statistics if skb allocation
      fails
    - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL
    - can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics
    - can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics
    - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
    - can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
    - ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
    - ptp: Add error handling for adjfine callback in ptp_clock_adjtime
    - net/sched: tbf: correct backlog statistic for GSO packets
    - net/smc: Limit backlog connections
    - net/qed: allow old cards not supporting "num_images" to work
    - net: sched: fix erspan_opt settings in cls_flower
    - netfilter: nft_set_hash: skip duplicated elements pending gc run
    - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
    - ethtool: Fix wrong mod state in case of verbose and no_mask bitset
    - gpio: grgpio: use a helper variable to store the address of ofdev->dev
    - dt_bindings: rs485: Correct delay values
    - dt-bindings: serial: rs485: Fix rs485-rts-delay property
    - serial: amba-pl011: Use port lock wrappers
    - serial: amba-pl011: Fix RX stall when DMA is used
    - bpftool: Remove asserts from JIT disassembler
    - bpftool: fix potential NULL pointer dereferencing in prog_dump()
    - drm/sti: Add __iomem for mixer_dbg_mxn's parameter
    - ALSA: pcm: Add more disconnection checks at file ops
    - ALSA: pcm: Avoid reference to status->state
    - ALSA: usb-audio: Notify xrun for low-latency mode
    - tools: Override makefile ARCH variable if defined, but empty
    - drm/v3d: Enable Performance Counters before clearing them
    - bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie
    - bpf: Fix exact match conditions in trie_get_next_key()
    - watchdog: rti: of: honor timeout-sec property
    - tracing: Fix cmp_entries_dup() to respect sort() comparison rules
    - ALSA: usb-audio: add mixer mapping for Corsair HS80
    - ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8
    - ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG)
    - scsi: qla2xxx: Fix abort in bsg timeout
    - scsi: qla2xxx: Fix NVMe and NPIV connect issue
    - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
    - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
    - dma-buf: fix dma_fence_array_signaled v4
    - regmap: detach regmap from dev on regmap_exit
    - mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10
      tablet
    - mmc: core: Further prevent card detect during shutdown
    - ocfs2: update seq_file index in ocfs2_dlm_seq_next
    - epoll: annotate racy check
    - btrfs: avoid unnecessary device path update for the same device
    - kselftest/arm64: Don't leak pipe fds in pac.exec_sign_all()
    - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
    - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
    - drm/vc4: hvs: Set AXI panic modes for the HVS
    - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
    - drm/mcde: Enable module autoloading
    - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()
    - r8169: don't apply UDP padding quirk on RTL8126A
    - samples/bpf: Fix a resource leak
    - net: fec_mpc52xx_phy: Use %pa to format resource_size_t
    - net: ethernet: fs_enet: Use %pa to format resource_size_t
    - net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
    - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc
    - wifi: ath5k: add PCI ID for SX76X
    - wifi: ath5k: add PCI ID for Arcadyan devices
    - drm/panel: simple: Add Microchip AC69T88A LVDS Display panel
    - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih
    - drm/amdgpu: Dereference the ATCS ACPI buffer
    - drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr
    - drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov
    - wifi: ipw2x00: libipw_rx_any(): fix bad alignment
    - ASoC: hdmi-codec: reorder channel allocation list
    - rocker: fix link status detection in rocker_carrier_init()
    - net/neighbor: clear error in case strict check is not set
    - netpoll: Use rcu_access_pointer() in __netpoll_setup
    - pinctrl: freescale: fix COMPILE_TEST error with PINCTRL_IMX_SCU
    - tracing: Use atomic64_inc_return() in trace_clock_counter()
    - scsi: st: Don't modify unknown block number in MTIOCGET
    - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
    - pinctrl: qcom-pmic-gpio: add support for PM8937
    - nvdimm: rectify the illogical code within nd_dax_probe()
    - PCI: Detect and trust built-in Thunderbolt chips
    - PCI: Add 'reset_subordinate' to reset hierarchy below bridge
    - PCI: Add ACS quirk for Wangxun FF5xxx NICs
    - usb: chipidea: udc: handle USB Error Interrupt if IOC not set
    - misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
    - modpost: Include '.text.*' in TEXT_SECTIONS
    - modpost: Add .irqentry.text to OTHER_SECTIONS
    - sched/core: Remove the unnecessary need_resched() check in nohz_csd_func()
    - sched/fair: Add NOHZ balancer flag for nohz.next_balance updates
    - sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU turning
      busy
    - sched/core: Prevent wakeup of ksoftirqd during idle load balance
    - btrfs: fix missing snapshot drew unlock when root is dead during swap
      activation
    - tracing/eprobe: Fix to release eprobe when failed to add dyn_event
    - Revert "unicode: Don't special case ignorable code points"
    - KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
    - KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device
    - KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE
    - jffs2: Fix rtime decompressor
    - mm/damon/vaddr-test: split a test function having >1024 bytes frame size
    - mm/damon/vaddr: fix issue in damon_va_evenly_split_region()
    - xhci: dbc: Fix STALL transfer event handling
    - mmc: mtk-sd: Fix error handle of probe function
    - ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume"
    - Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()"
    - scsi: core: Fix scsi_mode_select() buffer length handling
    - gve: Fixes for napi_poll when budget is 0
    - arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint
    - net: dsa: microchip: correct KSZ8795 static MAC table access
    - drm/amdgpu: rework resume handling for display (v2)
    - serial: amba-pl011: fix build regression
    - media: venus: vdec: fixed possible memory leak issue
    - net/smc: Fix af_ops of child socket pointing to released memory
    - Bluetooth: hci_core: Fix calling mgmt_device_connected
    - Linux 5.15.174

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-46871
    - drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-49950
    - Bluetooth: L2CAP: Fix uaf in l2cap_connect

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-50275
    - arm64/sve: Discard stale CPU state when handling SVE traps

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-47730
    - crypto: hisilicon/qm - inject error before stopping queue

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-46809
    - drm/amd/display: Check BIOS images before it is used

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-57850
    - jffs2: Prevent rtime decompress memory corruption

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56781
    - powerpc/prom_init: Fixup missing powermac #size-cells

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56785
    - MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-43098
    - i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to
      avoid deadlock

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-45828
    - i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56586
    - f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56587
    - leds: class: Protect brightness_show() with led_cdev->led_access mutex

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56589
    - scsi: hisi_sas: Add cond_resched() for no forced preemption model

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56590
    - Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56593
    - wifi: brcmfmac: Fix oops due to NULL pointer dereference in
      brcmf_sdiod_sglist_rw()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56594
    - drm/amdgpu: set the right AMDGPU sg segment limitation

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56595
    - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56596
    - jfs: fix array-index-out-of-bounds in jfs_readdir

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56597
    - jfs: fix shift-out-of-bounds in dbSplit

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56598
    - jfs: array-index-out-of-bounds fix in dtReadFirst

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-47143
    - dma-debug: fix a possible deadlock on radix_lock

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56600
    - net: inet6: do not leave a dangling sk pointer in inet6_create()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56601
    - net: inet: do not leave a dangling sk pointer in inet_create()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56602
    - net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56603
    - net: af_can: do not leave a dangling sk pointer in can_create()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56605
    - Bluetooth: L2CAP: do not leave dangling sk pointer on error in
      l2cap_sock_create()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56606
    - af_packet: avoid erroring out after sock_init_data() in packet_create()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56787
    - soc: imx8m: Probe the SoC driver as platform driver

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56610
    - kcsan: Turn report_filterlist_lock into a raw_spinlock

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-57849
    - s390/cpum_sf: Handle CPU hotplug remove during sampling

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56568
    - iommu/arm-smmu: Defer probe of clients after smmu device bound

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56614
    - xsk: fix OOB map writes when deleting elements

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56615
    - bpf: fix OOB devmap writes when deleting elements

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-48881
    - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56619
    - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56622
    - scsi: ufs: core: sysfs: Prevent div by zero

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56623
    - scsi: qla2xxx: Fix use after free on unload

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-57874
    - arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56625
    - can: dev: can_set_termination(): allow sleeping GPIOs

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56629
    - HID: wacom: fix when get product name maybe null pointer

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56630
    - ocfs2: free inode when ocfs2_get_init_inode() fails

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-50051
    - spi: mpc52xx: Add cancel_work_sync before module remove

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56633
    - tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56634
    - gpio: grgpio: Add NULL check in grgpio_probe

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56636
    - geneve: do not assume mac header is set in geneve_xmit_skb()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56637
    - netfilter: ipset: Hold module reference while requesting a module

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-52332
    - igb: Fix potential invalid memory access in igb_init_module()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56640
    - net/smc: fix LGR and link use-after-free issue

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56642
    - tipc: Fix use-after-free of kernel socket in cleanup_bearer().

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56643
    - dccp: Fix memory leak in dccp_feat_change_recv

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56644
    - net/ipv6: release expired exception dst cached in socket

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56645
    - can: j1939: j1939_session_new(): fix skb reference counting

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56648
    - net: hsr: avoid potential out-of-bound access in fill_frame_info()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56650
    - netfilter: x_tables: fix LED ID check in led_tg_check()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56776
    - drm/sti: avoid potential dereference of error pointers

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56777
    - drm/sti: avoid potential dereference of error pointers in
      sti_gdp_atomic_check

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56778
    - drm/sti: avoid potential dereference of error pointers in
      sti_hqvdp_atomic_check

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-46841
    - btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in
      walk_down_proc()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56779
    - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56558
    - nfsd: make sure exp active before svc_export_show

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56562
    - i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-57838
    - s390/entry: Mark IRQ entries to fix stack depot warnings

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56567
    - ad7780: fix division by zero in ad7780_write_raw()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56581
    - btrfs: ref-verify: fix use-after-free after invalid ref action

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56774
    - btrfs: add a sanity check for btrfs root in btrfs_search_slot()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56780
    - quota: flush quota_release_work upon quota writeback

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53165
    - sh: intc: Fix use-after-free bug in register_intc_controller()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56688
    - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56704
    - 9p/xen: fix release of IRQ

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53171
    - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53172
    - ubi: fastmap: Fix duplicate slab cache names while attaching

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56739
    - rtc: check if __rtc_read_time was successful in rtc_timer_do_work()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53173
    - NFSv4.0: Fix a use-after-free problem in the asynchronous open()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53145
    - um: Fix potential integer overflow during physmem setup

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53174
    - SUNRPC: make sure cache entry active before cache_show

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53146
    - NFSD: Prevent a potential integer overflow

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56698
    - usb: dwc3: gadget: Fix looping of queued SG entries

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53180
    - ALSA: pcm: Add sanity NULL check for the default mmap fault handler

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56700
    - media: wl128x: Fix atomicity violation in fmc_send_cmd()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2022-49034
    - sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53181
    - um: vector: Do not use drvdata in release

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53183
    - um: net: Do not use drvdata in release

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53184
    - um: ubd: Do not use drvdata in release

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-50055
    - driver core: bus: Fix double free in driver API bus_register()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56741
    - apparmor: test: Fix memory leak for aa_unpack_strdup()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53148
    - comedi: Flush partial mappings in error case

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53194
    - PCI: Fix use-after-free of slot->bus on hot remove

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53197
    - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox
      devices

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53150
    - ALSA: usb-audio: Fix out of bounds reads when finding clock sources

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53198
    - xen: Fix the issue of resource not being properly released in
      xenbus_dev_probe()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-50283
    - ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53206
    - tcp: Fix use-after-free of nreq in reqsk_timer_handler().

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53214
    - vfio/pci: Properly hide first-in-list PCIe extended capability

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53215
    - svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53217
    - NFSD: Prevent NULL dereference in nfsd4_process_cb_update()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53151
    - svcrdma: Address an integer overflow

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56745
    - PCI: Fix reset_method_store() memory leak

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56746
    - fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53155
    - ocfs2: fix uninitialized value in ocfs2_file_read_iter()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53226
    - RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56747
    - scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56748
    - scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53227
    - scsi: bfa: Fix use-after-free in bfad_im_module_exit()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56701
    - powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56678
    - powerpc/mm/fault: Fix kfence page fault reporting

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56723
    - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56724
    - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56691
    - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56694
    - bpf: fix recursive lock when verdict program return SK_PASS

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53237
    - Bluetooth: fix use-after-free in device_for_each_child()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53239
    - ALSA: 6fire: Release resources at card release

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56531
    - ALSA: caiaq: Use snd_card_free_when_closed() at disconnection

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56532
    - ALSA: us122l: Use snd_card_free_when_closed() at disconnection

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56533
    - ALSA: usx2y: Use snd_card_free_when_closed() at disconnection

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56720
    - bpf, sockmap: Several fixes to bpf_msg_pop_data

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56726
    - octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56728
    - octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56679
    - octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56539
    - wifi: mwifiex: Fix memcpy() field-spanning write warning in
      mwifiex_config_scan()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53156
    - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56705
    - media: atomisp: Add check for rgby_data memory allocation failure

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53157
    - firmware: arm_scpi: Check the DVFS OPP count returned by the firmware

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53158
    - soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56681
    - crypto: bcm - add error check in the ahash_hmac_init function

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56708
    - EDAC/igen6: Avoid segmentation fault on module unload

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56690
    - crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return
      -EBUSY

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53161
    - EDAC/bluefield: Fix potential integer overflow

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56754
    - crypto: caam - Fix the pointer passed to caam_qi_shutdown()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56548
    - hfsplus: don't query the device logical block size multiple times

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56756
    - nvme-pci: fix freeing of the HMB descriptor table

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53142
    - initramfs: avoid filename buffer overrun

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56693
    - brd: defer automatic disk creation until module initialization succeeds

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-49996
    - cifs: Fix buffer overflow when parsing NFS reparse points

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53096
    - mm: resolve faulty mmap_region() error path behaviour

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53122
    - mptcp: cope racing subflow creation in mptcp_rcv_space_adjust

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-49974
    - NFSD: Limit the number of concurrent async COPY operations

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53127
    - Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53130
    - nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53131
    - nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53135
    - KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind
      CONFIG_BROKEN

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53112
    - ocfs2: uncache inode which has failed entering the group

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53113
    - mm: fix NULL pointer dereference in alloc_pages_bulk_noprof

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53120
    - net/mlx5e: CT: Fix null-ptr-deref in add rule err flow

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53138
    - net/mlx5e: kTLS, Fix incorrect page refcounting

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53121
    - net/mlx5: fs, lock FTE when checking if active

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53129
    - drm/rockchip: vop: Fix a dereferenced before check warning

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-53140
    - netlink: terminate outstanding dump on socket close

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56569
    - ftrace: Fix regression with module command in stack_trace_filter

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56570
    - ovl: Filter invalid inodes with missing lookup function

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56572
    - media: platform: allegro-dvt: Fix possible memory leak in
      allocate_buffers_internal()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56574
    - media: ts2020: fix null-ptr-deref in ts2020_probe()

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56575
    - media: imx-jpeg: Ensure power suppliers be suspended before detach them

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56576
    - media: i2c: tc358743: Fix crash in the probe error path when using polling

* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
    CVE-2024-56578
    - media: imx-jpeg: Set video drvdata before register video device

* CVE-2024-56672
    - blk-cgroup: Fix UAF in blkcg_unpin_online()

-- Mehmet Basaran <mehmet.basaran@canonical.com>  Fri, 14 Feb 2025 15:34:34 +0300

Changed in linux (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Juerg Haefliger (juergh) on 2025-04-18

tags:

added: kernel-daily-bug

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package