This bug was fixed in the package linux-azure - 5.4.0-1070.73 --------------- linux-azure (5.4.0-1070.73) focal; urgency=medium * focal/linux-azure: 5.4.0-1070.73 -proposed tracker (LP: #1959251) * Packaging resync (LP: #1786013) - [Packaging] azure: config resync * Focal update: v5.4.165 upstream stable release (LP: #1957007) - HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option * linux-azure: CONFIG_FB_EFI=y (LP: #1959216) - [Config] CONFIG_FB_EFI=y * Add sunrpc module parameters for NFSv3 nconnect (LP: #1958990) - SAUCE: Add sunrpc module parameters for NFSv3 nconnect [ Ubuntu: 5.4.0-100.113 ] * focal/linux: 5.4.0-100.113 -proposed tracker (LP: #1959900) * CVE-2022-22942 - SAUCE: drm/vmwgfx: Fix stale file descriptors on failed usercopy * CVE-2022-0330 - drm/i915: Flush TLBs before releasing backing store * Focal update: v5.4.166 upstream stable release (LP: #1957008) - netfilter: selftest: conntrack_vrf.sh: fix file permission - Linux 5.4.166 - net/packet: rx_owner_map depends on pg_vec - USB: gadget: bRequestType is a bitfield, not a enum - HID: holtek: fix mouse probing - udp: using datalen to cap ipv6 udp max gso segments - selftests: Calculate udpgso segment count without header adjustment * Focal update: v5.4.165 upstream stable release (LP: #1957007) - serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 - ntfs: fix ntfs_test_inode and ntfs_init_locked_inode function type - HID: quirks: Add quirk for the Microsoft Surface 3 type-cover - HID: google: add eel USB id - HID: add hid_is_usb() function to make it simpler for USB detection - HID: add USB_HID dependancy to hid-prodikeys - HID: add USB_HID dependancy to hid-chicony - HID: add USB_HID dependancy on some USB HID drivers - HID: bigbenff: prevent null pointer dereference - HID: wacom: fix problems when device is not a valid USB device - HID: check for valid USB device for many HID drivers - can: kvaser_usb: get CAN clock frequency from device - can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase correct stats->{rx,tx}_errors counter - can: sja1000: fix use after free in ems_pcmcia_add_card() - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done - selftests: netfilter: add a vrf+conntrack testcase - vrf: don't run conntrack on vrf with !dflt qdisc - bpf: Fix the off-by-two error in range markings - ice: ignore dropped packets during init - bonding: make tx_rebalance_counter an atomic - nfp: Fix memory leak in nfp_cpp_area_cache_add() - seg6: fix the iif in the IPv6 socket control block - udp: using datalen to cap max gso segments - iavf: restore MSI state on reset - iavf: Fix reporting when setting descriptor count - IB/hfi1: Correct guard on eager buffer deallocation - mm: bdi: initialize bdi_min_ratio when bdi is unregistered - ALSA: ctl: Fix copy of updated id with element read/write - ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform - ALSA: pcm: oss: Fix negative period/buffer sizes - ALSA: pcm: oss: Limit the period size to 16MB - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() - btrfs: clear extent buffer uptodate when we fail to write it - btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling - nfsd: Fix nsfd startup race (again) - tracefs: Have new files inherit the ownership of their parent - clk: qcom: regmap-mux: fix parent clock lookup - drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence. - can: pch_can: pch_can_rx_normal: fix use after free - can: m_can: Disable and ignore ELO interrupt - x86/sme: Explicitly map new EFI memmap table as encrypted - libata: add horkage for ASMedia 1092 - wait: add wake_up_pollfree() - SAUCE: binder: export __wake_up_pollfree for binder module - binder: use wake_up_pollfree() - signalfd: use wake_up_pollfree() - aio: keep poll requests on waitqueue until completed - aio: fix use-after-free due to missing POLLFREE handling - tracefs: Set all files to the same group ownership as the mount option - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) - qede: validate non LSO skb length - ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer - i40e: Fix failed opcode appearing if handling messages from VF - i40e: Fix pre-set max number of queues for VF - mtd: rawnand: fsmc: Take instruction delay into account - mtd: rawnand: fsmc: Fix timing computation - dt-bindings: net: Reintroduce PHY no lane swap binding - tools build: Remove needless libpython-version feature check that breaks test-all fast path - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero - net: altera: set a couple error code in probe() - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() - net, neigh: clear whole pneigh_entry at alloc time - net/qla3xxx: fix an error code in ql_adapter_up() - Revert "UBUNTU: SAUCE: selftests: fib_tests: assign address to dummy1 for rp_filter tests" - selftests/fib_tests: Rework fib_rp_filter_test() - USB: gadget: detect too-big endpoint 0 requests - USB: gadget: zero allocate endpoint 0 buffers - usb: core: config: fix validation of wMaxPacketValue entries - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending - usb: core: config: using bit mask instead of individual bits - xhci: avoid race between disable slot command and host runtime suspend - iio: trigger: Fix reference counting - iio: trigger: stm32-timer: fix MODULE_ALIAS - iio: stk3310: Don't return error code in interrupt handler - iio: mma8452: Fix trigger reference couting - iio: ltr501: Don't return error code in trigger handler - iio: kxsd9: Don't return error code in trigger handler - iio: itg3200: Call iio_trigger_notify_done() on error - iio: dln2-adc: Fix lockdep complaint - iio: dln2: Check return value of devm_iio_trigger_register() - iio: at91-sama5d2: Fix incorrect sign extension - iio: adc: axp20x_adc: fix charging current reporting on AXP22x - iio: ad7768-1: Call iio_trigger_notify_done() on error - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove - irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() - irqchip/armada-370-xp: Fix support for Multi-MSI interrupts - irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL - irqchip: nvic: Fix offset for Interrupt Priority Offsets - misc: fastrpc: fix improper packet size calculation - bpf: Add selftests to cover packet access corner cases - Linux 5.4.165 * Focal update: v5.4.164 upstream stable release (LP: #1956381) - NFSv42: Fix pagecache invalidation after COPY/CLONE - of: clk: Make self-contained - arm64: dts: mcbin: support 2W SFP modules - can: j1939: j1939_tp_cmd_recv(): check the dst address of TP.CM_BAM - gfs2: Fix length of holes reported at end-of-file - drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY - mac80211: do not access the IV when it was stripped - net/smc: Transfer remaining wait queue entries during fallback - atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait - net: return correct error code - platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep - s390/setup: avoid using memblock_enforce_memory_limit - btrfs: check-integrity: fix a warning on write caching disabled disk - thermal: core: Reset previous low and high trip during thermal zone init - scsi: iscsi: Unblock session then wake up error handler - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile - ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() - net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound - net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() - perf hist: Fix memory leak of a perf_hpp_fmt - perf report: Fix memory leaks around perf_tip() - net/smc: Avoid warning of possible recursive locking - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit - kprobes: Limit max data_size of the kretprobe instances - rt2x00: do not mark device gone on EPROTO errors during start - cpufreq: Fix get_cpu_device() failure in add_cpu_dev_symlink() - s390/pci: move pseudo-MMIO to prevent MIO overlap - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl - i2c: stm32f7: flush TX FIFO upon transfer errors - i2c: stm32f7: recover the bus on access timeout - i2c: stm32f7: stop dma transfer in case of NACK - i2c: cbus-gpio: set atomic transfer callback - natsemi: xtensa: fix section mismatch warnings - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() - net: mpls: Fix notifications when deleting a device - siphash: use _unaligned version by default - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() - selftests: net: Correct case name - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available - net: marvell: mvpp2: Fix the computation of shared CPUs - net: annotate data-races on txq->xmit_lock_owner - ipv4: convert fib_num_tclassid_users to atomic_t - net/rds: correct socket tunable error in rds_tcp_tune() - net/smc: Keep smc_close_final rc during active close - drm/msm: Do hw_init() before capturing GPU state - ipv6: fix memory leak in fib6_rule_suppress - KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register - sched/uclamp: Fix rq->uclamp_max not set on first enqueue - parisc: Fix KBUILD_IMAGE for self-extracting kernel - parisc: Fix "make install" on newer debian releases - vgacon: Propagate console boot parameters before calling `vc_resize' - xhci: Fix commad ring abort, write all 64 bits to CRCR register. - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect - x86/tsc: Add a timer to make sure TSC_adjust is always checked - x86/tsc: Disable clocksource watchdog for TSC on qualified platorms - x86/64/mm: Map all kernel memory into trampoline_pgd - tty: serial: msm_serial: Deactivate RX DMA for polling support - serial: pl011: Add ACPI SBSA UART match id - serial: core: fix transmit-buffer reset and memleak - serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array - serial: 8250_pci: rewrite pericom_do_set_divisor() - iwlwifi: mvm: retry init flow if failed - parisc: Mark cr16 CPU clocksource unstable on all SMP machines - net/tls: Fix authentication failure in CCM mode - Linux 5.4.164 * Focal update: v5.4.163 upstream stable release (LP: #1956380) - USB: serial: option: add Telit LE910S1 0x9200 composition - USB: serial: option: add Fibocom FM101-GL variants - usb: dwc2: gadget: Fix ISOC flow for elapsed frames - usb: dwc2: hcd_queue: Fix use of floating point literal - net: nexthop: fix null pointer dereference when IPv6 is not enabled - usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts - usb: hub: Fix usb enumeration issue due to address0 race - usb: hub: Fix locking issues with address0_mutex - binder: fix test regression due to sender_euid change - ALSA: ctxfi: Fix out-of-range access - media: cec: copy sequence field for the reply - HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts - staging/fbtft: Fix backlight - staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() - xen: don't continue xenstore initialization in case of errors - xen: detect uninitialized xenbus in xenbus_init - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB - tracing/uprobe: Fix uprobe_perf_open probes iteration - tracing: Fix pid filtering when triggers are attached - mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB - mdio: aspeed: Fix "Link is Down" issue - PCI: aardvark: Deduplicate code in advk_pcie_rd_conf() - PCI: aardvark: Wait for endpoint to be ready before training link - PCI: aardvark: Fix big endian support - PCI: aardvark: Train link immediately after enabling training - PCI: aardvark: Improve link training - PCI: aardvark: Issue PERST via GPIO - PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros - PCI: aardvark: Don't touch PCIe registers if no card connected - PCI: aardvark: Fix compilation on s390 - PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() - PCI: aardvark: Update comment about disabling link training - PCI: pci-bridge-emul: Fix array overruns, improve safety - PCI: aardvark: Configure PCIe resources from 'ranges' DT property - PCI: aardvark: Fix PCIe Max Payload Size setting - PCI: aardvark: Implement re-issuing config requests on CRS response - PCI: aardvark: Simplify initialization of rootcap on virtual bridge - PCI: aardvark: Fix link training - PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated bridge - PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge - PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge - pinctrl: armada-37xx: Correct PWM pins definitions - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function - proc/vmcore: fix clearing user buffer by properly using clear_user() - netfilter: ipvs: Fix reuse connection if RS weight is 0 - ARM: dts: BCM5301X: Fix I2C controller interrupt - ARM: dts: BCM5301X: Add interrupt properties to GPIO node - ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls - net: ieee802154: handle iftypes as u32 - firmware: arm_scmi: pm: Propagate return value to caller - NFSv42: Don't fail clone() unless the OP_CLONE operation failed - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE - scsi: mpt3sas: Fix kernel panic during drive powercycle test - drm/vc4: fix error code in vc4_create_object() - iavf: Prevent changing static ITR values if adaptive moderation is on - ipv6: fix typos in __ip6_finish_output() - nfp: checking parameter process for rx-usecs/tx-usecs is invalid - net: ipv6: add fib6_nh_release_dsts stub - net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING - net/smc: Ensure the active closing peer first closes clcsock - nvmet-tcp: fix incomplete data digest send - net/ncsi : Add payload to be 32-bit aligned to fix dropped packets - PM: hibernate: use correct mode for swsusp_close() - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows - nvmet: use IOCB_NOWAIT only if the filesystem supports it - igb: fix netpoll exit with traffic - MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 - net: vlan: fix underflow for the real_dev refcnt - net/smc: Don't call clcsock shutdown twice when smc shutdown - net: hns3: fix VF RSS failed problem after PF enable multi-TCs - net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool - f2fs: set SBI_NEED_FSCK flag when inconsistent node block found - smb3: do not error on fsync when readonly - vhost/vsock: fix incorrect used length reported to the guest - tracing: Check pid filtering when creating events - s390/mm: validate VMA in PGSTE manipulation functions - shm: extend forced shm destroy to support objects from several IPC nses - NFC: add NCI_UNREG flag to eliminate the race - fuse: release pipe buf after last use - xen: sync include/xen/interface/io/ring.h with Xen's newest version - xen/blkfront: read response from backend only once - xen/blkfront: don't take local copy of a request from the ring page - xen/blkfront: don't trust the backend response data blindly - xen/netfront: read response from backend only once - xen/netfront: don't read data from request on the ring page - xen/netfront: disentangle tx_skb_freelist - xen/netfront: don't trust the backend response data blindly - tty: hvc: replace BUG_ON() with negative return value - Linux 5.4.163 * net/mlx5e: EPERM on vlan 0 programming (LP: #1957753) - net/mlx5e: Unblock setting vid 0 for VF in case PF isn't eswitch manager * CVE-2021-4083 - fget: check that the fd still exists after getting a ref to it * CVE-2021-4155 - xfs: map unwritten blocks in XFS_IOC_{ALLOC, FREE}SP just like fallocate -- Krzysztof Kozlowski