Bug #1931584 “PKA: Fix NULL pointer kfree() issue” : Focal (20.04) : Bugs : linux-bluefield package : Ubuntu

Stefan Bader (smb) on 2021-06-11

Changed in linux-bluefield (Ubuntu Focal):
assignee:	nobody → Mahantesh Salimath (mahantesh92)
importance:	Undecided → Medium
status:	New → In Progress
Changed in linux-bluefield (Ubuntu):
status:	New → Invalid

Tim Gardner (timg-tpi) on 2021-06-22

Changed in linux-bluefield (Ubuntu Focal):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2021-07-02:

#1

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Mahantesh Salimath (mahantesh92) on 2021-07-06

tags:

added: verification-done-focal
removed: verification-needed-focal

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-07-20:

#2

Download full text (28.8 KiB)

This bug was fixed in the package linux-bluefield - 5.4.0-1016.19

---------------
linux-bluefield (5.4.0-1016.19) focal; urgency=medium

[ Ubuntu: 5.4.0-80.90 ]

* CVE-2021-33909
- SAUCE: seq_file: Disallow extremely large seq buffer allocations

linux-bluefield (5.4.0-1015.18) focal; urgency=medium

* focal/linux-bluefield: 5.4.0-1015.18 -proposed tracker (LP: #1934322)

[ Ubuntu: 5.4.0-79.88 ]

  * focal/linux: 5.4.0-79.88 -proposed tracker (LP: #1934343)
  * lxd exec fails (LP: #1934187)
    - SAUCE: Revert "proc: Check /proc/$pid/attr/ writes against file opener"

linux-bluefield (5.4.0-1014.17) focal; urgency=medium

* focal/linux-bluefield: 5.4.0-1014.17 -proposed tracker (LP: #1932457)

* Change CONFIG_NF_CONNTRACK to y (LP: #1932042)
- [Config] CONFIG_NF_CONNTRACK=y

* Enable features for supporting PXE installer (LP: #1932035)
- [Config] enable ISO9660, bcache, and zfs support

* PKA: Fix NULL pointer kfree() issue (LP: #1931584)
- pka: Fix NULL pointer kfree() issue

[ Ubuntu: 5.4.0-78.87 ]

  * focal/linux: 5.4.0-78.87 -proposed tracker (LP: #1932478)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
    - update dkms package versions
  * Disable hv-kvp-daemon.service on certain instance types (LP: #1932081)
    - [Packaging]: Add kernel command line condition to hv-kvp-daemon service
  * QLogic Direct-Connect host can't discover SCSI-FC or NVMe/FC devices
    (LP: #1860724)
    - scsi: qla2xxx: Serialize fc_port alloc in N2N
    - scsi: qla2xxx: Set Nport ID for N2N
    - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue
    - scsi: qla2xxx: Fix N2N and NVMe connect retry failure
  * [SRU] Add support for E810 NIC to Ice Driver in Focal (LP: #1912511)
    - ice: add additional E810 device id
  * Focal update: v5.4.124 upstream stable release (LP: #1931166)
    - ALSA: hda/realtek: Headphone volume is controlled by Front mixer
    - ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci
    - ALSA: usb-audio: scarlett2: Improve driver startup messages
    - cifs: set server->cipher_type to AES-128-CCM for SMB3.0
    - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
    - iommu/vt-d: Fix sysfs leak in alloc_iommu()
    - perf intel-pt: Fix sample instruction bytes
    - perf intel-pt: Fix transaction abort handling
    - perf scripts python: exported-sql-viewer.py: Fix copy to clipboard from Top
      Calls by elapsed Time report
    - perf scripts python: exported-sql-viewer.py: Fix Array TypeError
    - perf scripts python: exported-sql-viewer.py: Fix warning display
    - proc: Check /proc/$pid/attr/ writes against file opener
    - net: hso: fix control-request directions
    - ath10k: Validate first subframe of A-MSDU before processing the list
    - dm snapshot: properly fix a crash when an origin has no snapshots
    - drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate
    - drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate
    - drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate
    - selftests/gpio: Use TEST_GEN_PROGS_EXTENDED
    - selftests/gpi...

This bug was fixed in the package linux-bluefield - 5.4.0-1016.19

---------------
linux-bluefield (5.4.0-1016.19) focal; urgency=medium

[ Ubuntu: 5.4.0-80.90 ]

* CVE-2021-33909
    - SAUCE: seq_file: Disallow extremely large seq buffer allocations

linux-bluefield (5.4.0-1015.18) focal; urgency=medium

* focal/linux-bluefield: 5.4.0-1015.18 -proposed tracker (LP: #1934322)

[ Ubuntu: 5.4.0-79.88 ]

* focal/linux: 5.4.0-79.88 -proposed tracker (LP: #1934343)
  * lxd exec fails (LP: #1934187)
    - SAUCE: Revert "proc: Check /proc/$pid/attr/ writes against file opener"

linux-bluefield (5.4.0-1014.17) focal; urgency=medium

* focal/linux-bluefield: 5.4.0-1014.17 -proposed tracker (LP: #1932457)

* Change CONFIG_NF_CONNTRACK to y (LP: #1932042)
    - [Config] CONFIG_NF_CONNTRACK=y

* Enable features for supporting PXE installer (LP: #1932035)
    - [Config] enable ISO9660, bcache, and zfs support

* PKA: Fix NULL pointer kfree() issue (LP: #1931584)
    - pka: Fix NULL pointer kfree() issue

[ Ubuntu: 5.4.0-78.87 ]

* focal/linux: 5.4.0-78.87 -proposed tracker (LP: #1932478)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
    - update dkms package versions
  * Disable hv-kvp-daemon.service on certain instance types (LP: #1932081)
    - [Packaging]: Add kernel command line condition to hv-kvp-daemon service
  * QLogic Direct-Connect host can't discover SCSI-FC or NVMe/FC devices
    (LP: #1860724)
    - scsi: qla2xxx: Serialize fc_port alloc in N2N
    - scsi: qla2xxx: Set Nport ID for N2N
    - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue
    - scsi: qla2xxx: Fix N2N and NVMe connect retry failure
  * [SRU] Add support for E810 NIC to Ice Driver in Focal (LP: #1912511)
    - ice: add additional E810 device id
  * Focal update: v5.4.124 upstream stable release (LP: #1931166)
    - ALSA: hda/realtek: Headphone volume is controlled by Front mixer
    - ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci
    - ALSA: usb-audio: scarlett2: Improve driver startup messages
    - cifs: set server->cipher_type to AES-128-CCM for SMB3.0
    - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
    - iommu/vt-d: Fix sysfs leak in alloc_iommu()
    - perf intel-pt: Fix sample instruction bytes
    - perf intel-pt: Fix transaction abort handling
    - perf scripts python: exported-sql-viewer.py: Fix copy to clipboard from Top
      Calls by elapsed Time report
    - perf scripts python: exported-sql-viewer.py: Fix Array TypeError
    - perf scripts python: exported-sql-viewer.py: Fix warning display
    - proc: Check /proc/$pid/attr/ writes against file opener
    - net: hso: fix control-request directions
    - ath10k: Validate first subframe of A-MSDU before processing the list
    - dm snapshot: properly fix a crash when an origin has no snapshots
    - drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate
    - drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate
    - drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate
    - selftests/gpio: Use TEST_GEN_PROGS_EXTENDED
    - selftests/gpio: Move include of lib.mk up
    - selftests/gpio: Fix build when source tree is read only
    - kgdb: fix gcc-11 warnings harder
    - Documentation: seccomp: Fix user notification documentation
    - serial: core: fix suspicious security_locked_down() call
    - misc/uss720: fix memory leak in uss720_probe
    - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue
    - mei: request autosuspend after sending rx flow control
    - staging: iio: cdc: ad7746: avoid overwrite of num_channels
    - iio: gyro: fxas21002c: balance runtime power in error path
    - iio: adc: ad7768-1: Fix too small buffer passed to
      iio_push_to_buffers_with_timestamp()
    - iio: adc: ad7124: Fix missbalanced regulator enable / disable on error.
    - iio: adc: ad7124: Fix potential overflow due to non sequential channel
      numbers
    - iio: adc: ad7793: Add missing error code in ad7793_setup()
    - serial: 8250_pci: Add support for new HPE serial device
    - serial: 8250_pci: handle FL_NOIRQ board flag
    - USB: trancevibrator: fix control-request direction
    - USB: usbfs: Don't WARN about excessively large memory allocations
    - serial: tegra: Fix a mask operation that is always true
    - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting
    - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
    - USB: serial: ti_usb_3410_5052: add startech.com device id
    - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011
    - USB: serial: ftdi_sio: add IDs for IDS GmbH Products
    - USB: serial: pl2303: add device id for ADLINK ND-6530 GC
    - thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID
    - usb: dwc3: gadget: Properly track pending and queued SG
    - usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen()
    - net: usb: fix memory leak in smsc75xx_bind
    - spi: spi-geni-qcom: Fix use-after-free on unbind
    - Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
    - fs/nfs: Use fatal_signal_pending instead of signal_pending
    - NFS: fix an incorrect limit in filelayout_decode_layout()
    - NFS: Fix an Oopsable condition in __nfs_pageio_add_request()
    - NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
    - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
    - drm/meson: fix shutdown crash when component not probed
    - net/mlx5e: Fix multipath lag activation
    - net/mlx5e: Fix nullptr in add_vlan_push_action()
    - net/mlx4: Fix EEPROM dump support
    - Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv"
    - tipc: wait and exit until all work queues are done
    - tipc: skb_linearize the head skb when reassembling msgs
    - spi: spi-fsl-dspi: Fix a resource leak in an error handling path
    - net: dsa: mt7530: fix VLAN traffic leaks
    - net: dsa: fix a crash if ->get_sset_count() fails
    - net: dsa: sja1105: error out on unsupported PHY mode
    - i2c: s3c2410: fix possible NULL pointer deref on read message after write
    - i2c: i801: Don't generate an interrupt on bus reset
    - i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E
    - perf jevents: Fix getting maximum number of fds
    - platform/x86: hp_accel: Avoid invoking _INI to speed up resume
    - gpio: cadence: Add missing MODULE_DEVICE_TABLE
    - Revert "media: usb: gspca: add a missed check for goto_low_power"
    - Revert "ALSA: sb: fix a missing check of snd_ctl_add"
    - Revert "serial: max310x: pass return value of spi_register_driver"
    - serial: max310x: unregister uart driver in case of failure and abort
    - Revert "net: fujitsu: fix a potential NULL pointer dereference"
    - net: fujitsu: fix potential null-ptr-deref
    - Revert "net/smc: fix a NULL pointer dereference"
    - net: caif: remove BUG_ON(dev == NULL) in caif_xmit
    - Revert "char: hpet: fix a missing check of ioremap"
    - char: hpet: add checks after calling ioremap
    - Revert "ALSA: gus: add a check of the status of snd_ctl_add"
    - Revert "ALSA: usx2y: Fix potential NULL pointer dereference"
    - Revert "isdn: mISDNinfineon: fix potential NULL pointer dereference"
    - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io
    - Revert "ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()"
    - ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()
    - Revert "isdn: mISDN: Fix potential NULL pointer dereference of kzalloc"
    - isdn: mISDN: correctly handle ph_info allocation failure in hfcsusb_ph_info
    - Revert "dmaengine: qcom_hidma: Check for driver register failure"
    - dmaengine: qcom_hidma: comment platform_driver_register call
    - Revert "libertas: add checks for the return value of sysfs_create_group"
    - libertas: register sysfs groups properly
    - Revert "ASoC: cs43130: fix a NULL pointer dereference"
    - ASoC: cs43130: handle errors in cs43130_probe() properly
    - Revert "media: dvb: Add check on sp8870_readreg"
    - media: dvb: Add check on sp8870_readreg return
    - Revert "media: gspca: mt9m111: Check write_bridge for timeout"
    - media: gspca: mt9m111: Check write_bridge for timeout
    - Revert "media: gspca: Check the return value of write_bridge for timeout"
    - media: gspca: properly check for errors in po1030_probe()
    - Revert "net: liquidio: fix a NULL pointer dereference"
    - net: liquidio: Add missing null pointer checks
    - Revert "brcmfmac: add a check for the status of usb_register"
    - brcmfmac: properly check for bus register errors
    - btrfs: return whole extents in fiemap
    - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
    - openrisc: Define memory barrier mb
    - btrfs: do not BUG_ON in link_to_fixup_dir
    - platform/x86: hp-wireless: add AMD's hardware id to the supported list
    - platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI
    - platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700
      tablet
    - SMB3: incorrect file id in requests compounded with open
    - drm/amd/display: Disconnect non-DP with no EDID
    - drm/amd/amdgpu: fix refcount leak
    - drm/amdgpu: Fix a use-after-free
    - drm/amd/amdgpu: fix a potential deadlock in gpu reset
    - net: netcp: Fix an error message
    - net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count
    - ASoC: cs42l42: Regmap must use_single_read/write
    - vfio-ccw: Check initialized flag in cp_init()
    - net: really orphan skbs tied to closing sk
    - net: fec: fix the potential memory leak in fec_enet_init()
    - net: mdio: thunder: Fix a double free issue in the .remove function
    - net: mdio: octeon: Fix some double free issues
    - openvswitch: meter: fix race when getting now_ms.
    - tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT
    - net: sched: fix packet stuck problem for lockless qdisc
    - net: sched: fix tx action rescheduling issue during deactivation
    - net: sched: fix tx action reschedule issue with stopped queue
    - net: hso: check for allocation failure in hso_create_bulk_serial_device()
    - net: bnx2: Fix error return code in bnx2_init_board()
    - bnxt_en: Include new P5 HV definition in VF check.
    - mld: fix panic in mld_newpack()
    - gve: Check TX QPL was actually assigned
    - gve: Update mgmt_msix_idx if num_ntfy changes
    - gve: Add NULL pointer checks when freeing irqs.
    - gve: Upgrade memory barrier in poll routine
    - gve: Correct SKB queue index validation.
    - cxgb4: avoid accessing registers when clearing filters
    - staging: emxx_udc: fix loop in _nbu2ss_nuke()
    - ASoC: cs35l33: fix an error code in probe()
    - bpf: Set mac_len in bpf_skb_change_head
    - ixgbe: fix large MTU request from VF
    - scsi: libsas: Use _safe() loop in sas_resume_port()
    - net: lantiq: fix memory corruption in RX ring
    - ipv6: record frag_max_size in atomic fragments in input path
    - ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be
      static
    - net: ethernet: mtk_eth_soc: Fix packet statistics support for MT7628/88
    - sch_dsmark: fix a NULL deref in qdisc_reset()
    - MIPS: alchemy: xxs1500: add gpio-au1000.h header file
    - MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c
    - drm/i915/display: fix compiler warning about array overrun
    - i915: fix build warning in intel_dp_get_link_status()
    - drivers/net/ethernet: clean up unused assignments
    - net: hns3: check the return of skb_checksum_help()
    - Revert "Revert "ALSA: usx2y: Fix potential NULL pointer dereference""
    - net: hso: bail out on interrupt URB allocation failure
    - neighbour: Prevent Race condition in neighbour subsytem
    - usb: core: reduce power-on-good delay time of root hub
    - Linux 5.4.124
  * Focal update: v5.4.123 upstream stable release (LP: #1931160)
    - usb: dwc3: gadget: Enable suspend events
    - perf unwind: Fix separate debug info files when using elfutils' libdw's
      unwinder
    - perf unwind: Set userdata for all __report_module() paths
    - NFC: nci: fix memory leak in nci_allocate_device
    - Linux 5.4.123
  * Focal update: v5.4.122 upstream stable release (LP: #1931159)
    - firmware: arm_scpi: Prevent the ternary sign expansion bug
    - openrisc: Fix a memory leak
    - RDMA/siw: Properly check send and receive CQ pointers
    - RDMA/siw: Release xarray entry
    - RDMA/rxe: Clear all QP fields if creation failed
    - scsi: ufs: core: Increase the usable queue depth
    - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword()
    - RDMA/mlx5: Recover from fatal event in dual port mode
    - RDMA/core: Don't access cm_id after its destruction
    - platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue
    - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
    - RDMA/uverbs: Fix a NULL vs IS_ERR() bug
    - ptrace: make ptrace() fail if the tracee changed its pid unexpectedly
    - nvmet: seset ns->file when open fails
    - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal
    - btrfs: avoid RCU stalls while running delayed iputs
    - cifs: fix memory leak in smb2_copychunk_range
    - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high
      sampling transfer frequency
    - ALSA: intel8x0: Don't update period unless prepared
    - ALSA: line6: Fix racy initialization of LINE6 MIDI
    - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26
    - ALSA: firewire-lib: fix calculation for size of IR context payload
    - ALSA: usb-audio: Validate MS endpoint descriptors
    - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro
    - ALSA: hda: fixup headset for ASUS GU502 laptop
    - Revert "ALSA: sb8: add a check for request_region"
    - ALSA: firewire-lib: fix check for the size of isochronous packet payload
    - ALSA: hda/realtek: reset eapd coeff to default value for alc287
    - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293
    - ALSA: hda/realtek: Fix silent headphone output on ASUS UX430UA
    - ALSA: hda/realtek: Add fixup for HP OMEN laptop
    - ALSA: hda/realtek: Add fixup for HP Spectre x360 15-df0xxx
    - uio_hv_generic: Fix a memory leak in error handling paths
    - Revert "rapidio: fix a NULL pointer dereference when create_workqueue()
      fails"
    - rapidio: handle create_workqueue() failure
    - Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer
      dereference"
    - drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang
    - drm/amdgpu: update gc golden setting for Navi12
    - drm/amdgpu: update sdma golden setting for Navi12
    - mmc: sdhci-pci-gli: increase 1.8V regulator wait
    - xen-pciback: reconfigure also from backend watch handler
    - dm snapshot: fix crash with transient storage and zero chunk size
    - Revert "video: hgafb: fix potential NULL pointer dereference"
    - Revert "net: stmicro: fix a missing check of clk_prepare"
    - Revert "leds: lp5523: fix a missing check of return value of lp55xx_read"
    - Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe"
    - Revert "video: imsttfb: fix potential NULL pointer dereferences"
    - Revert "ecryptfs: replace BUG_ON with error handling code"
    - Revert "scsi: ufs: fix a missing check of devm_reset_control_get"
    - Revert "gdrom: fix a memory leak bug"
    - cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom
    - cdrom: gdrom: initialize global variable at init time
    - Revert "media: rcar_drif: fix a memory disclosure"
    - Revert "rtlwifi: fix a potential NULL pointer dereference"
    - Revert "qlcnic: Avoid potential NULL pointer dereference"
    - Revert "niu: fix missing checks of niu_pci_eeprom_read"
    - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
    - net: stmicro: handle clk_prepare() failure during init
    - scsi: ufs: handle cleanup correctly on devm_reset_control_get error
    - net: rtlwifi: properly check for alloc_workqueue() failure
    - ics932s401: fix broken handling of errors when word reading fails
    - leds: lp5523: check return value of lp5xx_read and jump to cleanup code
    - qlcnic: Add null check after calling netdev_alloc_skb
    - video: hgafb: fix potential NULL pointer dereference
    - vgacon: Record video mode changes with VT_RESIZEX
    - vt: Fix character height handling with VT_RESIZEX
    - tty: vt: always invoke vc->vc_sw->con_resize callback
    - nvme-multipath: fix double initialization of ANA state
    - ext4: fix error handling in ext4_end_enable_verity()
    - Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS
    - nvmet: use new ana_log_size instead the old one
    - video: hgafb: correctly handle card detect failure during probe
    - Bluetooth: SMP: Fail if remote and local public keys are identical
    - Linux 5.4.122
  * Focal update: v5.4.121 upstream stable release (LP: #1931158)
    - x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes
    - kgdb: fix gcc-11 warning on indentation
    - usb: sl811-hcd: improve misleading indentation
    - cxgb4: Fix the -Wmisleading-indentation warning
    - isdn: capi: fix mismatched prototypes
    - pinctrl: ingenic: Improve unreachable code generation
    - xsk: Simplify detection of empty and full rings
    - virtio_net: Do not pull payload in skb->head
    - PCI: thunder: Fix compile testing
    - dmaengine: dw-edma: Fix crash on loading/unloading driver
    - ARM: 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend()
    - ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
    - Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated
      devices
    - Input: silead - add workaround for x86 BIOS-es which bring the chip up in a
      stuck state
    - um: Mark all kernel symbols as local
    - um: Disable CONFIG_GCOV with MODULES
    - ARM: 9075/1: kernel: Fix interrupted SMC calls
    - scripts/recordmcount.pl: Fix RISC-V regex for clang
    - riscv: Workaround mcount name prior to clang-13
    - scsi: lpfc: Fix illegal memory access on Abort IOCBs
    - ceph: fix fscache invalidation
    - scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not
      found
    - bridge: Fix possible races between assigning rx_handler_data and setting
      IFF_BRIDGE_PORT bit
    - drm/amd/display: Fix two cursor duplication when using overlay
    - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055
    - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
    - block: reexpand iov_iter after read/write
    - lib: stackdepot: turn depot_lock spinlock to raw_spinlock
    - net: stmmac: Do not enable RX FIFO overflow interrupts
    - ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
    - sit: proper dev_{hold|put} in ndo_[un]init methods
    - ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
    - ipv6: remove extra dev_hold() for fallback tunnels
    - KVM: arm64: Initialize VCPU mdcr_el2 before loading it
    - tweewide: Fix most Shebang lines
    - scripts: switch explicitly to Python 3
    - Linux 5.4.121
  * Focal update: v5.4.120 upstream stable release (LP: #1930474)
    - tpm: fix error return code in tpm2_get_cc_attrs_tbl()
    - tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt()
    - tpm, tpm_tis: Reserve locality in tpm_tis_resume()
    - KVM: x86/mmu: Remove the defunct update_pte() paging hook
    - PM: runtime: Fix unpaired parent child_count for force_resume
    - fs: dlm: fix debugfs dump
    - tipc: convert dest node's address to network order
    - ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF
    - net: stmmac: Set FIFO sizes for ipq806x
    - ASoC: rsnd: core: Check convert rate in rsnd_hw_params
    - i2c: bail out early when RDWR parameters are wrong
    - ALSA: hdsp: don't disable if not enabled
    - ALSA: hdspm: don't disable if not enabled
    - ALSA: rme9652: don't disable if not enabled
    - ALSA: bebob: enable to deliver MIDI messages for multiple ports
    - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
    - Bluetooth: initialize skb_queue_head at l2cap_chan_create()
    - net: bridge: when suppression is enabled exclude RARP packets
    - Bluetooth: check for zapped sk before connecting
    - ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet
    - i2c: Add I2C_AQ_NO_REP_START adapter quirk
    - mac80211: clear the beacon's CRC after channel switch
    - pinctrl: samsung: use 'int' for register masks in Exynos
    - mt76: mt76x0: disable GTK offloading
    - cuse: prevent clone
    - ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init()
    - Revert "iommu/amd: Fix performance counter initialization"
    - iommu/amd: Remove performance counter pre-initialization test
    - drm/amd/display: Force vsync flip when reconfiguring MPCC
    - selftests: Set CC to clang in lib.mk if LLVM is set
    - kconfig: nconf: stop endless search loops
    - ALSA: hda/hdmi: fix race in handling acomp ELD notification at resume
    - sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
    - flow_dissector: Fix out-of-bounds warning in __skb_flow_bpf_to_target()
    - powerpc/smp: Set numa node before updating mask
    - ASoC: rt286: Generalize support for ALC3263 codec
    - ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user()
    - net: sched: tapr: prevent cycle_time == 0 in parse_taprio_schedule
    - samples/bpf: Fix broken tracex1 due to kprobe argument change
    - powerpc/pseries: Stop calling printk in rtas_stop_self()
    - drm/amd/display: fixed divide by zero kernel crash during dsc enablement
    - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
    - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
    - qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth
    - powerpc/iommu: Annotate nested lock for lockdep
    - iavf: remove duplicate free resources calls
    - net: ethernet: mtk_eth_soc: fix RX VLAN offload
    - bnxt_en: Add PCI IDs for Hyper-V VF devices.
    - ia64: module: fix symbolizer crash on fdescr
    - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable
    - thermal: thermal_of: Fix error return code of
      thermal_of_populate_bind_params()
    - f2fs: fix a redundant call to f2fs_balance_fs if an error occurs
    - PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc()
    - PCI: Release OF node in pci_scan_device()'s error path
    - ARM: 9064/1: hw_breakpoint: Do not directly check the event's
      overflow_handler hook
    - rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data()
    - NFSv4.2: Always flush out writes in nfs42_proc_fallocate()
    - NFS: Deal correctly with attribute generation counter overflow
    - PCI: endpoint: Fix missing destroy_workqueue()
    - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
    - NFSv4.2 fix handling of sr_eof in SEEK's reply
    - rtc: fsl-ftm-alarm: add MODULE_TABLE()
    - ceph: fix inode leak on getattr error in __fh_to_dentry
    - rtc: ds1307: Fix wday settings for rx8130
    - net: hns3: fix incorrect configuration for igu_egu_hw_err
    - net: hns3: initialize the message content in hclge_get_link_mode()
    - net: hns3: add check for HNS3_NIC_STATE_INITED in
      hns3_reset_notify_up_enet()
    - net: hns3: fix for vxlan gpe tx checksum bug
    - net: hns3: use netif_tx_disable to stop the transmit queue
    - net: hns3: disable phy loopback setting in hclge_mac_start_phy
    - sctp: do asoc update earlier in sctp_sf_do_dupcook_a
    - RISC-V: Fix error code returned by riscv_hartid_to_cpuid()
    - sunrpc: Fix misplaced barrier in call_decode
    - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
    - sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b
    - netfilter: xt_SECMARK: add new revision to fix structure layout
    - drm/radeon: Fix off-by-one power_state index heap overwrite
    - drm/radeon: Avoid power table parsing memory leaks
    - khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate()
    - mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts()
    - mm/migrate.c: fix potential indeterminate pte entry in
      migrate_vma_insert_page()
    - ksm: fix potential missing rmap_item for stable_node
    - net: fix nla_strcmp to handle more then one trailing null character
    - smc: disallow TCP_ULP in smc_setsockopt()
    - netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check
    - can: m_can: m_can_tx_work_queue(): fix tx_skb race condition
    - sched: Fix out-of-bound access in uclamp
    - sched/fair: Fix unfairness caused by missing load decay
    - kernel: kexec_file: fix error return code of kexec_calculate_store_digests()
    - netfilter: nftables: avoid overflows in nft_hash_buckets()
    - i40e: Fix use-after-free in i40e_client_subtask()
    - i40e: fix the restart auto-negotiation after FEC modified
    - i40e: Fix PHY type identifiers for 2.5G and 5G adapters
    - ARC: entry: fix off-by-one error in syscall number validation
    - ARC: mm: PAE: use 40-bit physical page mask
    - powerpc/64s: Fix crashes when toggling stf barrier
    - powerpc/64s: Fix crashes when toggling entry flush barrier
    - hfsplus: prevent corruption in shrinking truncate
    - squashfs: fix divide error in calculate_skip()
    - userfaultfd: release page in error path to avoid BUG_ON
    - mm/hugetlb: fix F_SEAL_FUTURE_WRITE
    - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors
      are connected
    - drm/i915: Avoid div-by-zero on gen2
    - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error
    - usb: fotg210-hcd: Fix an error message
    - hwmon: (occ) Fix poll rate limiting
    - ACPI: scan: Fix a memory leak in an error handling path
    - kyber: fix out of bounds access when preempted
    - nbd: Fix NULL pointer in flush_workqueue
    - blk-mq: Swap two calls in blk_mq_exit_queue()
    - iomap: fix sub-page uptodate handling
    - usb: dwc3: omap: improve extcon initialization
    - usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield
    - usb: xhci: Increase timeout for HC halt
    - usb: dwc2: Fix gadget DMA unmap direction
    - usb: core: hub: fix race condition about TRSMRCY of resume
    - usb: dwc3: gadget: Return success always for kick transfer in ep queue
    - xhci: Do not use GFP_KERNEL in (potentially) atomic context
    - xhci: Add reset resume quirk for AMD xhci controller.
    - iio: gyro: mpu3050: Fix reported temperature value
    - iio: tsl2583: Fix division by a zero lux_val
    - cdc-wdm: untangle a circular dependency between callback and softint
    - KVM: x86: Cancel pvclock_gtod_work on module removal
    - mm: fix struct page layout on 32-bit systems
    - FDDI: defxx: Make MMIO the configuration default except for EISA
    - MIPS: Reinstate platform `__div64_32' handler
    - MIPS: Avoid DIVU in `__div64_32' is result would be zero
    - MIPS: Avoid handcoded DIVU in `__div64_32' altogether
    - thermal/core/fair share: Lock the thermal zone while looping over instances
    - f2fs: fix error handling in f2fs_end_enable_verity()
    - ARM: 9011/1: centralize phys-to-virt conversion of DT/ATAGS address
    - ARM: 9012/1: move device tree mapping out of linear region
    - ARM: 9020/1: mm: use correct section size macro to describe the FDT virtual
      address
    - ARM: 9027/1: head.S: explicitly map DT even if it lives in the first
      physical section
    - usb: typec: tcpm: Fix error while calculating PPS out values
    - kobject_uevent: remove warning in init_uevent_argv()
    - netfilter: conntrack: Make global sysctls readonly in non-init netns
    - clk: exynos7: Mark aclk_fsys1_200 as critical
    - nvme: do not try to reconfigure APST when the controller is not live
    - ASoC: rsnd: check all BUSIF status when error
    - Linux 5.4.120
  * scsi: storvsc: Parameterize number hardware queues (LP: #1930626)
    - scsi: storvsc: Parameterize number hardware queues

[ Ubuntu: 5.4.0-77.86 ]

* UAF on CAN J1939 j1939_can_recv (LP: #1932209)
    - SAUCE: can: j1939: delay release of j1939_priv after synchronize_rcu
  * UAF on CAN BCM bcm_rx_handler (LP: #1931855)
    - SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu

[ Ubuntu: 5.4.0-76.85 ]

* focal/linux: 5.4.0-76.85 -proposed tracker (LP: #1932123)
  * Upstream v5.9 introduced 'module' patches that removed exported symbols
    (LP: #1932065)
    - SAUCE: Revert "modules: inherit TAINT_PROPRIETARY_MODULE"
    - SAUCE: Revert "modules: return licensing information from find_symbol"
    - SAUCE: Revert "modules: rename the licence field in struct symsearch to
      license"
    - SAUCE: Revert "modules: unexport __module_address"
    - SAUCE: Revert "modules: unexport __module_text_address"
    - SAUCE: Revert "modules: mark each_symbol_section static"
    - SAUCE: Revert "modules: mark find_symbol static"
    - SAUCE: Revert "modules: mark ref_module static"

-- Marcelo Henrique Cerri <marcelo.cerri@canonical.com>  Thu, 15 Jul 2021 11:32:35 -0300

Changed in linux-bluefield (Ubuntu Focal):
status:	Fix Committed → Fix Released

Ubuntu
linux-bluefield package

PKA: Fix NULL pointer kfree() issue

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Affects		Status	Importance	Assigned to	Milestone
	linux-bluefield (Ubuntu)	Invalid	Undecided	Unassigned
	Focal	Fix Released	Medium	Mahantesh Salimath

Ubuntulinux-bluefield package