← Back to team overview

canonical-hw-cert team mailing list archive

[Bug 1979473] Re: focal/linux-gkeop: 5.4.0-1049.52 -proposed tracker

 

This bug was fixed in the package linux-gkeop - 5.4.0-1049.52

---------------
linux-gkeop (5.4.0-1049.52) focal; urgency=medium

  * focal/linux-gkeop: 5.4.0-1049.52 -proposed tracker (LP: #1979473)

  * Miscellaneous Ubuntu changes
    - [config] Update configs after rebase

  [ Ubuntu: 5.4.0-122.138 ]

  * focal/linux: 5.4.0-122.138 -proposed tracker (LP: #1979489)
  * Remove SAUCE patches from test_vxlan_under_vrf.sh in net of
    ubuntu_kernel_selftests (LP: #1975691)
    - Revert "UBUNTU: SAUCE: selftests: net: Don't fail test_vxlan_under_vrf on
      xfail"
    - Revert "UBUNTU: SAUCE: selftests: net: Make test for VXLAN underlay in non-
      default VRF an expected failure"
  * Enable Asus USB-BT500 Bluetooth dongle(0b05:190e) (LP: #1976613)
    - Bluetooth: btusb: Add flag to define wideband speech capability
    - Bluetooth: btrtl: Add support for RTL8761B
    - Bluetooth: btusb: Add 0x0b05:0x190e Realtek 8761BU (ASUS BT500) device.
  * [UBUNTU 20.04] rcu stalls with many storage key guests (LP: #1975582)
    - s390/gmap: voluntarily schedule during key setting
    - s390/mm: use non-quiescing sske for KVM switch to keyed guest
  * Ubuntu 5.4.0-117.132-generic 5.4.189 has BUG: kernel NULL pointer
    dereference, address: 0000000000000034 (LP: #1978719)
    - mm: rmap: explicitly reset vma->anon_vma in unlink_anon_vmas()
  * Focal update: upstream stable patchset v5.4.192 (LP: #1979014)
    - floppy: disable FDRAWCMD by default
    - [Config] updateconfigs for BLK_DEV_FD_RAWCMD
    - hamradio: defer 6pack kfree after unregister_netdev
    - hamradio: remove needs_free_netdev to avoid UAF
    - lightnvm: disable the subsystem
    - [Config] updateconfigs for NVM, NVM_PBLK
    - usb: mtu3: fix USB 3.0 dual-role-switch from device to host
    - USB: quirks: add a Realtek card reader
    - USB: quirks: add STRING quirk for VCOM device
    - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
    - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
    - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
    - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
    - xhci: stop polling roothubs after shutdown
    - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
    - iio: dac: ad5592r: Fix the missing return value.
    - iio: dac: ad5446: Fix read_raw not returning set value
    - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
    - usb: misc: fix improper handling of refcount in uss720_probe()
    - usb: typec: ucsi: Fix role swapping
    - usb: gadget: uvc: Fix crash when encoding data for usb request
    - usb: gadget: configfs: clear deactivation flag in
      configfs_composite_unbind()
    - usb: dwc3: core: Fix tx/rx threshold settings
    - usb: dwc3: gadget: Return proper request status
    - serial: imx: fix overrun interrupts in DMA mode
    - serial: 8250: Also set sticky MCR bits in console restoration
    - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
    - arch_topology: Do not set llc_sibling if llc_id is invalid
    - hex2bin: make the function hex_to_bin constant-time
    - hex2bin: fix access beyond string end
    - video: fbdev: udlfb: properly check endpoint type
    - arm64: dts: meson: remove CPU opps below 1GHz for G12B boards
    - arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards
    - mtd: rawnand: fix ecc parameters for mt7622
    - USB: Fix xhci event ring dequeue pointer ERDP update issue
    - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue
    - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
    - phy: samsung: exynos5250-sata: fix missing device put in probe error paths
    - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init
    - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
    - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek
    - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
    - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
    - ARM: dts: Fix mmc order for omap3-gta04
    - ARM: dts: am3517-evm: Fix misc pinmuxing
    - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
    - ipvs: correctly print the memory size of ip_vs_conn_tab
    - mtd: rawnand: Fix return value check of wait_for_completion_timeout
    - bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt
      hook
    - tcp: md5: incorrect tcp_header_len for incoming connections
    - tcp: ensure to use the most recently sent skb when filling the rate sample
    - sctp: check asoc strreset_chunk in sctp_generate_reconf_event
    - ARM: dts: imx6ull-colibri: fix vqmmc regulator
    - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock
    - pinctrl: pistachio: fix use of irq_of_parse_and_map()
    - cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe
    - net: hns3: add validity check for message data length
    - net/smc: sync err code when tcp connection was refused
    - ip_gre: Make o_seqno start from 0 in native mode
    - tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
    - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
    - clk: sunxi: sun9i-mmc: check return value after calling
      platform_get_resource()
    - net: bcmgenet: hide status block before TX timestamping
    - net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK
    - drm/amd/display: Fix memory leak in dcn21_clock_source_create
    - tls: Skip tls_append_frag on zero copy size
    - bnx2x: fix napi API usage sequence
    - ixgbe: ensure IPsec VF<->PF compatibility
    - tcp: fix F-RTO may not work correctly when receiving DSACK
    - ASoC: wm8731: Disable the regulator when probing fails
    - ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
    - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
    - cifs: destage any unwritten data to the server before calling
      copychunk_write
    - drivers: net: hippi: Fix deadlock in rr_close()
    - net: ethernet: stmmac: fix write to sgmii_adapter_base
    - x86/cpu: Load microcode during restore_processor_state()
    - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
    - tty: n_gsm: fix malformed counter for out of frame data
    - netfilter: nft_socket: only do sk lookups when indev is available
    - tty: n_gsm: fix insufficient txframe size
    - tty: n_gsm: fix missing explicit ldisc flush
    - tty: n_gsm: fix wrong command retry handling
    - tty: n_gsm: fix wrong command frame length field encoding
    - tty: n_gsm: fix incorrect UA handling
    - hugetlbfs: get unmapped area below TASK_UNMAPPED_BASE for hugetlbfs
    - mm, hugetlb: allow for "high" userspace addresses
    - Linux 5.4.192
  * CVE-2022-1789
    - KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
  * Focal update: v5.4.191 upstream stable release (LP: #1976116)
    - etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
    - mm: page_alloc: fix building error on -Werror=array-compare
    - tracing: Dump stacktrace trigger to the corresponding instance
    - gfs2: assign rgrp glock before compute_bitstructs
    - tcp: fix race condition when creating child sockets from syncookies
    - tcp: Fix potential use-after-free due to double kfree()
    - ALSA: usb-audio: Clear MIDI port active flag after draining
    - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
    - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component
    - dmaengine: imx-sdma: Fix error checking in sdma_event_remap
    - dmaengine: mediatek:Fix PM usage reference leak of
      mtk_uart_apdma_alloc_chan_resources
    - igc: Fix infinite loop in release_swfw_sync
    - igc: Fix BUG: scheduling while atomic
    - rxrpc: Restore removed timer deletion
    - net/smc: Fix sock leak when release after smc_shutdown()
    - net/packet: fix packet_sock xmit return value checking
    - net/sched: cls_u32: fix possible leak in u32_init_knode()
    - l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using
      netdev_master_upper_dev_get_rcu
    - netlink: reset network and mac headers in netlink_dump()
    - selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
    - ARM: vexpress/spc: Avoid negative array index when !SMP
    - reset: tegra-bpmp: Restore Handle errors in BPMP response
    - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be
      negative
    - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the
      constant
    - vxlan: fix error return code in vxlan_fdb_append
    - cifs: Check the IOCB_DIRECT flag, not O_DIRECT
    - mt76: Fix undefined behavior due to shift overflowing the constant
    - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
    - dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info()
    - drm/msm/mdp5: check the return of kzalloc()
    - net: macb: Restart tx only if queue pointer is lagging
    - scsi: qedi: Fix failed disconnect handling
    - stat: fix inconsistency between struct stat and struct compat_stat
    - EDAC/synopsys: Read the error count from the correct register
    - oom_kill.c: futex: delay the OOM reaper to allow time for proper futex
      cleanup
    - ata: pata_marvell: Check the 'bmdma_addr' beforing reading
    - dma: at_xdmac: fix a missing check on list iterator
    - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
    - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
    - KVM: PPC: Fix TCE handling for VFIO
    - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage
    - powerpc/perf: Fix power9 event alternatives
    - xtensa: patch_text: Fixup last cpu should be master
    - xtensa: fix a7 clobbering in coprocessor context load/store
    - openvswitch: fix OOB access in reserve_sfa_size()
    - ASoC: soc-dapm: fix two incorrect uses of list iterator
    - e1000e: Fix possible overflow in LTR decoding
    - ARC: entry: fix syscall_trace_exit argument
    - arm_pmu: Validate single/group leader events
    - ext4: fix symlink file size not match to file content
    - ext4: fix use-after-free in ext4_search_dir
    - ext4, doc: fix incorrect h_reserved size
    - ext4: fix overhead calculation to account for the reserved gdt blocks
    - ext4: force overhead calculation if the s_overhead_cluster makes no sense
    - jbd2: fix a potential race while discarding reserved buffers after an abort
    - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and
      controller
    - staging: ion: Prevent incorrect reference counting behavour
    - block/compat_ioctl: fix range check in BLKGETSIZE
    - Linux 5.4.191
  * Focal update: v5.4.190 upstream stable release (LP: #1973085)
    - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
    - net/sched: flower: fix parsing of ethertype following VLAN header
    - veth: Ensure eth header is in skb's linear part
    - gpiolib: acpi: use correct format characters
    - mlxsw: i2c: Fix initialization error flow
    - net/sched: fix initialization order when updating chain 0 head
    - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
    - net/sched: taprio: Check if socket flags are valid
    - cfg80211: hold bss_lock while updating nontrans_list
    - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init()
    - net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()
    - sctp: Initialize daddr on peeled off socket
    - testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set
    - nfc: nci: add flush_workqueue to prevent uaf
    - cifs: potential buffer overflow in handling symlinks
    - drm/amd: Add USBC connector ID
    - drm/amd/display: fix audio format not updated after edid updated
    - drm/amd/display: Update VTEM Infopacket definition
    - drm/amdkfd: Fix Incorrect VMIDs passed to HWS
    - drm/amdkfd: Check for potential null return of kmalloc_array()
    - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
    - scsi: target: tcmu: Fix possible page UAF
    - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
    - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
    - gpu: ipu-v3: Fix dev_dbg frequency output
    - regulator: wm8994: Add an off-on delay for WM8994 variant
    - arm64: alternatives: mark patch_alternative() as `noinstr`
    - tlb: hugetlb: Add more sizes to tlb_remove_huge_tlb_entry
    - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
    - drm/amd/display: Fix allocate_mst_payload assert on resume
    - powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
    - scsi: mvsas: Add PCI ID of RocketRaid 2640
    - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan
    - drivers: net: slip: fix NPD bug in sl_tx_timeout()
    - perf/imx_ddr: Fix undefined behavior due to shift overflowing the constant
    - mm, page_alloc: fix build_zonerefs_node()
    - mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
    - gcc-plugins: latent_entropy: use /dev/urandom
    - ath9k: Properly clear TX status area before reporting to mac80211
    - ath9k: Fix usage of driver-private space in tx_info
    - btrfs: remove unused variable in btrfs_{start,write}_dirty_block_groups()
    - btrfs: mark resumed async balance as writing
    - ALSA: hda/realtek: Add quirk for Clevo PD50PNT
    - ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
    - ipv6: fix panic when forwarding a pkt with no in6 dev
    - drm/amd/display: don't ignore alpha property on pre-multiplied mode
    - genirq/affinity: Consider that CPUs on nodes can be unbalanced
    - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation
    - ARM: davinci: da850-evm: Avoid NULL pointer dereference
    - dm integrity: fix memory corruption when tag_size is less than digest size
    - smp: Fix offline cpu check in flush_smp_call_function_queue()
    - i2c: pasemi: Wait for write xfers to finish
    - dma-direct: avoid redundant memory sync for swiotlb
    - ax25: add refcount in ax25_dev to avoid UAF bugs
    - ax25: fix reference count leaks of ax25_dev
    - ax25: fix UAF bugs of net_device caused by rebinding operation
    - ax25: Fix refcount leaks caused by ax25_cb_del()
    - ax25: fix UAF bug in ax25_send_control()
    - ax25: fix NPD bug in ax25_disconnect
    - ax25: Fix NULL pointer dereferences in ax25 timers
    - ax25: Fix UAF bugs in ax25 timers
    - Linux 5.4.190

  [ Ubuntu: 5.4.0-121.137 ]

  * focal/linux: 5.4.0-121.137 -proposed tracker (LP: #1978666)
  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2022.05.30)
  * CVE-2022-28388
    - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error
      path
  * test_vxlan_under_vrf.sh in net from ubuntu_kernel_selftests failed (Check VM
    connectivity through VXLAN (underlay in the default VRF) [FAIL])
    (LP: #1871015)
    - selftests: net: test_vxlan_under_vrf: fix HV connectivity test
  * [UBUNTU 20.04] CPU-MF: add extended counter set definitions for new IBM z16
    (LP: #1974433)
    - s390/cpumf: add new extended counter set for IBM z16
  * [UBUNTU 20.04] KVM nesting support leaks too much memory, might result in
    stalls during cleanup (LP: #1974017)
    - KVM: s390: vsie/gmap: reduce gmap_rmap overhead
  * [UBUNTU 20.04] Null Pointer issue in nfs code running Ubuntu on IBM Z
    (LP: #1968096)
    - NFS: Fix up nfs_ctx_key_to_expire()

 -- Khalid Elmously <khalid.elmously@xxxxxxxxxxxxx>  Wed, 06 Jul 2022
19:58:10 -0400

** Changed in: linux-gkeop (Ubuntu Focal)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1789

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-28388

-- 
You received this bug notification because you are a member of hardware-
certification-users, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1979473

Title:
  focal/linux-gkeop: 5.4.0-1049.52 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow boot-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow new-review series:
  Fix Released
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-signing-to-proposed series:
  Invalid
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  In Progress
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow sru-review series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-gkeop source package in Focal:
  Fix Released

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
    https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  bugs-spammed: true
  built:
    from: a32bcb7448a43aa7
    route-entry: 1
  delta:
    promote-to-proposed: [meta, main, signed]
    promote-to-updates: [meta, main, signed]
  issue: KSRU-2809
  kernel-stable-master-bug: 1980509
  packages:
    main: linux-gkeop
    meta: linux-meta-gkeop
    signed: linux-signed-gkeop
  phase: Promote to Updates
  phase-changed: Tuesday, 12. July 2022 21:47 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
    promote-to-updates: Ongoing -- packages not yet published
  synthetic:
    :promote-to-as-proposed: Fix Released
  trackers:
    bionic/linux-gkeop-5.4: bug 1979472
  variant: debs
  versions:
    main: 5.4.0-1049.52
    meta: 5.4.0.1049.50
    signed: 5.4.0-1049.52
  ~~:
    clamps:
      new-review: a32bcb7448a43aa7
      promote-to-proposed: a32bcb7448a43aa7
      self: 5.4.0-1049.52
      sru-review: a32bcb7448a43aa7

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1979473/+subscriptions