← Back to team overview

canonical-hw-cert team mailing list archive

[Bug 2019653] Re: focal/linux-aws: 5.4.0-1103.111 -proposed tracker

 

This bug was fixed in the package linux-aws - 5.4.0-1103.111

---------------
linux-aws (5.4.0-1103.111) focal; urgency=medium

  * focal/linux-aws: 5.4.0-1103.111 -proposed tracker (LP: #2019653)

  [ Ubuntu: 5.4.0-150.167 ]

  * focal/linux: 5.4.0-150.167 -proposed tracker (LP: #2019682)
  * CVE-2023-32233
    - netfilter: nf_tables: deactivate anonymous set from preparation phase
  * CVE-2023-2612
    - SAUCE: shiftfs: prevent lock unbalance in shiftfs_create_object()
  * CVE-2023-31436
    - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
  * CVE-2023-1380
    - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
  * CVE-2023-30456
    - KVM: nVMX: add missing consistency checks for CR0 and CR4
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

linux-aws (5.4.0-1102.110) focal; urgency=medium

  * focal/linux-aws: 5.4.0-1102.110 -proposed tracker (LP: #2016559)

  [ Ubuntu: 5.4.0-149.166 ]

  * focal/linux: 5.4.0-149.166 -proposed tracker (LP: #2016591)
  * Focal update: v5.4.233 upstream stable release (LP: #2015909)
    - dma-mapping: add generic helpers for mapping sgtable objects
    - scatterlist: add generic wrappers for iterating over sgtable objects
    - drm: etnaviv: fix common struct sg_table related issues
    - drm/etnaviv: don't truncate physical page address
    - wifi: rtl8xxxu: gen2: Turn on the rate control
    - powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G
    - random: always mix cycle counter in add_latent_entropy()
    - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception
    - can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len
    - powerpc: dts: t208x: Disable 10G on MAC1 and MAC2
    - alarmtimer: Prevent starvation by small intervals and SIG_IGN
    - drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
    - mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh
    - uaccess: Add speculation barrier to copy_from_user()
    - wifi: mwifiex: Add missing compatible string for SD8787
    - ext4: Fix function prototype mismatch for ext4_feat_ktype
    - Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo
      child qdiscs"
    - bpf: add missing header file include
    - Linux 5.4.233
  *  selftest: fib_tests: Always cleanup before exit  (LP: #2015956)
    - selftest: fib_tests: Always cleanup before exit
  * fib_tests.sh in ubuntu_kernel_selftests was skipped silently on Focal
    (LP: #2015440)
    - selftests: Fix the executable permissions for fib_tests.sh
  * Debian autoreconstruct Fix restoration of execute permissions (LP: #2015498)
    - [Debian] autoreconstruct - fix restoration of execute permissions
  * kernel: fix __clear_user() inline assembly constraints (LP: #2013088)
    - s390/uaccess: add missing earlyclobber annotations to __clear_user()
  * i/o error if next unused loop device is queried (LP: #1856871)
    - loop: fix I/O error on fsync() in detached loop devices
  * CVE-2023-1075
    - net/tls: tls_is_tx_ready() checked list_entry
  * Focal update: v5.4.232 upstream stable release (LP: #2011625)
    - firewire: fix memory leak for payload of request subaction to IEC 61883-1
      FCP region
    - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
    - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use
    - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
    - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX
    - scsi: Revert "scsi: core: map PQ=1, PDT=other values to
      SCSI_SCAN_TARGET_PRESENT"
    - WRITE is "data source", not destination...
    - fix iov_iter_bvec() "direction" argument
    - fix "direction" argument of iov_iter_kvec()
    - netrom: Fix use-after-free caused by accept on already connected socket
    - netfilter: br_netfilter: disable sabotage_in hook after first suppression
    - squashfs: harden sanity check in squashfs_read_xattr_id_table
    - net: phy: meson-gxl: Add generic dummy stubs for MMD register access
    - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate
    - ata: libata: Fix sata_down_spd_limit() when no link speed is reported
    - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning
    - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided
    - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy
      benchmarking
    - virtio-net: Keep stop() to follow mirror sequence of open()
    - net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
    - efi: fix potential NULL deref in efi_mem_reserve_persistent
    - scsi: target: core: Fix warning on RT kernels
    - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
    - i2c: rk3x: fix a bunch of kernel-doc warnings
    - net/x25: Fix to not accept on connected socket
    - iio: adc: stm32-dfsdm: fill module aliases
    - usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API
    - usb: dwc3: qcom: enable vbus override when in OTG dr-mode
    - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait
    - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
    - Input: i8042 - move __initconst to fix code styling warning
    - Input: i8042 - merge quirk tables
    - Input: i8042 - add TUXEDO devices to i8042 quirk tables
    - Input: i8042 - add Clevo PCX0DX to i8042 quirk table
    - fbcon: Check font dimension limits
    - watchdog: diag288_wdt: do not use stack buffers for hardware data
    - watchdog: diag288_wdt: fix __diag288() inline assembly
    - efi: Accept version 2 of memory attributes table
    - iio: hid: fix the retval in accel_3d_capture_sample
    - iio: adc: berlin2-adc: Add missing of_node_put() in error path
    - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others
    - parisc: Fix return code of pdc_iodc_print()
    - parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case
    - riscv: disable generation of unwind tables
    - mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
    - fpga: stratix10-soc: Fix return value check in s10_ops_write_init()
    - mm/swapfile: add cond_resched() in get_swap_pages()
    - Squashfs: fix handling and sanity checking of xattr_ids count
    - nvmem: core: fix cell removal on error
    - mm: swap: properly update readahead statistics in unuse_pte_range()
    - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
    - serial: 8250_dma: Fix DMA Rx completion race
    - serial: 8250_dma: Fix DMA Rx rearm race
    - powerpc/imc-pmu: Revert nest_init_lock to being a mutex
    - fbdev: smscufx: fix error handling code in ufx_usb_probe
    - f2fs: fix to do sanity check on i_extra_isize in is_alive()
    - wifi: brcmfmac: Check the count value of channel spec to prevent out-of-
      bounds reads
    - iio:adc:twl6030: Enable measurement of VAC
    - btrfs: limit device extents to the device size
    - btrfs: zlib: zero-initialize zlib workspace
    - ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()
    - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and
      trace_pipe_raw
    - can: j1939: do not wait 250 ms if the same addr was already claimed
    - IB/hfi1: Restore allocated resources on failed copyout
    - IB/IPoIB: Fix legacy IPoIB due to wrong number of queues
    - iommu: Add gfp parameter to iommu_ops::map
    - RDMA/usnic: use iommu_map_atomic() under spin_lock()
    - xfrm: fix bug with DSCP copy to v6 from v4 tunnel
    - bonding: fix error checking in bond_debug_reregister()
    - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY
    - ionic: clean interrupt before enabling queue to avoid credit race
    - ice: Do not use WQ_MEM_RECLAIM flag for workqueue
    - rds: rds_rm_zerocopy_callback() use list_first_entry()
    - selftests: forwarding: lib: quote the sysctl values
    - ALSA: pci: lx6464es: fix a debug loop
    - pinctrl: aspeed: Fix confusing types in return value
    - pinctrl: single: fix potential NULL dereference
    - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode
    - net: USB: Fix wrong-direction WARNING in plusb.c
    - usb: core: add quirk for Alcor Link AK9563 smartcard reader
    - usb: typec: altmodes/displayport: Fix probe pin assign check
    - ceph: flush cap releases when the session is flushed
    - riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte
    - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive
    - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-
      sensitive
    - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive
    - nvme-pci: Move enumeration by class to be last in the table
    - bpf: Always return target ifindex in bpf_fib_lookup
    - migrate: hugetlb: check for hugetlb shared PMD in node migration
    - selftests/bpf: Verify copy_register_state() preserves parent/live fields
    - ASoC: cs42l56: fix DT probe
    - tools/virtio: fix the vringh test for virtio ring changes
    - net/rose: Fix to not accept on connected socket
    - net: stmmac: do not stop RX_CLK in Rx LPI state for qcs404 SoC
    - net: sched: sch: Bounds check priority
    - s390/decompressor: specify __decompress() buf len to avoid overflow
    - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association
    - aio: fix mremap after fork null-deref
    - btrfs: free device in btrfs_close_devices for a single device filesystem
    - netfilter: nft_tproxy: restrict to prerouting hook
    - xfs: remove the xfs_efi_log_item_t typedef
    - xfs: remove the xfs_efd_log_item_t typedef
    - xfs: remove the xfs_inode_log_item_t typedef
    - xfs: factor out a xfs_defer_create_intent helper
    - xfs: merge the ->log_item defer op into ->create_intent
    - xfs: merge the ->diff_items defer op into ->create_intent
    - xfs: turn dfp_intent into a xfs_log_item
    - xfs: refactor xfs_defer_finish_noroll
    - xfs: log new intent items created as part of finishing recovered intent
      items
    - xfs: fix finobt btree block recovery ordering
    - xfs: proper replay of deferred ops queued during log recovery
    - xfs: xfs_defer_capture should absorb remaining block reservations
    - xfs: xfs_defer_capture should absorb remaining transaction reservation
    - xfs: clean up bmap intent item recovery checking
    - xfs: clean up xfs_bui_item_recover iget/trans_alloc/ilock ordering
    - xfs: fix an incore inode UAF in xfs_bui_recover
    - xfs: change the order in which child and parent defer ops are finished
    - xfs: periodically relog deferred intent items
    - xfs: expose the log push threshold
    - xfs: only relog deferred intent items if free space in the log gets low
    - xfs: fix missing CoW blocks writeback conversion retry
    - xfs: ensure inobt record walks always make forward progress
    - xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks
    - xfs: prevent UAF in xfs_log_item_in_current_chkpt
    - xfs: sync lazy sb accounting on quiesce of read-only mounts
    - Revert "ipv4: Fix incorrect route flushing when source address is deleted"
    - ipv4: Fix incorrect route flushing when source address is deleted
    - mmc: sdio: fix possible resource leaks in some error paths
    - mmc: mmc_spi: fix error handling in mmc_spi_probe()
    - ALSA: hda/conexant: add a new hda codec SN6180
    - ALSA: hda/realtek - fixed wrong gpio assigned
    - sched/psi: Fix use-after-free in ep_remove_wait_queue()
    - hugetlb: check for undefined shift on 32 bit architectures
    - Revert "mm: Always release pages to the buddy allocator in
      memblock_free_late()."
    - net: Fix unwanted sign extension in netdev_stats_to_stats64()
    - revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
    - ixgbe: allow to increase MTU to 3K with XDP enabled
    - i40e: add double of VLAN header when computing the max MTU
    - net: bgmac: fix BCM5358 support by setting correct flags
    - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list
    - dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.
    - net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
    - net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence
    - bnxt_en: Fix mqprio and XDP ring checking logic
    - net: stmmac: Restrict warning on disabling DMA store and fwd mode
    - ixgbe: add double of VLAN header when computing the max MTU
    - ipv6: Fix datagram socket connection with DSCP.
    - ipv6: Fix tcp socket connection with DSCP.
    - i40e: Add checking for null for nlmsg_find_attr()
    - kvm: initialize all of the kvm_debugregs structure before sending it to
      userspace
    - nilfs2: fix underflow in second superblock position calculations
    - ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak
    - net: sched: sch: Fix off by one in htb_activate_prios()
    - iommu/amd: Pass gfp flags to iommu_map_page() in amd_iommu_map()
    - Linux 5.4.232
  * CVE-2023-1118
    - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()

linux-aws (5.4.0-1101.109) focal; urgency=medium

  * focal/linux-aws: 5.4.0-1101.109 -proposed tracker (LP: #2016747)

  * CVE-2023-1829
    - [Config]: Make sure CONFIG_NET_CLS_TCINDEX is not available

  [ Ubuntu: 5.4.0-148.165 ]

  * focal/linux: 5.4.0-148.165 -proposed tracker (LP: #2016777)
  * CVE-2023-1829
    - net/sched: Retire tcindex classifier
    - [Config]: Make sure CONFIG_NET_CLS_TCINDEX is not available

linux-aws (5.4.0-1100.108) focal; urgency=medium

  * focal/linux-aws: 5.4.0-1100.108 -proposed tracker (LP: #2011930)

  [ Ubuntu: 5.4.0-147.164 ]

  * focal/linux: 5.4.0-147.164 -proposed tracker (LP: #2011959)
  * CVE-2023-26545
    - net: mpls: fix stale pointer if allocation fails during device rename
  * CVE-2023-1281
    - rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer()
    - net/sched: tcindex: update imperfect hash filters respecting rcu
  * Focal update: v5.4.231 upstream stable release (LP: #2011226)
    - clk: generalize devm_clk_get() a bit
    - clk: Provide new devm_clk helpers for prepared and enabled clocks
    - memory: atmel-sdramc: Fix missing clk_disable_unprepare in
      atmel_ramc_probe()
    - memory: mvebu-devbus: Fix missing clk_disable_unprepare in
      mvebu_devbus_probe()
    - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts'
    - ARM: imx27: Retrieve the SYSCTRL base address from devicetree
    - ARM: imx31: Retrieve the IIM base address from devicetree
    - ARM: imx35: Retrieve the IIM base address from devicetree
    - ARM: imx: add missing of_node_put()
    - HID: intel_ish-hid: Add check for ishtp_dma_tx_map
    - EDAC/highbank: Fix memory leak in highbank_mc_probe()
    - tomoyo: fix broken dependency on *.conf.default
    - RDMA/core: Fix ib block iterator counter overflow
    - IB/hfi1: Reject a zero-length user expected buffer
    - IB/hfi1: Reserve user expected TIDs
    - IB/hfi1: Fix expected receive setup error exit issues
    - affs: initialize fsdata in affs_truncate()
    - amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent
    - amd-xgbe: Delay AN timeout during KR training
    - bpf: Fix pointer-leak due to insufficient speculative store bypass
      mitigation
    - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in
      rockchip_usb2phy_power_on()
    - net: nfc: Fix use-after-free in local_cleanup()
    - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs
    - gpio: mxc: Always set GPIOs used as interrupt source to INPUT mode
    - net/sched: sch_taprio: fix possible use-after-free
    - net: fix a concurrency bug in l2tp_tunnel_register()
    - l2tp: Serialize access to sk_user_data with sk_callback_lock
    - l2tp: Don't sleep and disable BH under writer-side sk_callback_lock
    - net: usb: sr9700: Handle negative len
    - net: mdio: validate parameter addr in mdiobus_get_phy()
    - HID: check empty report_list in hid_validate_values()
    - HID: check empty report_list in bigben_probe()
    - net: stmmac: fix invalid call to mdiobus_get_phy()
    - HID: revert CHERRY_MOUSE_000C quirk
    - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
    - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request
    - net: mlx5: eliminate anonymous module_init & module_exit
    - drm/panfrost: fix GENERIC_ATOMIC64 dependency
    - dmaengine: Fix double increment of client_count in dma_chan_get()
    - net: macb: fix PTP TX timestamp failure due to packet padding
    - HID: betop: check shape of output reports
    - dmaengine: xilinx_dma: use devm_platform_ioremap_resource()
    - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling
    - dmaengine: xilinx_dma: call of_node_put() when breaking out of
      for_each_child_of_node()
    - tcp: avoid the lookup process failing to get sk in ehash table
    - w1: fix deadloop in __w1_remove_master_device()
    - w1: fix WARNING after calling w1_process()
    - driver core: Fix test_async_probe_init saves device in wrong array
    - net: dsa: microchip: ksz9477: port map correction in ALU table entry
      register
    - tcp: fix rate_app_limited to default to 1
    - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist
    - ASoC: fsl_micfil: Correct the number of steps on SX controls
    - drm: Add orientation quirk for Lenovo ideapad D330-10IGL
    - s390/debug: add _ASM_S390_ prefix to header guard
    - cpufreq: armada-37xx: stop using 0 as NULL pointer
    - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC
    - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets
    - spi: spidev: remove debug messages that access spidev->spi without locking
    - KVM: s390: interrupt: use READ_ONCE() before cmpxchg()
    - scsi: hisi_sas: Set a port invalid only if there are no devices attached
      when refreshing port id
    - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD
    - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK
    - lockref: stop doing cpu_relax in the cmpxchg loop
    - mmc: sdhci-esdhc-imx: clear pending interrupt and halt cqhci
    - mmc: sdhci-esdhc-imx: disable the CMD CRC check for standard tuning
    - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting
    - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state
    - fs: reiserfs: remove useless new_opts in reiserfs_remount
    - Bluetooth: hci_sync: cancel cmd_timer if hci_open failed
    - scsi: hpsa: Fix allocation size for scsi_host_alloc()
    - module: Don't wait for GOING modules
    - tracing: Make sure trace_printk() can output as soon as it can be used
    - trace_events_hist: add check for return value of 'create_hist_field'
    - ftrace/scripts: Update the instructions for ftrace-bisect.sh
    - cifs: Fix oops due to uncleared server->smbd_conn in reconnect
    - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set
    - thermal: intel: int340x: Protect trip temperature from concurrent updates
    - ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment
    - EDAC/device: Respect any driver-supplied workqueue polling value
    - EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info
    - netlink: prevent potential spectre v1 gadgets
    - net: fix UaF in netns ops registration error path
    - netfilter: nft_set_rbtree: skip elements in transaction from garbage
      collection
    - netlink: annotate data races around nlk->portid
    - netlink: annotate data races around dst_portid and dst_group
    - netlink: annotate data races around sk_state
    - ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
    - ipv4: prevent potential spectre v1 gadget in fib_metrics_match()
    - netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE
    - netrom: Fix use-after-free of a listening socket.
    - net/sched: sch_taprio: do not schedule in taprio_reset()
    - sctp: fail if no bound addresses can be used for a given scope
    - net: ravb: Fix possible hang if RIS2_QFF1 happen
    - thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type()
    - net/tg3: resolve deadlock in tg3_reset_task() during EEH
    - net/phy/mdio-i2c: Move header file to include/linux/mdio
    - net: xgene: Move shared header file into include/linux
    - net: mdio-mux-meson-g12a: force internal PHY off on mux switch
    - Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI
      mode"
    - nfsd: Ensure knfsd shuts down when the "nfsd" pseudofs is unmounted
    - block: fix and cleanup bio_check_ro
    - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL
    - netfilter: conntrack: unify established states for SCTP paths
    - perf/x86/amd: fix potential integer overflow on shift of a int
    - clk: Fix pointer casting to prevent oops in devm_clk_release()
    - x86/asm: Fix an assembler warning with current binutils
    - ARM: dts: imx: Fix pca9547 i2c-mux node name
    - bpf: Skip task with pid=1 in send_signal_common()
    - blk-cgroup: fix missing pd_online_fn() while activating policy
    - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init
    - sysctl: add a new register_sysctl_init() interface
    - panic: unset panic_on_warn inside panic()
    - mm: kasan: do not panic if both panic_on_warn and kasan_multishot set
    - exit: Add and use make_task_dead.
    - objtool: Add a missing comma to avoid string concatenation
    - hexagon: Fix function name in die()
    - h8300: Fix build errors from do_exit() to make_task_dead() transition
    - csky: Fix function name in csky_alignment() and die()
    - ia64: make IA64_MCA_RECOVERY bool instead of tristate
    - exit: Put an upper limit on how often we can oops
    - exit: Expose "oops_count" to sysfs
    - exit: Allow oops_limit to be disabled
    - panic: Consolidate open-coded panic_on_warn checks
    - panic: Introduce warn_limit
    - panic: Expose "warn_count" to sysfs
    - docs: Fix path paste-o for /sys/kernel/warn_count
    - exit: Use READ_ONCE() for all oops/warn limit reads
    - ipv6: ensure sane device mtu in tunnels
    - Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt
    - usb: host: xhci-plat: add wakeup entry at sysfs
    - Revert "xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()"
    - Linux 5.4.231
  * CVE-2022-3903
    - USB: add usb_control_msg_send() and usb_control_msg_recv()
    - USB: correct API of usb_control_msg_send/recv
    - USB: move snd_usb_pipe_sanity_check into the USB core
    - media: mceusb: Use new usb_control_msg_*() routines
  * CVE-2022-3108
    - drm/amdkfd: Check for null pointer after calling kmemdup
  * Focal update: v5.4.230 upstream stable release (LP: #2008946)
    - pNFS/filelayout: Fix coalescing test for single DS
    - net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats
    - RDMA/srp: Move large values to a new enum for gcc13
    - f2fs: let's avoid panic if extent_tree is not created
    - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices
    - Add exception protection processing for vd in axi_chan_handle_err function
    - nilfs2: fix general protection fault in nilfs_btree_insert()
    - efi: fix userspace infinite retry read efivars after EFI runtime services
      page fault
    - drm/i915/gt: Reset twice
    - ALSA: hda/realtek - Turn on power early
    - xhci-pci: set the dma max_seg_size
    - usb: xhci: Check endpoint is valid before dereferencing it
    - xhci: Fix null pointer dereference when host dies
    - xhci: Add update_hub_device override for PCI xHCI hosts
    - xhci: Add a flag to disable USB3 lpm on a xhci root port level.
    - usb: acpi: add helper to check port lpm capability using acpi _DSM
    - xhci: Detect lpm incapable xHC USB3 roothub ports from ACPI tables
    - prlimit: do_prlimit needs to have a speculation check
    - USB: serial: option: add Quectel EM05-G (GR) modem
    - USB: serial: option: add Quectel EM05-G (CS) modem
    - USB: serial: option: add Quectel EM05-G (RS) modem
    - USB: serial: option: add Quectel EC200U modem
    - USB: serial: option: add Quectel EM05CN (SG) modem
    - USB: serial: option: add Quectel EM05CN modem
    - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100
    - misc: fastrpc: Don't remove map on creater_process and device_release
    - misc: fastrpc: Fix use-after-free race condition for maps
    - usb: core: hub: disable autosuspend for TI TUSB8041
    - comedi: adv_pci1760: Fix PWM instruction handling
    - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind
    - btrfs: fix race between quota rescan and disable leading to NULL pointer
      deref
    - cifs: do not include page data when checking signature
    - USB: serial: cp210x: add SCALANCE LPE-9000 device id
    - usb: host: ehci-fsl: Fix module alias
    - usb: typec: altmodes/displayport: Add pin assignment helper
    - usb: typec: altmodes/displayport: Fix pin assignment calculation
    - usb: gadget: g_webcam: Send color matching descriptor per frame
    - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
    - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210
    - dt-bindings: phy: g12a-usb3-pcie-phy: fix compatible string documentation
    - serial: pch_uart: Pass correct sg to dma_unmap_sg()
    - dmaengine: tegra210-adma: fix global intr clear
    - serial: atmel: fix incorrect baudrate setup
    - gsmi: fix null-deref in gsmi_get_variable
    - drm/i915: re-disable RC6p on Sandy Bridge
    - drm/amd/display: Fix set scaling doesn's work
    - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix
    - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN
    - mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma
    - Linux 5.4.230

  [ Ubuntu: 5.4.0-146.163 ]

  * focal/linux: 5.4.0-146.163 -proposed tracker (LP: #2012094)
  * NFS deathlock with last Kernel 5.4.0-144.161 and 5.15.0-67.74 (LP: #2009325)
    - NFS: Correct timing for assigning access cache timestamp

linux-aws (5.4.0-1099.107) focal; urgency=medium

  * focal/linux-aws: 5.4.0-1099.107 -proposed tracker (LP: #2012000)

  * NFS deathlock with last Kernel 5.4.0-144.161 and 5.15.0-67.74 (LP: #2009325)
    - NFS: Correct timing for assigning access cache timestamp

linux-aws (5.4.0-1098.106) focal; urgency=medium

  * focal/linux-aws: 5.4.0-1098.106 -proposed tracker (LP: #2008358)

  [ Ubuntu: 5.4.0-145.162 ]

  * focal/linux: 5.4.0-145.162 -proposed tracker (LP: #2008389)
  * [SRU]Update ice driver to support E823 devices (LP: #1986717)
    - ice: Add device ids for E822 devices
    - ice: add support for E823 devices
  * btrfs/154: rename fails with EOVERFLOW when calculating item size during
    item key collision (LP: #2004132)
    - btrfs: correctly calculate item size used when item key collision happens
  * rtcpie in timers from ubuntu_kernel_selftests randomly failing
    (LP: #1814234)
    - SAUCE: selftest: rtcpie: Force passing unreliable subtest
  * [UBUNTU 20.04] KVM: s390: pv: don't allow userspace to set the clock under
    PV - kernel part (LP: #1999882)
    - KVM: s390x: fix SCK locking
    - KVM: s390: pv: don't allow userspace to set the clock under PV
  * CVE-2021-3669
    - ipc: replace costly bailout check in sysvipc_find_ipc()
  * net:fcnal-test.sh 'nettest' command not found on F/K (LP: #2006391)
    - selftests/net: Find nettest in current directory
  * xfs: Preallocated ioend transactions cause deadlock due to log buffer
    exhaustion (LP: #2007219)
    - xfs: drop submit side trans alloc for append ioends
  * CVE-2022-4382
    - USB: gadgetfs: Fix race between mounting and unmounting
  * CVE-2022-2196
    - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS
  * ubuntu_kernel_selftests: net:udpgso_bench.sh failed (LP: #1951447)
    - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs
  * net:fcnal-test.sh didn't return a non-zero value even with some sub-tests
    failed (LP: #2006692)
    - selftests: net/fcnal-test.sh: add exit code
  * Fix selftests/ftracetests/Meta-selftests in Focal (LP: #2006453)
    - SAUCE: Fix ftrace/Meta-selftests bashism check
  * CVE-2023-23559
    - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid

linux-aws (5.4.0-1097.105) focal; urgency=medium

  * focal/linux-aws: 5.4.0-1097.105 -proposed tracker (LP: #2004355)

  * Focal update: v5.4.226 upstream stable release (LP: #2003896)
    - [Config] aws: updateconfigs for INET_TABLE_PERTURB_ORDER

  * RDMA Back port DMA buffer fix (LP: #2004807)
    - RDMA/core: Fix ib block iterator counter overflow

  [ Ubuntu: 5.4.0-144.161 ]

  * focal/linux: 5.4.0-144.161 -proposed tracker (LP: #2004653)
  * CVE-2023-0461
    - SAUCE: Fix inet_csk_listen_start after CVE-2023-0461

  [ Ubuntu: 5.4.0-143.160 ]

  * focal/linux: 5.4.0-143.160 -proposed tracker (LP: #2004385)
  * NFS: client permission error after adding user to permissible group
    (LP: #2003053)
    - NFS: Clear the file access cache upon login
    - NFS: Judge the file access cache's timestamp in rcu path
    - NFS: Fix up a sparse warning
  * Focal update: v5.4.229 upstream stable release (LP: #2003914)
    - tracing/ring-buffer: Only do full wait when cpu != RING_BUFFER_ALL_CPUS
    - udf: Discard preallocation before extending file with a hole
    - udf: Fix preallocation discarding at indirect extent boundary
    - udf: Do not bother looking for prealloc extents if i_lenExtents matches
      i_size
    - udf: Fix extending file within last block
    - usb: gadget: uvc: Prevent buffer overflow in setup handler
    - USB: serial: option: add Quectel EM05-G modem
    - USB: serial: cp210x: add Kamstrup RF sniffer PIDs
    - USB: serial: f81232: fix division by zero on line-speed change
    - USB: serial: f81534: fix division by zero on line-speed change
    - igb: Initialize mailbox message for VF reset
    - xen-netback: move removal of "hotplug-status" to the right place
    - HID: ite: Add support for Acer S1002 keyboard-dock
    - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch 10E
    - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10
    - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk
    - net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
    - usb: musb: remove extra check in musb_gadget_vbus_draw
    - ARM: dts: qcom: apq8064: fix coresight compatible
    - arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias
    - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
    - arm: dts: spear600: Fix clcd interrupt
    - soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of
      pm_runtime_get_sync
    - soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe
    - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
    - perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init()
    - perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init()
    - arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators
    - arm64: dts: mt2712e: Fix unit address for pinctrl node
    - arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names
    - arm64: dts: mt2712-evb: Fix usb vbus regulators unit names
    - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
    - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
    - ARM: dts: turris-omnia: Add ethernet aliases
    - ARM: dts: turris-omnia: Add switch port 6 node
    - arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC
    - pstore/ram: Fix error return code in ramoops_probe()
    - ARM: mmp: fix timer_read delay
    - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
    - tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
    - cpuidle: dt: Return the correct numbers of parsed idle states
    - alpha: fix syscall entry in !AUDUT_SYSCALL case
    - PM: hibernate: Fix mistake in kerneldoc comment
    - fs: don't audit the capability check in simple_xattr_list()
    - selftests/ftrace: event_triggers: wait longer for test_event_enable
    - perf: Fix possible memleak in pmu_dev_alloc()
    - timerqueue: Use rb_entry_safe() in timerqueue_getnext()
    - proc: fixup uptime selftest
    - lib/fonts: fix undefined behavior in bit shift for get_default_font
    - ocfs2: fix memory leak in ocfs2_stack_glue_init()
    - MIPS: vpe-mt: fix possible memory leak while module exiting
    - MIPS: vpe-cmp: fix possible memory leak while module exiting
    - selftests/efivarfs: Add checking of the test return value
    - PNP: fix name memory leak in pnp_alloc_dev()
    - perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
    - irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
    - EDAC/i10nm: fix refcount leak in pci_get_dev_wrapper()
    - nfsd: don't call nfsd_file_put from client states seqfile display
    - genirq/irqdesc: Don't try to remove non-existing sysfs files
    - cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()
    - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
    - lib/notifier-error-inject: fix error when writing -errno to debugfs file
    - docs: fault-injection: fix non-working usage of negative values
    - debugfs: fix error when writing negative value to atomic_t debugfs file
    - ocfs2: ocfs2_mount_volume does cleanup job before return error
    - ocfs2: rewrite error handling of ocfs2_fill_super
    - ocfs2: fix memory leak in ocfs2_mount_volume()
    - rapidio: fix possible name leaks when rio_add_device() fails
    - rapidio: rio: fix possible name leak in rio_register_mport()
    - clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled
    - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
    - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
    - xen/events: only register debug interrupt for 2-level events
    - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
    - x86/xen: Fix memory leak in xen_init_lock_cpu()
    - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
    - PM: runtime: Improve path in rpm_idle() when no callback
    - PM: runtime: Do not call __rpm_callback() from rpm_idle()
    - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
    - MIPS: BCM63xx: Add check for NULL for clk in clk_enable
    - MIPS: OCTEON: warn only once if deprecated link status is being used
    - fs: sysv: Fix sysv_nblocks() returns wrong value
    - rapidio: fix possible UAF when kfifo_alloc() fails
    - eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
    - relay: fix type mismatch when allocating memory in relay_create_buf()
    - hfs: Fix OOB Write in hfs_asc2mac
    - rapidio: devices: fix missing put_device in mport_cdev_open
    - wifi: ath9k: hif_usb: fix memory leak of urbs in
      ath9k_hif_usb_dealloc_tx_urbs()
    - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
    - wifi: rtl8xxxu: Fix reading the vendor of combo chips
    - pata_ipx4xx_cf: Fix unsigned comparison with less than zero
    - media: i2c: ad5820: Fix error path
    - can: kvaser_usb: do not increase tx statistics when sending error message
      frames
    - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
    - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to
      {leaf,usbcan}_cmd_can_error_event
    - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
    - can: kvaser_usb_leaf: Set Warning state even without bus errors
    - can: kvaser_usb_leaf: Fix improved state not being reported
    - can: kvaser_usb_leaf: Fix wrong CAN state after stopping
    - can: kvaser_usb_leaf: Fix bogus restart events
    - can: kvaser_usb: Add struct kvaser_usb_busparams
    - can: kvaser_usb: Compare requested bittiming parameters with actual
      parameters in do_set_{,data}_bittiming
    - clk: renesas: r9a06g032: Repair grave increment error
    - spi: Update reference to struct spi_controller
    - drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure
    - ima: Rename internal filter rule functions
    - ima: Fix fall-through warnings for Clang
    - ima: Handle -ESTALE returned by ima_filter_rule_match()
    - media: vivid: fix compose size exceed boundary
    - bpf: propagate precision in ALU/ALU64 operations
    - mtd: Fix device name leak when register device failed in add_mtd_device()
    - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port
    - media: camss: Clean up received buffers on failed start of streaming
    - net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write()
    - rxrpc: Fix ack.bufferSize to be 0 when generating an ack
    - drm/radeon: Add the missed acpi_put_table() to fix memory leak
    - drm/mediatek: Modify dpi power on/off sequence.
    - ASoC: pxa: fix null-pointer dereference in filter()
    - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
    - amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table()
    - integrity: Fix memory leakage in keyring allocation error path
    - ima: Fix misuse of dereference of pointer in template_desc_init_fields()
    - wifi: ath10k: Fix return value in ath10k_pci_init()
    - mtd: lpddr2_nvm: Fix possible null-ptr-deref
    - Input: elants_i2c - properly handle the reset GPIO when power is off
    - media: solo6x10: fix possible memory leak in solo_sysfs_init()
    - media: platform: exynos4-is: Fix error handling in fimc_md_init()
    - media: videobuf-dma-contig: use dma_mmap_coherent
    - bpf: Move skb->len == 0 checks into __bpf_redirect
    - HID: hid-sensor-custom: set fixed size for custom attributes
    - ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT
    - ALSA: seq: fix undefined behavior in bit shift for
      SNDRV_SEQ_FILTER_USE_EVENT
    - regulator: core: use kfree_const() to free space conditionally
    - clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
    - bonding: Export skip slave logic to function
    - bonding: Rename slave_arr to usable_slaves
    - bonding: fix link recovery in mode 2 when updelay is nonzero
    - mtd: maps: pxa2xx-flash: fix memory leak in probe
    - media: imon: fix a race condition in send_packet()
    - clk: imx8mn: correct the usb1_ctrl parent to be usb_bus
    - clk: imx: replace osc_hdmi with dummy
    - pinctrl: pinconf-generic: add missing of_node_put()
    - media: dvb-core: Fix ignored return value in dvb_register_frontend()
    - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
    - media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC
    - drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe()
    - ASoC: dt-bindings: wcd9335: fix reset line polarity in example
    - ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd
    - NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
    - NFSv4.2: Fix a memory stomp in decode_attr_security_label
    - NFSv4.2: Fix initialisation of struct nfs4_label
    - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
    - ALSA: asihpi: fix missing pci_disable_device()
    - wifi: iwlwifi: mvm: fix double free on tx path.
    - ASoC: mediatek: mt8173: Enable IRQ when pdata is ready
    - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
    - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
    - ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
    - netfilter: conntrack: set icmpv6 redirects as RELATED
    - bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data
    - bpf, sockmap: Fix data loss caused by using apply_bytes on ingress redirect
    - bonding: uninitialized variable in bond_miimon_inspect()
    - spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE
    - wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys()
      fails
    - regulator: core: fix module refcount leak in set_supply()
    - clk: qcom: clk-krait: fix wrong div2 functions
    - hsr: Avoid double remove of a node.
    - configfs: fix possible memory leak in configfs_create_dir()
    - regulator: core: fix resource leak in regulator_register()
    - bpf, sockmap: fix race in sock_map_free()
    - media: saa7164: fix missing pci_disable_device()
    - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
    - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
    - SUNRPC: Fix missing release socket in rpc_sockname()
    - NFSv4.x: Fail client initialisation if state manager thread can't run
    - mmc: alcor: fix return value check of mmc_add_host()
    - mmc: moxart: fix return value check of mmc_add_host()
    - mmc: mxcmmc: fix return value check of mmc_add_host()
    - mmc: pxamci: fix return value check of mmc_add_host()
    - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
    - mmc: toshsd: fix return value check of mmc_add_host()
    - mmc: vub300: fix return value check of mmc_add_host()
    - mmc: wmt-sdmmc: fix return value check of mmc_add_host()
    - mmc: atmel-mci: fix return value check of mmc_add_host()
    - mmc: omap_hsmmc: fix return value check of mmc_add_host()
    - mmc: meson-gx: fix return value check of mmc_add_host()
    - mmc: via-sdmmc: fix return value check of mmc_add_host()
    - mmc: wbsd: fix return value check of mmc_add_host()
    - mmc: mmci: fix return value check of mmc_add_host()
    - media: c8sectpfe: Add of_node_put() when breaking out of loop
    - media: coda: Add check for dcoda_iram_alloc
    - media: coda: Add check for kmalloc
    - clk: samsung: Fix memory leak in _samsung_clk_register_pll()
    - spi: spi-gpio: Don't set MOSI as an input if not 3WIRE mode
    - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
    - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
    - blktrace: Fix output non-blktrace event when blk_classic option enabled
    - clk: socfpga: clk-pll: Remove unused variable 'rc'
    - clk: socfpga: use clk_hw_register for a5/c5
    - clk: socfpga: Fix memory leak in socfpga_gate_init()
    - net: vmw_vsock: vmci: Check memcpy_from_msg()
    - net: defxx: Fix missing err handling in dfx_init()
    - net: stmmac: selftests: fix potential memleak in stmmac_test_arpoffload()
    - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
    - of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry()
      and find_dup_cset_prop()
    - ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
    - net: farsync: Fix kmemleak when rmmods farsync
    - net/tunnel: wait until all sk_user_data reader finish before releasing the
      sock
    - net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
    - net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
    - net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
    - net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
    - hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
    - net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
    - net: amd-xgbe: Fix logic around active and passive cables
    - net: amd-xgbe: Check only the minimum speed for active/passive cables
    - can: tcan4x5x: Remove invalid write in clear_interrupts
    - net: lan9303: Fix read error execution path
    - ntb_netdev: Use dev_kfree_skb_any() in interrupt context
    - Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
    - Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
    - Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave()
    - Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
    - Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
    - Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
    - Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
    - stmmac: fix potential division by 0
    - apparmor: fix a memleak in multi_transaction_new()
    - apparmor: fix lockdep warning when removing a namespace
    - apparmor: Fix abi check to include v8 abi
    - apparmor: Use pointer to struct aa_label for lbs_cred
    - RDMA/core: Fix order of nldev_exit call
    - f2fs: fix normal discard process
    - RDMA/siw: Fix immediate work request flush to completion queue
    - RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port
    - RDMA/siw: Set defined status for work completion with undefined status
    - scsi: scsi_debug: Fix a warning in resp_write_scat()
    - crypto: ccree - swap SHA384 and SHA512 larval hashes at build time
    - crypto: ccree - Remove debugfs when platform_driver_register failed
    - PCI: Check for alloc failure in pci_request_irq()
    - RDMA/hfi: Decrease PCI device reference count in error path
    - crypto: ccree - Make cc_debugfs_global_fini() available for module init
      function
    - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create
      failed
    - scsi: hpsa: Fix possible memory leak in hpsa_init_one()
    - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
    - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()
    - scsi: hpsa: Fix error handling in hpsa_add_sas_host()
    - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
    - scsi: fcoe: Fix possible name leak when device_register() fails
    - scsi: ipr: Fix WARNING in ipr_init()
    - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
    - scsi: snic: Fix possible UAF in snic_tgt_create()
    - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps()
    - f2fs: avoid victim selection from previous victim section
    - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe()
    - RDMA/hfi1: Fix error return code in parse_platform_config()
    - orangefs: Fix sysfs not cleanup when dev init failed
    - crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
    - hwrng: amd - Fix PCI device refcount leak
    - hwrng: geode - Fix PCI device refcount leak
    - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
    - drivers: dio: fix possible memory leak in dio_init()
    - tty: serial: tegra: Activate RX DMA transfer by request
    - serial: tegra: Read DMA status before terminating
    - class: fix possible memory leak in __class_register()
    - vfio: platform: Do not pass return buffer to ACPI _RST method
    - uio: uio_dmem_genirq: Fix missing unlock in irq configuration
    - uio: uio_dmem_genirq: Fix deadlock between irq config and handling
    - usb: fotg210-udc: Fix ages old endianness issues
    - staging: vme_user: Fix possible UAF in tsi148_dma_list_add
    - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit
    - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port()
    - serial: amba-pl011: avoid SBSA UART accessing DMACR register
    - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
    - serial: pch: Fix PCI device refcount leak in pch_request_dma()
    - tty: serial: clean up stop-tx part in altera_uart_tx_chars()
    - tty: serial: altera_uart_{r,t}x_chars() need only uart_port
    - serial: altera_uart: fix locking in polling mode
    - serial: sunsab: Fix error handling in sunsab_init()
    - test_firmware: fix memory leak in test_firmware_init()
    - misc: ocxl: fix possible name leak in ocxl_file_register_afu()
    - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
    - misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault
      and gru_handle_user_call_os
    - cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
    - cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
    - counter: stm32-lptimer-cnt: fix the check on arr and cmp registers update
    - usb: roles: fix of node refcount leak in usb_role_switch_is_parent()
    - usb: gadget: f_hid: optional SETUP/SET_REPORT mode
    - usb: gadget: f_hid: fix f_hidg lifetime vs cdev
    - usb: gadget: f_hid: fix refcount leak on error path
    - drivers: mcb: fix resource leak in mcb_probe()
    - mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
    - chardev: fix error handling in cdev_device_add()
    - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
    - staging: rtl8192u: Fix use after free in ieee80211_rx()
    - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
    - vme: Fix error not catched in fake_init()
    - i2c: ismt: Fix an out-of-bounds bug in ismt_access()
    - usb: storage: Add check for kcalloc
    - tracing/hist: Fix issue of losting command info in error_log
    - samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe()
    - fbdev: ssd1307fb: Drop optional dependency
    - fbdev: pm2fb: fix missing pci_disable_device()
    - fbdev: via: Fix error in via_core_init()
    - fbdev: vermilion: decrease reference count in error path
    - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
    - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
    - HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
    - power: supply: fix residue sysfs file in error handle route of
      __power_supply_register()
    - perf trace: Return error if a system call doesn't exist
    - perf trace: Separate 'struct syscall_fmt' definition from syscall_fmts
      variable
    - perf trace: Factor out the initialization of syscal_arg_fmt->scnprintf
    - perf trace: Add the syscall_arg_fmt pointer to syscall_arg
    - perf trace: Allow associating scnprintf routines with well known arg names
    - perf trace: Add a strtoul() method to 'struct syscall_arg_fmt'
    - perf trace: Use macro RAW_SYSCALL_ARGS_NUM to replace number
    - perf trace: Handle failure when trace point folder is missed
    - perf symbol: correction while adjusting symbol
    - HSI: omap_ssi_core: Fix error handling in ssi_init()
    - power: supply: fix null pointer dereferencing in
      power_supply_get_battery_info
    - RDMA/siw: Fix pointer cast warning
    - include/uapi/linux/swab: Fix potentially missing __always_inline
    - rtc: snvs: Allow a time difference on clock register read
    - rtc: pcf85063: Fix reading alarm
    - iommu/amd: Fix pci device refcount leak in ppr_notifier()
    - iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
    - macintosh: fix possible memory leak in macio_add_one_device()
    - macintosh/macio-adb: check the return value of ioremap()
    - powerpc/52xx: Fix a resource leak in an error handling path
    - cxl: Fix refcount leak in cxl_calc_capp_routing
    - powerpc/xive: add missing iounmap() in error path in
      xive_spapr_populate_irq_data()
    - powerpc/perf: callchain validate kernel stack pointer bounds
    - powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in
      of_fsl_spi_probe()
    - powerpc/hv-gpci: Fix hv_gpci event list
    - selftests/powerpc: Fix resource leaks
    - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held
    - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev()
    - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in
      adsp_alloc_memory_region()
    - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
    - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe()
    - nfsd: Define the file access mode enum for tracing
    - NFSD: Add tracepoints to NFSD's duplicate reply cache
    - nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
    - mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under
      spin_lock_irqsave()
    - mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under
      spin_lock_irqsave()
    - mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under
      spin_lock_irqsave()
    - nfc: pn533: Clear nfc_target before being used
    - r6040: Fix kmemleak in probe and remove
    - rtc: mxc_v2: Add missing clk_disable_unprepare()
    - openvswitch: Fix flow lookup to use unmasked key
    - skbuff: Account for tail adjustment during pull operations
    - mailbox: zynq-ipi: fix error handling while device_register() fails
    - net_sched: reject TCF_EM_SIMPLE case for complex ematch module
    - rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
    - myri10ge: Fix an error handling path in myri10ge_probe()
    - net: stream: purge sk_error_queue in sk_stream_kill_queues()
    - rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state()
    - binfmt_misc: fix shift-out-of-bounds in check_special_flags
    - fs: jfs: fix shift-out-of-bounds in dbAllocAG
    - udf: Avoid double brelse() in udf_rename()
    - fs: jfs: fix shift-out-of-bounds in dbDiscardAG
    - ACPICA: Fix error code path in acpi_ds_call_control_method()
    - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
    - acct: fix potential integer overflow in encode_comp_t()
    - hfs: fix OOB Read in __hfs_brec_find
    - drm/etnaviv: add missing quirks for GC300
    - brcmfmac: return error when getting invalid max_flowrings from dongle
    - wifi: ath9k: verify the expected usb_endpoints are present
    - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
    - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
    - ipmi: fix memleak when unload ipmi driver
    - bpf: make sure skb->len != 0 when redirecting to a tunneling device
    - net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
    - hamradio: baycom_epp: Fix return type of baycom_send_packet()
    - wifi: brcmfmac: Fix potential shift-out-of-bounds in
      brcmf_fw_alloc_request()
    - igb: Do not free q_vector unless new one was allocated
    - s390/ctcm: Fix return type of ctc{mp,}m_tx()
    - s390/netiucv: Fix return type of netiucv_tx()
    - s390/lcs: Fix return type of lcs_start_xmit()
    - drm/rockchip: Use drm_mode_copy()
    - drm/sti: Use drm_mode_copy()
    - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
    - md/raid1: stop mdx_raid1 thread when raid1 array run failed
    - net: add atomic_long_t to net_device_stats fields
    - mrp: introduce active flags to prevent UAF when applicant uninit
    - ppp: associate skb with a device at tx
    - bpf: Prevent decl_tag from being referenced in func_proto arg
    - media: dvb-frontends: fix leak of memory fw
    - media: dvbdev: adopts refcnt to avoid UAF
    - media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
    - blk-mq: fix possible memleak when register 'hctx' failed
    - regulator: core: fix use_count leakage when handling boot-on
    - mmc: f-sdh30: Add quirks for broken timeout clock capability
    - media: si470x: Fix use-after-free in si470x_int_in_callback()
    - clk: st: Fix memory leak in st_of_quadfs_setup()
    - hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
    - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
    - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
    - orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
    - orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
    - ALSA/ASoC: hda: move/rename snd_hdac_ext_stop_streams to hdac_stream.c
    - ALSA: hda: add snd_hdac_stop_streams() helper
    - ASoC: Intel: Skylake: Fix driver hang during shutdown
    - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in
      mt8173_rt5650_rt5514_dev_probe()
    - ASoC: audio-graph-card: fix refcount leak of cpu_ep in
      __graph_for_each_link()
    - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in
      rockchip_pdm_runtime_resume()
    - ASoC: wm8994: Fix potential deadlock
    - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in
      rk_spdif_runtime_resume()
    - ASoC: rt5670: Remove unbalanced pm_runtime_put()
    - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion
    - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
    - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB
    - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list
    - usb: dwc3: core: defer probe on ulpi_read_id timeout
    - HID: wacom: Ensure bootloader PID is usable in hidraw mode
    - reiserfs: Add missing calls to reiserfs_security_free()
    - iio: adc: ad_sigma_delta: do not use internal iio_dev lock
    - iio: adc128s052: add proper .data members in adc128_of_match table
    - regulator: core: fix deadlock on regulator enable
    - gcov: add support for checksum field
    - media: dvbdev: fix build warning due to comments
    - media: dvbdev: fix refcnt bug
    - cifs: fix oops during encryption
    - nvme-pci: fix doorbell buffer value endianness
    - ata: ahci: Fix PCS quirk application for suspend
    - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition
    - objtool: Fix SEGFAULT
    - powerpc/rtas: avoid device tree lookups in rtas_os_term()
    - powerpc/rtas: avoid scheduling in rtas_os_term()
    - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint
    - HID: plantronics: Additional PIDs for double volume key presses quirk
    - hfsplus: fix bug causing custom uid and gid being unable to be assigned with
      mount
    - ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
    - ALSA: line6: correct midi status byte when receiving data from podxt
    - ALSA: line6: fix stack overflow in line6_midi_transmit
    - pnode: terminate at peers of source
    - md: fix a crash in mempool_free
    - mm, compaction: fix fast_isolate_around() to stay within boundaries
    - f2fs: should put a page when checking the summary info
    - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
    - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
    - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
    - SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
    - net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO
    - net/af_packet: make sure to pull mac header
    - media: stv0288: use explicitly signed char
    - soc: qcom: Select REMAP_MMIO for LLCC driver
    - kest.pl: Fix grub2 menu handling for rebooting
    - ktest.pl minconfig: Unset configs instead of just removing them
    - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K
    - btrfs: fix resolving backrefs for inline extent followed by prealloc
    - ARM: ux500: do not directly dereference __iomem
    - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength
    - selftests: Use optional USERCFLAGS and USERLDFLAGS
    - cpufreq: Init completion before kobject_init_and_add()
    - binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf
    - binfmt: Fix error return code in load_elf_fdpic_binary()
    - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
    - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata
    - dm thin: Use last transaction's pmd->root when commit failed
    - dm thin: Fix UAF in run_timer_softirq()
    - dm integrity: Fix UAF in dm_integrity_dtr()
    - dm clone: Fix UAF in clone_dtr()
    - dm cache: Fix UAF in destroy()
    - dm cache: set needs_check flag after aborting metadata
    - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx'
    - x86/microcode/intel: Do not retry microcode reloading on the APs
    - tracing/hist: Fix wrong return value in parse_action_params()
    - tracing: Fix infinite loop in tracing_read_pipe on overflowed
      print_trace_line
    - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
    - media: dvb-core: Fix double free in dvb_register_device()
    - cifs: fix confusing debug message
    - cifs: fix missing display of three mount options
    - md/bitmap: Fix bitmap chunk size overflow issues
    - efi: Add iMac Pro 2017 to uefi skip cert quirk
    - ipmi: fix long wait in unload when IPMI disconnect
    - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type()
    - ima: Fix a potential NULL pointer access in ima_restore_measurement_list
    - ipmi: fix use after free in _ipmi_destroy_user()
    - PCI: Fix pci_device_is_present() for VFs by checking PF
    - PCI/sysfs: Fix double free in error path
    - crypto: n2 - add missing hash statesize
    - iommu/amd: Fix ivrs_acpihid cmdline parsing code
    - parisc: led: Fix potential null-ptr-deref in start_task()
    - device_cgroup: Roll back to original exceptions after copy failure
    - drm/connector: send hotplug uevent on connector cleanup
    - drm/vmwgfx: Validate the box size for the snooped cursor
    - ext4: add inode table check in __ext4_get_inode_loc to aovid possible
      infinite loop
    - ext4: fix undefined behavior in bit shift for ext4_check_flag_values
    - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
    - ext4: add helper to check quota inums
    - ext4: fix reserved cluster accounting in __es_remove_extent()
    - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
    - ext4: init quota for 'old.inode' in 'ext4_rename'
    - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
    - ext4: fix corruption when online resizing a 1K bigalloc fs
    - ext4: fix error code return to user-space in ext4_get_branch()
    - ext4: avoid BUG_ON when creating xattrs
    - ext4: fix inode leak in ext4_xattr_inode_create() on an error path
    - ext4: initialize quota before expanding inode in setproject ioctl
    - ext4: avoid unaccounted block allocation when expanding inode
    - ext4: allocate extended attribute value in vmalloc area
    - btrfs: replace strncpy() with strscpy()
    - PM/devfreq: governor: Add a private governor_data for governor
    - media: s5p-mfc: Fix to handle reference queue during finishing
    - media: s5p-mfc: Clear workbit to handle error condition
    - media: s5p-mfc: Fix in register read and write for H264
    - dm thin: resume even if in FAIL mode
    - perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
    - perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged
      data
    - KVM: x86: optimize more exit handlers in vmx.c
    - KVM: retpolines: x86: eliminate retpoline from vmx.c exit handlers
    - KVM: VMX: Rename INTERRUPT_PENDING to INTERRUPT_WINDOW
    - KVM: VMX: Rename NMI_PENDING to NMI_WINDOW
    - KVM: VMX: Fix the spelling of CPU_BASED_USE_TSC_OFFSETTING
    - KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1
    - ravb: Fix "failed to switch device to config mode" message during unbind
    - ext4: goto right label 'failed_mount3a'
    - ext4: correct inconsistent error msg in nojournal mode
    - mm/highmem: Lift memcpy_[to|from]_page to core
    - ext4: use memcpy_to_page() in pagecache_write()
    - fs: ext4: initialize fsdata in pagecache_write()
    - ext4: use kmemdup() to replace kmalloc + memcpy
    - mbcache: don't reclaim used entries
    - mbcache: add functions to delete entry if unused
    - ext4: remove EA inode entry from mbcache on inode eviction
    - ext4: unindent codeblock in ext4_xattr_block_set()
    - ext4: fix race when reusing xattr blocks
    - mbcache: automatically delete entries from cache on freeing
    - ext4: fix deadlock due to mbcache entry corruption
    - SUNRPC: ensure the matching upcall is in-flight upon downcall
    - bpf: pull before calling skb_postpull_rcsum()
    - nfsd: shut down the NFSv4 state objects before the filecache
    - net: hns3: add interrupts re-initialization while doing VF FLR
    - net: sched: fix memory leak in tcindex_set_parms
    - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
    - nfc: Fix potential resource leaks
    - vhost: fix range used in translate_desc()
    - net: amd-xgbe: add missed tasklet_kill
    - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
    - RDMA/uverbs: Silence shiftTooManyBitsSigned warning
    - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
    - net: sched: atm: dont intepret cls results when asked to drop
    - net: sched: cbq: dont intepret cls results when asked to drop
    - perf tools: Fix resources leak in perf_data__open_dir()
    - drivers/net/bonding/bond_3ad: return when there's no aggregator
    - usb: rndis_host: Secure rndis_query check against int overflow
    - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin()
    - caif: fix memory leak in cfctrl_linkup_request()
    - udf: Fix extension of the last extent in the file
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet
    - x86/bugs: Flush IBP in ib_prctl_set()
    - nfsd: fix handling of readdir in v4root vs. mount upcall timeout
    - riscv: uaccess: fix type of 0 variable on error in get_user()
    - ext4: don't allow journal inode to have encrypt flag
    - hfs/hfsplus: use WARN_ON for sanity check
    - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
    - mbcache: Avoid nesting of cache->c_list_lock under bit locks
    - parisc: Align parisc MADV_XXX constants with all other architectures
    - selftests: Fix kselftest O=objdir build from cluttering top level objdir
    - selftests: set the BUILD variable to absolute path
    - driver core: Fix bus_type.match() error handling in __driver_attach()
    - net: sched: disallow noqueue for qdisc classes
    - KVM: arm64: Fix S1PTW handling on RO memslots
    - efi: tpm: Avoid READ_ONCE() for accessing the event log
    - docs: Fix the docs build with Sphinx 6.0
    - perf auxtrace: Fix address filter duplicate symbol selection
    - s390/kexec: fix ipl report address for kdump
    - s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
    - net/ulp: prevent ULP without clone op from entering the LISTEN status
    - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list
    - cifs: Fix uninitialized memory read for smb311 posix symlink create
    - drm/msm/adreno: Make adreno quirks not overwrite each other
    - platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during
      probe
    - ixgbe: fix pci device refcount leak
    - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
    - wifi: wilc1000: sdio: fix module autoloading
    - usb: ulpi: defer ulpi_register on ulpi_read_id timeout
    - jbd2: use the correct print format
    - quota: Factor out setup of quota inode
    - ext4: fix bug_on in __es_tree_search caused by bad quota inode
    - ext4: lost matching-pair of trace in ext4_truncate
    - ext4: fix use-after-free in ext4_orphan_cleanup
    - ext4: fix uninititialized value in 'ext4_evict_inode'
    - netfilter: ipset: Fix overflow before widen in the bitmap_ip_create()
      function.
    - powerpc/imc-pmu: Fix use of mutex in IRQs disabled section
    - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
    - EDAC/device: Fix period calculation in edac_device_reset_delay_period()
    - regulator: da9211: Use irq handler when ready
    - tipc: improve throughput between nodes in netns
    - tipc: eliminate checking netns if node established
    - tipc: fix unexpected link reset due to discovery messages
    - hvc/xen: lock console list traversal
    - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
    - net/sched: act_mpls: Fix warning during failed attribute validation
    - net/mlx5: Rename ptp clock info
    - net/mlx5: Fix ptp max frequency adjustment range
    - iommu/mediatek-v1: Add error handle for mtk_iommu_probe
    - iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe()
    - x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent
      unnecessary IPI
    - x86/resctrl: Fix task CLOSID/RMID update race
    - drm/virtio: Fix GEM handle creation UAF
    - arm64: atomics: format whitespace consistently
    - arm64: atomics: remove LL/SC trampolines
    - arm64: cmpxchg_double*: hazard against entire exchange variable
    - efi: fix NULL-deref in init error path
    - mm: Always release pages to the buddy allocator in memblock_free_late().
    - Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout"
    - tipc: fix use-after-free in tipc_disc_rcv()
    - tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasn't started
    - tipc: Add a missing case of TIPC_DIRECT_MSG type
    - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown
    - tipc: call tipc_lxc_xmit without holding node_read_lock
    - Linux 5.4.229
  * Focal update: v5.4.229 upstream stable release (LP: #2003914) //
    CVE-2023-0266 was assigned for this issue.
    - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
  * Focal update: v5.4.229 upstream stable release (LP: #2003914) //
    CVE-2022-41218 is assigned to those bugs above.
    - media: dvb-core: Fix UAF due to refcount races at releasing
  * Focal update: v5.4.228 upstream stable release (LP: #2003904)
    - x86/smpboot: Move rcu_cpu_starting() earlier
    - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
    - block: unhash blkdev part inode when the part is deleted
    - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
    - pinctrl: meditatek: Startup with the IRQs disabled
    - can: sja1000: fix size of OCR_MODE_MASK define
    - can: mcba_usb: Fix termination command argument
    - ASoC: ops: Correct bounds check for second channel on SX controls
    - Linux 5.4.228
  * Focal update: v5.4.227 upstream stable release (LP: #2003901)
    - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4
      series
    - arm: dts: rockchip: fix node name for hym8563 rtc
    - ARM: dts: rockchip: fix ir-receiver node names
    - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name
    - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels
    - ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation
    - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188
    - 9p/fd: Use P9_HDRSZ for header size
    - regulator: slg51000: Wait after asserting CS pin
    - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
    - btrfs: send: avoid unaligned encoded writes when attempting to clone range
    - ASoC: soc-pcm: Add NULL check in BE reparenting
    - regulator: twl6030: fix get status of twl6032 regulators
    - fbcon: Use kzalloc() in fbcon_prepare_logo()
    - 9p/xen: check logical size for buffer size
    - net: usb: qmi_wwan: add u-blox 0x1342 composition
    - mm/khugepaged: take the right locks for page table retraction
    - mm/khugepaged: fix GUP-fast interaction by sending IPI
    - mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
    - xen/netback: do some code cleanup
    - xen/netback: don't call kfree_skb() with interrupts disabled
    - Revert "net: dsa: b53: Fix valid setting for MDB entries"
    - media: v4l2-dv-timings.c: fix too strict blanking sanity checks
    - memcg: fix possible use-after-free in memcg_write_event_control()
    - mm/gup: fix gup_pud_range() for dax
    - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
    - drm/shmem-helper: Remove errant put in error path
    - HID: usbhid: Add ALWAYS_POLL quirk for some mice
    - HID: hid-lg4ff: Add check for empty lbuf
    - HID: core: fix shift-out-of-bounds in hid_report_raw_event
    - can: af_can: fix NULL pointer dereference in can_rcv_filter
    - ieee802154: cc2520: Fix error return code in cc2520_hw_init()
    - ca8210: Fix crash by zero initializing data
    - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug
    - gpio: amd8111: Fix PCI device reference count leak
    - e1000e: Fix TX dispatch condition
    - igb: Allocate MSI-X vector when testing
    - af_unix: Get user_ns from in_skb in unix_diag_get_exact().
    - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn()
    - Bluetooth: Fix not cleanup led when bt_init fails
    - net: dsa: ksz: Check return value
    - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload
    - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
    - net: encx24j600: Add parentheses to fix precedence
    - net: encx24j600: Fix invalid logic in reading of MISTAT register
    - xen-netfront: Fix NULL sring after live migration
    - net: mvneta: Prevent out of bounds read in mvneta_config_rss()
    - i40e: Fix not setting default xps_cpus after reset
    - i40e: Fix for VF MAC address 0
    - i40e: Disallow ip4 and ip6 l4_4_bytes
    - NFC: nci: Bounds check struct nfc_target arrays
    - nvme initialize core quirks before calling nvme_init_subsystem
    - net: stmmac: fix "snps,axi-config" node property parsing
    - net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq
    - net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
    - net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
    - tipc: Fix potential OOB in tipc_link_proto_rcv()
    - ipv4: Fix incorrect route flushing when source address is deleted
    - ipv4: Fix incorrect route flushing when table ID 0 is used
    - ethernet: aeroflex: fix potential skb leak in greth_init_rings()
    - net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq()
    - ipv6: avoid use-after-free in ip6_fragment()
    - net: mvneta: Fix an out of bounds check
    - can: esd_usb: Allow REC and TEC to return to zero
    - Linux 5.4.227
  * 5.15.0-58.64 breaks xen bridge networking (pvh domU) (LP: #2002889) // Focal
    update: v5.4.227 upstream stable release (LP: #2003901)
    - xen/netback: fix build warning
  * Focal update: v5.4.226 upstream stable release (LP: #2003896)
    - wifi: mac80211: fix memory free error when registering wiphy fail
    - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
    - audit: fix undefined behavior in bit shift for AUDIT_BIT
    - wifi: mac80211: Fix ack frame idr leak when mesh has no route
    - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
    - drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
    - block, bfq: fix null pointer dereference in bfq_bio_bfqg()
    - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
    - RISC-V: vdso: Do not add missing symbols to version section in linker script
    - MIPS: pic32: treat port as signed integer
    - af_key: Fix send_acquire race with pfkey_register
    - ARM: dts: am335x-pcm-953: Define fixed regulators in root node
    - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
    - regulator: core: fix kobject release warning and memory leak in
      regulator_register()
    - regulator: core: fix UAF in destroy_regulator()
    - bus: sunxi-rsb: Support atomic transfers
    - tee: optee: fix possible memory leak in optee_register_device()
    - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
    - net: liquidio: simplify if expression
    - nfc/nci: fix race with opening and closing
    - net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
    - 9p/fd: fix issue of list_del corruption in p9_fd_cancel()
    - ARM: mxs: fix memory leak in mxs_machine_init()
    - net/mlx4: Check retval of mlx4_bitmap_init
    - net/qla3xxx: fix potential memleak in ql3xxx_send()
    - net: pch_gbe: fix pci device refcount leak while module exiting
    - nfp: add port from netdev validation for EEPROM access
    - Drivers: hv: vmbus: fix double free in the error path of
      vmbus_add_channel_work()
    - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
    - net/mlx5: Fix FW tracer timestamp calculation
    - tipc: set con sock in tipc_conn_alloc
    - tipc: add an extra conn_get in tipc_conn_alloc
    - tipc: check skb_linearize() return value in tipc_disc_rcv()
    - xfrm: Fix ignored return value in xfrm6_init()
    - NFC: nci: fix memory leak in nci_rx_data_packet()
    - regulator: twl6030: re-add TWL6032_SUBCLASS
    - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
    - dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
    - s390/dasd: fix no record found for raw_track_access
    - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
    - nfc: st-nci: fix memory leaks in EVT_TRANSACTION
    - net: thunderx: Fix the ACPI memory leak
    - s390/crashdump: fix TOD programmable field size
    - lib/vdso: use "grep -E" instead of "egrep"
    - usb: dwc3: exynos: Fix remove() function
    - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
    - iio: light: apds9960: fix wrong register for gesture gain
    - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
    - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
    - nios2: add FORCE for vmlinuz.gz
    - iio: ms5611: Simplify IO callback parameters
    - iio: pressure: ms5611: fixed value compensation bug
    - ceph: do not update snapshot context when there is no new snapshot
    - ceph: avoid putting the realm twice when decoding snaps fails
    - firmware: google: Release devices before unregistering the bus
    - firmware: coreboot: Register bus in module init
    - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
    - gcov: clang: fix the buffer overflow issue
    - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
    - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
    - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
    - xen/platform-pci: add missing free_irq() in error path
    - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
    - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
    - platform/x86: hp-wmi: Ignore Smart Experience App event
    - [Config] updateconfigs for INET_TABLE_PERTURB_ORDER
    - tcp: configurable source port perturb table size
    - net: usb: qmi_wwan: add Telit 0x103a composition
    - dm integrity: flush the journal on suspend
    - binder: avoid potential data leakage when copying txn
    - binder: read pre-translated fds from sender buffer
    - binder: defer copies of pre-patched txn data
    - binder: fix pointer cast warning
    - binder: Address corner cases in deferred copy and fixup
    - binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0
    - btrfs: free btrfs_path before copying root refs to userspace
    - btrfs: free btrfs_path before copying fspath to userspace
    - btrfs: free btrfs_path before copying subvol info to userspace
    - btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs()
    - drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
    - drm/amdgpu: always register an MMU notifier for userptr
    - fuse: lock inode unconditionally in fuse_fallocate()
    - btrfs: free btrfs_path before copying inodes to userspace
    - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock
    - btrfs: move QUOTA_ENABLED check to rescan_should_stop from
      btrfs_qgroup_rescan_worker
    - drm/amdgpu: update drm_display_info correctly when the edid is read
    - drm/amdgpu: Partially revert "drm/amdgpu: update drm_display_info correctly
      when the edid is read"
    - btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
    - iio: health: afe4403: Fix oob read in afe4403_read_raw
    - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
    - iio: light: rpr0521: add missing Kconfig dependencies
    - scripts/faddr2line: Fix regression in name resolution on ppc64le
    - hwmon: (i5500_temp) fix missing pci_disable_device()
    - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
    - of: property: decrement node refcount in of_fwnode_get_reference_args()
    - net/mlx5: Fix uninitialized variable bug in outlen_write()
    - net/mlx5e: Fix use-after-free when reverting termination table
    - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
    - can: cc770: cc770_isa_probe(): add missing free_cc770dev()
    - qlcnic: fix sleep-in-atomic-context bugs caused by msleep
    - wifi: cfg80211: fix buffer overflow in elem comparison
    - net: phy: fix null-ptr-deref while probe() failed
    - net: net_netdev: Fix error handling in ntb_netdev_init_module()
    - net/9p: Fix a potential socket leak in p9_socket_open
    - net: ethernet: nixge: fix NULL dereference
    - dsa: lan9303: Correct stat name
    - net: hsr: Fix potential use-after-free
    - afs: Fix fileserver probe RTT handling
    - net: tun: Fix use-after-free in tun_detach()
    - packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
    - sctp: fix memory leak in sctp_stream_outq_migrate()
    - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
    - hwmon: (coretemp) Check for null before removing sysfs attrs
    - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
    - net/mlx5: DR, Fix uninitialized var warning
    - error-injection: Add prompt for function error injection
    - tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep"
    - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
    - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3
    - pinctrl: intel: Save and restore pins in "direct IRQ" mode
    - mmc: mmc_test: Fix removal of debugfs file
    - mmc: core: Fix ambiguous TRIM and DISCARD arg
    - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check
    - mmc: sdhci-sprd: Fix no reset data and command after voltage switch
    - tracing: Free buffers when a used dynamic event is removed
    - arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM
      vectors
    - arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72
    - mm: Fix '.data.once' orphan section warning
    - ASoC: ops: Fix bounds check for _sx controls
    - pinctrl: single: Fix potential division by zero
    - iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
    - parisc: Increase size of gcc stack frame check
    - xtensa: increase size of gcc stack frame check
    - parisc: Increase FRAME_WARN to 2048 bytes on parisc
    - Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is
      enabled
    - selftests: net: add delete nexthop route warning test
    - selftests: net: fix nexthop warning cleanup double ip typo
    - ipv4: Handle attempt to delete multipath route when fib_info contains an nh
      reference
    - ipv4: Fix route deletion when nexthop info is not specified
    - tracing/ring-buffer: Have polling block on watermark
    - nvme: restrict management ioctls to admin
    - nvme: ensure subsystem reset is single threaded
    - x86/tsx: Add a feature bit for TSX control MSR support
    - x86/pm: Add enumeration check before spec MSRs save/restore setup
    - x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
    - Revert "clocksource/drivers/riscv: Events are stopped during CPU suspend"
    - char: tpm: Protect tpm_pm_suspend with locks
    - mmc: sdhci: use FIELD_GET for preset value bit masks
    - mmc: sdhci: Fix voltage switch delay
    - proc: avoid integer type confusion in get_proc_long
    - proc: proc_skip_spaces() shouldn't think it is working on C strings
    - v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails
    - ipc/sem: Fix dangling sem_array access in semtimedop race
    - Linux 5.4.226
  * CVE-2022-4139
    - drm/i915: fix TLB invalidation for Gen12 video and compute engines
  * Focal update: v5.4.225 upstream stable release (LP: #2002347)
    - xfs: preserve rmapbt swapext block reservation from freed blocks
    - xfs: rename xfs_bmap_is_real_extent to is_written_extent
    - xfs: redesign the reflink remap loop to fix blkres depletion crash
    - xfs: use MMAPLOCK around filemap_map_pages()
    - xfs: preserve inode versioning across remounts
    - xfs: drain the buf delwri queue before xfsaild idles
    - phy: stm32: fix an error code in probe
    - wifi: cfg80211: silence a sparse RCU warning
    - wifi: cfg80211: fix memory leak in query_regdb_file()
    - bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues
    - HID: hyperv: fix possible memory leak in mousevsc_probe()
    - net: gso: fix panic on frag_list with mixed head alloc types
    - net: tun: Fix memory leaks of napi_get_frags
    - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal()
    - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
    - net: fman: Unregister ethernet device on removal
    - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
    - net: lapbether: fix issue of dev reference count leakage in
      lapbeth_device_event()
    - hamradio: fix issue of dev reference count leakage in bpq_device_event()
    - drm/vc4: Fix missing platform_unregister_drivers() call in
      vc4_drm_register()
    - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
    - can: af_can: fix NULL pointer dereference in can_rx_register()
    - tipc: fix the msg->req tlv len check in
      tipc_nl_compat_name_table_dump_header
    - dmaengine: pxa_dma: use platform_get_irq_optional
    - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
    - drivers: net: xgene: disable napi when register irq failed in
      xgene_enet_open()
    - perf stat: Fix printing os->prefix in CSV metrics output
    - net: nixge: disable napi when enable interrupts failed in nixge_open()
    - net/mlx5: Allow async trigger completion execution on single CPU systems
    - net: cpsw: disable napi in cpsw_ndo_open()
    - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
    - cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in
      cxgb4vf_open()
    - ethernet: s2io: disable napi when start nic failed in s2io_card_up()
    - net: mv643xx_eth: disable napi when init rxq or txq failed in
      mv643xx_eth_open()
    - ethernet: tundra: free irq when alloc ring failed in tsi108_open()
    - net: macvlan: fix memory leaks of macvlan_common_newlink
    - riscv: process: fix kernel info leakage
    - arm64: efi: Fix handling of misaligned runtime regions and drop warning
    - MIPS: jump_label: Fix compat branch range check
    - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
    - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI
    - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI
    - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK
    - ALSA: hda: fix potential memleak in 'add_widget_node'
    - ALSA: usb-audio: Add quirk entry for M-Audio Micro
    - ALSA: usb-audio: Add DSD support for Accuphase DAC-60
    - vmlinux.lds.h: Fix placement of '.data..decrypted' section
    - nilfs2: fix deadlock in nilfs_count_free_blocks()
    - nilfs2: fix use-after-free bug of ns_writer on remount
    - drm/i915/dmabuf: fix sg_table handling in map_dma_buf
    - btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
    - udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
    - can: j1939: j1939_send_one(): fix missing CAN header initialization
    - cert host tools: Stop complaining about deprecated OpenSSL functions
    - dmaengine: at_hdmac: Fix at_lli struct definition
    - dmaengine: at_hdmac: Don't start transactions at tx_submit level
    - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
    - dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
    - dmaengine: at_hdmac: Fix impossible condition
    - dmaengine: at_hdmac: Check return code of dma_async_device_register
    - net: tun: call napi_schedule_prep() to ensure we own a napi
    - x86/cpu: Restore AMD's DE_CFG MSR after resume
    - ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in
      wm5102_probe"
    - ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in
      wm5110_probe"
    - ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in
      wm8997_probe"
    - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK
    - spi: intel: Fix the offset to get the 64K erase opcode
    - ASoC: codecs: jz4725b: add missed Line In power control bit
    - ASoC: codecs: jz4725b: fix reported volume for Master ctl
    - ASoC: codecs: jz4725b: use right control for Capture Volume
    - ASoC: codecs: jz4725b: fix capture selector naming
    - selftests/futex: fix build for clang
    - selftests/intel_pstate: fix build for ARCH=x86_64
    - NFSv4: Retry LOCK on OLD_STATEID during delegation return
    - i2c: i801: add lis3lv02d's I2C address for Vostro 5568
    - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
    - btrfs: remove pointless and double ulist frees in error paths of qgroup
      tests
    - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" ->
      "Route"
    - spi: stm32: Print summary 'callbacks suppressed' message
    - ASoC: core: Fix use-after-free in snd_soc_exit()
    - serial: 8250_omap: remove wait loop from Errata i202 workaround
    - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove()
    - serial: 8250: omap: Flush PM QOS work on remove
    - serial: imx: Add missing .thaw_noirq hook
    - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
    - ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
    - block: sed-opal: kmalloc the cmd/resp buffers
    - siox: fix possible memory leak in siox_device_add()
    - parport_pc: Avoid FIFO port location truncation
    - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
    - arm64: dts: imx8mm: Fix NAND controller size-cells
    - arm64: dts: imx8mn: Fix NAND controller size-cells
    - ata: libata-transport: fix double ata_host_put() in ata_tport_add()
    - net: bgmac: Drop free_netdev() from bgmac_enet_remove()
    - mISDN: fix possible memory leak in mISDN_dsp_element_register()
    - net: liquidio: release resources when liquidio driver open failed
    - mISDN: fix misuse of put_device() in mISDN_register_device()
    - net: macvlan: Use built-in RCU list checking
    - net: caif: fix double disconnect client in chnl_net_open()
    - bnxt_en: Remove debugfs when pci_register_driver failed
    - xen/pcpu: fix possible memory leak in register_pcpu()
    - drbd: use after free in drbd_create_device()
    - platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when
      virtualized
    - net/x25: Fix skb leak in x25_lapb_receive_frame()
    - cifs: Fix wrong return value checking when GETFLAGS
    - net: thunderbolt: Fix error handling in tbnet_init()
    - cifs: add check for returning value of SMB2_set_info_init
    - ftrace: Fix the possible incorrect kernel message
    - ftrace: Optimize the allocation for mcount entries
    - ftrace: Fix null pointer dereference in ftrace_add_mod()
    - ring_buffer: Do not deactivate non-existant pages
    - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
    - Revert "usb: dwc3: disable USB core PHY management"
    - slimbus: stream: correct presence rate frequencies
    - speakup: fix a segfault caused by switching consoles
    - USB: serial: option: add Sierra Wireless EM9191
    - USB: serial: option: remove old LARA-R6 PID
    - USB: serial: option: add u-blox LARA-R6 00B modem
    - USB: serial: option: add u-blox LARA-L6 modem
    - USB: serial: option: add Fibocom FM160 0x0111 composition
    - usb: add NO_LPM quirk for Realforce 87U Keyboard
    - usb: chipidea: fix deadlock in ci_otg_del_timer
    - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
    - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
    - iio: pressure: ms5611: changed hardcoded SPI speed to value limited
    - dm ioctl: fix misbehavior if list_versions races with module loading
    - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
    - serial: 8250_lpss: Configure DMA also w/o DMA filter
    - Input: iforce - invert valid length check when fetching device IDs
    - scsi: zfcp: Fix double free of FSF request when qdio send fails
    - mmc: core: properly select voltage range without power cycle
    - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce
      timeout
    - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
    - docs: update mediator contact information in CoC doc
    - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
    - serial: 8250: Flush DMA Rx on RLSI
    - ring-buffer: Include dropped pages in counting dirty patches
    - scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
    - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case
    - Input: i8042 - fix leaking of platform device on module removal
    - macvlan: enforce a consistent minimal mtu
    - tcp: cdg: allow tcp_cdg_release() to be called multiple times
    - kcm: avoid potential race in kcm_tx_work
    - bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
    - kcm: close race conditions on sk_receive_queue
    - 9p: trans_fd/p9_conn_cancel: drop client lock earlier
    - gfs2: Check sb_bsize_shift after reading superblock
    - gfs2: Switch from strlcpy to strscpy
    - 9p/trans_fd: always use O_NONBLOCK read/write
    - mm: fs: initialize fsdata passed to write_begin/write_end interface
    - ntfs: fix use-after-free in ntfs_attr_find()
    - ntfs: fix out-of-bounds read in ntfs_attr_find()
    - ntfs: check overflow when iterating ATTR_RECORDs
    - Linux 5.4.225
  * CVE-2022-47520
    - wifi: wilc1000: validate pairwise and authentication suite offsets
  * CVE-2022-3545
    - nfp: fix use-after-free in area_cache_get()

linux-aws (5.4.0-1096.104) focal; urgency=medium

  * focal/linux-aws: 5.4.0-1096.104 -proposed tracker (LP: #2003459)

  [ Ubuntu: 5.4.0-139.156 ]

  * focal/linux: 5.4.0-139.156 -proposed tracker (LP: #2003486)
  * Revoke & rotate to new signing key (LP: #2002812)
    - [Packaging] Revoke and rotate to new signing key

linux-aws (5.4.0-1095.103) focal; urgency=medium

  * focal/linux-aws: 5.4.0-1095.103 -proposed tracker (LP: #2001812)

  * Focal update: v5.4.221 upstream stable release (LP: #1997993)
    - [Config] aws: updateconfigs for ARM64_ERRATUM_1742098

  [ Ubuntu: 5.4.0-138.155 ]

  * focal/linux: 5.4.0-138.155 -proposed tracker (LP: #2001845)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * Focal update: v5.4.224 upstream stable release (LP: #1999273)
    - RDMA/cma: Use output interface for net_dev check
    - IB/hfi1: Correctly move list in sc_disable()
    - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors
    - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
    - nfs4: Fix kmemleak when allocate slot failed
    - net: dsa: Fix possible memory leaks in dsa_loop_init()
    - RDMA/core: Fix null-ptr-deref in ib_core_cleanup()
    - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
    - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
    - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
    - net: fec: fix improper use of NETDEV_TX_BUSY
    - ata: pata_legacy: fix pdc20230_set_piomode()
    - net: sched: Fix use after free in red_enqueue()
    - net: tun: fix bugs for oversize packet when napi frags enabled
    - netfilter: nf_tables: release flow rule object from commit path
    - ipvs: use explicitly signed chars
    - ipvs: fix WARNING in __ip_vs_cleanup_batch()
    - ipvs: fix WARNING in ip_vs_app_net_cleanup()
    - rose: Fix NULL pointer dereference in rose_send_frame()
    - mISDN: fix possible memory leak in mISDN_register_device()
    - isdn: mISDN: netjet: fix wrong check of device registration
    - btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
    - btrfs: fix inode list leak during backref walking at find_parent_nodes()
    - btrfs: fix ulist leaks in error paths of qgroup self tests
    - Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
    - net: mdio: fix undefined behavior in bit shift for __mdiobus_register
    - net, neigh: Fix null-ptr-deref in neigh_table_clear()
    - ipv6: fix WARNING in ip6_route_net_exit_late()
    - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
    - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE
    - media: dvb-frontends/drxk: initialize err to 0
    - media: meson: vdec: fix possible refcount leak in vdec_probe()
    - scsi: core: Restrict legal sdev_state transitions via sysfs
    - HID: saitek: add madcatz variant of MMO7 mouse device ID
    - i2c: xiic: Add platform module alias
    - xfs: don't fail verifier on empty attr3 leaf block
    - xfs: use ordered buffers to initialize dquot buffers during quotacheck
    - xfs: gut error handling in xfs_trans_unreserve_and_mod_sb()
    - xfs: group quota should return EDQUOT when prj quota enabled
    - xfs: don't fail unwritten extent conversion on writeback due to edquot
    - xfs: Add the missed xfs_perag_put() for xfs_ifree_cluster()
    - Bluetooth: L2CAP: Fix attempting to access uninitialized memory
    - block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
    - binder: fix UAF of alloc->vma in race with munmap()
    - btrfs: fix type of parameter generation in btrfs_get_dentry
    - tcp/udp: Make early_demux back namespacified.
    - kprobe: reverse kp->flags when arm_kprobe failed
    - tools/nolibc/string: Fix memcmp() implementation
    - tracing/histogram: Update document for KEYS_MAX size
    - capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
    - fuse: add file_modified() to fallocate
    - efi: random: reduce seed size to 32 bytes
    - perf/x86/intel: Fix pebs event constraints for ICL
    - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[]
    - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
    - parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
    - parisc: Export iosapic_serial_irq() symbol for serial port driver
    - parisc: Avoid printing the hardware path twice
    - ext4: fix warning in 'ext4_da_release_space'
    - ext4: fix BUG_ON() when directory entry has invalid rec_len
    - KVM: x86: Mask off reserved bits in CPUID.8000001AH
    - KVM: x86: Mask off reserved bits in CPUID.80000008H
    - KVM: x86: emulator: em_sysexit should update ctxt->mode
    - KVM: x86: emulator: introduce emulator_recalc_and_set_mode
    - KVM: x86: emulator: update the emulation mode after CR0 write
    - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times
    - drm/rockchip: dsi: Force synchronous probe
    - drm/i915/sdvo: Filter out invalid outputs more sensibly
    - drm/i915/sdvo: Setup DDC fully before output init
    - wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
    - ipc: remove memcg accounting for sops objects in do_semtimedop()
    - Linux 5.4.224
  * Focal update: v5.4.223 upstream stable release (LP: #1999179)
    - can: j1939: transport: j1939_session_skb_drop_old():
      spin_unlock_irqrestore() before kfree_skb()
    - can: kvaser_usb: Fix possible completions during init_completion
    - ALSA: Use del_timer_sync() before freeing timer
    - ALSA: au88x0: use explicitly signed char
    - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
    - usb: dwc3: gadget: Stop processing more requests on IMI
    - usb: dwc3: gadget: Don't set IMI for no_interrupt
    - usb: bdc: change state when port disconnected
    - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96
      controller
    - mtd: rawnand: marvell: Use correct logic for nand-keep-config
    - xhci: Remove device endpoints from bandwidth list when freeing the device
    - tools: iio: iio_utils: fix digit calculation
    - iio: light: tsl2583: Fix module unloading
    - fbdev: smscufx: Fix several use-after-free bugs
    - mac802154: Fix LQI recording
    - drm/msm/dsi: fix memory corruption with too many bridges
    - drm/msm/hdmi: fix memory corruption with too many bridges
    - mmc: core: Fix kernel panic when remove non-standard SDIO card
    - kernfs: fix use-after-free in __kernfs_remove
    - perf auxtrace: Fix address filter symbol name match for modules
    - s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
    - s390/pci: add missing EX_TABLE entries to
      __pcistg_mio_inuser()/__pcilg_mio_inuser()
    - xfs: finish dfops on every insert range shift iteration
    - xfs: clear XFS_DQ_FREEING if we can't lock the dquot buffer to flush
    - xfs: force the log after remapping a synchronous-writes file
    - Xen/gntdev: don't ignore kernel unmapping error
    - xen/gntdev: Prevent leaking grants
    - mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
    - net: ieee802154: fix error return code in dgram_bind()
    - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
    - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
    - arc: iounmap() arg is volatile
    - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
    - tipc: fix a null-ptr-deref in tipc_topsrv_accept
    - net: netsec: fix error handling in netsec_register_mdio()
    - x86/unwind/orc: Fix unreliable stack dump with gcov
    - amd-xgbe: fix the SFP compliance codes check for DAC cables
    - amd-xgbe: add the bit rate quirk for Molex cables
    - kcm: annotate data-races around kcm->rx_psock
    - kcm: annotate data-races around kcm->rx_wait
    - net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed
    - net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY
    - tcp: fix indefinite deferral of RTO with SACK reneging
    - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error
      path
    - PM: hibernate: Allow hybrid sleep to work with s2idle
    - media: vivid: s_fbuf: add more sanity checks
    - media: vivid: dev->bitmap_cap wasn't freed in all cases
    - media: v4l2-dv-timings: add sanity checks for blanking values
    - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced'
    - i40e: Fix ethtool rx-flow-hash setting for X722
    - i40e: Fix VF hang when reset is triggered on another VF
    - i40e: Fix flow-type by setting GL_HASH_INSET registers
    - net: ksz884x: fix missing pci_disable_device() on error in pcidev_init()
    - PM: domains: Fix handling of unavailable/disabled idle states
    - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
    - ALSA: aoa: Fix I2S device accounting
    - openvswitch: switch from WARN to pr_warn
    - net: ehea: fix possible memory leak in ehea_register_port()
    - nh: fix scope used to find saddr when adding non gw nh
    - net/mlx5e: Do not increment ESN when updating IPsec ESN state
    - net/mlx5: Fix possible use-after-free in async command interface
    - net: enetc: survive memory pressure without crashing
    - can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global
      FIFO receive
    - Linux 5.4.223
  * Focal update: v5.4.222 upstream stable release (LP: #1997994)
    - once: fix section mismatch on clang builds
    - Linux 5.4.222
  * Focal update: v5.4.221 upstream stable release (LP: #1997993)
    - xfs: open code insert range extent split helper
    - xfs: rework insert range into an atomic operation
    - xfs: rework collapse range into an atomic operation
    - xfs: add a function to deal with corrupt buffers post-verifiers
    - xfs: xfs_buf_corruption_error should take __this_address
    - xfs: fix buffer corruption reporting when xfs_dir3_free_header_check fails
    - xfs: check owner of dir3 data blocks
    - xfs: check owner of dir3 blocks
    - xfs: Use scnprintf() for avoiding potential buffer overflow
    - xfs: remove the xfs_disk_dquot_t and xfs_dquot_t
    - xfs: remove the xfs_dq_logitem_t typedef
    - xfs: remove the xfs_qoff_logitem_t typedef
    - xfs: Replace function declaration by actual definition
    - xfs: factor out quotaoff intent AIL removal and memory free
    - xfs: fix unmount hang and memory leak on shutdown during quotaoff
    - xfs: preserve default grace interval during quotacheck
    - xfs: Lower CIL flush limit for large logs
    - xfs: Throttle commits on delayed background CIL push
    - xfs: factor common AIL item deletion code
    - xfs: tail updates only need to occur when LSN changes
    - xfs: don't write a corrupt unmount record to force summary counter recalc
    - xfs: trylock underlying buffer on dquot flush
    - xfs: factor out a new xfs_log_force_inode helper
    - xfs: reflink should force the log out if mounted with wsync
    - xfs: move inode flush to the sync workqueue
    - xfs: fix use-after-free on CIL context on shutdown
    - ocfs2: clear dinode links count in case of error
    - ocfs2: fix BUG when iput after ocfs2_mknod fails
    - x86/microcode/AMD: Apply the patch early on every logical thread
    - hwmon/coretemp: Handle large core ID value
    - ata: ahci-imx: Fix MODULE_ALIAS
    - ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS
    - KVM: arm64: vgic: Fix exit condition in scan_its_table()
    - media: venus: dec: Handle the case where find_format fails
    - [Config] updateconfigs for ARM64_ERRATUM_1742098
    - arm64: errata: Remove AES hwcap for COMPAT tasks
    - r8152: add PID for the Lenovo OneLink+ Dock
    - btrfs: fix processing of delayed data refs during backref walking
    - btrfs: fix processing of delayed tree block refs during backref walking
    - ACPI: extlog: Handle multiple records
    - tipc: Fix recognition of trial period
    - tipc: fix an information leak in tipc_topsrv_kern_subscr
    - HID: magicmouse: Do not set BTN_MOUSE on double report
    - net/atm: fix proc_mpc_write incorrect return value
    - net: phy: dp83867: Extend RX strap quirk for SGMII mode
    - net: sched: cake: fix null pointer access issue when cake_init() fails
    - net: hns: fix possible memory leak in hnae_ae_register()
    - iommu/vt-d: Clean up si_domain in the init_dmars() error path
    - arm64: topology: move store_cpu_topology() to shared code
    - riscv: topology: fix default topology reporting
    - ACPI: video: Force backlight native for more TongFang devices
    - Makefile.debug: re-enable debug info for .S files
    - hv_netvsc: Fix race between VF offering and VF association message from host
    - mm: /proc/pid/smaps_rollup: fix no vma's null-deref
    - Linux 5.4.221
  * Focal update: v5.4.220 upstream stable release (LP: #1996812)
    - ALSA: oss: Fix potential deadlock at unregistration
    - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
    - ALSA: usb-audio: Fix potential memory leaks
    - ALSA: usb-audio: Fix NULL dererence at error path
    - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
    - ALSA: hda/realtek: Correct pin configs for ASUS G533Z
    - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop
    - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys
    - mtd: rawnand: atmel: Unmap streaming DMA mappings
    - cifs: destage dirty pages before re-reading them for cache=none
    - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
    - iio: dac: ad5593r: Fix i2c read protocol requirements
    - iio: pressure: dps310: Refactor startup procedure
    - iio: pressure: dps310: Reset chip after timeout
    - usb: add quirks for Lenovo OneLink+ Dock
    - can: kvaser_usb: Fix use of uninitialized completion
    - can: kvaser_usb_leaf: Fix overread with an invalid command
    - can: kvaser_usb_leaf: Fix TX queue out of sync after restart
    - can: kvaser_usb_leaf: Fix CAN state after restart
    - mmc: sdhci-sprd: Fix minimum clock limit
    - fs: dlm: fix race between test_bit() and queue_work()
    - fs: dlm: handle -EBUSY first in lock arg validation
    - HID: multitouch: Add memory barriers
    - quota: Check next/prev free block number after reading from quota file
    - ASoC: wcd9335: fix order of Slimbus unprepare/disable
    - regulator: qcom_rpm: Fix circular deferral regression
    - RISC-V: Make port I/O string accessors actually work
    - parisc: fbdev/stifb: Align graphics memory size to 4MB
    - riscv: Allow PROT_WRITE-only mmap()
    - riscv: Pass -mno-relax only on lld < 15.0.0
    - UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
    - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
    - powerpc/boot: Explicitly disable usage of SPE instructions
    - fbdev: smscufx: Fix use-after-free in ufx_ops_open()
    - btrfs: fix race between quota enable and quota rescan ioctl
    - f2fs: increase the limit for reserve_root
    - f2fs: fix to do sanity check on destination blkaddr during recovery
    - f2fs: fix to do sanity check on summary info
    - nilfs2: fix use-after-free bug of struct nilfs_root
    - jbd2: wake up journal waiters in FIFO order, not LIFO
    - ext4: avoid crash when inline data creation follows DIO write
    - ext4: fix null-ptr-deref in ext4_write_info
    - ext4: make ext4_lazyinit_thread freezable
    - ext4: place buffer head allocation before handle start
    - livepatch: fix race between fork and KLP transition
    - ftrace: Properly unset FTRACE_HASH_FL_MOD
    - ring-buffer: Allow splice to read previous partially read pages
    - ring-buffer: Have the shortest_full queue be the shortest not longest
    - ring-buffer: Check pending waiters when doing wake ups as well
    - ring-buffer: Fix race between reset page and reading page
    - media: cedrus: Set the platform driver data earlier
    - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility
    - KVM: nVMX: Unconditionally purge queued/injected events on nested "exit"
    - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS
    - gcov: support GCC 12.1 and newer compilers
    - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()
    - selinux: use "grep -E" instead of "egrep"
    - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t
    - userfaultfd: open userfaultfds with O_RDONLY
    - sh: machvec: Use char[] for section boundaries
    - ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE
    - nfsd: Fix a memory leak in an error handling path
    - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
    - wifi: mac80211: allow bw change during channel switch in mesh
    - bpftool: Fix a wrong type cast in btf_dumper_int
    - x86/resctrl: Fix to restore to original value when re-enabling hardware
      prefetch register
    - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
    - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()
    - spi: qup: add missing clk_disable_unprepare on error in
      spi_qup_pm_resume_runtime()
    - wifi: rtl8xxxu: Fix skb misuse in TX queue selection
    - bpf: btf: fix truncated last_member_type_id in btf_struct_resolve
    - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
    - net: fs_enet: Fix wrong check in do_pd_setup
    - bpf: Ensure correct locking around vulnerable function find_vpid()
    - x86/microcode/AMD: Track patch allocation size explicitly
    - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
    - netfilter: nft_fib: Fix for rpath check with VRF devices
    - spi: s3c64xx: Fix large transfers with DMA
    - vhost/vsock: Use kvmalloc/kvfree for larger packets.
    - sctp: handle the error returned from sctp_auth_asoc_init_active_key
    - tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited
    - net: rds: don't hold sock lock when cancelling work from
      rds_tcp_reset_callbacks()
    - bnx2x: fix potential memory leak in bnx2x_tpa_stop()
    - net/ieee802154: reject zero-sized raw_sendmsg()
    - once: add DO_ONCE_SLOW() for sleepable contexts
    - net: mvpp2: fix mvpp2 debugfs leak
    - drm: bridge: adv7511: fix CEC power down control register offset
    - drm/mipi-dsi: Detach devices when removing the host
    - platform/chrome: fix double-free in chromeos_laptop_prepare()
    - platform/chrome: fix memory corruption in ioctl
    - platform/x86: msi-laptop: Fix old-ec check for backlight registering
    - platform/x86: msi-laptop: Fix resource cleanup
    - drm: fix drm_mipi_dbi build errors
    - drm/bridge: megachips: Fix a null pointer dereference bug
    - ASoC: rsnd: Add check for rsnd_mod_power_on
    - ALSA: hda: beep: Simplify keep-power-at-enable behavior
    - drm/omap: dss: Fix refcount leak bugs
    - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
    - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API
    - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx
    - ALSA: dmaengine: increment buffer pointer atomically
    - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
    - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
    - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
    - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
    - ALSA: hda/hdmi: Don't skip notification handling during PM operation
    - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
    - memory: of: Fix refcount leak bug in of_get_ddr_timings()
    - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
    - soc: qcom: smem_state: Add refcounting for the 'state->of_node'
    - ARM: dts: turris-omnia: Fix mpp26 pin name and comment
    - ARM: dts: kirkwood: lsxl: fix serial line
    - ARM: dts: kirkwood: lsxl: remove first ethernet port
    - ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family
    - ARM: Drop CMDLINE_* dependency on ATAGS
    - ARM: dts: exynos: fix polarity of VBUS GPIO of Origen
    - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
    - iio: adc: at91-sama5d2_adc: check return status for pressure and touch
    - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq
    - iio: inkern: only release the device node when done with it
    - iio: ABI: Fix wrong format of differential capacitance channel ABI.
    - clk: meson: Hold reference returned by of_get_parent()
    - clk: oxnas: Hold reference returned by of_get_parent()
    - clk: berlin: Add of_node_put() for of_get_parent()
    - clk: tegra: Fix refcount leak in tegra210_clock_init
    - clk: tegra: Fix refcount leak in tegra114_clock_init
    - clk: tegra20: Fix refcount leak in tegra20_clock_init
    - HSI: omap_ssi: Fix refcount leak in ssi_probe
    - HSI: omap_ssi_port: Fix dma_map_sg error check
    - media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop
    - tty: xilinx_uartps: Fix the ignore_status
    - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
    - RDMA/rxe: Fix "kernel NULL pointer dereference" error
    - RDMA/rxe: Fix the error caused by qp->sk
    - misc: ocxl: fix possible refcount leak in afu_ioctl()
    - dyndbg: fix module.dyndbg handling
    - dyndbg: let query-modname override actual module name
    - mtd: devices: docg3: check the return value of devm_ioremap() in the probe
    - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall.
    - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting()
    - ata: fix ata_id_has_devslp()
    - ata: fix ata_id_has_ncq_autosense()
    - ata: fix ata_id_has_dipm()
    - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
    - md/raid5: Ensure stripe_fill happens on non-read IO with journal
    - xhci: Don't show warning for reinit on known broken suspend
    - usb: gadget: function: fix dangling pnp_string in f_printer.c
    - drivers: serial: jsm: fix some leaks in probe
    - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
    - phy: qualcomm: call clk_disable_unprepare in the error handling
    - staging: vt6655: fix some erroneous memory clean-up loops
    - firmware: google: Test spinlock on panic path to avoid lockups
    - serial: 8250: Fix restoring termios speed after suspend
    - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
    - fsi: core: Check error number after calling ida_simple_get
    - mfd: intel_soc_pmic: Fix an error handling path in
      intel_soc_pmic_i2c_probe()
    - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq()
    - mfd: lp8788: Fix an error handling path in lp8788_probe()
    - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and
      lp8788_irq_init()
    - mfd: fsl-imx25: Fix check for platform_get_irq() errors
    - mfd: sm501: Add check for platform_driver_register()
    - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
    - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in
      __cleanup()
    - spmi: pmic-arb: correct duplicate APID to PPID mapping logic
    - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
    - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
    - clk: ast2600: BCLK comes from EPLL
    - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
    - powerpc/math_emu/efp: Include module.h
    - powerpc/sysdev/fsl_msi: Add missing of_node_put()
    - powerpc/pci_dn: Add missing of_node_put()
    - powerpc/powernv: add missing of_node_put() in opal_export_attrs()
    - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition
    - powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5
    - powerpc: Fix SPE Power ISA properties for e500v1 platforms
    - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
    - iommu/omap: Fix buffer overflow in debugfs
    - crypto: akcipher - default implementation for setting a private key
    - crypto: ccp - Release dma channels before dmaengine unrgister
    - iommu/iova: Fix module config properly
    - kbuild: remove the target in signal traps when interrupted
    - crypto: cavium - prevent integer overflow loading firmware
    - f2fs: fix race condition on setting FI_NO_EXTENT flag
    - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
    - MIPS: BCM47XX: Cast memcmp() of function to (void *)
    - powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
    - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to
      avoid crash
    - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data
    - wifi: brcmfmac: fix invalid address access when enabling SCAN log level
    - bpftool: Clear errno after libcap's checks
    - openvswitch: Fix double reporting of drops in dropwatch
    - openvswitch: Fix overreporting of drops in dropwatch
    - tcp: annotate data-race around tcp_md5sig_pool_populated
    - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
    - xfrm: Update ipcomp_scratches with NULL when freed
    - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
    - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()
    - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
    - can: bcm: check the result of can_send() in bcm_can_tx()
    - wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
    - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
    - wifi: rt2x00: set VGC gain for both chains of MT7620
    - wifi: rt2x00: set SoC wmac clock register
    - wifi: rt2x00: correctly set BBP register 86 for MT7620
    - net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory
    - Bluetooth: L2CAP: Fix user-after-free
    - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc()
    - drm: Use size_t type for len variable in drm_copy_field()
    - drm: Prevent drm_copy_field() to attempt copying a NULL pointer
    - drm/amd/display: fix overflow on MIN_I64 definition
    - drm/vc4: vec: Fix timings for VEC modes
    - drm: panel-orientation-quirks: Add quirk for Anbernic Win600
    - platform/x86: msi-laptop: Change DMI match / alias strings to fix module
      autoloading
    - drm/amdgpu: fix initial connector audio value
    - mmc: sdhci-msm: add compatible string check for sdm670
    - ARM: dts: imx7d-sdb: config the max pressure for tsc2046
    - ARM: dts: imx6q: add missing properties for sram
    - ARM: dts: imx6dl: add missing properties for sram
    - ARM: dts: imx6qp: add missing properties for sram
    - ARM: dts: imx6sl: add missing properties for sram
    - ARM: dts: imx6sll: add missing properties for sram
    - ARM: dts: imx6sx: add missing properties for sram
    - btrfs: scrub: try to fix super block errors
    - clk: zynqmp: Fix stack-out-of-bounds in strncpy`
    - media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
    - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
    - scsi: 3w-9xxx: Avoid disabling device if failing to enable it
    - nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
    - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()
    - staging: vt6655: fix potential memory leak
    - ata: libahci_platform: Sanity check the DT child nodes number
    - bcache: fix set_at_max_writeback_rate() for multiple attached devices
    - HID: roccat: Fix use-after-free in roccat_read()
    - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d
    - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
    - usb: musb: Fix musb_gadget.c rxstate overflow bug
    - Revert "usb: storage: Add quirk for Samsung Fit flash"
    - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()
    - nvme: copy firmware_rev on each init
    - nvmet-tcp: add bounds check on Transfer Tag
    - usb: idmouse: fix an uninit-value in idmouse_open
    - clk: bcm2835: Make peripheral PLLC critical
    - perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc
    - net: ieee802154: return -EINVAL for unknown addr type
    - Revert "net/ieee802154: reject zero-sized raw_sendmsg()"
    - net/ieee802154: don't warn zero-sized raw_sendmsg()
    - ext4: continue to expand file system when the target size doesn't reach
    - efi: libstub: drop pointless get_memory_map() call
    - inet: fully convert sk->sk_rx_dst to RCU rules
    - thermal: intel_powerclamp: Use first online CPU as control_cpu
    - Linux 5.4.220
  * Focal update: v5.4.219 upstream stable release (LP: #1996804)
    - Linux 5.4.219

linux-aws (5.4.0-1094.102) focal; urgency=medium

  * focal/linux-aws: 5.4.0-1094.102 -proposed tracker (LP: #2001936)

  [ Ubuntu: 5.4.0-137.154 ]

  * focal/linux: 5.4.0-137.154 -proposed tracker (LP: #2001969)
  * CVE-2022-3643
    - xen/netback: Ensure protocol headers don't fall in the non-linear area
  * CVE-2022-43945
    - NFSD: Cap rsize_bop result based on send buffer size
  * CVE-2022-45934
    - Bluetooth: L2CAP: Fix u8 overflow
  * CVE-2022-42896
    - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
    - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

linux-aws (5.4.0-1093.101) focal; urgency=medium

  * focal/linux-aws: 5.4.0-1093.101 -proposed tracker (LP: #1997801)

  [ Ubuntu: 5.4.0-136.153 ]

  * focal/linux: 5.4.0-136.153 -proposed tracker (LP: #1997835)
  * Expose built-in trusted and revoked certificates (LP: #1996892)
    - [Packaging] Expose built-in trusted and revoked certificates
  * [UBUNTU 20.04] KVM: PV: ext call delivered twice when receiver in PSW wait
    (LP: #1995941)
    - KVM: s390: pv: don't present the ecall interrupt twice
  * [UBUNTU 20.04] boot: Add s390x secure boot trailer (LP: #1996071)
    - s390/boot: add secure boot trailer
  * Fix rfkill causing soft blocked wifi (LP: #1996198)
    - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
  * md: Replace snprintf with scnprintf (LP: #1993315)
    - md: Replace snprintf with scnprintf
  * input/keyboard: the keyboard on some Asus laptops can't work (LP: #1992266)
    - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA
    - ACPI: resource: Add ASUS model S5402ZA to quirks
  * Focal update: v5.4.218 upstream stable release (LP: #1995530)
    - mm: pagewalk: Fix race between unmap and page walker
    - perf tools: Fixup get_current_dir_name() compilation
    - firmware: arm_scmi: Add SCMI PM driver remove routine
    - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property
    - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API
      failure
    - ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer
    - scsi: qedf: Fix a UAF bug in __qedf_probe()
    - net/ieee802154: fix uninit value bug in dgram_sendmsg
    - um: Cleanup syscall_handler_t cast in syscalls_32.h
    - um: Cleanup compiler warning in arch/x86/um/tls_32.c
    - arch: um: Mark the stack non-executable to fix a binutils warning
    - usb: mon: make mmapped memory read only
    - USB: serial: ftdi_sio: fix 300 bps rate for SIO
    - mmc: core: Replace with already defined values for readability
    - mmc: core: Terminate infinite loop in SD-UHS voltage switch
    - rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
    - nilfs2: fix leak of nilfs_root in case of writer thread creation failure
    - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
    - ceph: don't truncate file in atomic_open
    - random: clamp credited irq bits to maximum mixed
    - ALSA: hda: Fix position reporting on Poulsbo
    - efi: Correct Macmini DMI match in uefi cert quirk
    - USB: serial: qcserial: add new usb-id for Dell branded EM7455
    - random: restore O_NONBLOCK support
    - random: avoid reading two cache lines on irq randomness
    - random: use expired timer rather than wq for mixing fast pool
    - Input: xpad - add supported devices as contributed on github
    - Input: xpad - fix wireless 360 controller breaking after suspend
    - Linux 5.4.218
  * Focal update: v5.4.217 upstream stable release (LP: #1995528)
    - xfs: fix misuse of the XFS_ATTR_INCOMPLETE flag
    - xfs: introduce XFS_MAX_FILEOFF
    - xfs: truncate should remove all blocks, not just to the end of the page
      cache
    - xfs: fix s_maxbytes computation on 32-bit kernels
    - xfs: fix IOCB_NOWAIT handling in xfs_file_dio_aio_read
    - xfs: refactor remote attr value buffer invalidation
    - xfs: fix memory corruption during remote attr value buffer invalidation
    - xfs: move incore structures out of xfs_da_format.h
    - xfs: streamline xfs_attr3_leaf_inactive
    - xfs: fix uninitialized variable in xfs_attr3_leaf_inactive
    - xfs: remove unused variable 'done'
    - Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
    - docs: update mediator information in CoC docs
    - Linux 5.4.217
  * Focal update: v5.4.216 upstream stable release (LP: #1995526)
    - uas: add no-uas quirk for Hiksemi usb_disk
    - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS
    - uas: ignore UAS for Thinkplus chips
    - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
    - clk: ingenic-tcu: Properly enable registers before accessing timers
    - ARM: dts: integrator: Tag PCI host with device_type
    - ntfs: fix BUG_ON in ntfs_lookup_inode_by_name()
    - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
    - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width
    - mm/page_alloc: fix race condition between build_all_zonelists and page
      allocation
    - mm: prevent page_frag_alloc() from corrupting the memory
    - mm/migrate_device.c: flush TLB while holding PTL
    - mm: fix madivse_pageout mishandling on non-LRU page
    - media: dvb_vb2: fix possible out of bound access
    - ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver
    - ARM: dts: am33xx: Fix MMCHS0 dma properties
    - soc: sunxi: sram: Actually claim SRAM regions
    - soc: sunxi: sram: Prevent the driver from being unbound
    - soc: sunxi_sram: Make use of the helper function
      devm_platform_ioremap_resource()
    - soc: sunxi: sram: Fix probe function ordering issues
    - soc: sunxi: sram: Fix debugfs info for A64 SRAM C
    - Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in
      suspend/resume time"
    - Input: melfas_mip4 - fix return value check in mip4_probe()
    - usbnet: Fix memory leak in usbnet_disconnect()
    - nvme: add new line after variable declatation
    - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices
    - selftests: Fix the if conditions of in test_extra_filter()
    - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks
    - clk: iproc: Do not rely on node name for correct PLL setup
    - Linux 5.4.216
  * Focal update: v5.4.215 upstream stable release (LP: #1993203)
    - of: fdt: fix off-by-one error in unflatten_dt_nodes()
    - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0
    - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
    - drm/meson: Correct OSD1 global alpha value
    - drm/meson: Fix OSD1 RGB to YCbCr coefficient
    - parisc: ccio-dma: Add missing iounmap in error path in ccio_probe()
    - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
    - task_stack, x86/cea: Force-inline stack helpers
    - tracing: hold caller_addr to hardirq_{enable,disable}_ip
    - cifs: revalidate mapping when doing direct writes
    - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM
    - MAINTAINERS: add Chandan as xfs maintainer for 5.4.y
    - iomap: iomap that extends beyond EOF should be marked dirty
    - ASoC: nau8824: Fix semaphore unbalance at error paths
    - regulator: pfuze100: Fix the global-out-of-bounds access in
      pfuze100_regulator_probe()
    - rxrpc: Fix local destruction being repeated
    - rxrpc: Fix calc of resend age
    - ALSA: hda/sigmatel: Keep power up while beep is enabled
    - ALSA: hda/tegra: Align BDL entry to 4KB boundary
    - net: usb: qmi_wwan: add Quectel RM520N
    - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
    - MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping()
    - mksysmap: Fix the mismatch of 'L0' symbols in System.map
    - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
    - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
    - ALSA: hda/sigmatel: Fix unused variable warning for beep power change
    - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
    - usb: dwc3: Issue core soft reset before enabling run/stop
    - usb: dwc3: gadget: Prevent repeat pullup()
    - usb: dwc3: gadget: Refactor pullup()
    - usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup()
    - usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop
    - usb: xhci-mtk: get the microframe boundary for ESIT
    - usb: xhci-mtk: add only one extra CS for FS/LS INTR
    - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule
    - usb: xhci-mtk: add a function to (un)load bandwidth info
    - usb: xhci-mtk: add some schedule error number
    - usb: xhci-mtk: allow multiple Start-Split in a microframe
    - usb: xhci-mtk: relax TT periodic bandwidth allocation
    - wifi: mac80211: Fix UAF in ieee80211_scan_rx()
    - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data
    - serial: atmel: remove redundant assignment in rs485_config
    - tty: serial: atmel: Preserve previous USART mode if RS485 disabled
    - usb: add quirks for Lenovo OneLink+ Dock
    - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
    - usb: cdns3: fix issue with rearming ISO OUT endpoint
    - Revert "usb: add quirks for Lenovo OneLink+ Dock"
    - Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio"
    - USB: core: Fix RST error in hub.c
    - USB: serial: option: add Quectel BG95 0x0203 composition
    - USB: serial: option: add Quectel RM520N
    - ALSA: hda/tegra: set depop delay for tegra
    - ALSA: hda: add Intel 5 Series / 3400 PCI DID
    - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9
    - ALSA: hda/realtek: Re-arrange quirk table entries
    - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack
    - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
    - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop
    - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop
    - efi: libstub: check Shim mode using MokSBStateRT
    - mm/slub: fix to return errno if kmalloc() fails
    - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob
    - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz
    - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
    - netfilter: nf_conntrack_sip: fix ct_sip_walk_headers
    - netfilter: nf_conntrack_irc: Tighten matching on DCC message
    - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
    - iavf: Fix cached head and tail value for iavf_get_tx_pending
    - ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
    - net: team: Unsync device addresses on ndo_stop
    - MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko
    - MIPS: Loongson32: Fix PHY-mode being left unspecified
    - iavf: Fix bad page state
    - i40e: Fix set max_tx_rate when it is lower than 1 Mbps
    - of: mdio: Add of_node_put() when breaking out of for_each_xx
    - net/sched: taprio: avoid disabling offload when it was never enabled
    - net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child
      qdiscs
    - netfilter: ebtables: fix memory leak when blob is malformed
    - can: gs_usb: gs_can_open(): fix race dev->can.state condition
    - perf jit: Include program header in ELF files
    - perf kcore_copy: Do not check /proc/modules is unchanged
    - net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD
    - net: sched: fix possible refcount leak in tc_new_tfilter()
    - serial: Create uart_xmit_advance()
    - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting
    - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting
    - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
    - usb: xhci-mtk: fix issue of out-of-bounds array access
    - cifs: always initialize struct msghdr smb_msg completely
    - Drivers: hv: Never allocate anything besides framebuffer from framebuffer
      memory region
    - drm/amd/display: Limit user regamma to a valid value
    - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
    - workqueue: don't skip lockdep work dependency in cancel_work_sync()
    - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
    - xfs: replace -EIO with -EFSCORRUPTED for corrupt metadata
    - xfs: slightly tweak an assert in xfs_fs_map_blocks
    - xfs: add missing assert in xfs_fsmap_owner_from_rmap
    - xfs: range check ri_cnt when recovering log items
    - xfs: attach dquots and reserve quota blocks during unwritten conversion
    - xfs: convert EIO to EFSCORRUPTED when log contents are invalid
    - xfs: constify the buffer pointer arguments to error functions
    - xfs: always log corruption errors
    - xfs: fix some memory leaks in log recovery
    - xfs: stabilize insert range start boundary to avoid COW writeback race
    - xfs: use bitops interface for buf log item AIL flag check
    - xfs: refactor agfl length computation function
    - xfs: split the sunit parameter update into two parts
    - xfs: don't commit sunit/swidth updates to disk if that would cause repair
      failures
    - xfs: fix an ABBA deadlock in xfs_rename
    - xfs: fix use-after-free when aborting corrupt attr inactivation
    - ext4: make directory inode spreading reflect flexbg size
    - Linux 5.4.215
  * Focal update: v5.4.214 upstream stable release (LP: #1993196)
    - drm/msm/rd: Fix FIFO-full deadlock
    - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
    - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
    - tg3: Disable tg3 device on system reboot to avoid triggering AER
    - ieee802154: cc2520: add rc code in cc2520_tx()
    - Input: iforce - add support for Boeder Force Feedback Wheel
    - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
    - perf/arm_pmu_platform: fix tests for platform_get_irq() failure
    - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes
    - usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
    - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
    - net: dp83822: disable rx error interrupt
    - soc: fsl: select FSL_GUTS driver for DPIO
    - tracefs: Only clobber mode/uid/gid on remount if asked
    - Linux 5.4.214
  * Focal update: v5.4.213 upstream stable release (LP: #1992211)
    - efi: capsule-loader: Fix use-after-free in efi_capsule_write
    - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in
      il4965_rs_fill_link_cmd()
    - fs: only do a memory barrier for the first set_buffer_uptodate()
    - Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()"
    - net: dp83822: disable false carrier interrupt
    - drm/msm/dsi: fix the inconsistent indenting
    - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
    - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask
    - iio: adc: mcp3911: make use of the sign bit
    - ieee802154/adf7242: defer destroy_workqueue call
    - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
    - Revert "xhci: turn off port power in shutdown"
    - net: sched: tbf: don't call qdisc_put() while holding tree lock
    - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler
    - kcm: fix strp_init() order and cleanup
    - sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb
    - tcp: annotate data-race around challenge_timestamp
    - Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb"
    - net/smc: Remove redundant refcount increase
    - serial: fsl_lpuart: RS485 RTS polariy is inverse
    - staging: rtl8712: fix use after free bugs
    - powerpc: align syscall table for ppc32
    - vt: Clear selection before changing the font
    - tty: serial: lpuart: disable flow control while waiting for the transmit
      engine to complete
    - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
    - iio: adc: mcp3911: use correct formula for AD conversion
    - misc: fastrpc: fix memory corruption on probe
    - misc: fastrpc: fix memory corruption on open
    - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
    - binder: fix UAF of ref->proc caused by race condition
    - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
    - drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
    - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
    - Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"
    - clk: core: Fix runtime PM sequence in clk_core_unprepare()
    - Input: rk805-pwrkey - fix module autoloading
    - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
    - hwmon: (gpio-fan) Fix array out of bounds access
    - gpio: pca953x: Add mutex_lock for regcache sync in PM
    - thunderbolt: Use the actual buffer in tb_async_error()
    - xhci: Add grace period after xHC start to prevent premature runtime suspend.
    - USB: serial: cp210x: add Decagon UCA device id
    - USB: serial: option: add support for OPPO R11 diag port
    - USB: serial: option: add Quectel EM060K modem
    - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
    - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles
    - usb: dwc2: fix wrong order of phy_power_on and phy_init
    - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
    - usb-storage: Add ignore-residue quirk for NXP PN7462AU
    - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
    - s390: fix nospec table alignments
    - USB: core: Prevent nested device-reset calls
    - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
    - driver core: Don't probe devices after bus_type.match() probe deferral
    - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
    - net: mac802154: Fix a condition in the receive path
    - ALSA: seq: oss: Fix data-race for max_midi_devs access
    - ALSA: seq: Fix data-race at module auto-loading
    - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
    - btrfs: harden identification of a stale device
    - usb: dwc3: fix PHY disable sequence
    - usb: dwc3: disable USB core PHY management
    - USB: serial: ch341: fix lost character on LCR updates
    - USB: serial: ch341: fix disabled rx timer on older devices
    - scsi: megaraid_sas: Fix double kfree()
    - drm/gem: Fix GEM handle release errors
    - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup.
    - drm/radeon: add a force flush to delay work when radeon
    - parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources()
    - parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines
    - arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned
      fw_level
    - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
    - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
    - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
    - ALSA: aloop: Fix random zeros in capture data when using jiffies timer
    - ALSA: usb-audio: Fix an out-of-bounds bug in
      __snd_usb_parse_audio_interface()
    - kprobes: Prohibit probes in gate area
    - debugfs: add debugfs_lookup_and_remove()
    - nvmet: fix a use-after-free
    - scsi: mpt3sas: Fix use-after-free warning
    - scsi: lpfc: Add missing destroy_workqueue() in error path
    - cgroup: Optimize single thread migration
    - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an
      empty subtree
    - cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
    - smb3: missing inode locks in punch hole
    - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node
    - regulator: core: Clean up on enable failure
    - RDMA/cma: Fix arguments order in net device validation
    - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
    - RDMA/hns: Fix supported page size
    - netfilter: br_netfilter: Drop dst references before setting.
    - rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2()
    - afs: Use the operation issue time instead of the reply time for callbacks
    - sch_sfb: Don't assume the skb is still around after enqueueing to child
    - tipc: fix shift wrapping bug in map_get()
    - i40e: Fix kernel crash during module removal
    - RDMA/siw: Pass a pointer to virt_to_page()
    - ipv6: sr: fix out-of-bounds read when setting HMAC data.
    - RDMA/mlx5: Set local port to one when accessing counters
    - nvme-tcp: fix UAF when detecting digest errors
    - tcp: fix early ETIMEDOUT after spurious non-SACK RTO
    - sch_sfb: Also store skb len before calling child enqueue
    - x86/nospec: Fix i386 RSB stuffing
    - MIPS: loongson32: ls1c: Fix hang during startup
    - Linux 5.4.213
  * CVE-2022-2663
    - netfilter: nf_conntrack_irc: Fix forged IP logic
  * CVE-2022-3061
    - video: fbdev: i740fb: Error out if 'pixclock' equals zero

  [ Ubuntu: 5.4.0-135.152 ]

  * focal/linux: 5.4.0-135.152 -proposed tracker (LP: #1997412)
  * containerd sporadic timeouts (LP: #1996678)
    - epoll: call final ep_events_available() check under the lock
    - epoll: check for events when removing a timed out thread from the wait queue
    - Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
  * CVE-2022-3621
    - nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
  * CVE-2022-3565
    - mISDN: fix use-after-free bugs in l1oip timer handlers
  * CVE-2022-3566
    - tcp: Fix data races around icsk->icsk_af_ops.
  * CVE-2022-3567
    - ipv6: annotate some data-races around sk->sk_prot
    - ipv6: Fix data races around sk->sk_prot.
  * CVE-2022-3564
    - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
  * CVE-2022-3524
    - tcp/udp: Fix memory leak in ipv6_renew_options().
  * CVE-2022-3594
    - r8152: Rate limit overflow messages
  * CVE-2022-42703
    - mm/rmap.c: don't reuse anon_vma if we just want a copy

 -- Tim Gardner <tim.gardner@xxxxxxxxxxxxx>  Mon, 22 May 2023 10:50:32
-0600

** Changed in: linux-aws (Ubuntu Focal)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3669

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2196

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2663

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3061

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3108

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3524

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3545

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3564

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3565

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3566

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3567

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3594

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3621

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3643

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3903

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-41218

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-4139

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-42703

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-42896

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-4382

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-43945

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-45934

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-47520

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0266

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0461

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1075

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1118

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1281

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1380

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1829

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-23559

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-2612

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-26545

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-30456

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-31436

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-32233

-- 
You received this bug notification because you are a member of hardware-
certification-users, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2019653

Title:
  focal/linux-aws: 5.4.0-1103.111 -proposed tracker

Status in canonical-signing-jobs task00 series:
  Fix Released
Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow boot-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow new-review series:
  Fix Released
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-generate series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrg series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrm series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrs series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-signing-to-proposed series:
  Invalid
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  In Progress
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow sru-review series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-aws source package in Focal:
  Fix Released

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
    https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  built:
    from: 9cd54af3cfa255bb
    route-entry: 2
  delta:
    promote-to-proposed: [lrm, lrs, main, meta, signed, lrg, generate]
    promote-to-updates: [lrm, lrs, main, meta, signed]
  flag:
    boot-testing-requested: true
    proposed-announcement-sent: true
    proposed-testing-requested: true
  issue: KSRU-7592
  kernel-stable-master-bug: 2019682
  packages:
    generate: linux-generate-aws
    lrg: linux-restricted-generate-aws
    lrm: linux-restricted-modules-aws
    lrs: linux-restricted-signatures-aws
    main: linux-aws
    meta: linux-meta-aws
    signed: linux-signed-aws
  phase: Promote to Updates
  phase-changed: Wednesday, 31. May 2023 07:14 UTC
  reason:
    promote-to-updates: Ongoing -- packages not yet published
  synthetic:
    :promote-to-as-proposed: Invalid
  trackers:
    bionic/linux-aws-5.4: bug 2019652
    focal/linux-aws-fips: bug 2019651
  variant: debs
  versions:
    lrm: 5.4.0-1103.111
    main: 5.4.0-1103.111
    meta: 5.4.0.1103.100
    signed: 5.4.0-1103.111
  ~~:
    clamps:
      new-review: 9cd54af3cfa255bb
      promote-to-proposed: 9cd54af3cfa255bb
      self: 5.4.0-1103.111
      sru-review: 9cd54af3cfa255bb

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-signing-jobs/task00/+bug/2019653/+subscriptions