canonical-hw-cert team mailing list archive
-
canonical-hw-cert team
-
Mailing list archive
-
Message #136158
[Bug 2011945] Re: focal/linux-iot: 5.4.0-1016.17 -proposed tracker
*** This bug is a duplicate of bug 2024095 ***
https://bugs.launchpad.net/bugs/2024095
This bug was fixed in the package linux-iot - 5.4.0-1017.18
---------------
linux-iot (5.4.0-1017.18) focal; urgency=medium
* focal/linux-iot: 5.4.0-1017.18 -proposed tracker (LP: #2024095)
* Packaging resync (LP: #1786013)
- [Packaging] resync update-dkms-versions helper
[ Ubuntu: 5.4.0-153.170 ]
* focal/linux: 5.4.0-153.170 -proposed tracker (LP: #2024108)
* cls_flower: off-by-one in fl_set_geneve_opt (LP: #2023577)
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
* Some INVLPG implementations can leave Global translations unflushed when
PCIDs are enabled (LP: #2023220)
- x86/mm: Avoid incomplete Global INVLPG flushes
[ Ubuntu: 5.4.0-152.169 ]
* focal/linux: 5.4.0-152.169 -proposed tracker (LP: #2023070)
* Focal update: v5.4.236 upstream stable release (LP: #2020390)
- wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext"
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
- [Packaging] resync getabis
[ Ubuntu: 5.4.0-151.168 ]
* focal/linux: 5.4.0-151.168 -proposed tracker (LP: #2019375)
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
- debian/dkms-versions -- update from kernel-versions (main/2023.05.15)
* CVE-2023-32233
- netfilter: nf_tables: deactivate anonymous set from preparation phase
* CVE-2023-2612
- SAUCE: shiftfs: prevent lock unbalance in shiftfs_create_object()
* CVE-2023-31436
- net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
* CVE-2023-1380
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
* Focal update: Focal update: v5.4.235 upstream stable release (LP: #2017706)
- HID: asus: Remove check for same LED brightness on set
- HID: asus: use spinlock to protect concurrent accesses
- HID: asus: use spinlock to safely schedule workers
- ARM: OMAP2+: Fix memory leak in realtime_counter_init()
- arm64: dts: qcom: qcs404: use symbol names for PCIe resets
- ARM: zynq: Fix refcount leak in zynq_early_slcr_init
- arm64: dts: meson-gx: Fix Ethernet MAC address unit name
- arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name
- arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address
- arm64: dts: meson: remove CPU opps below 1GHz for G12A boards
- ARM: OMAP1: call platform_device_put() in error case in
omap1_dm_timer_init()
- ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato
- ARM: imx: Call ida_simple_remove() for ida_simple_get
- arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
- arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
- arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible
- arm64: dts: amlogic: meson-gx: add missing unit address to rng node name
- arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node
name
- arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name
- ARM: dts: imx7s: correct iomuxc gpr mux controller cells
- arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
- Revert "scsi: core: run queue if SCSI device queue isn't ready and queue is
idle"
- block: Limit number of items taken from the I/O scheduler in one go
- blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx
- blk-mq: wait on correct sbitmap_queue in blk_mq_mark_tag_wait
- blk-mq: correct stale comment of .get_budget
- s390/dasd: Prepare for additional path event handling
- s390/dasd: Fix potential memleak in dasd_eckd_init()
- sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity()
- sched/rt: pick_next_rt_entity(): check list_entry
- block: bio-integrity: Copy flags when bio_integrity_payload is cloned
- wifi: rsi: Fix memory leak in rsi_coex_attach()
- net/wireless: Delete unnecessary checks before the macro call
“dev_kfree_skb”
- wifi: iwlegacy: common: don't call dev_kfree_skb() under spin_lock_irqsave()
- wifi: libertas: fix memory leak in lbs_init_adapter()
- wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave()
- rtlwifi: fix -Wpointer-sign warning
- wifi: rtlwifi: Fix global-out-of-bounds bug in
_rtl8812ae_phy_set_txpower_limit()
- ipw2x00: switch from 'pci_' to 'dma_' API
- wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave()
- wifi: ipw2200: fix memory leak in ipw_wdev_init()
- wilc1000: let wilc_mac_xmit() return NETDEV_TX_OK
- wifi: wilc1000: fix potential memory leak in wilc_mac_xmit()
- wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
- wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
- wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave()
- wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave()
- wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave()
- wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave()
- wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave()
- crypto: x86/ghash - fix unaligned access in ghash_setkey()
- ACPICA: Drop port I/O validation for some regions
- genirq: Fix the return type of kstat_cpu_irqs_sum()
- lib/mpi: Fix buffer overrun when SG is too long
- ACPICA: nsrepair: handle cases without a return value correctly
- wifi: orinoco: check return value of hermes_write_wordrec()
- wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback
function
- ath9k: hif_usb: simplify if-if to if-else
- ath9k: htc: clean up statistics macros
- wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
- wifi: ath9k: Fix potential stack-out-of-bounds write in
ath9k_wmi_rsp_callback()
- ACPI: battery: Fix missing NUL-termination with large strings
- crypto: ccp - Failure on re-initialization due to duplicate sysfs filename
- crypto: essiv - remove redundant null pointer check before kfree
- crypto: essiv - Handle EBUSY correctly
- crypto: seqiv - Handle EBUSY correctly
- powercap: fix possible name leak in powercap_register_zone()
- net/mlx5: Enhance debug print in page allocation failure
- irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains
- irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe
- irqchip/ti-sci: Fix refcount leak in ti_sci_intr_irq_domain_probe
- mptcp: add sk_stop_timer_sync helper
- net: add sock_init_data_uid()
- tun: tun_chr_open(): correctly initialize socket uid
- tap: tap_open(): correctly initialize socket uid
- OPP: fix error checking in opp_migrate_dentry()
- Bluetooth: L2CAP: Fix potential user-after-free
- libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
- rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
- crypto: rsa-pkcs1pad - Use akcipher_request_complete
- m68k: /proc/hardware should depend on PROC_FS
- RISC-V: time: initialize hrtimer based broadcast clock event device
- usb: gadget: udc: Avoid tasklet passing a global
- wifi: iwl3945: Add missing check for create_singlethread_workqueue
- wifi: iwl4965: Add missing check for create_singlethread_workqueue()
- wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
- crypto: crypto4xx - Call dma_unmap_page when done
- wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
- thermal/drivers/hisi: Drop second sensor hi3660
- can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a
bus error
- irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts
- irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts
- selftests/net: Interpret UDP_GRO cmsg data as an int value
- drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats
- drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
- drm/bridge: megachips: Fix error handling in i2c_register_driver()
- drm/vc4: dpi: Add option for inverting pixel clock and output enable
- drm/vc4: dpi: Fix format mapping for RGB565
- gpu: ipu-v3: common: Add of_node_put() for reference returned by
of_graph_get_port_by_id()
- drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
- pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain
- ASoC: fsl_sai: initialize is_dsp_mode flag
- ALSA: hda/ca0132: minor fix for allocation size
- drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
- drm/msm: use strscpy instead of strncpy
- drm/msm/dpu: Add check for cstate
- drm/msm/dpu: Add check for pstates
- drm/exynos: Don't reset bridge->next
- drm/bridge: Rename bridge helpers targeting a bridge chain
- drm/bridge: Introduce drm_bridge_get_next_bridge()
- drm: Initialize struct drm_crtc_state.no_vblank from device settings
- drm/msm/mdp5: Add check for kzalloc
- gpu: host1x: Don't skip assigning syncpoints to channels
- drm/mediatek: remove cast to pointers passed to kfree
- drm/mediatek: Use NULL instead of 0 for NULL pointer
- drm/mediatek: Drop unbalanced obj unref
- drm/mediatek: Clean dangling pointer on bind error path
- ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress()
- gpio: vf610: connect GPIO label to dev name
- hwmon: (ltc2945) Handle error case in ltc2945_value_store
- scsi: aic94xx: Add missing check for dma_map_single()
- spi: bcm63xx-hsspi: fix pm_runtime
- spi: bcm63xx-hsspi: Fix multi-bit mode setting
- hwmon: (mlxreg-fan) Return zero speed for broken fan
- dm: remove flush_scheduled_work() during local_exit()
- spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one()
- ASoC: dapm: declare missing structure prototypes
- ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not declared
- HID: bigben: use spinlock to protect concurrent accesses
- HID: bigben_worker() remove unneeded check on report_field
- HID: bigben: use spinlock to safely schedule workers
- HID: asus: Only set EV_REP if we are adding a mapping
- HID: asus: Add report_size to struct asus_touchpad_info
- HID: asus: Add support for multi-touch touchpad on Medion Akoya E1239T
- HID: asus: Fix mute and touchpad-toggle keys on Medion Akoya E1239T
- hid: bigben_probe(): validate report count
- nfsd: fix race to check ls_layouts
- cifs: Fix lost destroy smbd connection when MR allocate failed
- cifs: Fix warning and UAF when destroy the MR list
- gfs2: jdata writepage fix
- perf llvm: Fix inadvertent file creation
- perf tools: Fix auto-complete on aarch64
- sparc: allow PM configs for sparc32 COMPILE_TEST
- mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()
- clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents
- clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents
- mtd: rawnand: sunxi: Fix the size of the last OOB region
- clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed
- clk: renesas: cpg-mssr: Use enum clk_reg_layout instead of a boolean flag
- clk: renesas: cpg-mssr: Remove superfluous check in resume code
- Input: ads7846 - don't report pressure for ads7845
- Input: ads7846 - don't check penirq immediately for 7845
- clk: qcom: gpucc-sdm845: fix clk_dis_wait being programmed for CX GDSC
- powerpc/powernv/ioda: Skip unallocated resources when mapping to PE
- clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled()
- powerpc/pseries/lpar: add missing RTAS retry status handling
- powerpc/pseries/lparcfg: add missing RTAS retry status handling
- powerpc/rtas: make all exports GPL
- powerpc/rtas: ensure 4KB alignment for rtas_data_buf
- powerpc/eeh: Small refactor of eeh_handle_normal_event()
- powerpc/eeh: Set channel state after notifying the drivers
- MIPS: SMP-CPS: fix build error when HOTPLUG_CPU not set
- MIPS: vpe-mt: drop physical_memsize
- remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers
- media: platform: ti: Add missing check for devm_regulator_get
- powerpc: Remove linker flag from KBUILD_AFLAGS
- media: ov5675: Fix memleak in ov5675_init_controls()
- media: i2c: ov772x: Fix memleak in ov772x_probe()
- media: i2c: ov7670: 0 instead of -EINVAL was returned
- media: usb: siano: Fix use after free bugs caused by do_submit_urb
- rpmsg: glink: Avoid infinite loop on intent for missing channel
- udf: Define EFSCORRUPTED error code
- ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy
- blk-iocost: fix divide by 0 error in calc_lcoefs()
- wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()
- rcu: Suppress smp_processor_id() complaint in
synchronize_rcu_expedited_wait()
- thermal: intel: Fix unsigned comparison with less than zero
- timers: Prevent union confusion from unexpected restart_syscall()
- x86/bugs: Reset speculation control settings on init
- wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-
of-bounds
- wifi: mt7601u: fix an integer underflow
- inet: fix fast path in __inet_hash_connect()
- ice: add missing checks for PF vsi type
- ACPI: Don't build ACPICA with '-Os'
- net: bcmgenet: Add a check for oversized packets
- m68k: Check syscall_trace_enter() return code
- wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup
- ACPI: video: Fix Lenovo Ideapad Z570 DMI match
- net/mlx5: fw_tracer: Fix debug print
- coda: Avoid partial allocation of sig_inputArgs
- uaccess: Add minimum bounds check on kernel buffer size
- drm/amd/display: Fix potential null-deref in dm_resume
- drm/omap: dsi: Fix excessive stack usage
- HID: Add Mapping for System Microphone Mute
- drm/radeon: free iio for atombios when driver shutdown
- drm/msm/dsi: Add missing check for alloc_ordered_workqueue
- docs/scripts/gdb: add necessary make scripts_gdb step
- ASoC: kirkwood: Iterate over array indexes instead of using pointer math
- regulator: max77802: Bounds check regulator id against opmode
- regulator: s5m8767: Bounds check id indexing into arrays
- hwmon: (coretemp) Simplify platform device handling
- pinctrl: at91: use devm_kasprintf() to avoid potential leaks
- drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5
- dm thin: add cond_resched() to various workqueue loops
- dm cache: add cond_resched() to various workqueue loops
- nfsd: zero out pointers after putting nfsd_files on COPY setup error
- wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
- firmware: coreboot: framebuffer: Ignore reserved pixel color bits
- rtc: pm8xxx: fix set-alarm race
- ipmi_ssif: Rename idle state and check
- s390: discard .interp section
- s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler
- s390/kprobes: fix current_kprobe never cleared after kprobes reenter
- ARM: dts: exynos: correct HDMI phy compatible in Exynos4
- hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
- fs: hfsplus: fix UAF issue in hfsplus_put_super
- f2fs: fix information leak in f2fs_move_inline_dirents()
- f2fs: fix cgroup writeback accounting with fs-layer encryption
- ocfs2: fix defrag path triggering jbd2 ASSERT
- ocfs2: fix non-auto defrag path not working issue
- udf: Truncate added extents on failed expansion
- udf: Do not bother merging very long extents
- udf: Do not update file length for failed writes to inline files
- udf: Preserve link count of system files
- udf: Detect system inodes linked into directory hierarchy
- udf: Fix file corruption when appending just after end of preallocated
extent
- KVM: Destroy target device if coalesced MMIO unregistration fails
- KVM: s390: disable migration mode when dirty tracking is disabled
- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows)
- x86/crash: Disable virt in core NMI crash handler to avoid double shootdown
- x86/reboot: Disable virtualization in an emergency if SVM is supported
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs
- x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
- x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe
range
- x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
- x86/microcode/AMD: Add a @cpu parameter to the reloading functions
- x86/microcode/AMD: Fix mixed steppings support
- x86/speculation: Allow enabling STIBP with legacy IBRS
- Documentation/hw-vuln: Document the interaction between IBRS and STIBP
- ima: Align ima_file_mmap() parameters with mmap_file LSM hook
- irqdomain: Fix association race
- irqdomain: Fix disassociation race
- irqdomain: Drop bogus fwspec-mapping error handling
- ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls()
- ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC
- ext4: optimize ea_inode block expansion
- ext4: refuse to create ea block when umounted
- wifi: rtl8xxxu: Use a longer retry limit of 48
- wifi: cfg80211: Fix use after free for wext
- thermal: intel: powerclamp: Fix cur_state for multi package system
- dm flakey: fix logic when corrupting a bio
- dm flakey: don't corrupt the zero page
- ARM: dts: exynos: correct TMU phandle in Exynos4
- ARM: dts: exynos: correct TMU phandle in Odroid XU
- rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
- alpha: fix FEN fault handling
- mips: fix syscall_get_nr
- media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
- mm: memcontrol: deprecate charge moving
- mm/thp: check and bail out if page in deferred queue already
- ktest.pl: Give back console on Ctrt^C on monitor
- ktest.pl: Fix missing "end_monitor" when machine check fails
- ktest.pl: Add RUN_TIMEOUT option with default unlimited
- scsi: qla2xxx: Fix link failure in NPIV environment
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
- scsi: qla2xxx: Fix erroneous link down
- scsi: ses: Don't attach if enclosure has no components
- scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
- PCI/PM: Observe reset delay irrespective of bridge_d3
- PCI: hotplug: Allow marking devices as disconnected during bind/unbind
- PCI: Avoid FLR for AMD FCH AHCI adapters
- drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv
- drm/radeon: Fix eDP for single-display iMac11,2
- wifi: ath9k: use proper statements in conditionals
- kbuild: Port silent mode detection to future gnu make.
- fs/jfs: fix shift exponent db_agl2size negative
- pwm: sifive: Reduce time the controller lock is held
- pwm: sifive: Always let the first pwm_apply_state succeed
- pwm: stm32-lp: fix the check on arr and cmp registers update
- f2fs: use memcpy_{to,from}_page() where possible
- fs: f2fs: initialize fsdata in pagecache_write()
- um: vector: Fix memory leak in vector_config
- ubi: ensure that VID header offset + VID header size <= alloc, size
- ubifs: Fix build errors as symbol undefined
- ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
- ubifs: Rectify space budget for ubifs_xrename()
- ubifs: Fix wrong dirty space budget for dirty inode
- ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
- ubifs: Reserve one leb for each journal head while doing budget
- ubi: Fix use-after-free when volume resizing failed
- ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
- ubifs: Fix memory leak in alloc_wbufs()
- ubi: Fix possible null-ptr-deref in ubi_free_volume()
- ubifs: Re-statistic cleaned znode count if commit failed
- ubifs: dirty_cow_znode: Fix memleak in error handling path
- ubifs: ubifs_writepage: Mark page dirty after writing inode failed
- ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
- ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
- x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list
- watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in
error path
- watchdog: Fix kmemleak in watchdog_cdev_register
- watchdog: pcwd_usb: Fix attempting to access uninitialized memory
- netfilter: ctnetlink: fix possible refcount leak in
ctnetlink_create_conntrack()
- ipv6: Add lwtunnel encap size of all siblings in nexthop calculation
- sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop
- net: fix __dev_kfree_skb_any() vs drop monitor
- 9p/xen: fix version parsing
- 9p/xen: fix connection sequence
- 9p/rdma: unmap receive dma buffer in rdma_request()/post_recv()
- net/mlx5: Geneve, Fix handling of Geneve object id as error code
- nfc: fix memory leak of se_io context in nfc_genl_se_io
- net/sched: act_sample: fix action bind logic
- ARM: dts: spear320-hmi: correct STMPE GPIO compatible
- tcp: tcp_check_req() can be called from process context
- vc_screen: modify vcs_size() handling in vcs_read()
- rtc: sun6i: Make external 32k oscillator optional
- rtc: sun6i: Always export the internal oscillator
- scsi: ipr: Work around fortify-string warning
- thermal: intel: quark_dts: fix error pointer dereference
- thermal: intel: BXT_PMIC: select REGMAP instead of depending on it
- tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
- firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
- mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak
- media: uvcvideo: Handle cameras with invalid descriptors
- media: uvcvideo: Handle errors from calls to usb_string
- media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910
- media: uvcvideo: Silence memcpy() run-time false positive warnings
- staging: emxx_udc: Add checks for dma_alloc_coherent()
- tty: fix out-of-bounds access in tty_driver_lookup_tty()
- tty: serial: fsl_lpuart: disable the CTS when send break signal
- mei: bus-fixup:upon error print return values of send and receive
- tools/iio/iio_utils:fix memory leak
- iio: accel: mma9551_core: Prevent uninitialized variable in
mma9551_read_status_word()
- iio: accel: mma9551_core: Prevent uninitialized variable in
mma9551_read_config_word()
- usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer
math
- USB: ene_usb6250: Allocate enough memory for full object
- usb: uvc: Enumerate valid values for color matching
- kernel/fail_function: fix memory leak with using debugfs_lookup()
- PCI: Add ACS quirk for Wangxun NICs
- phy: rockchip-typec: Fix unsigned comparison with less than zero
- net: tls: avoid hanging tasks on the tx_lock
- x86/resctrl: Apply READ_ONCE/WRITE_ONCE to task_struct.{rmid,closid}
- x86/resctl: fix scheduler confusion with 'current'
- Bluetooth: hci_sock: purge socket queues in the destruct() callback
- SAUCE: Revert "UBUNTU: SAUCE: Fix inet_csk_listen_start after CVE-2023-0461"
- tcp: Fix listen() regression in 5.4.229.
- media: uvcvideo: Provide sync and async uvc_ctrl_status_event
- media: uvcvideo: Fix race condition with usb_kill_urb
- dt-bindings: rtc: sun6i-a31-rtc: Loosen the requirements on the clocks
- Linux 5.4.235
- [Config] Drop mxsfb for armhf:generic-lpae
* Focal update: v5.4.234 upstream stable release (LP: #2017691)
- arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc
- ARM: dts: rockchip: add power-domains property to dp node on rk3288
- ACPI: NFIT: fix a potential deadlock during NFIT teardown
- btrfs: send: limit number of clones and allocated memory size
- IB/hfi1: Assign npages earlier
- neigh: make sure used and confirmed times are valid
- HID: core: Fix deadloop in hid_apply_multiplier.
- bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state
- net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues().
- vc_screen: don't clobber return value in vcs_read
- dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size
- USB: serial: option: add support for VW/Skoda "Carstick LTE"
- USB: core: Don't hold device lock while reading the "descriptors" sysfs file
- Linux 5.4.234
* CVE-2023-30456
- KVM: nVMX: add missing consistency checks for CR0 and CR4
* CVE-2023-1859
- 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race
condition
* CVE-2023-1670
- xirc2ps_cs: Fix use after free bug in xirc2ps_detach
[ Ubuntu: 5.4.0-149.166 ]
* focal/linux: 5.4.0-149.166 -proposed tracker (LP: #2016591)
* Focal update: v5.4.233 upstream stable release (LP: #2015909)
- dma-mapping: add generic helpers for mapping sgtable objects
- scatterlist: add generic wrappers for iterating over sgtable objects
- drm: etnaviv: fix common struct sg_table related issues
- drm/etnaviv: don't truncate physical page address
- wifi: rtl8xxxu: gen2: Turn on the rate control
- powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G
- random: always mix cycle counter in add_latent_entropy()
- KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception
- can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len
- powerpc: dts: t208x: Disable 10G on MAC1 and MAC2
- alarmtimer: Prevent starvation by small intervals and SIG_IGN
- drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
- mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh
- uaccess: Add speculation barrier to copy_from_user()
- wifi: mwifiex: Add missing compatible string for SD8787
- ext4: Fix function prototype mismatch for ext4_feat_ktype
- Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo
child qdiscs"
- bpf: add missing header file include
- Linux 5.4.233
* selftest: fib_tests: Always cleanup before exit (LP: #2015956)
- selftest: fib_tests: Always cleanup before exit
* fib_tests.sh in ubuntu_kernel_selftests was skipped silently on Focal
(LP: #2015440)
- selftests: Fix the executable permissions for fib_tests.sh
* Debian autoreconstruct Fix restoration of execute permissions (LP: #2015498)
- [Debian] autoreconstruct - fix restoration of execute permissions
* kernel: fix __clear_user() inline assembly constraints (LP: #2013088)
- s390/uaccess: add missing earlyclobber annotations to __clear_user()
* i/o error if next unused loop device is queried (LP: #1856871)
- loop: fix I/O error on fsync() in detached loop devices
* CVE-2023-1075
- net/tls: tls_is_tx_ready() checked list_entry
* Focal update: v5.4.232 upstream stable release (LP: #2011625)
- firewire: fix memory leak for payload of request subaction to IEC 61883-1
FCP region
- bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
- ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use
- ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
- arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX
- scsi: Revert "scsi: core: map PQ=1, PDT=other values to
SCSI_SCAN_TARGET_PRESENT"
- WRITE is "data source", not destination...
- fix iov_iter_bvec() "direction" argument
- fix "direction" argument of iov_iter_kvec()
- netrom: Fix use-after-free caused by accept on already connected socket
- netfilter: br_netfilter: disable sabotage_in hook after first suppression
- squashfs: harden sanity check in squashfs_read_xattr_id_table
- net: phy: meson-gxl: Add generic dummy stubs for MMD register access
- can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate
- ata: libata: Fix sata_down_spd_limit() when no link speed is reported
- selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning
- selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided
- selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy
benchmarking
- virtio-net: Keep stop() to follow mirror sequence of open()
- net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
- efi: fix potential NULL deref in efi_mem_reserve_persistent
- scsi: target: core: Fix warning on RT kernels
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
- i2c: rk3x: fix a bunch of kernel-doc warnings
- net/x25: Fix to not accept on connected socket
- iio: adc: stm32-dfsdm: fill module aliases
- usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API
- usb: dwc3: qcom: enable vbus override when in OTG dr-mode
- usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait
- vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
- Input: i8042 - move __initconst to fix code styling warning
- Input: i8042 - merge quirk tables
- Input: i8042 - add TUXEDO devices to i8042 quirk tables
- Input: i8042 - add Clevo PCX0DX to i8042 quirk table
- fbcon: Check font dimension limits
- watchdog: diag288_wdt: do not use stack buffers for hardware data
- watchdog: diag288_wdt: fix __diag288() inline assembly
- efi: Accept version 2 of memory attributes table
- iio: hid: fix the retval in accel_3d_capture_sample
- iio: adc: berlin2-adc: Add missing of_node_put() in error path
- iio:adc:twl6030: Enable measurements of VUSB, VBAT and others
- parisc: Fix return code of pdc_iodc_print()
- parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case
- riscv: disable generation of unwind tables
- mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
- fpga: stratix10-soc: Fix return value check in s10_ops_write_init()
- mm/swapfile: add cond_resched() in get_swap_pages()
- Squashfs: fix handling and sanity checking of xattr_ids count
- nvmem: core: fix cell removal on error
- mm: swap: properly update readahead statistics in unuse_pte_range()
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
- serial: 8250_dma: Fix DMA Rx completion race
- serial: 8250_dma: Fix DMA Rx rearm race
- powerpc/imc-pmu: Revert nest_init_lock to being a mutex
- fbdev: smscufx: fix error handling code in ufx_usb_probe
- f2fs: fix to do sanity check on i_extra_isize in is_alive()
- wifi: brcmfmac: Check the count value of channel spec to prevent out-of-
bounds reads
- iio:adc:twl6030: Enable measurement of VAC
- btrfs: limit device extents to the device size
- btrfs: zlib: zero-initialize zlib workspace
- ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()
- tracing: Fix poll() and select() do not work on per_cpu trace_pipe and
trace_pipe_raw
- can: j1939: do not wait 250 ms if the same addr was already claimed
- IB/hfi1: Restore allocated resources on failed copyout
- IB/IPoIB: Fix legacy IPoIB due to wrong number of queues
- iommu: Add gfp parameter to iommu_ops::map
- RDMA/usnic: use iommu_map_atomic() under spin_lock()
- xfrm: fix bug with DSCP copy to v6 from v4 tunnel
- bonding: fix error checking in bond_debug_reregister()
- net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY
- ionic: clean interrupt before enabling queue to avoid credit race
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue
- rds: rds_rm_zerocopy_callback() use list_first_entry()
- selftests: forwarding: lib: quote the sysctl values
- ALSA: pci: lx6464es: fix a debug loop
- pinctrl: aspeed: Fix confusing types in return value
- pinctrl: single: fix potential NULL dereference
- pinctrl: intel: Restore the pins that used to be in Direct IRQ mode
- net: USB: Fix wrong-direction WARNING in plusb.c
- usb: core: add quirk for Alcor Link AK9563 smartcard reader
- usb: typec: altmodes/displayport: Fix probe pin assign check
- ceph: flush cap releases when the session is flushed
- riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte
- arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive
- arm64: dts: meson-g12-common: Make mmc host controller interrupts level-
sensitive
- arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive
- nvme-pci: Move enumeration by class to be last in the table
- bpf: Always return target ifindex in bpf_fib_lookup
- migrate: hugetlb: check for hugetlb shared PMD in node migration
- selftests/bpf: Verify copy_register_state() preserves parent/live fields
- ASoC: cs42l56: fix DT probe
- tools/virtio: fix the vringh test for virtio ring changes
- net/rose: Fix to not accept on connected socket
- net: stmmac: do not stop RX_CLK in Rx LPI state for qcs404 SoC
- net: sched: sch: Bounds check priority
- s390/decompressor: specify __decompress() buf len to avoid overflow
- nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association
- aio: fix mremap after fork null-deref
- btrfs: free device in btrfs_close_devices for a single device filesystem
- netfilter: nft_tproxy: restrict to prerouting hook
- xfs: remove the xfs_efi_log_item_t typedef
- xfs: remove the xfs_efd_log_item_t typedef
- xfs: remove the xfs_inode_log_item_t typedef
- xfs: factor out a xfs_defer_create_intent helper
- xfs: merge the ->log_item defer op into ->create_intent
- xfs: merge the ->diff_items defer op into ->create_intent
- xfs: turn dfp_intent into a xfs_log_item
- xfs: refactor xfs_defer_finish_noroll
- xfs: log new intent items created as part of finishing recovered intent
items
- xfs: fix finobt btree block recovery ordering
- xfs: proper replay of deferred ops queued during log recovery
- xfs: xfs_defer_capture should absorb remaining block reservations
- xfs: xfs_defer_capture should absorb remaining transaction reservation
- xfs: clean up bmap intent item recovery checking
- xfs: clean up xfs_bui_item_recover iget/trans_alloc/ilock ordering
- xfs: fix an incore inode UAF in xfs_bui_recover
- xfs: change the order in which child and parent defer ops are finished
- xfs: periodically relog deferred intent items
- xfs: expose the log push threshold
- xfs: only relog deferred intent items if free space in the log gets low
- xfs: fix missing CoW blocks writeback conversion retry
- xfs: ensure inobt record walks always make forward progress
- xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks
- xfs: prevent UAF in xfs_log_item_in_current_chkpt
- xfs: sync lazy sb accounting on quiesce of read-only mounts
- Revert "ipv4: Fix incorrect route flushing when source address is deleted"
- ipv4: Fix incorrect route flushing when source address is deleted
- mmc: sdio: fix possible resource leaks in some error paths
- mmc: mmc_spi: fix error handling in mmc_spi_probe()
- ALSA: hda/conexant: add a new hda codec SN6180
- ALSA: hda/realtek - fixed wrong gpio assigned
- sched/psi: Fix use-after-free in ep_remove_wait_queue()
- hugetlb: check for undefined shift on 32 bit architectures
- Revert "mm: Always release pages to the buddy allocator in
memblock_free_late()."
- net: Fix unwanted sign extension in netdev_stats_to_stats64()
- revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
- ixgbe: allow to increase MTU to 3K with XDP enabled
- i40e: add double of VLAN header when computing the max MTU
- net: bgmac: fix BCM5358 support by setting correct flags
- sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list
- dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.
- net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
- net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence
- bnxt_en: Fix mqprio and XDP ring checking logic
- net: stmmac: Restrict warning on disabling DMA store and fwd mode
- ixgbe: add double of VLAN header when computing the max MTU
- ipv6: Fix datagram socket connection with DSCP.
- ipv6: Fix tcp socket connection with DSCP.
- i40e: Add checking for null for nlmsg_find_attr()
- kvm: initialize all of the kvm_debugregs structure before sending it to
userspace
- nilfs2: fix underflow in second superblock position calculations
- ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak
- net: sched: sch: Fix off by one in htb_activate_prios()
- iommu/amd: Pass gfp flags to iommu_map_page() in amd_iommu_map()
- Linux 5.4.232
* CVE-2023-1118
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
-- Wen-chien Jesse Sung <jesse.sung@xxxxxxxxxxxxx> Wed, 21 Jun 2023
15:38:54 +0800
** Changed in: linux-iot (Ubuntu Focal)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0461
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1075
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1118
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1380
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1670
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1859
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-2612
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-30456
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-31436
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-32233
--
You received this bug notification because you are a member of hardware-
certification-users, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2011945
Title:
focal/linux-iot: 5.4.0-1016.17 -proposed tracker
Status in canonical-signing-jobs task00 series:
Fix Released
Status in Kernel SRU Workflow:
Fix Released
Status in Kernel SRU Workflow automated-testing series:
In Progress
Status in Kernel SRU Workflow boot-testing series:
Fix Released
Status in Kernel SRU Workflow certification-testing series:
Confirmed
Status in Kernel SRU Workflow new-review series:
Fix Released
Status in Kernel SRU Workflow prepare-package series:
Fix Released
Status in Kernel SRU Workflow prepare-package-generate series:
Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
Fix Released
Status in Kernel SRU Workflow promote-signing-to-proposed series:
Invalid
Status in Kernel SRU Workflow promote-to-proposed series:
Fix Released
Status in Kernel SRU Workflow promote-to-security series:
New
Status in Kernel SRU Workflow promote-to-updates series:
New
Status in Kernel SRU Workflow regression-testing series:
Fix Released
Status in Kernel SRU Workflow security-signoff series:
Fix Released
Status in Kernel SRU Workflow sru-review series:
Fix Released
Status in Kernel SRU Workflow verification-testing series:
Fix Released
Status in linux-iot source package in Focal:
Fix Released
Bug description:
This bug will contain status and test results related to a kernel
source (or snap) as stated in the title.
For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow
-- swm properties --
built:
from: 14440474dc3203f6
route-entry: 1
delta:
promote-to-proposed: [main, meta, signed, generate]
flag:
boot-testing-requested: true
bugs-spammed: true
proposed-announcement-sent: true
proposed-testing-requested: true
stream-from-cycle: true
issue: KSRU-6874
kernel-stable-master-bug: 2016128
packages:
generate: linux-generate-iot
main: linux-iot
meta: linux-meta-iot
signed: linux-signed-iot
phase: Testing
phase-changed: Friday, 02. June 2023 02:30 UTC
reason:
automated-testing: Ongoing -s testing in progress
certification-testing: Ongoing -s testing in progress
synthetic:
:promote-to-as-proposed: Fix Released
trackers:
focal/linux-uc20-iot: bug 2011944
variant: debs
versions:
main: 5.4.0-1016.17
meta: 5.4.0.1016.14
signed: 5.4.0-1016.17
versions-replace:
main: [5.4.0-1015.17]
meta: [5.4.0.1015.13]
signed: [5.4.0-1015.17]
~~:
clamps:
new-review: 14440474dc3203f6
promote-to-proposed: 14440474dc3203f6
self: 5.4.0-1016.17
sru-review: 14440474dc3203f6
To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-signing-jobs/task00/+bug/2011945/+subscriptions
