← Back to team overview

canonical-hw-cert team mailing list archive

[Bug 1999429] Re: focal/linux-azure: 5.4.0-1100.106 -proposed tracker

 

This bug was fixed in the package linux-azure - 5.4.0-1100.106

---------------
linux-azure (5.4.0-1100.106) focal; urgency=medium

  * focal/linux-azure: 5.4.0-1100.106 -proposed tracker (LP: #1999429)

  * ubuntu_bpf failed to build on F-azure-5.4 / B-azure-5.4 ( error:
    ‘bpf_object_open_opts’ undeclared) (LP: #1990794)
    - Revert "bpf, testing: Add selftest to read/write sockaddr from user space"

  * Focal update: v5.4.214 upstream stable release (LP: #1993196)
    - [Config] azure: soc: fsl: select FSL_GUTS driver for DPIO

  * Azure: hv_netvsc: Fix race between VF offering and VF association message
    from host (LP: #1994974)
    - hv_netvsc: Fix race between VF offering and VF association message from host

  * Azure: RMB Patch to backport on the Azure Linux Images (LP: #1994987)
    - net: mana: Add rmb after checking owner bits

  [ Ubuntu: 5.4.0-136.153 ]

  * focal/linux: 5.4.0-136.153 -proposed tracker (LP: #1997835)
  * Expose built-in trusted and revoked certificates (LP: #1996892)
    - [Packaging] Expose built-in trusted and revoked certificates
  * [UBUNTU 20.04] KVM: PV: ext call delivered twice when receiver in PSW wait
    (LP: #1995941)
    - KVM: s390: pv: don't present the ecall interrupt twice
  * [UBUNTU 20.04] boot: Add s390x secure boot trailer (LP: #1996071)
    - s390/boot: add secure boot trailer
  * Fix rfkill causing soft blocked wifi (LP: #1996198)
    - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
  * md: Replace snprintf with scnprintf (LP: #1993315)
    - md: Replace snprintf with scnprintf
  * input/keyboard: the keyboard on some Asus laptops can't work (LP: #1992266)
    - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA
    - ACPI: resource: Add ASUS model S5402ZA to quirks
  * Focal update: v5.4.218 upstream stable release (LP: #1995530)
    - mm: pagewalk: Fix race between unmap and page walker
    - perf tools: Fixup get_current_dir_name() compilation
    - firmware: arm_scmi: Add SCMI PM driver remove routine
    - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property
    - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API
      failure
    - ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer
    - scsi: qedf: Fix a UAF bug in __qedf_probe()
    - net/ieee802154: fix uninit value bug in dgram_sendmsg
    - um: Cleanup syscall_handler_t cast in syscalls_32.h
    - um: Cleanup compiler warning in arch/x86/um/tls_32.c
    - arch: um: Mark the stack non-executable to fix a binutils warning
    - usb: mon: make mmapped memory read only
    - USB: serial: ftdi_sio: fix 300 bps rate for SIO
    - mmc: core: Replace with already defined values for readability
    - mmc: core: Terminate infinite loop in SD-UHS voltage switch
    - rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
    - nilfs2: fix leak of nilfs_root in case of writer thread creation failure
    - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
    - ceph: don't truncate file in atomic_open
    - random: clamp credited irq bits to maximum mixed
    - ALSA: hda: Fix position reporting on Poulsbo
    - efi: Correct Macmini DMI match in uefi cert quirk
    - USB: serial: qcserial: add new usb-id for Dell branded EM7455
    - random: restore O_NONBLOCK support
    - random: avoid reading two cache lines on irq randomness
    - random: use expired timer rather than wq for mixing fast pool
    - Input: xpad - add supported devices as contributed on github
    - Input: xpad - fix wireless 360 controller breaking after suspend
    - Linux 5.4.218
  * Focal update: v5.4.217 upstream stable release (LP: #1995528)
    - xfs: fix misuse of the XFS_ATTR_INCOMPLETE flag
    - xfs: introduce XFS_MAX_FILEOFF
    - xfs: truncate should remove all blocks, not just to the end of the page
      cache
    - xfs: fix s_maxbytes computation on 32-bit kernels
    - xfs: fix IOCB_NOWAIT handling in xfs_file_dio_aio_read
    - xfs: refactor remote attr value buffer invalidation
    - xfs: fix memory corruption during remote attr value buffer invalidation
    - xfs: move incore structures out of xfs_da_format.h
    - xfs: streamline xfs_attr3_leaf_inactive
    - xfs: fix uninitialized variable in xfs_attr3_leaf_inactive
    - xfs: remove unused variable 'done'
    - Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
    - docs: update mediator information in CoC docs
    - Linux 5.4.217
  * Focal update: v5.4.216 upstream stable release (LP: #1995526)
    - uas: add no-uas quirk for Hiksemi usb_disk
    - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS
    - uas: ignore UAS for Thinkplus chips
    - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
    - clk: ingenic-tcu: Properly enable registers before accessing timers
    - ARM: dts: integrator: Tag PCI host with device_type
    - ntfs: fix BUG_ON in ntfs_lookup_inode_by_name()
    - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
    - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width
    - mm/page_alloc: fix race condition between build_all_zonelists and page
      allocation
    - mm: prevent page_frag_alloc() from corrupting the memory
    - mm/migrate_device.c: flush TLB while holding PTL
    - mm: fix madivse_pageout mishandling on non-LRU page
    - media: dvb_vb2: fix possible out of bound access
    - ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver
    - ARM: dts: am33xx: Fix MMCHS0 dma properties
    - soc: sunxi: sram: Actually claim SRAM regions
    - soc: sunxi: sram: Prevent the driver from being unbound
    - soc: sunxi_sram: Make use of the helper function
      devm_platform_ioremap_resource()
    - soc: sunxi: sram: Fix probe function ordering issues
    - soc: sunxi: sram: Fix debugfs info for A64 SRAM C
    - Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in
      suspend/resume time"
    - Input: melfas_mip4 - fix return value check in mip4_probe()
    - usbnet: Fix memory leak in usbnet_disconnect()
    - nvme: add new line after variable declatation
    - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices
    - selftests: Fix the if conditions of in test_extra_filter()
    - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks
    - clk: iproc: Do not rely on node name for correct PLL setup
    - Linux 5.4.216
  * Focal update: v5.4.215 upstream stable release (LP: #1993203)
    - of: fdt: fix off-by-one error in unflatten_dt_nodes()
    - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0
    - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
    - drm/meson: Correct OSD1 global alpha value
    - drm/meson: Fix OSD1 RGB to YCbCr coefficient
    - parisc: ccio-dma: Add missing iounmap in error path in ccio_probe()
    - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
    - task_stack, x86/cea: Force-inline stack helpers
    - tracing: hold caller_addr to hardirq_{enable,disable}_ip
    - cifs: revalidate mapping when doing direct writes
    - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM
    - MAINTAINERS: add Chandan as xfs maintainer for 5.4.y
    - iomap: iomap that extends beyond EOF should be marked dirty
    - ASoC: nau8824: Fix semaphore unbalance at error paths
    - regulator: pfuze100: Fix the global-out-of-bounds access in
      pfuze100_regulator_probe()
    - rxrpc: Fix local destruction being repeated
    - rxrpc: Fix calc of resend age
    - ALSA: hda/sigmatel: Keep power up while beep is enabled
    - ALSA: hda/tegra: Align BDL entry to 4KB boundary
    - net: usb: qmi_wwan: add Quectel RM520N
    - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
    - MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping()
    - mksysmap: Fix the mismatch of 'L0' symbols in System.map
    - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
    - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
    - ALSA: hda/sigmatel: Fix unused variable warning for beep power change
    - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
    - usb: dwc3: Issue core soft reset before enabling run/stop
    - usb: dwc3: gadget: Prevent repeat pullup()
    - usb: dwc3: gadget: Refactor pullup()
    - usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup()
    - usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop
    - usb: xhci-mtk: get the microframe boundary for ESIT
    - usb: xhci-mtk: add only one extra CS for FS/LS INTR
    - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule
    - usb: xhci-mtk: add a function to (un)load bandwidth info
    - usb: xhci-mtk: add some schedule error number
    - usb: xhci-mtk: allow multiple Start-Split in a microframe
    - usb: xhci-mtk: relax TT periodic bandwidth allocation
    - wifi: mac80211: Fix UAF in ieee80211_scan_rx()
    - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data
    - serial: atmel: remove redundant assignment in rs485_config
    - tty: serial: atmel: Preserve previous USART mode if RS485 disabled
    - usb: add quirks for Lenovo OneLink+ Dock
    - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
    - usb: cdns3: fix issue with rearming ISO OUT endpoint
    - Revert "usb: add quirks for Lenovo OneLink+ Dock"
    - Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio"
    - USB: core: Fix RST error in hub.c
    - USB: serial: option: add Quectel BG95 0x0203 composition
    - USB: serial: option: add Quectel RM520N
    - ALSA: hda/tegra: set depop delay for tegra
    - ALSA: hda: add Intel 5 Series / 3400 PCI DID
    - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9
    - ALSA: hda/realtek: Re-arrange quirk table entries
    - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack
    - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
    - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop
    - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop
    - efi: libstub: check Shim mode using MokSBStateRT
    - mm/slub: fix to return errno if kmalloc() fails
    - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob
    - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz
    - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
    - netfilter: nf_conntrack_sip: fix ct_sip_walk_headers
    - netfilter: nf_conntrack_irc: Tighten matching on DCC message
    - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
    - iavf: Fix cached head and tail value for iavf_get_tx_pending
    - ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
    - net: team: Unsync device addresses on ndo_stop
    - MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko
    - MIPS: Loongson32: Fix PHY-mode being left unspecified
    - iavf: Fix bad page state
    - i40e: Fix set max_tx_rate when it is lower than 1 Mbps
    - of: mdio: Add of_node_put() when breaking out of for_each_xx
    - net/sched: taprio: avoid disabling offload when it was never enabled
    - net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child
      qdiscs
    - netfilter: ebtables: fix memory leak when blob is malformed
    - can: gs_usb: gs_can_open(): fix race dev->can.state condition
    - perf jit: Include program header in ELF files
    - perf kcore_copy: Do not check /proc/modules is unchanged
    - net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD
    - net: sched: fix possible refcount leak in tc_new_tfilter()
    - serial: Create uart_xmit_advance()
    - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting
    - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting
    - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
    - usb: xhci-mtk: fix issue of out-of-bounds array access
    - cifs: always initialize struct msghdr smb_msg completely
    - Drivers: hv: Never allocate anything besides framebuffer from framebuffer
      memory region
    - drm/amd/display: Limit user regamma to a valid value
    - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
    - workqueue: don't skip lockdep work dependency in cancel_work_sync()
    - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
    - xfs: replace -EIO with -EFSCORRUPTED for corrupt metadata
    - xfs: slightly tweak an assert in xfs_fs_map_blocks
    - xfs: add missing assert in xfs_fsmap_owner_from_rmap
    - xfs: range check ri_cnt when recovering log items
    - xfs: attach dquots and reserve quota blocks during unwritten conversion
    - xfs: convert EIO to EFSCORRUPTED when log contents are invalid
    - xfs: constify the buffer pointer arguments to error functions
    - xfs: always log corruption errors
    - xfs: fix some memory leaks in log recovery
    - xfs: stabilize insert range start boundary to avoid COW writeback race
    - xfs: use bitops interface for buf log item AIL flag check
    - xfs: refactor agfl length computation function
    - xfs: split the sunit parameter update into two parts
    - xfs: don't commit sunit/swidth updates to disk if that would cause repair
      failures
    - xfs: fix an ABBA deadlock in xfs_rename
    - xfs: fix use-after-free when aborting corrupt attr inactivation
    - ext4: make directory inode spreading reflect flexbg size
    - Linux 5.4.215
  * Focal update: v5.4.214 upstream stable release (LP: #1993196)
    - drm/msm/rd: Fix FIFO-full deadlock
    - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
    - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
    - tg3: Disable tg3 device on system reboot to avoid triggering AER
    - ieee802154: cc2520: add rc code in cc2520_tx()
    - Input: iforce - add support for Boeder Force Feedback Wheel
    - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
    - perf/arm_pmu_platform: fix tests for platform_get_irq() failure
    - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes
    - usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
    - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
    - net: dp83822: disable rx error interrupt
    - soc: fsl: select FSL_GUTS driver for DPIO
    - tracefs: Only clobber mode/uid/gid on remount if asked
    - Linux 5.4.214
  * Focal update: v5.4.213 upstream stable release (LP: #1992211)
    - efi: capsule-loader: Fix use-after-free in efi_capsule_write
    - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in
      il4965_rs_fill_link_cmd()
    - fs: only do a memory barrier for the first set_buffer_uptodate()
    - Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()"
    - net: dp83822: disable false carrier interrupt
    - drm/msm/dsi: fix the inconsistent indenting
    - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
    - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask
    - iio: adc: mcp3911: make use of the sign bit
    - ieee802154/adf7242: defer destroy_workqueue call
    - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
    - Revert "xhci: turn off port power in shutdown"
    - net: sched: tbf: don't call qdisc_put() while holding tree lock
    - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler
    - kcm: fix strp_init() order and cleanup
    - sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb
    - tcp: annotate data-race around challenge_timestamp
    - Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb"
    - net/smc: Remove redundant refcount increase
    - serial: fsl_lpuart: RS485 RTS polariy is inverse
    - staging: rtl8712: fix use after free bugs
    - powerpc: align syscall table for ppc32
    - vt: Clear selection before changing the font
    - tty: serial: lpuart: disable flow control while waiting for the transmit
      engine to complete
    - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
    - iio: adc: mcp3911: use correct formula for AD conversion
    - misc: fastrpc: fix memory corruption on probe
    - misc: fastrpc: fix memory corruption on open
    - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
    - binder: fix UAF of ref->proc caused by race condition
    - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
    - drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
    - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
    - Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"
    - clk: core: Fix runtime PM sequence in clk_core_unprepare()
    - Input: rk805-pwrkey - fix module autoloading
    - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
    - hwmon: (gpio-fan) Fix array out of bounds access
    - gpio: pca953x: Add mutex_lock for regcache sync in PM
    - thunderbolt: Use the actual buffer in tb_async_error()
    - xhci: Add grace period after xHC start to prevent premature runtime suspend.
    - USB: serial: cp210x: add Decagon UCA device id
    - USB: serial: option: add support for OPPO R11 diag port
    - USB: serial: option: add Quectel EM060K modem
    - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
    - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles
    - usb: dwc2: fix wrong order of phy_power_on and phy_init
    - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
    - usb-storage: Add ignore-residue quirk for NXP PN7462AU
    - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
    - s390: fix nospec table alignments
    - USB: core: Prevent nested device-reset calls
    - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
    - driver core: Don't probe devices after bus_type.match() probe deferral
    - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
    - net: mac802154: Fix a condition in the receive path
    - ALSA: seq: oss: Fix data-race for max_midi_devs access
    - ALSA: seq: Fix data-race at module auto-loading
    - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
    - btrfs: harden identification of a stale device
    - usb: dwc3: fix PHY disable sequence
    - usb: dwc3: disable USB core PHY management
    - USB: serial: ch341: fix lost character on LCR updates
    - USB: serial: ch341: fix disabled rx timer on older devices
    - scsi: megaraid_sas: Fix double kfree()
    - drm/gem: Fix GEM handle release errors
    - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup.
    - drm/radeon: add a force flush to delay work when radeon
    - parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources()
    - parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines
    - arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned
      fw_level
    - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
    - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
    - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
    - ALSA: aloop: Fix random zeros in capture data when using jiffies timer
    - ALSA: usb-audio: Fix an out-of-bounds bug in
      __snd_usb_parse_audio_interface()
    - kprobes: Prohibit probes in gate area
    - debugfs: add debugfs_lookup_and_remove()
    - nvmet: fix a use-after-free
    - scsi: mpt3sas: Fix use-after-free warning
    - scsi: lpfc: Add missing destroy_workqueue() in error path
    - cgroup: Optimize single thread migration
    - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an
      empty subtree
    - cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
    - smb3: missing inode locks in punch hole
    - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node
    - regulator: core: Clean up on enable failure
    - RDMA/cma: Fix arguments order in net device validation
    - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
    - RDMA/hns: Fix supported page size
    - netfilter: br_netfilter: Drop dst references before setting.
    - rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2()
    - afs: Use the operation issue time instead of the reply time for callbacks
    - sch_sfb: Don't assume the skb is still around after enqueueing to child
    - tipc: fix shift wrapping bug in map_get()
    - i40e: Fix kernel crash during module removal
    - RDMA/siw: Pass a pointer to virt_to_page()
    - ipv6: sr: fix out-of-bounds read when setting HMAC data.
    - RDMA/mlx5: Set local port to one when accessing counters
    - nvme-tcp: fix UAF when detecting digest errors
    - tcp: fix early ETIMEDOUT after spurious non-SACK RTO
    - sch_sfb: Also store skb len before calling child enqueue
    - x86/nospec: Fix i386 RSB stuffing
    - MIPS: loongson32: ls1c: Fix hang during startup
    - Linux 5.4.213
  * CVE-2022-2663
    - netfilter: nf_conntrack_irc: Fix forged IP logic
  * CVE-2022-3061
    - video: fbdev: i740fb: Error out if 'pixclock' equals zero

  [ Ubuntu: 5.4.0-135.152 ]

  * focal/linux: 5.4.0-135.152 -proposed tracker (LP: #1997412)
  * containerd sporadic timeouts (LP: #1996678)
    - epoll: call final ep_events_available() check under the lock
    - epoll: check for events when removing a timed out thread from the wait queue
    - Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
  * CVE-2022-3621
    - nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
  * CVE-2022-3565
    - mISDN: fix use-after-free bugs in l1oip timer handlers
  * CVE-2022-3566
    - tcp: Fix data races around icsk->icsk_af_ops.
  * CVE-2022-3567
    - ipv6: annotate some data-races around sk->sk_prot
    - ipv6: Fix data races around sk->sk_prot.
  * CVE-2022-3564
    - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
  * CVE-2022-3524
    - tcp/udp: Fix memory leak in ipv6_renew_options().
  * CVE-2022-3594
    - r8152: Rate limit overflow messages
  * CVE-2022-42703
    - mm/rmap.c: don't reuse anon_vma if we just want a copy

  [ Ubuntu: 5.4.0-132.148 ]

  * CVE-2022-42719
    - mac80211: mlme: find auth challenge directly
    - wifi: mac80211: don't parse mbssid in assoc response
    - wifi: mac80211: fix MBSSID parsing use-after-free
  * iavf: SR-IOV VFs error with no traffic flow when MTU greater than 1500
    (LP: #1983656)
    - iavf: Fix set max MTU size with port VLAN and jumbo frames
    - i40e: Fix VF set max MTU size
  * fib_nexthop_nongw.sh from ubuntu_kernel_selftests failed on B-5.4
    (LP: #1990800)
    - SAUCE: selftests/net: skipping tests for older ip command releases
  * CVE-2022-29901
    - Revert "x86/speculation: Add RSB VM Exit protections"
    - Revert "x86/cpu: Add a steppings field to struct x86_cpu_id"
    - x86/devicetable: Move x86 specific macro out of generic code
    - x86/cpu: Add consistent CPU match macros
    - x86/cpu: Add a steppings field to struct x86_cpu_id
    - x86/kvm/vmx: Make noinstr clean
    - x86/cpufeatures: Move RETPOLINE flags to word 11
    - x86/bugs: Report AMD retbleed vulnerability
    - x86/bugs: Add AMD retbleed= boot parameter
    - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
    - x86/entry: Remove skip_r11rcx
    - x86/entry: Add kernel IBRS implementation
    - x86/bugs: Optimize SPEC_CTRL MSR writes
    - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
    - x86/bugs: Split spectre_v2_select_mitigation() and
      spectre_v2_user_select_mitigation()
    - x86/bugs: Report Intel retbleed vulnerability
    - intel_idle: Disable IBRS during long idle
    - x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
    - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
    - x86/speculation: Fix firmware entry SPEC_CTRL handling
    - x86/speculation: Fix SPEC_CTRL write on SMT state change
    - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
    - x86/speculation: Remove x86_spec_ctrl_mask
    - KVM/VMX: Use TEST %REG,%REG instead of CMP $0,%REG in vmenter.S
    - KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw
    - KVM: VMX: Flatten __vmx_vcpu_run()
    - KVM: VMX: Convert launched argument to flags
    - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
    - KVM: VMX: Fix IBRS handling after vmexit
    - x86/speculation: Fill RSB on vmexit for IBRS
    - x86/common: Stamp out the stepping madness
    - x86/cpu/amd: Enumerate BTC_NO
    - x86/bugs: Add Cannon lake to RETBleed affected CPU list
    - x86/speculation: Disable RRSBA behavior
    - x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
    - x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
    - x86/speculation: Add RSB VM Exit protections
  * ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel
    systems (LP: #1990985)
    - ACPI: processor_idle: Skip dummy wait if kernel is in guest
    - ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel
      systems
  * cgroup: all controllers mounted when using 'cgroup_no_v1=' (LP: #1988584)
    - cgroup-v1: add disabled controller check in cgroup1_parse_param()
  * Focal update: v5.4.212 upstream stable release (LP: #1991156)
    - audit: fix potential double free on error path from fsnotify_add_inode_mark
    - parisc: Fix exception handler for fldw and fstw instructions
    - kernel/sys_ni: add compat entry for fadvise64_64
    - usb: cdns3: Fix issue for clear halt endpoint
    - pinctrl: amd: Don't save/restore interrupt status and wake status bits
    - sched/deadline: Unthrottle PI boosted threads while enqueuing
    - sched/deadline: Fix stale throttling on de-/boosted tasks
    - sched/deadline: Fix priority inheritance with multiple scheduling classes
    - kernel/sched: Remove dl_boosted flag comment
    - xfrm: fix refcount leak in __xfrm_policy_check()
    - SUNRPC: RPC level errors should set task->tk_rpc_status
    - rose: check NULL rose_loopback_neigh->loopback
    - net/mlx5e: Properly disable vlan strip on non-UL reps
    - net: moxa: get rid of asymmetry in DMA mapping/unmapping
    - bonding: 802.3ad: fix no transmission of LACPDUs
    - net: ipvtap - add __init/__exit annotations to module init/exit funcs
    - netfilter: ebtables: reject blobs that don't provide all entry points
    - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips
    - netfilter: nft_payload: report ERANGE for too long offset and length
    - netfilter: nft_payload: do not truncate csum_offset and csum_type
    - netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families
    - netfilter: nft_tunnel: restrict it to netdev family
    - net: Fix data-races around weight_p and dev_weight_[rt]x_bias.
    - net: Fix data-races around netdev_tstamp_prequeue.
    - ratelimit: Fix data-races in ___ratelimit().
    - net: Fix a data-race around sysctl_tstamp_allow_data.
    - net: Fix a data-race around sysctl_net_busy_poll.
    - net: Fix a data-race around sysctl_net_busy_read.
    - net: Fix a data-race around netdev_budget.
    - net: Fix a data-race around netdev_budget_usecs.
    - net: Fix a data-race around sysctl_somaxconn.
    - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
    - btrfs: fix silent failure when deleting root reference
    - btrfs: replace: drop assert for suspended replace
    - btrfs: add info when mount fails due to stale replace target
    - btrfs: check if root is readonly while setting security xattr
    - x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry
    - loop: Check for overflow while configuring loop
    - asm-generic: sections: refactor memory_intersects
    - s390: fix double free of GS and RI CBs on fork() failure
    - ACPI: processor: Remove freq Qos request for all CPUs
    - mm/hugetlb: fix hugetlb not supporting softdirty tracking
    - md: call __md_stop_writes in md_stop
    - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU
    - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq
    - mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
    - s390/mm: do not trigger write fault when vma does not allow VM_WRITE
    - x86/bugs: Add "unknown" reporting for MMIO Stale Data
    - kbuild: Fix include path in scripts/Makefile.modpost
    - Bluetooth: L2CAP: Fix build errors in some archs
    - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
    - udmabuf: Set the DMA mask for the udmabuf device (v2)
    - media: pvrusb2: fix memory leak in pvr_probe
    - HID: hidraw: fix memory leak in hidraw_release()
    - fbdev: fb_pm2fb: Avoid potential divide by zero error
    - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is
      dead
    - bpf: Don't redirect packets with invalid pkt_len
    - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
    - btrfs: introduce btrfs_lookup_match_dir
    - btrfs: do not pin logs too early during renames
    - btrfs: unify lookup return value when dir entry is missing
    - drm/amd/display: Avoid MPC infinite loop
    - drm/amd/display: clear optc underflow before turn off odm clock
    - neigh: fix possible DoS due to net iface start/stop loop
    - s390/hypfs: avoid error message under KVM
    - drm/amd/display: Fix pixel clock programming
    - netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
    - btrfs: tree-checker: check for overlapping extent items
    - lib/vdso: Let do_coarse() return 0 to simplify the callsite
    - lib/vdso: Mark do_hres() and do_coarse() as __always_inline
    - kprobes: don't call disarm_kprobe() for disabled kprobes
    - net/af_packet: check len when min_header_len equals to 0
    - net: neigh: don't call kfree_skb() under spin_lock_irqsave()
    - Linux 5.4.212
  * Focal update: v5.4.211 upstream stable release (LP: #1990190)
    - Makefile: link with -z noexecstack --no-warn-rwx-segments
    - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments
    - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover"
    - ALSA: bcd2000: Fix a UAF bug on the error path of probing
    - igc: Remove _I_PHY_ID checking
    - wifi: mac80211_hwsim: fix race condition in pending packet
    - wifi: mac80211_hwsim: add back erroneously removed cast
    - wifi: mac80211_hwsim: use 32-bit skb cookie
    - add barriers to buffer_uptodate and set_buffer_uptodate
    - HID: wacom: Only report rotation for art pen
    - HID: wacom: Don't register pad_input for touch switch
    - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case
    - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case
    - KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
    - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value
    - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
    - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP
    - mm/mremap: hold the rmap lock in write mode when moving page table entries.
    - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
    - ALSA: hda/cirrus - support for iMac 12,1 model
    - ALSA: hda/realtek: Add quirk for another Asus K42JZ model
    - tty: vt: initialize unicode screen buffer
    - vfs: Check the truncate maximum size in inode_newsize_ok()
    - fs: Add missing umask strip in vfs_tmpfile
    - thermal: sysfs: Fix cooling_device_stats_setup() error code path
    - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
    - usbnet: Fix linkwatch use-after-free on disconnect
    - ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh()
    - parisc: Fix device names in /proc/iomem
    - parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode
    - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error
    - drm/nouveau: fix another off-by-one in nvbios_addr
    - drm/amdgpu: Check BO's requested pinning domains against its
      preferred_domains
    - iio: light: isl29028: Fix the warning in isl29028_remove()
    - fuse: limit nsec
    - serial: mvebu-uart: uart2 error bits clearing
    - md-raid10: fix KASAN warning
    - ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr()
    - PCI: Add defines for normal and subtractive PCI bridges
    - powerpc/fsl-pci: Fix Class Code of PCIe Root Port
    - powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E
    - powerpc/powernv: Avoid crashing if rng is NULL
    - MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
    - coresight: Clear the connection field properly
    - USB: HCD: Fix URB giveback issue in tasklet function
    - ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC
    - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC
    - netfilter: nf_tables: fix null deref due to zeroed list head
    - epoll: autoremove wakers even more aggressively
    - x86: Handle idle=nomwait cmdline properly for x86_idle
    - arm64: Do not forget syscall when starting a new thread.
    - arm64: fix oops in concurrently setting insn_emulation sysctls
    - ext2: Add more validity checks for inode counts
    - genirq: Don't return error on missing optional irq_request_resources()
    - wait: Fix __wait_event_hrtimeout for RT/DL tasks
    - ARM: dts: imx6ul: add missing properties for sram
    - ARM: dts: imx6ul: change operating-points to uint32-matrix
    - ARM: dts: imx6ul: fix csi node compatible
    - ARM: dts: imx6ul: fix lcdif node compatible
    - ARM: dts: imx6ul: fix qspi node compatible
    - spi: synquacer: Add missing clk_disable_unprepare()
    - ARM: OMAP2+: display: Fix refcount leak bug
    - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
    - ACPI: PM: save NVS memory for Lenovo G40-45
    - ACPI: LPSS: Fix missing check in register_device_clock()
    - arm64: dts: qcom: ipq8074: fix NAND node name
    - arm64: dts: allwinner: a64: orangepi-win: Fix LED node name
    - ARM: shmobile: rcar-gen2: Increase refcount for new reference
    - PM: hibernate: defer device probing when resuming from hibernation
    - selinux: Add boundary check in put_entry()
    - spi: spi-rspi: Fix PIO fallback on RZ platforms
    - ARM: findbit: fix overflowing offset
    - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
    - ARM: bcm: Fix refcount leak in bcm_kona_smc_init
    - x86/pmem: Fix platform-device leak in error path
    - ARM: dts: ast2500-evb: fix board compatible
    - ARM: dts: ast2600-evb: fix board compatible
    - soc: fsl: guts: machine variable might be unset
    - ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg
    - ARM: OMAP2+: Fix refcount leak in omapdss_init_of
    - ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init
    - cpufreq: zynq: Fix refcount leak in zynq_get_revision
    - soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register
    - ARM: dts: qcom: pm8841: add required thermal-sensor-cells
    - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe()
    - arm64: dts: mt7622: fix BPI-R64 WPS button
    - erofs: avoid consecutive detection for Highmem memory
    - blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created
    - regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
    - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt()
    - thermal/tools/tmon: Include pthread and time headers in tmon.h
    - dm: return early from dm_pr_call() if DM device is suspended
    - ath10k: do not enforce interrupt trigger type
    - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
    - drm/mipi-dbi: align max_chunk to 2 in spi_transfer
    - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
    - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
    - drm: adv7511: override i2c address of cec before accessing it
    - i2c: Fix a potential use after free
    - media: tw686x: Register the irq at the end of probe
    - wifi: iwlegacy: 4965: fix potential off-by-one overflow in
      il4965_rs_fill_link_cmd()
    - drm: bridge: adv7511: Add check for mipi_dsi_driver_register
    - drm/mcde: Fix refcount leak in mcde_dsi_bind
    - media: hdpvr: fix error value returns in hdpvr_read
    - drm/vc4: plane: Remove subpixel positioning check
    - drm/vc4: plane: Fix margin calculations for the right/bottom edges
    - drm/vc4: dsi: Correct DSI divider calculations
    - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE
    - drm/rockchip: vop: Don't crash for invalid duplicate_state()
    - drm/rockchip: Fix an error handling path rockchip_dp_probe()
    - drm/mediatek: dpi: Remove output format of YUV
    - drm/mediatek: dpi: Only enable dpi after the bridge is enabled
    - drm: bridge: sii8620: fix possible off-by-one
    - drm/msm/mdp5: Fix global state lock backoff
    - crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq
    - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment
    - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
    - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed.
    - tcp: make retransmitted SKB fit into the send window
    - libbpf: Fix the name of a reused map
    - selftests: timers: valid-adjtimex: build fix for newer toolchains
    - selftests: timers: clocksource-switch: fix passing errors from child
    - fs: check FMODE_LSEEK to control internal pipe splicing
    - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
    - wifi: p54: Fix an error handling path in p54spi_probe()
    - wifi: p54: add missing parentheses in p54_flush()
    - selftests/bpf: fix a test for snprintf() overflow
    - can: pch_can: do not report txerr and rxerr during bus-off
    - can: rcar_can: do not report txerr and rxerr during bus-off
    - can: sja1000: do not report txerr and rxerr during bus-off
    - can: hi311x: do not report txerr and rxerr during bus-off
    - can: sun4i_can: do not report txerr and rxerr during bus-off
    - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
    - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
    - can: usb_8dev: do not report txerr and rxerr during bus-off
    - can: error: specify the values of data[5..7] of CAN error frames
    - can: pch_can: pch_can_error(): initialize errc before using it
    - Bluetooth: hci_intel: Add check for platform_driver_register
    - i2c: cadence: Support PEC for SMBus block read
    - i2c: mux-gpmux: Add of_node_put() when breaking out of loop
    - wifi: wil6210: debugfs: fix uninitialized variable use in
      `wil_write_file_wmi()`
    - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
    - wifi: libertas: Fix possible refcount leak in if_usb_probe()
    - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
    - crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
    - iavf: Fix max_rate limiting
    - netdevsim: Avoid allocation warnings triggered from user space
    - net: rose: fix netdev reference changes
    - dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
    - clk: renesas: r9a06g032: Fix UART clkgrp bitsel
    - mtd: maps: Fix refcount leak in of_flash_probe_versatile
    - mtd: maps: Fix refcount leak in ap_flash_init
    - mtd: rawnand: meson: Fix a potential double free issue
    - HID: cp2112: prevent a buffer overflow in cp2112_xfer()
    - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
    - mtd: partitions: Fix refcount leak in parse_redboot_of
    - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
    - fpga: altera-pr-ip: fix unsigned comparison with less than zero
    - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
    - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
    - usb: xhci: tegra: Fix error check
    - clk: mediatek: reset: Fix written reset bit offset
    - misc: rtsx: Fix an error handling path in rtsx_pci_probe()
    - driver core: fix potential deadlock in __driver_attach
    - clk: qcom: clk-krait: unlock spin after mux completion
    - usb: host: xhci: use snprintf() in xhci_decode_trb()
    - clk: qcom: ipq8074: fix NSS port frequency tables
    - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
    - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain
    - soundwire: bus_type: fix remove and shutdown support
    - intel_th: Fix a resource leak in an error handling path
    - intel_th: msu-sink: Potential dereference of null pointer
    - intel_th: msu: Fix vmalloced buffers
    - staging: rtl8192u: Fix sleep in atomic context bug in
      dm_fsync_timer_callback
    - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
    - memstick/ms_block: Fix some incorrect memory allocation
    - memstick/ms_block: Fix a memory leak
    - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
    - scsi: smartpqi: Fix DMA direction for RAID requests
    - usb: gadget: udc: amd5536 depends on HAS_DMA
    - RDMA/hns: Fix incorrect clearing of interrupt status register
    - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event
    - RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
    - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
    - mmc: cavium-octeon: Add of_node_put() when breaking out of loop
    - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
    - HID: alps: Declare U1_UNICORN_LEGACY support
    - PCI: tegra194: Fix Root Port interrupt handling
    - PCI: tegra194: Fix link up retry sequence
    - USB: serial: fix tty-port initialized comments
    - platform/olpc: Fix uninitialized data in debugfs write
    - mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
    - RDMA/rxe: Fix error unwind in rxe_create_qp()
    - null_blk: fix ida error handling in null_add_dev()
    - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction()
    - ext4: recover csum seed of tmp_inode after migrating to extents
    - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
    - opp: Fix error check in dev_pm_opp_attach_genpd()
    - ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe
    - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
    - ASoC: codecs: da7210: add check for i2c_add_driver
    - ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe
    - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty()
    - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV
    - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV
    - profiling: fix shift too large makes kernel panic
    - tty: n_gsm: fix non flow control frames during mux flow off
    - tty: n_gsm: fix packet re-transmission without open control channel
    - tty: n_gsm: fix race condition in gsmld_write()
    - remoteproc: qcom: wcnss: Fix handling of IRQs
    - vfio/ccw: Do not change FSM state in subchannel event
    - tty: n_gsm: fix wrong T1 retry count handling
    - tty: n_gsm: fix DM command
    - tty: n_gsm: fix missing corner cases in gsmld_poll()
    - iommu/exynos: Handle failed IOMMU device registration properly
    - rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
    - kfifo: fix kfifo_to_user() return type
    - mfd: t7l66xb: Drop platform disable callback
    - mfd: max77620: Fix refcount leak in max77620_initialise_fps
    - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
    - s390/zcore: fix race when reading from hardware system area
    - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp()
    - fuse: Remove the control interface for virtio-fs
    - ASoC: audio-graph-card: Add of_node_put() in fail path
    - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in
      armada_37xx_wdt_probe()
    - video: fbdev: amba-clcd: Fix refcount leak bugs
    - video: fbdev: sis: fix typos in SiS_GetModeID()
    - powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32
    - powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and
      alias
    - powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
    - powerpc/xive: Fix refcount leak in xive_get_max_prio
    - powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address
    - perf symbol: Fail to read phdr workaround
    - kprobes: Forbid probing on trampoline and BPF code areas
    - powerpc/pci: Fix PHB numbering when using opal-phbid
    - genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO
    - scripts/faddr2line: Fix vmlinux detection on arm64
    - x86/numa: Use cpumask_available instead of hardcoded NULL check
    - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
    - tools/thermal: Fix possible path truncations
    - video: fbdev: vt8623fb: Check the size of screen before memset_io()
    - video: fbdev: arkfb: Check the size of screen before memset_io()
    - video: fbdev: s3fb: Check the size of screen before memset_io()
    - scsi: zfcp: Fix missing auto port scan and thus missing target ports
    - scsi: qla2xxx: Fix discovery issues in FC-AL topology
    - scsi: qla2xxx: Turn off multi-queue for 8G adapters
    - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection
    - x86/olpc: fix 'logical not is only applied to the left hand side'
    - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
    - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature
      verification
    - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH
    - btrfs: reset block group chunk force if we have to wait
    - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
    - ext4: make sure ext4_append() always allocates new block
    - ext4: fix use-after-free in ext4_xattr_set_entry
    - ext4: update s_overhead_clusters in the superblock during an on-line resize
    - ext4: fix extent status tree race in writeback error recovery path
    - ext4: correct max_inline_xattr_value_size computing
    - ext4: correct the misjudgment in ext4_iget_extra_inode
    - intel_th: pci: Add Raptor Lake-S CPU support
    - intel_th: pci: Add Raptor Lake-S PCH support
    - intel_th: pci: Add Meteor Lake-P support
    - dm raid: fix address sanitizer warning in raid_resume
    - dm raid: fix address sanitizer warning in raid_status
    - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
    - dm writecache: set a default MAX_WRITEBACK_JOBS
    - ACPI: CPPC: Do not prevent CPPC from working in the future
    - timekeeping: contribute wall clock to rng on time change
    - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
    - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
    - btrfs: reject log replay if there is unsupported RO compat flag
    - KVM: Add infrastructure and macro to mark VM as bugged
    - KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq
    - KVM: x86: Avoid theoretical NULL pointer dereference in
      kvm_irq_delivery_to_apic_fast()
    - tcp: fix over estimation in sk_forced_mem_schedule()
    - scsi: sg: Allow waiting for commands to complete on removed device
    - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
    - net/9p: Initialize the iounit field during fid creation
    - net_sched: cls_route: disallow handle of 0
    - ALSA: info: Fix llseek return value when using callback
    - rds: add missing barrier to release_refill
    - ata: libata-eh: Add missing command name
    - mmc: pxamci: Fix another error handling path in pxamci_probe()
    - mmc: pxamci: Fix an error handling path in pxamci_probe()
    - btrfs: fix lost error handling when looking up extended ref on log replay
    - tracing: Have filter accept "common_cpu" to be consistent
    - can: ems_usb: fix clang's -Wunaligned-access warning
    - apparmor: fix quiet_denied for file rules
    - apparmor: fix absroot causing audited secids to begin with =
    - apparmor: Fix failed mount permission check error message
    - apparmor: fix aa_label_asxprint return check
    - apparmor: fix overlapping attachment computation
    - apparmor: fix reference count leak in aa_pivotroot()
    - apparmor: Fix memleak in aa_simple_write_to_buffer()
    - Documentation: ACPI: EINJ: Fix obsolete example
    - NFSv4.1: Don't decrease the value of seq_nr_highest_sent
    - NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
    - NFSv4: Fix races in the legacy idmapper upcall
    - NFSv4.1: RECLAIM_COMPLETE must handle EACCES
    - NFSv4/pnfs: Fix a use-after-free bug in open
    - can: mcp251x: Fix race condition on receive interrupt
    - sunrpc: fix expiry of auth creds
    - SUNRPC: Reinitialise the backchannel request buffers before reuse
    - devlink: Fix use-after-free after a failed reload
    - net: bgmac: Fix a BUG triggered by wrong bytes_compl
    - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
    - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
    - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO
    - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
    - geneve: do not use RT_TOS for IPv6 flowlabel
    - plip: avoid rcu debug splat
    - vsock: Fix memory leak in vsock_connect()
    - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout()
    - dt-bindings: arm: qcom: fix MSM8916 MTP compatibles
    - tools/vm/slabinfo: use alphabetic order when two values are equal
    - tools build: Switch to new openssl API for test-libcrypto
    - NTB: ntb_tool: uninitialized heap data in tool_fn_write()
    - nfp: ethtool: fix the display error of `ethtool -m DEVNAME`
    - xen/xenbus: fix return type in xenbus_file_read()
    - atm: idt77252: fix use-after-free bugs caused by tst_timer
    - dpaa2-eth: trace the allocated address instead of page struct
    - tee: add overflow check in register_shm_helper()
    - nios2: page fault et.al. are *not* restartable syscalls...
    - nios2: don't leave NULLs in sys_call_table[]
    - nios2: traced syscall does need to check the syscall number
    - nios2: fix syscall restart checks
    - nios2: restarts apply only to the first sigframe we build...
    - nios2: add force_successful_syscall_return()
    - iavf: Fix adminq error handling
    - clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks
    - netfilter: nf_tables: really skip inactive sets when allocating name
    - powerpc/pci: Fix get_phb_number() locking
    - net: dsa: mv88e6060: prevent crash on an unused port
    - net: moxa: pass pdev instead of ndev to DMA functions
    - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry
    - ice: Ignore EEXIST when setting promisc mode
    - i40e: Fix to stop tx_timeout recovery if GLOBR fails
    - fec: Fix timer capture timing in `fec_ptp_enable_pps()`
    - igb: Add lock to avoid data race
    - gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file
    - locking/atomic: Make test_and_*_bit() ordered on failure
    - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
    - PCI: Add ACS quirk for Broadcom BCM5750x NICs
    - usb: cdns3 fix use-after-free at workaround 2
    - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of
      uvcg_info
    - irqchip/tegra: Fix overflow implicit truncation warnings
    - drm/meson: Fix overflow implicit truncation warnings
    - usb: host: ohci-ppc-of: Fix refcount leak bug
    - usb: renesas: Fix refcount leak bug
    - vboxguest: Do not use devm for irq
    - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src
    - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user
      input
    - gadgetfs: ep_io - wait until IRQ finishes
    - cxl: Fix a memory leak in an error handling path
    - PCI/ACPI: Guard ARM64-specific mcfg_quirks
    - um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups
    - selftests/kprobe: Do not test for GRP/ without event failures
    - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed
    - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown
    - drivers:md:fix a potential use-after-free bug
    - ext4: avoid remove directory when directory is corrupted
    - ext4: avoid resizing to a partial cluster size
    - lib/list_debug.c: Detect uninitialized lists
    - tty: serial: Fix refcount leak bug in ucc_uart.c
    - vfio: Clear the caps->buf to NULL after free
    - mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
    - riscv: mmap with PROT_WRITE but no PROT_READ is invalid
    - RISC-V: Add fast call path of crash_kexec()
    - watchdog: export lockup_detector_reconfigure
    - powerpc/32: Don't always pass -mcpu=powerpc to the compiler
    - ALSA: core: Add async signal helpers
    - ALSA: timer: Use deferred fasync helper
    - f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()
    - smb3: check xattr value length earlier
    - powerpc/64: Init jump labels before parse_early_param()
    - video: fbdev: i740fb: Check the argument of i740_calc_vclk()
    - MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0
    - tracing/probes: Have kprobes and uprobes use $COMM too
    - can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with
      netdev_warn_once()
    - can: j1939: j1939_session_destroy(): fix memory leak of skbs
    - btrfs: only write the sectors in the vertical stripe which has data stripes
    - btrfs: raid56: don't trust any cached sector in __raid56_parity_recover()
    - Linux 5.4.211
  * CVE-2022-3028
    - af_key: Do not call xfrm_probe_algs in parallel
  * CVE-2022-2978
    - fs: fix UAF/GPF bug in nilfs_mdt_destroy
  * CVE-2022-40768
    - scsi: stex: Properly zero out the passthrough command structure

 -- Tim Gardner <tim.gardner@xxxxxxxxxxxxx>  Mon, 12 Dec 2022 12:49:30
-0700

** Changed in: linux-azure (Ubuntu Focal)
       Status: Confirmed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2663

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2978

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29901

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3028

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3061

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3524

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3564

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3565

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3566

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3567

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3594

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3621

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-40768

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-42703

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-42719

-- 
You received this bug notification because you are a member of hardware-
certification-users, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1999429

Title:
  focal/linux-azure: 5.4.0-1100.106 -proposed tracker

Status in canonical-signing-jobs:
  Fix Released
Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow boot-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow new-review series:
  Fix Released
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrg series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrm series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrs series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-signing-to-proposed series:
  Invalid
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  Fix Released
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow sru-review series:
  Fix Released
Status in Kernel SRU Workflow stakeholder-signoff series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-azure source package in Focal:
  Fix Released

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
    https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  built:
    from: deb872d6594d1c7f
    route-entry: 1
  delta:
    promote-to-proposed: [main, meta, lrm, lrs, signed, lrg]
    promote-to-updates: [signed, lrm, lrs, meta, main]
  flag:
    boot-testing-requested: true
    bugs-respammed: true
    bugs-spammed: true
    proposed-announcement-sent: true
    proposed-testing-requested: true
    stream-from-cycle: true
  issue: KSRU-5852
  kernel-stable-master-bug: 1998813
  packages:
    lrg: linux-restricted-generate-azure
    lrm: linux-restricted-modules-azure
    lrs: linux-restricted-signatures-azure
    main: linux-azure
    meta: linux-meta-azure
    signed: linux-signed-azure
  phase: Holding before Promote to Security
  phase-changed: Monday, 09. January 2023 10:36 UTC
  reason:
    promote-to-security: Holding -- not ready for security (replication
      dwell)
  synthetic:
    :promote-to-as-proposed: Fix Released
  trackers:
    bionic/linux-azure-5.4: bug 1997806, bug 1999442
    focal/linux-azure-cvm: bug 1997803
    focal/linux-azure-fips: bug 1997804
  variant: debs
  versions:
    lrm: 5.4.0-1100.106
    main: 5.4.0-1100.106
    meta: 5.4.0.1100.93
    signed: 5.4.0-1100.106
  ~~:
    clamps:
      new-review: deb872d6594d1c7f
      promote-to-proposed: deb872d6594d1c7f
      self: 5.4.0-1100.106
      sru-review: deb872d6594d1c7f

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-signing-jobs/+bug/1999429/+subscriptions