← Back to team overview

canonical-hw-cert team mailing list archive

[Bug 2011940] Re: focal/linux-gkeop: 5.4.0-1067.71 -proposed tracker

 

This bug was fixed in the package linux-gkeop - 5.4.0-1067.71

---------------
linux-gkeop (5.4.0-1067.71) focal; urgency=medium

  * focal/linux-gkeop: 5.4.0-1067.71 -proposed tracker (LP: #2011940)

  [ Ubuntu: 5.4.0-147.164 ]

  * focal/linux: 5.4.0-147.164 -proposed tracker (LP: #2011959)
  * CVE-2023-26545
    - net: mpls: fix stale pointer if allocation fails during device rename
  * CVE-2023-1281
    - rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer()
    - net/sched: tcindex: update imperfect hash filters respecting rcu
  * Focal update: v5.4.231 upstream stable release (LP: #2011226)
    - clk: generalize devm_clk_get() a bit
    - clk: Provide new devm_clk helpers for prepared and enabled clocks
    - memory: atmel-sdramc: Fix missing clk_disable_unprepare in
      atmel_ramc_probe()
    - memory: mvebu-devbus: Fix missing clk_disable_unprepare in
      mvebu_devbus_probe()
    - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts'
    - ARM: imx27: Retrieve the SYSCTRL base address from devicetree
    - ARM: imx31: Retrieve the IIM base address from devicetree
    - ARM: imx35: Retrieve the IIM base address from devicetree
    - ARM: imx: add missing of_node_put()
    - HID: intel_ish-hid: Add check for ishtp_dma_tx_map
    - EDAC/highbank: Fix memory leak in highbank_mc_probe()
    - tomoyo: fix broken dependency on *.conf.default
    - RDMA/core: Fix ib block iterator counter overflow
    - IB/hfi1: Reject a zero-length user expected buffer
    - IB/hfi1: Reserve user expected TIDs
    - IB/hfi1: Fix expected receive setup error exit issues
    - affs: initialize fsdata in affs_truncate()
    - amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent
    - amd-xgbe: Delay AN timeout during KR training
    - bpf: Fix pointer-leak due to insufficient speculative store bypass
      mitigation
    - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in
      rockchip_usb2phy_power_on()
    - net: nfc: Fix use-after-free in local_cleanup()
    - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs
    - gpio: mxc: Always set GPIOs used as interrupt source to INPUT mode
    - net/sched: sch_taprio: fix possible use-after-free
    - net: fix a concurrency bug in l2tp_tunnel_register()
    - l2tp: Serialize access to sk_user_data with sk_callback_lock
    - l2tp: Don't sleep and disable BH under writer-side sk_callback_lock
    - net: usb: sr9700: Handle negative len
    - net: mdio: validate parameter addr in mdiobus_get_phy()
    - HID: check empty report_list in hid_validate_values()
    - HID: check empty report_list in bigben_probe()
    - net: stmmac: fix invalid call to mdiobus_get_phy()
    - HID: revert CHERRY_MOUSE_000C quirk
    - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
    - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request
    - net: mlx5: eliminate anonymous module_init & module_exit
    - drm/panfrost: fix GENERIC_ATOMIC64 dependency
    - dmaengine: Fix double increment of client_count in dma_chan_get()
    - net: macb: fix PTP TX timestamp failure due to packet padding
    - HID: betop: check shape of output reports
    - dmaengine: xilinx_dma: use devm_platform_ioremap_resource()
    - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling
    - dmaengine: xilinx_dma: call of_node_put() when breaking out of
      for_each_child_of_node()
    - tcp: avoid the lookup process failing to get sk in ehash table
    - w1: fix deadloop in __w1_remove_master_device()
    - w1: fix WARNING after calling w1_process()
    - driver core: Fix test_async_probe_init saves device in wrong array
    - net: dsa: microchip: ksz9477: port map correction in ALU table entry
      register
    - tcp: fix rate_app_limited to default to 1
    - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist
    - ASoC: fsl_micfil: Correct the number of steps on SX controls
    - drm: Add orientation quirk for Lenovo ideapad D330-10IGL
    - s390/debug: add _ASM_S390_ prefix to header guard
    - cpufreq: armada-37xx: stop using 0 as NULL pointer
    - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC
    - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets
    - spi: spidev: remove debug messages that access spidev->spi without locking
    - KVM: s390: interrupt: use READ_ONCE() before cmpxchg()
    - scsi: hisi_sas: Set a port invalid only if there are no devices attached
      when refreshing port id
    - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD
    - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK
    - lockref: stop doing cpu_relax in the cmpxchg loop
    - mmc: sdhci-esdhc-imx: clear pending interrupt and halt cqhci
    - mmc: sdhci-esdhc-imx: disable the CMD CRC check for standard tuning
    - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting
    - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state
    - fs: reiserfs: remove useless new_opts in reiserfs_remount
    - Bluetooth: hci_sync: cancel cmd_timer if hci_open failed
    - scsi: hpsa: Fix allocation size for scsi_host_alloc()
    - module: Don't wait for GOING modules
    - tracing: Make sure trace_printk() can output as soon as it can be used
    - trace_events_hist: add check for return value of 'create_hist_field'
    - ftrace/scripts: Update the instructions for ftrace-bisect.sh
    - cifs: Fix oops due to uncleared server->smbd_conn in reconnect
    - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set
    - thermal: intel: int340x: Protect trip temperature from concurrent updates
    - ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment
    - EDAC/device: Respect any driver-supplied workqueue polling value
    - EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info
    - netlink: prevent potential spectre v1 gadgets
    - net: fix UaF in netns ops registration error path
    - netfilter: nft_set_rbtree: skip elements in transaction from garbage
      collection
    - netlink: annotate data races around nlk->portid
    - netlink: annotate data races around dst_portid and dst_group
    - netlink: annotate data races around sk_state
    - ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
    - ipv4: prevent potential spectre v1 gadget in fib_metrics_match()
    - netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE
    - netrom: Fix use-after-free of a listening socket.
    - net/sched: sch_taprio: do not schedule in taprio_reset()
    - sctp: fail if no bound addresses can be used for a given scope
    - net: ravb: Fix possible hang if RIS2_QFF1 happen
    - thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type()
    - net/tg3: resolve deadlock in tg3_reset_task() during EEH
    - net/phy/mdio-i2c: Move header file to include/linux/mdio
    - net: xgene: Move shared header file into include/linux
    - net: mdio-mux-meson-g12a: force internal PHY off on mux switch
    - Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI
      mode"
    - nfsd: Ensure knfsd shuts down when the "nfsd" pseudofs is unmounted
    - block: fix and cleanup bio_check_ro
    - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL
    - netfilter: conntrack: unify established states for SCTP paths
    - perf/x86/amd: fix potential integer overflow on shift of a int
    - clk: Fix pointer casting to prevent oops in devm_clk_release()
    - x86/asm: Fix an assembler warning with current binutils
    - ARM: dts: imx: Fix pca9547 i2c-mux node name
    - bpf: Skip task with pid=1 in send_signal_common()
    - blk-cgroup: fix missing pd_online_fn() while activating policy
    - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init
    - sysctl: add a new register_sysctl_init() interface
    - panic: unset panic_on_warn inside panic()
    - mm: kasan: do not panic if both panic_on_warn and kasan_multishot set
    - exit: Add and use make_task_dead.
    - objtool: Add a missing comma to avoid string concatenation
    - hexagon: Fix function name in die()
    - h8300: Fix build errors from do_exit() to make_task_dead() transition
    - csky: Fix function name in csky_alignment() and die()
    - ia64: make IA64_MCA_RECOVERY bool instead of tristate
    - exit: Put an upper limit on how often we can oops
    - exit: Expose "oops_count" to sysfs
    - exit: Allow oops_limit to be disabled
    - panic: Consolidate open-coded panic_on_warn checks
    - panic: Introduce warn_limit
    - panic: Expose "warn_count" to sysfs
    - docs: Fix path paste-o for /sys/kernel/warn_count
    - exit: Use READ_ONCE() for all oops/warn limit reads
    - ipv6: ensure sane device mtu in tunnels
    - Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt
    - usb: host: xhci-plat: add wakeup entry at sysfs
    - Revert "xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()"
    - Linux 5.4.231
  * CVE-2022-3903
    - USB: add usb_control_msg_send() and usb_control_msg_recv()
    - USB: correct API of usb_control_msg_send/recv
    - USB: move snd_usb_pipe_sanity_check into the USB core
    - media: mceusb: Use new usb_control_msg_*() routines
  * CVE-2022-3108
    - drm/amdkfd: Check for null pointer after calling kmemdup
  * Focal update: v5.4.230 upstream stable release (LP: #2008946)
    - pNFS/filelayout: Fix coalescing test for single DS
    - net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats
    - RDMA/srp: Move large values to a new enum for gcc13
    - f2fs: let's avoid panic if extent_tree is not created
    - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices
    - Add exception protection processing for vd in axi_chan_handle_err function
    - nilfs2: fix general protection fault in nilfs_btree_insert()
    - efi: fix userspace infinite retry read efivars after EFI runtime services
      page fault
    - drm/i915/gt: Reset twice
    - ALSA: hda/realtek - Turn on power early
    - xhci-pci: set the dma max_seg_size
    - usb: xhci: Check endpoint is valid before dereferencing it
    - xhci: Fix null pointer dereference when host dies
    - xhci: Add update_hub_device override for PCI xHCI hosts
    - xhci: Add a flag to disable USB3 lpm on a xhci root port level.
    - usb: acpi: add helper to check port lpm capability using acpi _DSM
    - xhci: Detect lpm incapable xHC USB3 roothub ports from ACPI tables
    - prlimit: do_prlimit needs to have a speculation check
    - USB: serial: option: add Quectel EM05-G (GR) modem
    - USB: serial: option: add Quectel EM05-G (CS) modem
    - USB: serial: option: add Quectel EM05-G (RS) modem
    - USB: serial: option: add Quectel EC200U modem
    - USB: serial: option: add Quectel EM05CN (SG) modem
    - USB: serial: option: add Quectel EM05CN modem
    - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100
    - misc: fastrpc: Don't remove map on creater_process and device_release
    - misc: fastrpc: Fix use-after-free race condition for maps
    - usb: core: hub: disable autosuspend for TI TUSB8041
    - comedi: adv_pci1760: Fix PWM instruction handling
    - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind
    - btrfs: fix race between quota rescan and disable leading to NULL pointer
      deref
    - cifs: do not include page data when checking signature
    - USB: serial: cp210x: add SCALANCE LPE-9000 device id
    - usb: host: ehci-fsl: Fix module alias
    - usb: typec: altmodes/displayport: Add pin assignment helper
    - usb: typec: altmodes/displayport: Fix pin assignment calculation
    - usb: gadget: g_webcam: Send color matching descriptor per frame
    - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
    - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210
    - dt-bindings: phy: g12a-usb3-pcie-phy: fix compatible string documentation
    - serial: pch_uart: Pass correct sg to dma_unmap_sg()
    - dmaengine: tegra210-adma: fix global intr clear
    - serial: atmel: fix incorrect baudrate setup
    - gsmi: fix null-deref in gsmi_get_variable
    - drm/i915: re-disable RC6p on Sandy Bridge
    - drm/amd/display: Fix set scaling doesn's work
    - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix
    - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN
    - mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma
    - Linux 5.4.230

  [ Ubuntu: 5.4.0-146.163 ]

  * focal/linux: 5.4.0-146.163 -proposed tracker (LP: #2012094)
  * NFS deathlock with last Kernel 5.4.0-144.161 and 5.15.0-67.74 (LP: #2009325)
    - NFS: Correct timing for assigning access cache timestamp

 -- Khalid Elmously <khalid.elmously@xxxxxxxxxxxxx>  Tue, 11 Apr 2023
01:10:30 -0400

** Changed in: linux-gkeop (Ubuntu Focal)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3108

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3903

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1281

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-26545

-- 
You received this bug notification because you are a member of hardware-
certification-users, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2011940

Title:
  focal/linux-gkeop: 5.4.0-1067.71 -proposed tracker

Status in canonical-signing-jobs task00 series:
  Fix Released
Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow boot-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow new-review series:
  Fix Released
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-generate series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-signing-to-proposed series:
  Invalid
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  In Progress
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow sru-review series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-gkeop source package in Focal:
  Fix Released

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
    https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  built:
    from: 16a2a56dee2bbfeb
    route-entry: 1
  delta:
    promote-to-proposed: [main, meta, signed, generate]
    promote-to-updates: [main, meta, signed]
  flag:
    boot-testing-requested: true
    bugs-spammed: true
    proposed-announcement-sent: true
    proposed-testing-requested: true
    stream-from-cycle: true
  issue: KSRU-6871
  kernel-stable-master-bug: 2016128
  packages:
    generate: linux-generate-gkeop
    main: linux-gkeop
    meta: linux-meta-gkeop
    signed: linux-signed-gkeop
  phase: Promote to Updates
  phase-changed: Tuesday, 18. April 2023 09:45 UTC
  reason:
    promote-to-updates: Ongoing -- packages not yet published
  synthetic:
    :promote-to-as-proposed: Fix Released
  variant: debs
  versions:
    main: 5.4.0-1067.71
    meta: 5.4.0.1067.65
    signed: 5.4.0-1067.71
  ~~:
    clamps:
      new-review: 16a2a56dee2bbfeb
      promote-to-proposed: 16a2a56dee2bbfeb
      self: 5.4.0-1067.71
      sru-review: 16a2a56dee2bbfeb

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-signing-jobs/task00/+bug/2011940/+subscriptions