This bug was fixed in the package linux - 5.4.0-211.231
---------------
linux (5.4.0-211.231) focal; urgency=medium
* focal/linux: 5.4.0-211.231 -proposed tracker (LP: #2101996)
* cve-2018-5803 kernel panic (LP: #2101091)
- SAUCE: sctp: sysctl: pass right argument to container_of
linux (5.4.0-210.230) focal; urgency=medium
* focal/linux: 5.4.0-210.230 -proposed tracker (LP: #2098353)
* Focal update: v5.4.290 upstream stable release (LP: #2098439)
- jbd2: flush filesystem device before updating tail sequence
- dm array: fix releasing a faulty array block twice in dm_array_cursor_end
- dm array: fix unreleased btree blocks on closing a faulty array cursor
- dm array: fix cursor index when skipping across block boundaries
- ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
- net: 802: LLC+SNAP OID:PID lookup on start of skb data
- tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
- tcp/dccp: allow a connection when sk_max_ack_backlog is zero
- net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
- tls: Fix tls_sw_sendmsg error handling
- dm thin: make get_first_thin use rcu-safe list first function
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
- sctp: sysctl: auth_enable: avoid using current->nsproxy
- drm/amd/display: Add check for granularity in dml ceil/floor helpers
- ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
- ACPI: resource: Add Asus Vivobook X1504VAP to
irq1_level_low_skip_override[]
- drm/amd/display: increase MAX_SURFACES to the value supported by hw
- USB: serial: option: add MeiG Smart SRM815
- USB: serial: option: add Neoway N723-EA support
- staging: iio: ad9834: Correct phase range check
- staging: iio: ad9832: Correct phase range check
- usb-storage: Add max sectors quirk for Nokia 208
- USB: serial: cp210x: add Phoenix Contact UPS Device
- usb: gadget: u_serial: Disable ep before setting port to null to fix the
crash caused by port being null
- USB: usblp: return error when setting unsupported protocol
- USB: core: Disable LPM only for non-suspended ports
- usb: fix reference leak in usb_new_device()
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
- iio: pressure: zpa2326: fix information leak in triggered buffer
- iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered
buffer
- iio: light: vcnl4035: fix information leak in triggered buffer
- iio: imu: kmx61: fix information leak in triggered buffer
- iio: adc: ti-ads8688: fix information leak in triggered buffer
- iio: gyro: fxas21002c: Fix missing data update in trigger handler
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
- iio: adc: at91: call input_free_device() on allocated iio_dev
- iio: inkern: call iio_device_put() only on mapped devices
- arm64: dts: rockchip: fix defines in pd_vio node for rk3399
- arm64: dts: rockchip: fix pd_tcpc0 and pd_tcpc1 node position on rk3399
- arm64: dts: rockchip: add #power-domain-cells to power domain nodes
- arm64: dts: rockchip: add hevc power domain clock to rk3328
- phy: core: fix code style in devm_of_phy_provider_unregister
- phy: core: Fix that API devm_of_phy_provider_unregister() fails to
unregister the phy provider
- ocfs2: correct return value of ocfs2_local_free_info()
- ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
- sctp: sysctl: rto_min/max: avoid using current->nsproxy
- net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
- net: net_namespace: Optimize the code
- net: add exit_batch_rtnl() method
- gtp: use exit_batch_rtnl() method
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
- gtp: Destroy device along with udp socket's netns dismantle.
- nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
- drm/v3d: Ensure job pointer is set to NULL after job completion
- i2c: mux: demux-pinctrl: check initial mux selection, too
- mac802154: check local interfaces before deleting sdata list
- hfs: Sanity check the root record
- kheaders: Ignore silly-rename files
- poll_wait: add mb() to fix theoretical race between waitqueue_active() and
.poll()
- nvmet: propagate npwg topology
- net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
- fs/proc: fix softlockup in __read_vmcore (part 2)
- irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
- hrtimers: Handle CPU state correctly on hotplug
- ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
- scsi: sg: Fix slab-use-after-free read in sg_release()
- net: fix data-races around sk->sk_forward_alloc
- ASoC: wm8994: Add depends on MFD core
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS
request
- irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
- m68k: Update ->thread.esp0 before calling syscall_trace() in
ret_from_signal
- m68k: Add missing mmap_read_lock() to sys_cacheflush()
- signal/m68k: Use force_sigsegv(SIGSEGV) in fpsp040_die
- net: xen-netback: hash.c: Use built-in RCU list checking
- net/xen-netback: prevent UAF in xenvif_flush_hash()
- vfio/platform: check the bounds of read/write syscalls
- ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path
- ext4: fix slab-use-after-free in ext4_split_extent_at()
- USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
- Revert "usb: gadget: u_serial: Disable ep before setting port to null to
fix
the crash caused by port being null"
- Input: atkbd - map F23 key to support default copilot shortcut
- Input: xpad - add unofficial Xbox 360 wireless receiver clone
- Input: xpad - add support for wooting two he (arm)
- drm/v3d: Assign job pointer to NULL before signaling the fence
- xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
- Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM
conditionals
- Linux 5.4.290
* CVE-2021-47219
- scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
* CVE-2024-49925
- fbdev: efifb: Register sysfs groups through driver core
* CVE-2024-56614
- xsk: fix OOB map writes when deleting elements
* net: stmmac: kernel continually prints wol unbalance irq warning
(LP: #2095376)
- net: stmmac: ethtool: Fixed calltrace caused by unbalanced
disable_irq_wake
calls
* CVE-2024-44938
- jfs: Fix shift-out-of-bounds in dbDiscardAG
* CVE-2024-43900
- media: xc2028: avoid use-after-free in load_firmware_cb()
* Focal update: v5.4.289 upstream stable release (LP: #2095437)
- usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc
with
iommu enabled
- PCI/AER: Disable AER service on suspend
- ALSA: usb: Fix UBSAN warning in parse_audio_unit()
- PCI: Add ACS quirk for Broadcom BCM5760X NIC
- i2c: pnx: Fix timeout in wait functions
- drm/i915: Fix memory leak by correcting cache object name in error handler
- erofs: fix order >= MAX_ORDER warning due to crafted negative i_size
- erofs: fix incorrect symlink detection in fast symlink
- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll
- ionic: use ee->offset when returning sprom data
- net: hinic: Fix cleanup in create_rxqs/txqs()
- net: ethernet: bgmac-platform: fix an OF node reference leak
- netfilter: ipset: Fix for recursive locking warning
- mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk
- chelsio/chtls: prevent potential integer overflow on 32bit
- i2c: riic: Always round-up when calculating bus period
- efivarfs: Fix error on non-existent file
- USB: serial: option: add TCL IK512 MBIM & ECM
- USB: serial: option: add MeiG Smart SLM770A
- USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready
- USB: serial: option: add MediaTek T7XX compositions
- USB: serial: option: add Telit FE910C04 rmnet compositions
- sh: clk: Fix clk_enable() to return 0 on NULL clk
- zram: refuse to use zero sized block device as backing device
- btrfs: tree-checker: reject inline extent items with 0 ref count
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget
- of/irq: Fix using uninitialized variable @addr_len in API
of_irq_parse_one()
- nilfs2: prevent use of deleted inode
- udmabuf: also check for F_SEAL_FUTURE_WRITE
- of: Fix error path in of_parse_phandle_with_args_map()
- of: Fix refcount leakage for OF node returned by __of_get_dma_parent()
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
- bpf: Check negative offsets in __bpf_skb_min_len()
- nfsd: restore callback functionality for NFSv4.0
- mtd: diskonchip: Cast an operand to prevent potential overflow
- phy: core: Fix an OF node refcount leakage in _of_phy_get()
- phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup()
- phy: core: Fix that API devm_phy_put() fails to release the phy
- phy: core: Fix that API devm_phy_destroy() fails to destroy the phy
- dmaengine: mv_xor: fix child node refcount handling in early exit
- dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset
- mtd: rawnand: fix double free in atmel_pmecc_create_user()
- tracing/kprobe: Make trace_kprobe's module callback called after
jump_label
update
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040
- scsi: megaraid_sas: Fix for a potential deadlock
- regmap: Use correct format specifier for logging range errors
- platform/x86: asus-nb-wmi: Ignore unknown event 0xCF
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver
load
time
- virtio-blk: don't keep queue frozen during system suspend
- epoll: Add synchronous wakeup support for ep_poll_callback
- MIPS: Probe toolchain support of -msym32
- ipv6: use skb_expand_head in ip6_finish_output2
- ipv6: use skb_expand_head in ip6_xmit
- ipv6: fix possible UAF in ip6_finish_output2()
- bpf: fix recursive lock when verdict program return SK_PASS
- tracing: Constify string literal data member in struct trace_event_call
- btrfs: avoid monopolizing a core when activating a swap file
- ipv6: prevent possible UAF in ip6_xmit()
- selinux: ignore unknown extended permissions
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet
- IB/mlx5: Introduce and use mlx5_core_is_vf()
- net/mlx5: Make API mlx5_core_is_ecpf accept const pointer
- RDMA/mlx5: Enforce same type port association for multiport RoCE
- RDMA/bnxt_re: Add check for path mtu in modify_qp
- RDMA/bnxt_re: Fix reporting hw_ver in query_device
- RDMA/bnxt_re: Fix max_qp_wrs reported
- drm: bridge: adv7511: Enable SPDIF DAI
- drm/bridge: adv7511_audio: Update Audio InfoFrame properly
- netrom: check buffer length before accessing it
- netfilter: Replace zero-length array with flexible-array member
- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
- net: llc: reset skb->transport_header
- ALSA: usb-audio: US16x08: Initialize array before use
- af_packet: fix vlan_get_tci() vs MSG_PEEK
- af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK
- ila: serialize calls to nf_register_net_hooks()
- wifi: mac80211: wake the queues in case of failure in resume
- sound: usb: format: don't warn that raw DSD is unsupported
- bpf: fix potential error return
- net: usb: qmi_wwan: add Telit FE910C04 compositions
- irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base
- ARC: build: Try to guess GCC variant of cross compiler
- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host
- modpost: fix the missed iteration for the max bit in do_input()
- RDMA/uverbs: Prevent integer overflow issue
- pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking
- sky2: Add device ID 11ab:4373 for Marvell 88E8075
- net/sctp: Prevent autoclose integer overflow in sctp_association_init()
- drm: adv7511: Drop dsi single lane support
- mm: vmscan: account for free pages to prevent infinite Loop in
throttle_direct_reclaim()
- ftrace: use preempt_enable/disable notrace macros to avoid double fault
- Linux 5.4.289
* Focal update: v5.4.289 upstream stable release (LP: #2095437) //
CVE-2024-38588
- ftrace: Fix possible use-after-free issue in ftrace_location()
* Focal update: v5.4.288 upstream stable release (LP: #2095199)
- usb: host: max3421-hcd: Correctly abort a USB request.
- ata: sata_highbank: fix OF node reference leak in
highbank_initialize_phys()
- usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature
- usb: ehci-hcd: fix call balance of clocks handling routines
- usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to
accessing null pointer
- xfs: don't drop errno values when we fail to ficlone the entire range
- bpf, sockmap: Fix update element with same
- batman-adv: Do not send uninitialized TT changes
- batman-adv: Remove uninitialized data in full table TT response
- batman-adv: Do not let TT changes list grows indefinitely
- tipc: fix NULL deref in cleanup_bearer()
- net: lapb: increase LAPB_HEADER_LEN
- ACPI: resource: Fix memory resource type union access
- qca_spi: Fix clock speed for multiple QCA7000
- qca_spi: Make driver probing reliable
- net/sched: netem: account for backlog updates from child qdisc
- ACPICA: events/evxfregn: don't release the ContextMutex that was never
acquired
- blk-iocost: clamp inuse and skip noops in __propagate_weights()
- blk-iocost: fix weight updates of inner active iocgs
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights()
- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status
- tracing/kprobes: Skip symbol counting logic for module symbols in
create_local_trace_kprobe()
- xen/netfront: fix crash when removing device
- ALSA: usb-audio: Fix a DMA to stack memory bug
- Linux 5.4.288
* Focal update: v5.4.287 upstream stable release (LP: #2095145)
- netlink: terminate outstanding dump on socket close
- net/mlx5: fs, lock FTE when checking if active
- net/mlx5e: kTLS, Fix incorrect page refcounting
- ocfs2: uncache inode which has failed entering the group
- KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind
CONFIG_BROKEN
- nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
- ocfs2: fix UBSAN warning in ocfs2_verify_volume()
- nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
- Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
- media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set
- kbuild: Use uname for LINUX_COMPILE_HOST detection
- mm: revert "mm: shmem: fix data-race in shmem_getattr()"
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet
- mac80211: fix user-power when emulating chanctx
- selftests/watchdog-test: Fix system accidentally reset after watchdog-test
- ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB
- net: usb: qmi_wwan: add Quectel RG650V
- soc: qcom: Add check devm_kasprintf() returned value
- regulator: rk808: Add apply_bit for BUCK3 on RK809
- ASoC: stm: Prevent potential division by zero in
stm32_sai_mclk_round_rate()
- ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div()
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
- ipmr: Fix access to mfc_cache_list without lock held
- cifs: Fix buffer overflow when parsing NFS reparse points
- NFSD: Force all NFSv4.2 COPY requests to be synchronous
- nvme: fix metadata handling in nvme-passthrough
- mips: asm: fix warning when disabling MIPS_FP_SUPPORT
- initramfs: avoid filename buffer overrun
- nvme-pci: fix freeing of the HMB descriptor table
- m68k: mvme147: Fix SCSI controller IRQ numbers
- m68k: mvme16x: Add and use "mvme16x.h"
- m68k: mvme147: Reinstate early console
- acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block()
- s390/syscalls: Avoid creation of arch/arch/ directory
- hfsplus: don't query the device logical block size multiple times
- firmware: google: Unregister driver_info on failure and exit in gsmi
- firmware: google: Unregister driver_info on failure
- EDAC/bluefield: Fix potential integer overflow
- EDAC/fsl_ddr: Fix bad bit shift operations
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel()
return
-EBUSY
- crypto: cavium - Fix the if condition to exit loop after timeout
- crypto: bcm - add error check in the ahash_hmac_init function
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw()
- time: Fix references to _msecs_to_jiffies() handling of values
- soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq()
- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
- mmc: mmc_spi: drop buggy snprintf()
- efi/tpm: Pass correct address to memblock_reserve
- tpm: fix signed/unsigned bug when checking event logs
- ARM: dts: cubieboard4: Fix DCDC5 regulator constraints
- regmap: irq: Set lockdep class for hierarchical IRQ domains
- firmware: arm_scpi: Check the DVFS OPP count returned by the firmware
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
- drm/omap: Fix locking in omap_gem_new_dmabuf()
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq()
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
- drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq()
- dt-bindings: vendor-prefixes: Add NeoFidelity, Inc
- ASoC: fsl_micfil: Drop unnecessary register read
- ASoC: fsl_micfil: do not define SHIFT/MASK for single bits
- ASoC: fsl_micfil: use GENMASK to define register bit fields
- ASoC: fsl_micfil: fix regmap_write_bits usage
- bpf: Fix the xdp_adjust_tail sample prog issue
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_config_scan()
- drm/panfrost: Remove unused id_mask from struct panfrost_model
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
- drm/etnaviv: dump: fix sparse warnings
- drm/etnaviv: fix power register offset on GC300
- drm/etnaviv: hold GPU lock across perfmon sampling
- bpf, sockmap: Several fixes to bpf_msg_push_data
- bpf, sockmap: Several fixes to bpf_msg_pop_data
- bpf, sockmap: Fix sk_msg_reset_curr
- selftests: net: really check for bg process completion
- net: rfkill: gpio: Add check for clk_enable()
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
- ALSA: 6fire: Release resources at card release
- netpoll: Use rcu_access_pointer() in netpoll_poll_lock
- trace/trace_event_perf: remove duplicate samples on the first tracepoint
event
- powerpc/vdso: Flag VDSO64 entry points as functions
- mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race
- mfd: da9052-spi: Change read-mask to write-mask
- mfd: intel_soc_pmic_bxtwc: Use dev_err_probe()
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices
- cpufreq: loongson2: Unregister platform_driver on failure
- mtd: rawnand: atmel: Fix possible memory leak
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey
- mfd: rt5033: Fix missing regmap_del_irq_chip()
- scsi: bfa: Fix use-after-free in bfad_im_module_exit()
- scsi: fusion: Remove unused variable 'rc'
- scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()
- scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()
- ocfs2: fix uninitialized value in ocfs2_file_read_iter()
- powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static
- fbdev/sh7760fb: Alloc DMA memory from hardware device
- fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()
- dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format
- dt-bindings: clock: axi-clkgen: include AXI clk
- clk: axi-clkgen: use devm_platform_ioremap_resource() short-hand
- clk: clk-axi-clkgen: make sure to enable the AXI bus clock
- perf cs-etm: Don't flush when packet_queue fills up
- perf probe: Correct demangled symbols in C++ program
- PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads
- PCI: cpqphp: Fix PCIBIOS_* return value confusion
- m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x
- m68k: coldfire/device.c: only build FEC when HW macros are defined
- perf trace: Do not lose last events in a race
- perf trace: Avoid garbage when not printing a syscall's arguments
- rpmsg: glink: Add TX_DATA_CONT command while sending
- rpmsg: glink: Send READ_NOTIFY command in FIFO full case
- rpmsg: glink: Fix GLINK command prefix
- rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
- NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
- NFSD: Fix nfsd4_shutdown_copy()
- vfio/pci: Properly hide first-in-list PCIe extended capability
- power: supply: core: Remove might_sleep() from power_supply_put()
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
- tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL
configuration
- marvell: pxa168_eth: fix call balance of pep->clk handling routines
- net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
- ipmr: convert /proc handlers to rcu_read_lock()
- ipmr: fix tables suspicious RCU usage
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()
- usb: yurex: make waiting on yurex_write interruptible
- USB: chaoskey: fail open after removal
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock
- misc: apds990x: Fix missing pm_runtime_disable()
- staging: greybus: uart: clean up TIOCGSERIAL
- apparmor: fix 'Do simple duplicate message elimination'
- usb: ehci-spear: fix call balance of sehci clk handling routines
- cgroup: Make operations on the cgroup root_list RCU safe
- cgroup: Move rcu_head up near the top of cgroup_root
- soc: qcom: socinfo: fix revision check in qcom_socinfo_probe()
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox
devices
- ext4: supress data-race warnings in ext4_free_inodes_{count,set}()
- ext4: fix FS_IOC_GETFSMAP handling
- jfs: xattr: check invalid xattr size more strictly
- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata()
- PCI: Fix use-after-free of slot->bus on hot remove
- comedi: Flush partial mappings in error case
- tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler
- Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}()
- Revert "usb: gadget: composite: fix OS descriptors w_value logic"
- serial: sh-sci: Clean sci_ports[0] after at earlycon exit
- Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit"
- spi: Fix acpi deferred irq probe
- ubi: wl: Put source PEB into correct list if trying locking LEB failed
- um: ubd: Do not use drvdata in release
- um: net: Do not use drvdata in release
- serial: 8250: omap: Move pm_runtime_get_sync
- um: vector: Do not use drvdata in release
- sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
- media: wl128x: Fix atomicity violation in fmc_send_cmd()
- ALSA: hda/realtek: Update ALC225 depop procedure
- ALSA: hda/realtek: Set PCBeep to default value for ALC274
- ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max
- ALSA: hda/realtek: Apply quirk for Medion E15433
- usb: dwc3: gadget: Fix checking for number of TRBs left
- lib: string_helpers: silence snprintf() output truncation warning
- NFSD: Prevent a potential integer overflow
- SUNRPC: make sure cache entry active before cache_show
- rpmsg: glink: Propagate TX failures in intentless mode as well
- um: Fix potential integer overflow during physmem setup
- um: Fix the return value of elf_core_copy_task_fpregs
- um/sysrq: remove needless variable sp
- um: add show_stack_loglvl()
- um: Clean up stacktrace dump
- um: Always dump trace for specified task in show_stack
- NFSv4.0: Fix a use-after-free problem in the asynchronous open()
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq()
- rtc: abx80x: Fix WDT bit position of the status register
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
- ubifs: Correct the total block count by deducting journal reservation
- ubi: fastmap: Fix duplicate slab cache names while attaching
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
- jffs2: fix use of uninitialized variable
- block: return unsigned int from bdev_io_min
- 9p/xen: fix init sequence
- 9p/xen: fix release of IRQ
- rtc: ab-eoz9: don't fail temperature reads on undervoltage notification
- modpost: remove incorrect code in do_eisa_entry()
- SUNRPC: correct error code comment in xs_tcp_setup_socket()
- SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE
- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport
- sh: intc: Fix use-after-free bug in register_intc_controller()
- ASoC: fsl_micfil: fix the naming style for mask definition
- quota: flush quota_release_work upon quota writeback
- btrfs: ref-verify: fix use-after-free after invalid ref action
- media: i2c: tc358743: Fix crash in the probe error path when using polling
- media: ts2020: fix null-ptr-deref in ts2020_probe()
- media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled
- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate()
- media: platform: allegro-dvt: Fix possible memory leak in
allocate_buffers_internal()
- ovl: Filter invalid inodes with missing lookup function
- ftrace: Fix regression with module command in stack_trace_filter
- clk: qcom: gcc-qcs404: fix initial rate of GPLL3
- ad7780: fix division by zero in ad7780_write_raw()
- util_macros.h: fix/rework find_closest() macros
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()
- dm thin: Add missing destroy_work_on_stack()
- nfsd: make sure exp active before svc_export_show
- nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur
- drm/etnaviv: flush shader L1 cache after user commandstream
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
- watchdog: mediatek: Make sure system reset gets asserted in
mtk_wdt_restart()
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is
NULL
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
- ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
- netfilter: x_tables: fix LED ID check in led_tg_check()
- net/sched: tbf: correct backlog statistic for GSO packets
- can: j1939: j1939_session_new(): fix skb reference counting
- net/ipv6: release expired exception dst cached in socket
- dccp: Fix memory leak in dccp_feat_change_recv
- tipc: add reference counter to bearer
- tipc: enable creating a "preliminary" node
- tipc: add new AEAD key structure for user API
- tipc: Fix use-after-free of kernel socket in cleanup_bearer().
- net/qed: allow old cards not supporting "num_images" to work
- igb: Fix potential invalid memory access in igb_init_module()
- netfilter: ipset: Hold module reference while requesting a module
- netfilter: nft_set_hash: skip duplicated elements pending gc run
- xen/xenbus: reference count registered modules
- xenbus/backend: Add memory pressure handler callback
- xenbus/backend: Protect xenbus callback with lock
- xen/xenbus: fix locking
- xen: Fix the issue of resource not being properly released in
xenbus_dev_probe()
- x86/asm: Reorder early variables
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit
- gpio: grgpio: use a helper variable to store the address of ofdev->dev
- gpio: grgpio: Add NULL check in grgpio_probe
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter
- tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
- spi: mpc52xx: Add cancel_work_sync before module remove
- ocfs2: free inode when ocfs2_get_init_inode() fails
- bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie
- bpf: Fix exact match conditions in trie_get_next_key()
- HID: wacom: fix when get product name maybe null pointer
- tracing: Fix cmp_entries_dup() to respect sort() comparison rules
- ocfs2: update seq_file index in ocfs2_dlm_seq_next
- scsi: qla2xxx: Fix NVMe and NPIV connect issue
- scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
- scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
- dma-buf: fix dma_fence_array_signaled v4
- regmap: detach regmap from dev on regmap_exit
- mmc: core: Further prevent card detect during shutdown
- s390/cpum_sf: Handle CPU hotplug remove during sampling
- media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
- media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
- drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
- drm/mcde: Enable module autoloading
- drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()
- samples/bpf: Fix a resource leak
- net: fec_mpc52xx_phy: Use %pa to format resource_size_t
- net: ethernet: fs_enet: Use %pa to format resource_size_t
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
- af_packet: avoid erroring out after sock_init_data() in packet_create()
- Bluetooth: L2CAP: do not leave dangling sk pointer on error in
l2cap_sock_create()
- net: af_can: do not leave a dangling sk pointer in can_create()
- net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
- net: inet: do not leave a dangling sk pointer in inet_create()
- net: inet6: do not leave a dangling sk pointer in inet6_create()
- wifi: ath5k: add PCI ID for SX76X
- wifi: ath5k: add PCI ID for Arcadyan devices
- jfs: array-index-out-of-bounds fix in dtReadFirst
- jfs: fix shift-out-of-bounds in dbSplit
- jfs: fix array-index-out-of-bounds in jfs_readdir
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
- drm/amdgpu: set the right AMDGPU sg segment limitation
- wifi: ipw2x00: libipw_rx_any(): fix bad alignment
- wifi: brcmfmac: Fix oops due to NULL pointer dereference in
brcmf_sdiod_sglist_rw()
- Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables
- ASoC: hdmi-codec: reorder channel allocation list
- rocker: fix link status detection in rocker_carrier_init()
- net/neighbor: clear error in case strict check is not set
- netpoll: Use rcu_access_pointer() in __netpoll_setup
- tracing: Use atomic64_inc_return() in trace_clock_counter()
- leds: class: Protect brightness_show() with led_cdev->led_access mutex
- scsi: st: Don't modify unknown block number in MTIOCGET
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
- pinctrl: qcom-pmic-gpio: add support for PM8937
- nvdimm: rectify the illogical code within nd_dax_probe()
- f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
- PCI: Add 'reset_subordinate' to reset hierarchy below bridge
- PCI: Add ACS quirk for Wangxun FF5xxx NICs
- i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to
avoid deadlock
- usb: chipidea: udc: handle USB Error Interrupt if IOC not set
- powerpc/prom_init: Fixup missing powermac #size-cells
- misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
- xdp: Simplify devmap cleanup
- bpf: fix OOB devmap writes when deleting elements
- Revert "unicode: Don't special case ignorable code points"
- perf/x86/intel/pt: Fix buffer full but size is 0 case
- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device
- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE
- jffs2: Prevent rtime decompress memory corruption
- jffs2: Fix rtime decompressor
- ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2
volume"
- modpost: Add .irqentry.text to OTHER_SECTIONS
- Revert "drm/amdgpu: add missing size check in
amdgpu_debugfs_gprwave_read()"
- PCI: rockchip-ep: Fix address translation unit programming
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources
- bpf, xdp: Update devmap comments to reflect napi/rcu usage
- Linux 5.4.287
* CVE-2024-23848
- media: cec: abort if the current transmit was canceled
- media: cec: core: avoid recursive cec_claim_log_addrs
- media: cec: core: avoid confusing "transmit timed out" message
-- Mehmet Basaran <mehmet.basa...@canonical.com> Tue, 11 Mar 2025
18:01:48 +0300
** Changed in: linux (Ubuntu Focal)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-47219
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-23848
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-38588
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-43900
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-44938
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-49925
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-56614
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2098439
Title:
Focal update: v5.4.290 upstream stable release
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Focal:
Fix Released
Bug description:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
v5.4.290 upstream stable release
from git://git.kernel.org/
jbd2: flush filesystem device before updating tail sequence
dm array: fix releasing a faulty array block twice in dm_array_cursor_end
dm array: fix unreleased btree blocks on closing a faulty array cursor
dm array: fix cursor index when skipping across block boundaries
ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
net: 802: LLC+SNAP OID:PID lookup on start of skb data
tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
tcp/dccp: allow a connection when sk_max_ack_backlog is zero
net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
tls: Fix tls_sw_sendmsg error handling
dm thin: make get_first_thin use rcu-safe list first function
sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
sctp: sysctl: auth_enable: avoid using current->nsproxy
drm/amd/display: Add check for granularity in dml ceil/floor helpers
ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[]
drm/amd/display: increase MAX_SURFACES to the value supported by hw
USB: serial: option: add MeiG Smart SRM815
USB: serial: option: add Neoway N723-EA support
staging: iio: ad9834: Correct phase range check
staging: iio: ad9832: Correct phase range check
usb-storage: Add max sectors quirk for Nokia 208
USB: serial: cp210x: add Phoenix Contact UPS Device
usb: gadget: u_serial: Disable ep before setting port to null to fix the
crash caused by port being null
USB: usblp: return error when setting unsupported protocol
USB: core: Disable LPM only for non-suspended ports
usb: fix reference leak in usb_new_device()
usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
iio: pressure: zpa2326: fix information leak in triggered buffer
iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer
iio: light: vcnl4035: fix information leak in triggered buffer
iio: imu: kmx61: fix information leak in triggered buffer
iio: adc: ti-ads8688: fix information leak in triggered buffer
iio: gyro: fxas21002c: Fix missing data update in trigger handler
iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
iio: adc: at91: call input_free_device() on allocated iio_dev
iio: inkern: call iio_device_put() only on mapped devices
arm64: dts: rockchip: fix defines in pd_vio node for rk3399
arm64: dts: rockchip: fix pd_tcpc0 and pd_tcpc1 node position on rk3399
arm64: dts: rockchip: add #power-domain-cells to power domain nodes
arm64: dts: rockchip: add hevc power domain clock to rk3328
phy: core: fix code style in devm_of_phy_provider_unregister
phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister
the phy provider
ocfs2: correct return value of ocfs2_local_free_info()
ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
sctp: sysctl: rto_min/max: avoid using current->nsproxy
net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
net: net_namespace: Optimize the code
net: add exit_batch_rtnl() method
gtp: use exit_batch_rtnl() method
gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
gtp: Destroy device along with udp socket's netns dismantle.
nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
drm/v3d: Ensure job pointer is set to NULL after job completion
i2c: mux: demux-pinctrl: check initial mux selection, too
mac802154: check local interfaces before deleting sdata list
hfs: Sanity check the root record
kheaders: Ignore silly-rename files
poll_wait: add mb() to fix theoretical race between waitqueue_active() and
.poll()
nvmet: propagate npwg topology
net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
fs/proc: fix softlockup in __read_vmcore (part 2)
irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
hrtimers: Handle CPU state correctly on hotplug
ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
scsi: sg: Fix slab-use-after-free read in sg_release()
net: fix data-races around sk->sk_forward_alloc
ASoC: wm8994: Add depends on MFD core
scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
m68k: Update ->thread.esp0 before calling syscall_trace() in ret_from_signal
m68k: Add missing mmap_read_lock() to sys_cacheflush()
signal/m68k: Use force_sigsegv(SIGSEGV) in fpsp040_die
net: xen-netback: hash.c: Use built-in RCU list checking
net/xen-netback: prevent UAF in xenvif_flush_hash()
vfio/platform: check the bounds of read/write syscalls
ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path
ext4: fix slab-use-after-free in ext4_split_extent_at()
USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix
the crash caused by port being null"
Input: atkbd - map F23 key to support default copilot shortcut
Input: xpad - add unofficial Xbox 360 wireless receiver clone
Input: xpad - add support for wooting two he (arm)
drm/v3d: Assign job pointer to NULL before signaling the fence
xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals
Linux 5.4.290
UBUNTU: Upstream stable to v5.4.290
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2098439/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
