This bug was fixed in the package linux - 5.4.0-216.236
---------------
linux (5.4.0-216.236) focal; urgency=medium
* focal/linux: 5.4.0-216.236 -proposed tracker (LP: #2106869)
* CVE-2023-52741
- cifs: Fix use-after-free in rdata->read_into_pages()
* CVE-2021-47191
- scsi: scsi_debug: Fix out-of-bound read in resp_readcap16()
* iommu/arm-smmu-v3: Don't reserve implementation defined register space
(LP: #2067864)
- iommu/arm-smmu-v3: Don't reserve implementation defined register space
* CVE-2025-21971
- net_sched: Prevent creation of classes with TC_H_ROOT
* CVE-2024-56599
- wifi: ath10k: avoid NULL pointer error during sdio remove
* Focal update: v5.4.291 upstream stable release (LP: #2106002)
- perf cs-etm: Add missing variable in cs_etm__process_queues()
- udf: Fix use of check_add_overflow() with mixed type arguments
- overflow: Add __must_check attribute to check_*() helpers
- overflow: Correct check_shl_overflow() comment
- overflow: Allow mixed type arguments
- afs: Fix directory format encoding struct
- partitions: ldm: remove the initial kernel-doc notation
- drm/etnaviv: Fix page property being used for non writecombine buffers
- wifi: rtlwifi: do not complete firmware loading needlessly
- rtlwifi: rtl8192se Rename RT_TRACE to rtl_dbg
- wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
- wifi: rtlwifi: usb: fix workqueue leak when probe fails
- dt-bindings: mmc: controller: clarify the address-cells description
- rtlwifi: replace usage of found with dedicated list iterator variable
- wifi: rtlwifi: remove unused timer and related code
- wifi: rtlwifi: remove unused dualmac control leftovers
- wifi: rtlwifi: pci: wait for firmware loading before releasing memory
- cpupower: fix TSC MHz calculation
- regulator: of: Implement the unwind path of of_regulator_match()
- wifi: wlcore: fix unbalanced pm_runtime calls
- selftests/harness: Display signed values correctly
- selftests: harness: fix printing of mismatch values in __EXPECT()
- clk: analogbits: Fix incorrect calculation of vco rate delta
- net/mlxfw: Drop hard coded max FW flash image size
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
- ASoC: sun4i-spdif: Add clock multiplier settings
- perf header: Fix one memory leakage in process_bpf_btf()
- perf header: Fix one memory leakage in process_bpf_prog_info()
- ktest.pl: Remove unused declarations in run_bisect_test function
- padata: fix sysfs store callback check
- perf top: Don't complain about lack of vmlinux when not resolving some
kernel samples
- perf report: Fix misleading help message about --demangle
- RDMA/mlx4: Avoid false error about access to uninitialized gids array
- arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
- arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
- ARM: dts: mediatek: mt7623: fix IR nodename
- fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
- media: rc: iguanair: handle timeouts
- media: lmedm04: Use GFP_KERNEL for URB allocation/submission.
- media: lmedm04: Handle errors for lme2510_int_read
- PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
- media: mipi-csis: Add check for clk_enable()
- media: camif-core: Add check for clk_enable()
- media: uvcvideo: Propagate buf->error to userspace
- staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
- scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
- scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
- ocfs2: mark dquot as inactive if failed to start trans while releasing
dquot
- module: Extend the preempt disabled section in
dereference_symbol_descriptor().
- dmaengine: ti: edma: fix OF node reference leaks in edma_driver
- net: fec: implement TSO descriptor cleanup
- PM: hibernate: Add error handling for syscore_suspend()
- perf trace: Fix runtime error of index out of bounds
- vsock: Allow retrying on connect() failure
- net: sh_eth: Fix missing rtnl lock in suspend/resume path
- genksyms: fix memory leak when the same symbol is added from source
- genksyms: fix memory leak when the same symbol is read from *.symref file
- hexagon: fix using plain integer as NULL pointer warning in cmpxchg
- hexagon: Fix unbalanced spinlock in die()
- NFSD: Reset cb_seq_status after NFS4ERR_DELAY
- ktest.pl: Check kernelrelease return in get_version
- drivers/card_reader/rtsx_usb: Restore interrupt based detection
- usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to
PD_T_SENDER_RESPONSE
- btrfs: output the reason for open_ctree() failure
- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling
- sched: Don't try to catch up excess steal time.
- x86/amd_nb: Restrict init function to AMD-based systems
- tun: fix group permission check
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id
- HID: Wacom: Add PCI Wacom device support
- APEI: GHES: Have GHES honor the panic= setting
- x86/mm: Don't disable PCID when INVLPG has been fixed by microcode
- spi-mxs: Fix chipselect glitch
- nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link
- nilfs2: eliminate staggered calls to kunmap in nilfs_rename
- media: uvcvideo: Only save async fh if success
- kbuild: userprogs: use correct lld when linking through clang
- tasklet: Introduce new initialization API
- net: usb: rtl8150: use new tasklet API
- usb: xhci: Add timeout argument in address_device USB HCD callback
- nvme: handle connectivity loss in nvme_set_queue_count
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry
- gpu: drm_dp_cec: fix broken CEC adapter properties check
- tg3: Disable tg3 PCIe AER on system reboot
- udp: gso: do not drop small packets when PMTU reduces
- tun: revert fix group permission check
- cpufreq: s3c64xx: Fix compilation warning
- leds: lp8860: Write full EEPROM, not only half of it
- s390/futex: Fix FUTEX_OP_ANDN implementation
- m68k: vga: Fix I/O defines
- arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages
- drm/komeda: Add check for komeda_get_layer_fourcc_list()
- clk: qcom: clk-alpha-pll: fix alpha mode configuration
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate
- perf bench: Fix undefined behavior in cmpworker()
- of: Correct child specifier used as input of the 2nd nexus node
- of: Fix of_find_node_opts_by_path() handling of alias+path+options
- of: reserved-memory: Fix using wrong number of cells to get property
'alignment'
- HID: hid-sensor-hub: don't use stale platform-data on remove
- usb: gadget: f_tcm: Translate error to sense
- usb: gadget: f_tcm: Decrement command ref count on cleanup
- usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint
- usb: gadget: f_tcm: Don't prepare BOT write request twice
- serial: sh-sci: Drop __initdata macro for port_cfg
- serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is
in use
- powerpc/pseries/eeh: Fix get PE state translation
- kbuild: Move -Wenum-enum-conversion to W=2
- soc: qcom: smem_state: fix missing of_node_put in error path
- media: ov5640: fix get_light_freq on auto
- media: uvcvideo: Fix event flags in uvc_ctrl_send_events
- media: uvcvideo: Remove redundant NULL assignment
- crypto: qce - fix goto jump in error path
- crypto: qce - unregister previously registered algos in error path
- nvmem: core: improve range check for nvmem_cell_write()
- vfio/platform: check the bounds of read/write syscalls
- ocfs2: fix incorrect CPU endianness conversion causing mount failure
- mtd: onenand: Fix uninitialized retlen in do_otp_read()
- misc: fastrpc: Fix registered buffer page address
- net/ncsi: wait for the last response to Deselect Package before
configuring
channel
- MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static
- ocfs2: check dir i_size in ocfs2_find_entry
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ
- gpio: bcm-kona: Add missing newline to dev_err format string
- xen: remove a confusing comment on auto-translated guest I/O
- x86/xen: allow larger contiguous memory regions in PV guests
- media: cxd2841er: fix 64-bit division on gcc-9
- vfio/pci: Enable iowrite64 and ioread64 for vfio pci
- Grab mm lock before grabbing pt lock
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V
- usb: roles: set switch registered flag early on
- usb: gadget: udc: renesas_usb3: Fix compiler warning
- usb: dwc2: gadget: remove of_node reference upon udc_stop
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk
- usb: cdc-acm: Fix handling of oversized fragments
- USB: serial: option: add MeiG Smart SLM828
- USB: serial: option: add Telit Cinterion FN990B compositions
- USB: serial: option: fix Telit Cinterion FN990A name
- USB: serial: option: drop MeiG Smart defines
- can: c_can: fix unbalanced runtime PM disable in error path
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data
length zero
- alpha: make stack 16-byte aligned (most cases)
- serial: 8250: Fix fifo underflow on flush
- alpha: align stack for page fault and user unaligned trap handlers
- gpio: stmpe: Check return value of stmpe_reg_read in
stmpe_gpio_irq_sync_unlock
- regmap-irq: Add missing kfree()
- net: treat possible_net_t net pointer as an RCU one and add
read_pnet_rcu()
- net: add dev_net_rcu() helper
- ipv4: use RCU protection in rt_is_expired()
- ipv4: use RCU protection in inet_select_addr()
- neighbour: delete redundant judgment statements
- alpha: replace hardcoded stack offsets with autogenerated ones
- nilfs2: do not output warnings when clearing dirty buffers
- can: ems_pci: move ASIX AX99100 ids to pci_ids.h
- serial: 8250_pci: add support for ASIX AX99100
- parport_pc: add support for ASIX AX99100
- x86/i8253: Disable PIT timer 0 when not in use
- Revert "btrfs: avoid monopolizing a core when activating a swap file"
- btrfs: avoid monopolizing a core when activating a swap file
- vlan: introduce vlan_dev_free_egress_priority
- vlan: move dev_put into vlan_dev_uninit
- scsi: storvsc: Set correct data length for sending SCSI command without
payload
- crypto: testmgr - fix wrong key length for pkcs1pad
- crypto: testmgr - Fix wrong test case of RSA
- crypto: testmgr - fix version number of RSA tests
- crypto: testmgr - populate RSA CRT parameters in RSA test vectors
- crypto: testmgr - some more fixes to RSA test vectors
- mm: update mark_victim tracepoints fields
- usb: dwc3: Increase DWC3 controller halt timeout
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state
- usb/gadget: f_midi: convert tasklets to use new tasklet_setup() API
- usb/gadget: f_midi: Replace tasklet with work
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline
- ALSA: hda/realtek - Add type for ALC287
- ALSA: hda/realtek: Fixup ALC225 depop procedure
- geneve: Suppress list corruption splat in geneve_destroy_tunnels().
- net: extract port range fields from fl_flow_key
- flow_dissector: Fix handling of mixed port and port-range keys
- flow_dissector: Fix port range key handling in BPF conversion
- power: supply: da9150-fg: fix potential overflow
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED
- acct: block access to kernel internal filesystems
- batman-adv: Ignore neighbor throughput metrics in error case
- sunrpc: suppress warnings for unused procfs functions
- net: loopback: Avoid sending IP packets without an Ethernet header
- net: cadence: macb: Synchronize stats calculations
- ASoC: es8328: fix route from DAC to output
- ipvs: Always clear ipvs_property flag in skb_scrub_packet()
- net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination.
- x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems
- ftrace: Avoid potential division by zero in function_stat_show()
- perf/core: Fix low freq setting via IOC_PERIOD
- phy: tegra: xusb: reset VBUS & ID OVERRIDE
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk
- kernel/acct.c: use #elif instead of #end and #elif
- kernel/acct.c: use dedicated helper to access rlimit values
- drm/amdgpu: skip BAR resizing if the bios already did it
- drm/amdgpu: Check extended configuration space register when system uses
large bar
- drm/amdgpu: disable BAR resize on Dell G5 SE
- Revert "of: reserved-memory: Fix using wrong number of cells to get
property
'alignment'"
- HID: appleir: Fix potential NULL dereference at raw event handle
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist
- ALSA: hda/realtek: update ALC222 depop optimize
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e
- x86/cacheinfo: Validate CPUID leaf 0x2 EDX output
- x86/cpu: Validate CPUID leaf 0x2 EDX output
- x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63
- wifi: cfg80211: regulatory: improve invalid hints checking
- wifi: nl80211: reject cooked mode if it is set along with other flags
- rapidio: add check for rio_add_net() in rio_scan_alloc_net()
- rapidio: fix an API misues when rio_add_net() fails
- mm/page_alloc: fix uninitialized variable
- wifi: iwlwifi: limit printed string from FW file
- HID: google: fix unused variable warning under !CONFIG_ACPI
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
- net: gso: fix ownership in __udp_gso_segment
- caif_virtio: fix wrong pointer check in cfv_probe()
- hwmon: (pmbus) Initialise page count in pmbus_identify()
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table
- hwmon: (ad7314) Validate leading zero bits and return error
- llc: do not use skb_get() before dev_queue_xmit()
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe()
- drm/sched: Fix preprocessor guard
- be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink
- ppp: Fix KMSAN uninit-value warning with bpf
- vlan: enforce underlying device type
- net-timestamp: support TCP GSO case for a few missing flags
- net: ipv6: fix dst ref loop in ila lwtunnel
- net: ipv6: fix missing dst ref drop in ila lwtunnel
- gpio: rcar: Fix missing of_node_put() call
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection"
- usb: renesas_usbhs: Call clk_put()
- usb: renesas_usbhs: Use devm_usb_get_phy()
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card
Reader
- usb: renesas_usbhs: Flush the notify_hotplug_work
- usb: atm: cxacru: fix a flaw in existing endpoint checks
- usb: typec: ucsi: increase timeout for PPM reset operations
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality
- usb: gadget: Set self-powered based on MaxPower and bmAttributes
- usb: gadget: Fix setting self-powered state on suspend
- usb: gadget: Check bmAttributes only if configuration is valid
- xhci: pci: Fix indentation in the PCI device ID definitions
- intel_th: pci: Add Arrow Lake support
- intel_th: pci: Add Panther Lake-H support
- intel_th: pci: Add Panther Lake-P/U support
- slimbus: messaging: Free transaction ID in delayed interrupt scenario
- eeprom: digsy_mtc: Make GPIO lookup table match the device
- Linux 5.4.291
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-26982
- Squashfs: check the inode number is not the invalid value of zero
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21846
- acct: perform last write from workqueue
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21862
- drop_monitor: fix incorrect initialization order
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-58090
- sched/core: Prevent rescheduling when interrupts are disabled
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21877
- usbnet: gl620a: fix endpoint checking in genelink_bind()
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21823
- batman-adv: Drop unmanaged ELP metric worker
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21848
- nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21871
- tee: optee: Fix supplicant wait loop
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21865
- gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21858
- geneve: Fix use-after-free in geneve_find_dev().
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21866
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as
VM_ALLOC
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21859
- USB: gadget: f_midi: f_midi_complete to call queue_work
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-57977
- memcg: fix soft lockup in the OOM process
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-50055
- driver core: bus: Fix double free in driver API bus_register()
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-57979
- pps: Fix a use-after-free
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21811
- nilfs2: protect access to buffers with no active references
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21722
- nilfs2: do not force clear folio if buffer is referenced
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21760
- ndisc: extend RCU protection in ndisc_send_skb()
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21761
- openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21762
- arp: use RCU protection in arp_xmit()
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21763
- neighbour: use RCU protection in __neigh_notify()
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21764
- ndisc: use RCU protection in ndisc_alloc_skb()
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21765
- ipv6: use RCU protection in ip6_default_advmss()
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21772
- partitions: mac: fix handling of bogus partition table
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21704
- usb: cdc-acm: Check control transfer buffer size before access
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21776
- USB: hub: Ignore non-compliant devices with too many configs or interfaces
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21835
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21781
- batman-adv: fix panic during interface removal
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21782
- orangefs: fix a oob in orangefs_debug_write
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21785
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21787
- team: better TEAM_OPTION_TYPE_STRING validation
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21791
- vrf: use RCU protection in l3mdev_l3_out()
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-58020
- HID: multitouch: Add NULL check in mt_input_configured
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21814
- ptp: Ensure info->enable callback is always set
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21735
- NFC: nci: Add bounds checking in nci_hci_create_pipe()
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21736
- nilfs2: fix possible int overflows in nilfs_fiemap()
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-58001
- ocfs2: handle a symlink read error correctly
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-58007
- soc: qcom: socinfo: Avoid out of bounds read of serial number
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21744
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-58009
- Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-58083
- KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-58010
- binfmt_flat: Fix integer overflow bug on 32 bit systems
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21749
- net: rose: lock the socket in rose_bind()
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-57981
- usb: xhci: Fix NULL pointer dereference on certain command aborts
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21708
- net: usb: rtl8150: enable basic endpoint checking
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21647
- sched: sch_cake: add bounds checks to host bulk flow fairness counts
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-58002
- media: uvcvideo: Remove dangling pointers
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21721
- nilfs2: handle errors that nilfs_prepare_chunk() may return
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-58085
- tomoyo: don't emit warning in tomoyo_write_control()
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-58014
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-58017
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21753
- btrfs: fix use-after-free when attempting to join an aborted transaction
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-58055
- usb: gadget: f_tcm: Don't free command immediately
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-57980
- media: uvcvideo: Fix double free in error path
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-57986
- HID: core: Fix assumption that Resolution Multipliers must be in Logical
Collections
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21715
- net: davicom: fix UAF in dm9000_drv_remove
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21718
- net: rose: fix timer races against user threads
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21719
- ipmr: do not call mr_mfc_uses_dev() for unres entries
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-58058
- ubifs: skip dumping tnc tree when zroot is null
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-58069
- rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-57973
- rdma/cxgb4: Prevent potential integer overflow on 32bit
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21728
- bpf: Send signals asynchronously if !preemptible
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21806
- net: let net.core.dev_weight always be non-zero
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-58071
- team: prevent adding a device which is already a team device lower
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-58063
- wifi: rtlwifi: fix memory leaks and invalid access at probe error path
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-58072
- wifi: rtlwifi: remove unused check_buddy_priv
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-58051
- ipmi: ipmb: Add check devm_kasprintf() returned value
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2024-58052
- drm/amdgpu: Fix potential NULL pointer dereference in
atomctrl_get_smc_sclk_range_table
* Focal update: v5.4.291 upstream stable release (LP: #2106002) //
CVE-2025-21731
- nbd: don't allow reconnect after disconnect
* CVE-2024-26996
- usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport
error
* CVE-2023-52664
- net: atlantic: eliminate double free in error handling logic
* CVE-2024-26689
- ceph: prevent use-after-free in encode_cap_msg()
* CVE-2023-52927
- netfilter: allow exp not to be removed in nf_ct_find_expectation
-- Mehmet Basaran <mehmet.basa...@canonical.com> Fri, 11 Apr 2025
22:12:36 +0300
** Changed in: linux (Ubuntu Focal)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-47191
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52664
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52741
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52927
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-26689
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-26982
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-26996
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-50055
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-56599
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-57973
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-57977
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-57979
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-57980
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-57981
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-57986
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58001
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58002
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58007
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58009
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58010
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58014
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58017
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58020
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58051
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58052
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58055
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58058
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58063
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58069
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58071
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58072
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58083
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58085
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58090
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21647
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21704
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21708
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21715
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21718
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21719
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21721
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21722
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21728
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21731
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21735
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21736
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21744
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21749
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21753
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21760
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21761
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21762
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21763
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21764
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21765
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21772
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21776
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21781
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21782
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21785
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21787
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21791
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21806
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21811
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21814
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21823
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21835
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21846
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21848
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21858
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21859
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21862
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21865
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21866
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21871
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21877
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21971
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/2067864
Title:
iommu/arm-smmu-v3: Don't reserve implementation defined register space
Status in linux package in Ubuntu:
New
Status in linux-aws package in Ubuntu:
New
Status in linux source package in Focal:
Fix Released
Status in linux-aws source package in Focal:
Fix Released
Bug description:
SRU Justification
[Impact]
In order to solve boot issues with new instance types running the 5.4 kernels,
AWS has requested a backport of upstream commit 52f3fab0067d
("iommu/arm-smmu-v3: Don't reserve implementation defined register space").
[Fix]
There was a conflict when adding arm_smmu_ioremap() due to the current
context missing ab246774713e ("iommu/arm-smmu-v3: Unregister IOMMU and
bus ops on device removal").
[Test]
It's been tested that the new instances can boot successfully with the AWS 5.4
kernels with this patch applied.
[Where problems could occur]
This touches probing of the ARM SMMUv3 driver, which might lead to boot
failures or system instability.
[Other info]
SF #00407928
---------------------------- Original bug report ----------------------------
can ubuntu 20.04 kernel backport this
commit:https://github.com/torvalds/linux/commit/52f3fab0067d6fa9e99c1b7f63265dd48ca76046
to avoid resource reservation conflicts.
we met this problem in aliyun ebmc8y instance type
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2067864/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
