Ubuntu
linux package

Focal update: v5.4.163 upstream stable release

Bug #1956380 reported by Kamal Mostafa on 2022-01-04

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Focal	Fix Released	Medium	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

v5.4.163 upstream stable release
from git://git.kernel.org/

USB: serial: option: add Telit LE910S1 0x9200 composition
USB: serial: option: add Fibocom FM101-GL variants
usb: dwc2: gadget: Fix ISOC flow for elapsed frames
usb: dwc2: hcd_queue: Fix use of floating point literal
net: nexthop: fix null pointer dereference when IPv6 is not enabled
usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts
usb: hub: Fix usb enumeration issue due to address0 race
usb: hub: Fix locking issues with address0_mutex
binder: fix test regression due to sender_euid change
ALSA: ctxfi: Fix out-of-range access
media: cec: copy sequence field for the reply
HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts
staging/fbtft: Fix backlight
staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
xen: don't continue xenstore initialization in case of errors
xen: detect uninitialized xenbus in xenbus_init
KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
tracing/uprobe: Fix uprobe_perf_open probes iteration
tracing: Fix pid filtering when triggers are attached
mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB
mdio: aspeed: Fix "Link is Down" issue
PCI: aardvark: Deduplicate code in advk_pcie_rd_conf()
PCI: aardvark: Wait for endpoint to be ready before training link
PCI: aardvark: Fix big endian support
PCI: aardvark: Train link immediately after enabling training
PCI: aardvark: Improve link training
PCI: aardvark: Issue PERST via GPIO
PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros
PCI: aardvark: Don't touch PCIe registers if no card connected
PCI: aardvark: Fix compilation on s390
PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link()
PCI: aardvark: Update comment about disabling link training
PCI: pci-bridge-emul: Fix array overruns, improve safety
PCI: aardvark: Configure PCIe resources from 'ranges' DT property
PCI: aardvark: Fix PCIe Max Payload Size setting
PCI: aardvark: Implement re-issuing config requests on CRS response
PCI: aardvark: Simplify initialization of rootcap on virtual bridge
PCI: aardvark: Fix link training
PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated bridge
PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge
PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge
pinctrl: armada-37xx: Correct PWM pins definitions
arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function
proc/vmcore: fix clearing user buffer by properly using clear_user()
netfilter: ipvs: Fix reuse connection if RS weight is 0
ARM: dts: BCM5301X: Fix I2C controller interrupt
ARM: dts: BCM5301X: Add interrupt properties to GPIO node
ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer
ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
net: ieee802154: handle iftypes as u32
firmware: arm_scmi: pm: Propagate return value to caller
NFSv42: Don't fail clone() unless the OP_CLONE operation failed
ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
scsi: mpt3sas: Fix kernel panic during drive powercycle test
drm/vc4: fix error code in vc4_create_object()
iavf: Prevent changing static ITR values if adaptive moderation is on
ipv6: fix typos in __ip6_finish_output()
nfp: checking parameter process for rx-usecs/tx-usecs is invalid
net: ipv6: add fib6_nh_release_dsts stub
net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group
scsi: core: sysfs: Fix setting device state to SDEV_RUNNING
net/smc: Ensure the active closing peer first closes clcsock
nvmet-tcp: fix incomplete data digest send
net/ncsi : Add payload to be 32-bit aligned to fix dropped packets
PM: hibernate: use correct mode for swsusp_close()
tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows
nvmet: use IOCB_NOWAIT only if the filesystem supports it
igb: fix netpoll exit with traffic
MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48
net: vlan: fix underflow for the real_dev refcnt
net/smc: Don't call clcsock shutdown twice when smc shutdown
net: hns3: fix VF RSS failed problem after PF enable multi-TCs
net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP
net: mscc: ocelot: correctly report the timestamping RX filters in ethtool
f2fs: set SBI_NEED_FSCK flag when inconsistent node block found
smb3: do not error on fsync when readonly
vhost/vsock: fix incorrect used length reported to the guest
tracing: Check pid filtering when creating events
s390/mm: validate VMA in PGSTE manipulation functions
shm: extend forced shm destroy to support objects from several IPC nses
NFC: add NCI_UNREG flag to eliminate the race
fuse: release pipe buf after last use
xen: sync include/xen/interface/io/ring.h with Xen's newest version
xen/blkfront: read response from backend only once
xen/blkfront: don't take local copy of a request from the ring page
xen/blkfront: don't trust the backend response data blindly
xen/netfront: read response from backend only once
xen/netfront: don't read data from request on the ring page
xen/netfront: disentangle tx_skb_freelist
xen/netfront: don't trust the backend response data blindly
tty: hvc: replace BUG_ON() with negative return value
Linux 5.4.163
UBUNTU: upstream stable to v5.4.163

See original description

Tags:

CVE References

Kamal Mostafa (kamalmostafa) on 2022-01-04

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Focal):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu):
status:	Confirmed → Invalid

Kamal Mostafa (kamalmostafa) on 2022-01-04

description:

updated

Stefan Bader (smb) on 2022-01-27

Changed in linux (Ubuntu Focal):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-02-17:

Download full text (16.6 KiB)

This bug was fixed in the package linux - 5.4.0-100.113

---------------
linux (5.4.0-100.113) focal; urgency=medium

* focal/linux: 5.4.0-100.113 -proposed tracker (LP: #1959900)

* CVE-2022-22942
- SAUCE: drm/vmwgfx: Fix stale file descriptors on failed usercopy

* CVE-2022-0330
- drm/i915: Flush TLBs before releasing backing store

  * Focal update: v5.4.166 upstream stable release (LP: #1957008)
    - netfilter: selftest: conntrack_vrf.sh: fix file permission
    - Linux 5.4.166
    - net/packet: rx_owner_map depends on pg_vec
    - USB: gadget: bRequestType is a bitfield, not a enum
    - HID: holtek: fix mouse probing
    - udp: using datalen to cap ipv6 udp max gso segments
    - selftests: Calculate udpgso segment count without header adjustment

This bug was fixed in the package linux - 5.4.0-100.113

---------------
linux (5.4.0-100.113) focal; urgency=medium

* focal/linux: 5.4.0-100.113 -proposed tracker (LP: #1959900)

* CVE-2022-22942
    - SAUCE: drm/vmwgfx: Fix stale file descriptors on failed usercopy

* CVE-2022-0330
    - drm/i915: Flush TLBs before releasing backing store

* Focal update: v5.4.165 upstream stable release (LP: #1957007)
    - serial: tegra: Change lower tolerance baud rate limit for tegra20 and
      tegra30
    - ntfs: fix ntfs_test_inode and ntfs_init_locked_inode function type
    - HID: quirks: Add quirk for the Microsoft Surface 3 type-cover
    - HID: google: add eel USB id
    - HID: add hid_is_usb() function to make it simpler for USB detection
    - HID: add USB_HID dependancy to hid-prodikeys
    - HID: add USB_HID dependancy to hid-chicony
    - HID: add USB_HID dependancy on some USB HID drivers
    - HID: bigbenff: prevent null pointer dereference
    - HID: wacom: fix problems when device is not a valid USB device
    - HID: check for valid USB device for many HID drivers
    - can: kvaser_usb: get CAN clock frequency from device
    - can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase correct
      stats->{rx,tx}_errors counter
    - can: sja1000: fix use after free in ems_pcmcia_add_card()
    - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
    - selftests: netfilter: add a vrf+conntrack testcase
    - vrf: don't run conntrack on vrf with !dflt qdisc
    - bpf: Fix the off-by-two error in range markings
    - ice: ignore dropped packets during init
    - bonding: make tx_rebalance_counter an atomic
    - nfp: Fix memory leak in nfp_cpp_area_cache_add()
    - seg6: fix the iif in the IPv6 socket control block
    - udp: using datalen to cap max gso segments
    - iavf: restore MSI state on reset
    - iavf: Fix reporting when setting descriptor count
    - IB/hfi1: Correct guard on eager buffer deallocation
    - mm: bdi: initialize bdi_min_ratio when bdi is unregistered
    - ALSA: ctl: Fix copy of updated id with element read/write
    - ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
    - ALSA: pcm: oss: Fix negative period/buffer sizes
    - ALSA: pcm: oss: Limit the period size to 16MB
    - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
    - btrfs: clear extent buffer uptodate when we fail to write it
    - btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling
    - nfsd: Fix nsfd startup race (again)
    - tracefs: Have new files inherit the ownership of their parent
    - clk: qcom: regmap-mux: fix parent clock lookup
    - drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence.
    - can: pch_can: pch_can_rx_normal: fix use after free
    - can: m_can: Disable and ignore ELO interrupt
    - x86/sme: Explicitly map new EFI memmap table as encrypted
    - libata: add horkage for ASMedia 1092
    - wait: add wake_up_pollfree()
    - SAUCE: binder: export __wake_up_pollfree for binder module
    - binder: use wake_up_pollfree()
    - signalfd: use wake_up_pollfree()
    - aio: keep poll requests on waitqueue until completed
    - aio: fix use-after-free due to missing POLLFREE handling
    - tracefs: Set all files to the same group ownership as the mount option
    - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
    - qede: validate non LSO skb length
    - ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer
    - i40e: Fix failed opcode appearing if handling messages from VF
    - i40e: Fix pre-set max number of queues for VF
    - mtd: rawnand: fsmc: Take instruction delay into account
    - mtd: rawnand: fsmc: Fix timing computation
    - dt-bindings: net: Reintroduce PHY no lane swap binding
    - tools build: Remove needless libpython-version feature check that breaks
      test-all fast path
    - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
    - net: altera: set a couple error code in probe()
    - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
    - net, neigh: clear whole pneigh_entry at alloc time
    - net/qla3xxx: fix an error code in ql_adapter_up()
    - Revert "UBUNTU: SAUCE: selftests: fib_tests: assign address to dummy1 for
      rp_filter tests"
    - selftests/fib_tests: Rework fib_rp_filter_test()
    - USB: gadget: detect too-big endpoint 0 requests
    - USB: gadget: zero allocate endpoint 0 buffers
    - usb: core: config: fix validation of wMaxPacketValue entries
    - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime
      suspending
    - usb: core: config: using bit mask instead of individual bits
    - xhci: avoid race between disable slot command and host runtime suspend
    - iio: trigger: Fix reference counting
    - iio: trigger: stm32-timer: fix MODULE_ALIAS
    - iio: stk3310: Don't return error code in interrupt handler
    - iio: mma8452: Fix trigger reference couting
    - iio: ltr501: Don't return error code in trigger handler
    - iio: kxsd9: Don't return error code in trigger handler
    - iio: itg3200: Call iio_trigger_notify_done() on error
    - iio: dln2-adc: Fix lockdep complaint
    - iio: dln2: Check return value of devm_iio_trigger_register()
    - iio: at91-sama5d2: Fix incorrect sign extension
    - iio: adc: axp20x_adc: fix charging current reporting on AXP22x
    - iio: ad7768-1: Call iio_trigger_notify_done() on error
    - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
    - irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc()
    - irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
    - irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL
    - irqchip: nvic: Fix offset for Interrupt Priority Offsets
    - misc: fastrpc: fix improper packet size calculation
    - bpf: Add selftests to cover packet access corner cases
    - Linux 5.4.165

* Focal update: v5.4.164 upstream stable release (LP: #1956381)
    - NFSv42: Fix pagecache invalidation after COPY/CLONE
    - of: clk: Make <linux/of_clk.h> self-contained
    - arm64: dts: mcbin: support 2W SFP modules
    - can: j1939: j1939_tp_cmd_recv(): check the dst address of TP.CM_BAM
    - gfs2: Fix length of holes reported at end-of-file
    - drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY
    - mac80211: do not access the IV when it was stripped
    - net/smc: Transfer remaining wait queue entries during fallback
    - atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
    - net: return correct error code
    - platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep
    - s390/setup: avoid using memblock_enforce_memory_limit
    - btrfs: check-integrity: fix a warning on write caching disabled disk
    - thermal: core: Reset previous low and high trip during thermal zone init
    - scsi: iscsi: Unblock session then wake up error handler
    - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile
    - ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in
      hns_dsaf_ge_srst_by_port()
    - net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of
      bound
    - net: ethernet: dec: tulip: de4x5: fix possible array overflows in
      type3_infoblock()
    - perf hist: Fix memory leak of a perf_hpp_fmt
    - perf report: Fix memory leaks around perf_tip()
    - net/smc: Avoid warning of possible recursive locking
    - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit
    - kprobes: Limit max data_size of the kretprobe instances
    - rt2x00: do not mark device gone on EPROTO errors during start
    - cpufreq: Fix get_cpu_device() failure in add_cpu_dev_symlink()
    - s390/pci: move pseudo-MMIO to prevent MIO overlap
    - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
    - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
    - i2c: stm32f7: flush TX FIFO upon transfer errors
    - i2c: stm32f7: recover the bus on access timeout
    - i2c: stm32f7: stop dma transfer in case of NACK
    - i2c: cbus-gpio: set atomic transfer callback
    - natsemi: xtensa: fix section mismatch warnings
    - net: qlogic: qlcnic: Fix a NULL pointer dereference in
      qlcnic_83xx_add_rings()
    - net: mpls: Fix notifications when deleting a device
    - siphash: use _unaligned version by default
    - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources()
    - selftests: net: Correct case name
    - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
    - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ
      is available
    - net: marvell: mvpp2: Fix the computation of shared CPUs
    - net: annotate data-races on txq->xmit_lock_owner
    - ipv4: convert fib_num_tclassid_users to atomic_t
    - net/rds: correct socket tunable error in rds_tcp_tune()
    - net/smc: Keep smc_close_final rc during active close
    - drm/msm: Do hw_init() before capturing GPU state
    - ipv6: fix memory leak in fib6_rule_suppress
    - KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register
    - sched/uclamp: Fix rq->uclamp_max not set on first enqueue
    - parisc: Fix KBUILD_IMAGE for self-extracting kernel
    - parisc: Fix "make install" on newer debian releases
    - vgacon: Propagate console boot parameters before calling `vc_resize'
    - xhci: Fix commad ring abort, write all 64 bits to CRCR register.
    - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub
    - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect
    - x86/tsc: Add a timer to make sure TSC_adjust is always checked
    - x86/tsc: Disable clocksource watchdog for TSC on qualified platorms
    - x86/64/mm: Map all kernel memory into trampoline_pgd
    - tty: serial: msm_serial: Deactivate RX DMA for polling support
    - serial: pl011: Add ACPI SBSA UART match id
    - serial: core: fix transmit-buffer reset and memleak
    - serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array
    - serial: 8250_pci: rewrite pericom_do_set_divisor()
    - iwlwifi: mvm: retry init flow if failed
    - parisc: Mark cr16 CPU clocksource unstable on all SMP machines
    - net/tls: Fix authentication failure in CCM mode
    - Linux 5.4.164

* Focal update: v5.4.163 upstream stable release (LP: #1956380)
    - USB: serial: option: add Telit LE910S1 0x9200 composition
    - USB: serial: option: add Fibocom FM101-GL variants
    - usb: dwc2: gadget: Fix ISOC flow for elapsed frames
    - usb: dwc2: hcd_queue: Fix use of floating point literal
    - net: nexthop: fix null pointer dereference when IPv6 is not enabled
    - usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts
    - usb: hub: Fix usb enumeration issue due to address0 race
    - usb: hub: Fix locking issues with address0_mutex
    - binder: fix test regression due to sender_euid change
    - ALSA: ctxfi: Fix out-of-range access
    - media: cec: copy sequence field for the reply
    - HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts
    - staging/fbtft: Fix backlight
    - staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
    - xen: don't continue xenstore initialization in case of errors
    - xen: detect uninitialized xenbus in xenbus_init
    - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
    - tracing/uprobe: Fix uprobe_perf_open probes iteration
    - tracing: Fix pid filtering when triggers are attached
    - mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB
    - mdio: aspeed: Fix "Link is Down" issue
    - PCI: aardvark: Deduplicate code in advk_pcie_rd_conf()
    - PCI: aardvark: Wait for endpoint to be ready before training link
    - PCI: aardvark: Fix big endian support
    - PCI: aardvark: Train link immediately after enabling training
    - PCI: aardvark: Improve link training
    - PCI: aardvark: Issue PERST via GPIO
    - PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros
    - PCI: aardvark: Don't touch PCIe registers if no card connected
    - PCI: aardvark: Fix compilation on s390
    - PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link()
    - PCI: aardvark: Update comment about disabling link training
    - PCI: pci-bridge-emul: Fix array overruns, improve safety
    - PCI: aardvark: Configure PCIe resources from 'ranges' DT property
    - PCI: aardvark: Fix PCIe Max Payload Size setting
    - PCI: aardvark: Implement re-issuing config requests on CRS response
    - PCI: aardvark: Simplify initialization of rootcap on virtual bridge
    - PCI: aardvark: Fix link training
    - PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated
      bridge
    - PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge
    - PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge
    - pinctrl: armada-37xx: Correct PWM pins definitions
    - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function
    - proc/vmcore: fix clearing user buffer by properly using clear_user()
    - netfilter: ipvs: Fix reuse connection if RS weight is 0
    - ARM: dts: BCM5301X: Fix I2C controller interrupt
    - ARM: dts: BCM5301X: Add interrupt properties to GPIO node
    - ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer
    - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
    - net: ieee802154: handle iftypes as u32
    - firmware: arm_scmi: pm: Propagate return value to caller
    - NFSv42: Don't fail clone() unless the OP_CLONE operation failed
    - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
    - scsi: mpt3sas: Fix kernel panic during drive powercycle test
    - drm/vc4: fix error code in vc4_create_object()
    - iavf: Prevent changing static ITR values if adaptive moderation is on
    - ipv6: fix typos in __ip6_finish_output()
    - nfp: checking parameter process for rx-usecs/tx-usecs is invalid
    - net: ipv6: add fib6_nh_release_dsts stub
    - net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group
    - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING
    - net/smc: Ensure the active closing peer first closes clcsock
    - nvmet-tcp: fix incomplete data digest send
    - net/ncsi : Add payload to be 32-bit aligned to fix dropped packets
    - PM: hibernate: use correct mode for swsusp_close()
    - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited
      flows
    - nvmet: use IOCB_NOWAIT only if the filesystem supports it
    - igb: fix netpoll exit with traffic
    - MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48
    - net: vlan: fix underflow for the real_dev refcnt
    - net/smc: Don't call clcsock shutdown twice when smc shutdown
    - net: hns3: fix VF RSS failed problem after PF enable multi-TCs
    - net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP
    - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool
    - f2fs: set SBI_NEED_FSCK flag when inconsistent node block found
    - smb3: do not error on fsync when readonly
    - vhost/vsock: fix incorrect used length reported to the guest
    - tracing: Check pid filtering when creating events
    - s390/mm: validate VMA in PGSTE manipulation functions
    - shm: extend forced shm destroy to support objects from several IPC nses
    - NFC: add NCI_UNREG flag to eliminate the race
    - fuse: release pipe buf after last use
    - xen: sync include/xen/interface/io/ring.h with Xen's newest version
    - xen/blkfront: read response from backend only once
    - xen/blkfront: don't take local copy of a request from the ring page
    - xen/blkfront: don't trust the backend response data blindly
    - xen/netfront: read response from backend only once
    - xen/netfront: don't read data from request on the ring page
    - xen/netfront: disentangle tx_skb_freelist
    - xen/netfront: don't trust the backend response data blindly
    - tty: hvc: replace BUG_ON() with negative return value
    - Linux 5.4.163

* net/mlx5e: EPERM on vlan 0 programming (LP: #1957753)
    - net/mlx5e: Unblock setting vid 0 for VF in case PF isn't eswitch manager

* CVE-2021-4083
    - fget: check that the fd still exists after getting a ref to it

* CVE-2021-4155
    - xfs: map unwritten blocks in XFS_IOC_{ALLOC, FREE}SP just like fallocate

-- Stefan Bader <stefan.bader@canonical.com>  Thu, 03 Feb 2022 19:16:55 +0100

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-11-18:

This bug is awaiting verification that the linux-xilinx-zynqmp/5.4.0-1019.22 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package