Ubuntu
linux package

Focal update: v5.4.213 upstream stable release

Bug #1992211 reported by Kamal Mostafa on 2022-10-07

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Focal	Fix Released	Medium	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

v5.4.213 upstream stable release
from git://git.kernel.org/

efi: capsule-loader: Fix use-after-free in efi_capsule_write
wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd()
fs: only do a memory barrier for the first set_buffer_uptodate()
Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()"
net: dp83822: disable false carrier interrupt
drm/msm/dsi: fix the inconsistent indenting
drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask
iio: adc: mcp3911: make use of the sign bit
ieee802154/adf7242: defer destroy_workqueue call
wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
Revert "xhci: turn off port power in shutdown"
net: sched: tbf: don't call qdisc_put() while holding tree lock
ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler
kcm: fix strp_init() order and cleanup
sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb
tcp: annotate data-race around challenge_timestamp
Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb"
net/smc: Remove redundant refcount increase
serial: fsl_lpuart: RS485 RTS polariy is inverse
staging: rtl8712: fix use after free bugs
powerpc: align syscall table for ppc32
vt: Clear selection before changing the font
tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete
Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
iio: adc: mcp3911: use correct formula for AD conversion
misc: fastrpc: fix memory corruption on probe
misc: fastrpc: fix memory corruption on open
USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
binder: fix UAF of ref->proc caused by race condition
usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"
clk: core: Fix runtime PM sequence in clk_core_unprepare()
Input: rk805-pwrkey - fix module autoloading
clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
hwmon: (gpio-fan) Fix array out of bounds access
gpio: pca953x: Add mutex_lock for regcache sync in PM
thunderbolt: Use the actual buffer in tb_async_error()
xhci: Add grace period after xHC start to prevent premature runtime suspend.
USB: serial: cp210x: add Decagon UCA device id
USB: serial: option: add support for OPPO R11 diag port
USB: serial: option: add Quectel EM060K modem
USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles
usb: dwc2: fix wrong order of phy_power_on and phy_init
USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
usb-storage: Add ignore-residue quirk for NXP PN7462AU
s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
s390: fix nospec table alignments
USB: core: Prevent nested device-reset calls
usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
driver core: Don't probe devices after bus_type.match() probe deferral
wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
net: mac802154: Fix a condition in the receive path
ALSA: seq: oss: Fix data-race for max_midi_devs access
ALSA: seq: Fix data-race at module auto-loading
drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
btrfs: harden identification of a stale device
usb: dwc3: fix PHY disable sequence
usb: dwc3: disable USB core PHY management
USB: serial: ch341: fix lost character on LCR updates
USB: serial: ch341: fix disabled rx timer on older devices
scsi: megaraid_sas: Fix double kfree()
drm/gem: Fix GEM handle release errors
drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup.
drm/radeon: add a force flush to delay work when radeon
parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources()
parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines
arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level
fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
ALSA: aloop: Fix random zeros in capture data when using jiffies timer
ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()
kprobes: Prohibit probes in gate area
debugfs: add debugfs_lookup_and_remove()
nvmet: fix a use-after-free
scsi: mpt3sas: Fix use-after-free warning
scsi: lpfc: Add missing destroy_workqueue() in error path
cgroup: Optimize single thread migration
cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree
cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
smb3: missing inode locks in punch hole
ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node
regulator: core: Clean up on enable failure
RDMA/cma: Fix arguments order in net device validation
soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
RDMA/hns: Fix supported page size
netfilter: br_netfilter: Drop dst references before setting.
netfilter: nf_conntrack_irc: Fix forged IP logic
rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2()
afs: Use the operation issue time instead of the reply time for callbacks
sch_sfb: Don't assume the skb is still around after enqueueing to child
tipc: fix shift wrapping bug in map_get()
i40e: Fix kernel crash during module removal
RDMA/siw: Pass a pointer to virt_to_page()
ipv6: sr: fix out-of-bounds read when setting HMAC data.
RDMA/mlx5: Set local port to one when accessing counters
nvme-tcp: fix UAF when detecting digest errors
tcp: fix early ETIMEDOUT after spurious non-SACK RTO
sch_sfb: Also store skb len before calling child enqueue
x86/nospec: Fix i386 RSB stuffing
MIPS: loongson32: ls1c: Fix hang during startup
Linux 5.4.213
UBUNTU: Upstream stable to v5.4.213

See original description

Tags:

CVE References

Kamal Mostafa (kamalmostafa) on 2022-10-07

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
description:	updated
Changed in linux (Ubuntu):
status:	Confirmed → Invalid
Changed in linux (Ubuntu Focal):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Kamal Mostafa (kamalmostafa)

Revision history for this message

Stefan Bader (smb) wrote on 2022-11-10:

Skipped "netfilter: nf_conntrack_irc: Fix forged IP logic" as it is already applied for CVE-2022-2663.

Changed in linux (Ubuntu Focal):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-11-16:

This bug is awaiting verification that the linux/5.4.0-133.149 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-11-18:

This bug is awaiting verification that the linux-xilinx-zynqmp/5.4.0-1019.22 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-11-29:

This bug is awaiting verification that the linux/5.4.0-136.153 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-focal-linux

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2022-12-07

tags:

removed: verification-needed-focal

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-01-06:

Download full text (20.0 KiB)

This bug was fixed in the package linux - 5.4.0-136.153

---------------
linux (5.4.0-136.153) focal; urgency=medium

* focal/linux: 5.4.0-136.153 -proposed tracker (LP: #1997835)

* Expose built-in trusted and revoked certificates (LP: #1996892)
- [Packaging] Expose built-in trusted and revoked certificates

  * [UBUNTU 20.04] KVM: PV: ext call delivered twice when receiver in PSW wait
    (LP: #1995941)
    - KVM: s390: pv: don't present the ecall interrupt twice

* [UBUNTU 20.04] boot: Add s390x secure boot trailer (LP: #1996071)
- s390/boot: add secure boot trailer

* Fix rfkill causing soft blocked wifi (LP: #1996198)
- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi

* md: Replace snprintf with scnprintf (LP: #1993315)
- md: Replace snprintf with scnprintf

  * input/keyboard: the keyboard on some Asus laptops can't work (LP: #1992266)
    - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA
    - ACPI: resource: Add ASUS model S5402ZA to quirks

  * Focal update: v5.4.218 upstream stable release (LP: #1995530)
    - mm: pagewalk: Fix race between unmap and page walker
    - perf tools: Fixup get_current_dir_name() compilation
    - firmware: arm_scmi: Add SCMI PM driver remove routine
    - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property
    - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API
      failure
    - ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer
    - scsi: qedf: Fix a UAF bug in __qedf_probe()
    - net/ieee802154: fix uninit value bug in dgram_sendmsg
    - um: Cleanup syscall_handler_t cast in syscalls_32.h
    - um: Cleanup compiler warning in arch/x86/um/tls_32.c
    - arch: um: Mark the stack non-executable to fix a binutils warning
    - usb: mon: make mmapped memory read only
    - USB: serial: ftdi_sio: fix 300 bps rate for SIO
    - mmc: core: Replace with already defined values for readability
    - mmc: core: Terminate infinite loop in SD-UHS voltage switch
    - rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
    - nilfs2: fix leak of nilfs_root in case of writer thread creation failure
    - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
    - ceph: don't truncate file in atomic_open
    - random: clamp credited irq bits to maximum mixed
    - ALSA: hda: Fix position reporting on Poulsbo
    - efi: Correct Macmini DMI match in uefi cert quirk
    - USB: serial: qcserial: add new usb-id for Dell branded EM7455
    - random: restore O_NONBLOCK support
    - random: avoid reading two cache lines on irq randomness
    - random: use expired timer rather than wq for mixing fast pool
    - Input: xpad - add supported devices as contributed on github
    - Input: xpad - fix wireless 360 controller breaking after suspend
    - Linux 5.4.218

This bug was fixed in the package linux - 5.4.0-136.153

---------------
linux (5.4.0-136.153) focal; urgency=medium

* focal/linux: 5.4.0-136.153 -proposed tracker (LP: #1997835)

* Expose built-in trusted and revoked certificates (LP: #1996892)
    - [Packaging] Expose built-in trusted and revoked certificates

* [UBUNTU 20.04] KVM: PV: ext call delivered twice when receiver in PSW wait
    (LP: #1995941)
    - KVM: s390: pv: don't present the ecall interrupt twice

* [UBUNTU 20.04] boot: Add s390x secure boot trailer (LP: #1996071)
    - s390/boot: add secure boot trailer

* Fix rfkill causing soft blocked wifi (LP: #1996198)
    - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi

* md: Replace snprintf with scnprintf (LP: #1993315)
    - md: Replace snprintf with scnprintf

* Focal update: v5.4.217 upstream stable release (LP: #1995528)
    - xfs: fix misuse of the XFS_ATTR_INCOMPLETE flag
    - xfs: introduce XFS_MAX_FILEOFF
    - xfs: truncate should remove all blocks, not just to the end of the page
      cache
    - xfs: fix s_maxbytes computation on 32-bit kernels
    - xfs: fix IOCB_NOWAIT handling in xfs_file_dio_aio_read
    - xfs: refactor remote attr value buffer invalidation
    - xfs: fix memory corruption during remote attr value buffer invalidation
    - xfs: move incore structures out of xfs_da_format.h
    - xfs: streamline xfs_attr3_leaf_inactive
    - xfs: fix uninitialized variable in xfs_attr3_leaf_inactive
    - xfs: remove unused variable 'done'
    - Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
    - docs: update mediator information in CoC docs
    - Linux 5.4.217

* Focal update: v5.4.216 upstream stable release (LP: #1995526)
    - uas: add no-uas quirk for Hiksemi usb_disk
    - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS
    - uas: ignore UAS for Thinkplus chips
    - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
    - clk: ingenic-tcu: Properly enable registers before accessing timers
    - ARM: dts: integrator: Tag PCI host with device_type
    - ntfs: fix BUG_ON in ntfs_lookup_inode_by_name()
    - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
    - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width
    - mm/page_alloc: fix race condition between build_all_zonelists and page
      allocation
    - mm: prevent page_frag_alloc() from corrupting the memory
    - mm/migrate_device.c: flush TLB while holding PTL
    - mm: fix madivse_pageout mishandling on non-LRU page
    - media: dvb_vb2: fix possible out of bound access
    - ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver
    - ARM: dts: am33xx: Fix MMCHS0 dma properties
    - soc: sunxi: sram: Actually claim SRAM regions
    - soc: sunxi: sram: Prevent the driver from being unbound
    - soc: sunxi_sram: Make use of the helper function
      devm_platform_ioremap_resource()
    - soc: sunxi: sram: Fix probe function ordering issues
    - soc: sunxi: sram: Fix debugfs info for A64 SRAM C
    - Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in
      suspend/resume time"
    - Input: melfas_mip4 - fix return value check in mip4_probe()
    - usbnet: Fix memory leak in usbnet_disconnect()
    - nvme: add new line after variable declatation
    - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices
    - selftests: Fix the if conditions of in test_extra_filter()
    - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks
    - clk: iproc: Do not rely on node name for correct PLL setup
    - Linux 5.4.216

* Focal update: v5.4.215 upstream stable release (LP: #1993203)
    - of: fdt: fix off-by-one error in unflatten_dt_nodes()
    - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0
    - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
    - drm/meson: Correct OSD1 global alpha value
    - drm/meson: Fix OSD1 RGB to YCbCr coefficient
    - parisc: ccio-dma: Add missing iounmap in error path in ccio_probe()
    - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
    - task_stack, x86/cea: Force-inline stack helpers
    - tracing: hold caller_addr to hardirq_{enable,disable}_ip
    - cifs: revalidate mapping when doing direct writes
    - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM
    - MAINTAINERS: add Chandan as xfs maintainer for 5.4.y
    - iomap: iomap that extends beyond EOF should be marked dirty
    - ASoC: nau8824: Fix semaphore unbalance at error paths
    - regulator: pfuze100: Fix the global-out-of-bounds access in
      pfuze100_regulator_probe()
    - rxrpc: Fix local destruction being repeated
    - rxrpc: Fix calc of resend age
    - ALSA: hda/sigmatel: Keep power up while beep is enabled
    - ALSA: hda/tegra: Align BDL entry to 4KB boundary
    - net: usb: qmi_wwan: add Quectel RM520N
    - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
    - MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping()
    - mksysmap: Fix the mismatch of 'L0' symbols in System.map
    - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
    - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
    - ALSA: hda/sigmatel: Fix unused variable warning for beep power change
    - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
    - usb: dwc3: Issue core soft reset before enabling run/stop
    - usb: dwc3: gadget: Prevent repeat pullup()
    - usb: dwc3: gadget: Refactor pullup()
    - usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup()
    - usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop
    - usb: xhci-mtk: get the microframe boundary for ESIT
    - usb: xhci-mtk: add only one extra CS for FS/LS INTR
    - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule
    - usb: xhci-mtk: add a function to (un)load bandwidth info
    - usb: xhci-mtk: add some schedule error number
    - usb: xhci-mtk: allow multiple Start-Split in a microframe
    - usb: xhci-mtk: relax TT periodic bandwidth allocation
    - wifi: mac80211: Fix UAF in ieee80211_scan_rx()
    - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data
    - serial: atmel: remove redundant assignment in rs485_config
    - tty: serial: atmel: Preserve previous USART mode if RS485 disabled
    - usb: add quirks for Lenovo OneLink+ Dock
    - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
    - usb: cdns3: fix issue with rearming ISO OUT endpoint
    - Revert "usb: add quirks for Lenovo OneLink+ Dock"
    - Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio"
    - USB: core: Fix RST error in hub.c
    - USB: serial: option: add Quectel BG95 0x0203 composition
    - USB: serial: option: add Quectel RM520N
    - ALSA: hda/tegra: set depop delay for tegra
    - ALSA: hda: add Intel 5 Series / 3400 PCI DID
    - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9
    - ALSA: hda/realtek: Re-arrange quirk table entries
    - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack
    - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
    - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop
    - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop
    - efi: libstub: check Shim mode using MokSBStateRT
    - mm/slub: fix to return errno if kmalloc() fails
    - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob
    - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz
    - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
    - netfilter: nf_conntrack_sip: fix ct_sip_walk_headers
    - netfilter: nf_conntrack_irc: Tighten matching on DCC message
    - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
    - iavf: Fix cached head and tail value for iavf_get_tx_pending
    - ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
    - net: team: Unsync device addresses on ndo_stop
    - MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko
    - MIPS: Loongson32: Fix PHY-mode being left unspecified
    - iavf: Fix bad page state
    - i40e: Fix set max_tx_rate when it is lower than 1 Mbps
    - of: mdio: Add of_node_put() when breaking out of for_each_xx
    - net/sched: taprio: avoid disabling offload when it was never enabled
    - net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child
      qdiscs
    - netfilter: ebtables: fix memory leak when blob is malformed
    - can: gs_usb: gs_can_open(): fix race dev->can.state condition
    - perf jit: Include program header in ELF files
    - perf kcore_copy: Do not check /proc/modules is unchanged
    - net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD
    - net: sched: fix possible refcount leak in tc_new_tfilter()
    - serial: Create uart_xmit_advance()
    - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting
    - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting
    - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
    - usb: xhci-mtk: fix issue of out-of-bounds array access
    - cifs: always initialize struct msghdr smb_msg completely
    - Drivers: hv: Never allocate anything besides framebuffer from framebuffer
      memory region
    - drm/amd/display: Limit user regamma to a valid value
    - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
    - workqueue: don't skip lockdep work dependency in cancel_work_sync()
    - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
    - xfs: replace -EIO with -EFSCORRUPTED for corrupt metadata
    - xfs: slightly tweak an assert in xfs_fs_map_blocks
    - xfs: add missing assert in xfs_fsmap_owner_from_rmap
    - xfs: range check ri_cnt when recovering log items
    - xfs: attach dquots and reserve quota blocks during unwritten conversion
    - xfs: convert EIO to EFSCORRUPTED when log contents are invalid
    - xfs: constify the buffer pointer arguments to error functions
    - xfs: always log corruption errors
    - xfs: fix some memory leaks in log recovery
    - xfs: stabilize insert range start boundary to avoid COW writeback race
    - xfs: use bitops interface for buf log item AIL flag check
    - xfs: refactor agfl length computation function
    - xfs: split the sunit parameter update into two parts
    - xfs: don't commit sunit/swidth updates to disk if that would cause repair
      failures
    - xfs: fix an ABBA deadlock in xfs_rename
    - xfs: fix use-after-free when aborting corrupt attr inactivation
    - ext4: make directory inode spreading reflect flexbg size
    - Linux 5.4.215

* Focal update: v5.4.214 upstream stable release (LP: #1993196)
    - drm/msm/rd: Fix FIFO-full deadlock
    - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
    - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
    - tg3: Disable tg3 device on system reboot to avoid triggering AER
    - ieee802154: cc2520: add rc code in cc2520_tx()
    - Input: iforce - add support for Boeder Force Feedback Wheel
    - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
    - perf/arm_pmu_platform: fix tests for platform_get_irq() failure
    - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes
    - usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
    - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
    - net: dp83822: disable rx error interrupt
    - soc: fsl: select FSL_GUTS driver for DPIO
    - tracefs: Only clobber mode/uid/gid on remount if asked
    - Linux 5.4.214

* Focal update: v5.4.213 upstream stable release (LP: #1992211)
    - efi: capsule-loader: Fix use-after-free in efi_capsule_write
    - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in
      il4965_rs_fill_link_cmd()
    - fs: only do a memory barrier for the first set_buffer_uptodate()
    - Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()"
    - net: dp83822: disable false carrier interrupt
    - drm/msm/dsi: fix the inconsistent indenting
    - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
    - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask
    - iio: adc: mcp3911: make use of the sign bit
    - ieee802154/adf7242: defer destroy_workqueue call
    - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
    - Revert "xhci: turn off port power in shutdown"
    - net: sched: tbf: don't call qdisc_put() while holding tree lock
    - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler
    - kcm: fix strp_init() order and cleanup
    - sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb
    - tcp: annotate data-race around challenge_timestamp
    - Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb"
    - net/smc: Remove redundant refcount increase
    - serial: fsl_lpuart: RS485 RTS polariy is inverse
    - staging: rtl8712: fix use after free bugs
    - powerpc: align syscall table for ppc32
    - vt: Clear selection before changing the font
    - tty: serial: lpuart: disable flow control while waiting for the transmit
      engine to complete
    - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
    - iio: adc: mcp3911: use correct formula for AD conversion
    - misc: fastrpc: fix memory corruption on probe
    - misc: fastrpc: fix memory corruption on open
    - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
    - binder: fix UAF of ref->proc caused by race condition
    - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
    - drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
    - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
    - Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"
    - clk: core: Fix runtime PM sequence in clk_core_unprepare()
    - Input: rk805-pwrkey - fix module autoloading
    - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
    - hwmon: (gpio-fan) Fix array out of bounds access
    - gpio: pca953x: Add mutex_lock for regcache sync in PM
    - thunderbolt: Use the actual buffer in tb_async_error()
    - xhci: Add grace period after xHC start to prevent premature runtime suspend.
    - USB: serial: cp210x: add Decagon UCA device id
    - USB: serial: option: add support for OPPO R11 diag port
    - USB: serial: option: add Quectel EM060K modem
    - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
    - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles
    - usb: dwc2: fix wrong order of phy_power_on and phy_init
    - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
    - usb-storage: Add ignore-residue quirk for NXP PN7462AU
    - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
    - s390: fix nospec table alignments
    - USB: core: Prevent nested device-reset calls
    - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
    - driver core: Don't probe devices after bus_type.match() probe deferral
    - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
    - net: mac802154: Fix a condition in the receive path
    - ALSA: seq: oss: Fix data-race for max_midi_devs access
    - ALSA: seq: Fix data-race at module auto-loading
    - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
    - btrfs: harden identification of a stale device
    - usb: dwc3: fix PHY disable sequence
    - usb: dwc3: disable USB core PHY management
    - USB: serial: ch341: fix lost character on LCR updates
    - USB: serial: ch341: fix disabled rx timer on older devices
    - scsi: megaraid_sas: Fix double kfree()
    - drm/gem: Fix GEM handle release errors
    - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup.
    - drm/radeon: add a force flush to delay work when radeon
    - parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources()
    - parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines
    - arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned
      fw_level
    - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
    - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
    - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
    - ALSA: aloop: Fix random zeros in capture data when using jiffies timer
    - ALSA: usb-audio: Fix an out-of-bounds bug in
      __snd_usb_parse_audio_interface()
    - kprobes: Prohibit probes in gate area
    - debugfs: add debugfs_lookup_and_remove()
    - nvmet: fix a use-after-free
    - scsi: mpt3sas: Fix use-after-free warning
    - scsi: lpfc: Add missing destroy_workqueue() in error path
    - cgroup: Optimize single thread migration
    - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an
      empty subtree
    - cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
    - smb3: missing inode locks in punch hole
    - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node
    - regulator: core: Clean up on enable failure
    - RDMA/cma: Fix arguments order in net device validation
    - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
    - RDMA/hns: Fix supported page size
    - netfilter: br_netfilter: Drop dst references before setting.
    - rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2()
    - afs: Use the operation issue time instead of the reply time for callbacks
    - sch_sfb: Don't assume the skb is still around after enqueueing to child
    - tipc: fix shift wrapping bug in map_get()
    - i40e: Fix kernel crash during module removal
    - RDMA/siw: Pass a pointer to virt_to_page()
    - ipv6: sr: fix out-of-bounds read when setting HMAC data.
    - RDMA/mlx5: Set local port to one when accessing counters
    - nvme-tcp: fix UAF when detecting digest errors
    - tcp: fix early ETIMEDOUT after spurious non-SACK RTO
    - sch_sfb: Also store skb len before calling child enqueue
    - x86/nospec: Fix i386 RSB stuffing
    - MIPS: loongson32: ls1c: Fix hang during startup
    - Linux 5.4.213

* CVE-2022-2663
    - netfilter: nf_conntrack_irc: Fix forged IP logic

* CVE-2022-3061
    - video: fbdev: i740fb: Error out if 'pixclock' equals zero

-- Stefan Bader <stefan.bader@canonical.com>  Thu, 24 Nov 2022 16:40:01 +0100

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

Focal update: v5.4.213 upstream stable release

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package