Package "linux"

 linux (6.5.0-44.44) mantic; urgency=medium
 .
   * mantic/linux: 6.5.0-44.44 -proposed tracker (LP: #2068341)
 .
   * Packaging resync (LP: #1786013)
     - [Packaging] debian.master/dkms-versions -- update from kernel-versions
       (main/2024.06.10)
 .
   * Some DUTs can't boot up after installing the proposed kernel on Mantic
     (LP: #2061940)
     - SAUCE: Revert "x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat
       section"
     - SAUCE: Revert "x86/boot: Increase section and file alignment to 4k/512"
     - SAUCE: Revert "x86/boot: Split off PE/COFF .data section"
     - SAUCE: Revert "x86/boot: Drop PE/COFF .reloc section"
     - SAUCE: Revert "x86/boot: Construct PE/COFF .text section from assembler"
     - SAUCE: Revert "x86/boot: Derive file size from _edata symbol"
     - SAUCE: Revert "x86/boot: Define setup size in linker script"
     - SAUCE: Revert "x86/boot: Set EFI handover offset directly in header asm"
     - SAUCE: Revert "x86/boot: Grab kernel_info offset from zoffset header
       directly"
     - SAUCE: Revert "x86/boot: Drop redundant code setting the root device"
     - SAUCE: Revert "x86/boot: Drop references to startup_64"
     - SAUCE: Revert "x86/boot: Omit compression buffer from PE/COFF image memory
       footprint"
     - SAUCE: Revert "x86/boot: Remove the 'bugger off' message"
     - SAUCE: Revert "x86/efi: Drop alignment flags from PE section headers"
     - SAUCE: Revert "x86/efi: Drop EFI stub .bss from .data section"
 .
   * CVE-2023-52880
     - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
 .
   * i915 cannot probe successfully on HP ZBook Power 16 G11 (LP: #2067883)
     - drm/i915/mtl: Remove the 'force_probe' requirement for Meteor Lake
 .
   * CVE-2024-26838
     - RDMA/irdma: Fix KASAN issue with tasklet
 .
   * mtk_t7xx WWAN module fails to probe with: Invalid device status 0x1
     (LP: #2049358)
     - Revert "UBUNTU: SAUCE: net: wwan: t7xx: PCIe reset rescan"
     - Revert "UBUNTU: SAUCE: net: wwan: t7xx: Add AP CLDMA"
     - net: wwan: t7xx: Add AP CLDMA
     - wwan: core: Add WWAN fastboot port type
     - net: wwan: t7xx: Add sysfs attribute for device state machine
     - net: wwan: t7xx: Infrastructure for early port configuration
     - net: wwan: t7xx: Add fastboot WWAN port
 .
   * TCP memory leak, slow network (arm64) (LP: #2045560)
     - net: make SK_MEMORY_PCPU_RESERV tunable
     - net: fix sk_memory_allocated_{add|sub} vs softirqs
 .
   * CVE-2024-26923
     - af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
     - af_unix: Fix garbage collector racing against connect()
 .
   * Add support for Quectel EM160R-GL modem [1eac:100d] (LP: #2063399)
     - Add support for Quectel EM160R-GL modem
 .
   * Add support for Quectel RM520N-GL modem [1eac:1007] (LP: #2063529)
     - Add support for Quectel RM520N-GL modem
     - Add support for Quectel RM520N-GL modem
 .
   * [SRU][22.04.4]: megaraid_sas: Critical Bug Fixes (LP: #2046722)
     - scsi: megaraid_sas: Log message when controller reset is requested but not
       issued
     - scsi: megaraid_sas: Driver version update to 07.727.03.00-rc1
 .
   * Fix the RTL8852CE BT FW Crash based on SER false alarm (LP: #2060904)
     - wifi: rtw89: disable txptctrl IMR to avoid flase alarm
     - wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of
       firmware command
 .
   * CVE-2024-23307
     - md/raid5: fix atomicity violation in raid5_cache_count
 .
   * CVE-2024-26889
     - Bluetooth: hci_core: Fix possible buffer overflow
 .
   * CVE-2024-24861
     - media: xc4000: Fix atomicity violation in xc4000_get_frequency
 .
   * CVE-2023-6270
     - aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
 .
   * CVE-2024-26642
     - netfilter: nf_tables: disallow anonymous set with timeout flag
 .
   * CVE-2024-26926
     - binder: check offset alignment in binder_get_object()
 .
   * CVE-2024-26922
     - drm/amdgpu: validate the parameters of bo mapping operations more clearly
 .
   * CVE-2024-26803
     - net: veth: clear GRO when clearing XDP even when down
 .
   * CVE-2024-26790
     - dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
 .
   * CVE-2024-26890
     - Bluetooth: hci_h5: Add ability to allocate memory for private data
     - Bluetooth: btrtl: fix out of bounds memory access
 .
   * CVE-2024-26802
     - stmmac: Clear variable when destroying workqueue
 .
   * CVE-2024-26798
     - fbcon: always restore the old font data in fbcon_do_set_font()
 .
   * RTL8852BE fw security fail then lost WIFI function during suspend/resume
     cycle (LP: #2063096)
     - wifi: rtw89: download firmware with five times retry
 .
   * Fix bluetooth connections with 3.0 device (LP: #2063067)
     - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
 .
   * USB stick can't be detected (LP: #2040948)
     - usb: Disable USB3 LPM at shutdown
 .
   * CVE-2024-26733
     - arp: Prevent overflow in arp_req_get().
 .
   * CVE-2024-26736
     - afs: Increase buffer size in afs_update_volume_status()
 .
   * CVE-2024-26792
     - btrfs: fix double free of anonymous device after snapshot creation failure
 .
   * CVE-2024-26782
     - mptcp: fix double-free on socket dismantle
 .
   * CVE-2024-26748
     - usb: cdns3: fix memory double free when handle zero packet
 .
   * CVE-2024-26735
     - ipv6: sr: fix possible use-after-free and null-ptr-deref
 .
   * CVE-2024-26789
     - crypto: arm64/neonbs - fix out-of-bounds access on short input
 .
   * CVE-2024-26734
     - devlink: fix possible use-after-free and memory leaks in devlink_init()
 .
   * The keyboard does not work after latest kernel update (LP: #2060727)
     - Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID
 .
   * proc_sched_rt01 from ubuntu_ltp failed (LP: #2057734)
     - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
     - sched/rt: Disallow writing invalid values to sched_rt_period_us
 

 linux (6.5.0-41.41) mantic; urgency=medium
 .
   * mantic/linux: 6.5.0-41.41 -proposed tracker (LP: #2065893)
 .
   * CVE-2024-21823
     - VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist
     - dmaengine: idxd: add a new security check to deal with a hardware erratum
     - dmaengine: idxd: add a write() method for applications to submit work
 .

 linux (6.5.0-40.40) mantic; urgency=medium
 .
   * mantic/linux: 6.5.0-40.40 -proposed tracker (LP: #2063709)
 .
   * [Mantic] Compile broken on armhf (cc1 out of memory) (LP: #2060446)
     - Revert "minmax: relax check to allow comparison between unsigned arguments
       and signed constants"
     - Revert "minmax: allow comparisons of 'int' against 'unsigned char/short'"
     - Revert "minmax: allow min()/max()/clamp() if the arguments have the same
       signedness."
     - Revert "minmax: add umin(a, b) and umax(a, b)"
 .
   * Drop fips-checks script from trees (LP: #2055083)
     - [Packaging] Remove fips-checks script
 .
   * alsa/realtek: adjust max output valume for headphone on 2 LG machines
     (LP: #2058573)
     - ALSA: hda/realtek: fix the hp playback volume issue for LG machines
 .
   * Mantic update: upstream stable patchset 2024-03-27 (LP: #2059284)
     - asm-generic: make sparse happy with odd-sized put_unaligned_*()
     - powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
     - arm64: irq: set the correct node for VMAP stack
     - drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
     - powerpc: Fix build error due to is_valid_bugaddr()
     - powerpc/mm: Fix build failures due to arch_reserved_kernel_pages()
     - powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping()
     - x86/boot: Ignore NMIs during very early boot
     - powerpc: pmd_move_must_withdraw() is only needed for
       CONFIG_TRANSPARENT_HUGEPAGE
     - powerpc/lib: Validate size for vector operations
     - x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel
     - perf/core: Fix narrow startup race when creating the perf nr_addr_filters
       sysfs file
     - debugobjects: Stop accessing objects after releasing hash bucket lock
     - regulator: core: Only increment use_count when enable_count changes
     - audit: Send netlink ACK before setting connection in auditd_set
     - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
     - PNP: ACPI: fix fortify warning
     - ACPI: extlog: fix NULL pointer dereference check
     - ACPI: NUMA: Fix the logic of getting the fake_pxm value
     - PM / devfreq: Synchronize devfreq_monitor_[start/stop]
     - ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous
       events
     - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
     - jfs: fix array-index-out-of-bounds in dbAdjTree
     - pstore/ram: Fix crash when setting number of cpus to an odd number
     - crypto: octeontx2 - Fix cptvf driver cleanup
     - erofs: fix ztailpacking for subpage compressed blocks
     - crypto: stm32/crc32 - fix parsing list of devices
     - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
     - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
     - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
     - jfs: fix array-index-out-of-bounds in diNewExt
     - arch: consolidate arch_irq_work_raise prototypes
     - s390/vfio-ap: fix sysfs status attribute for AP queue devices
     - s390/ptrace: handle setting of fpc register correctly
     - KVM: s390: fix setting of fpc register
     - SUNRPC: Fix a suspicious RCU usage warning
     - ecryptfs: Reject casefold directory inodes
     - ext4: fix inconsistent between segment fstrim and full fstrim
     - ext4: unify the type of flexbg_size to unsigned int
     - ext4: remove unnecessary check from alloc_flex_gd()
     - ext4: avoid online resizing failures due to oversized flex bg
     - wifi: rt2x00: restart beacon queue when hardware reset
     - selftests/bpf: satisfy compiler by having explicit return in btf test
     - selftests/bpf: Fix pyperf180 compilation failure with clang18
     - wifi: rt2x00: correct wrong BBP register in RxDCOC calibration
     - selftests/bpf: Fix issues in setup_classid_environment()
     - soc: xilinx: Fix for call trace due to the usage of smp_processor_id()
     - soc: xilinx: fix unhandled SGI warning message
     - scsi: lpfc: Fix possible file string name overflow when updating firmware
     - PCI: Add no PM reset quirk for NVIDIA Spectrum devices
     - bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
     - net: usb: ax88179_178a: avoid two consecutive device resets
     - scsi: arcmsr: Support new PCI device IDs 1883 and 1886
     - ARM: dts: imx7d: Fix coresight funnel ports
     - ARM: dts: imx7s: Fix lcdif compatible
     - ARM: dts: imx7s: Fix nand-controller #size-cells
     - wifi: ath9k: Fix potential array-index-out-of-bounds read in
       ath9k_htc_txstatus()
     - wifi: ath11k: fix race due to setting ATH11K_FLAG_EXT_IRQ_ENABLED too early
     - bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers
     - scsi: libfc: Don't schedule abort twice
     - scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
     - bpf: Set uattr->batch.count as zero before batched update or deletion
     - wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()
     - ARM: dts: rockchip: fix rk3036 hdmi ports node
     - ARM: dts: imx25/27-eukrea: Fix RTC node name
     - ARM: dts: imx: Use flash@0,0 pattern
     - ARM: dts: imx27: Fix sram node
     - ARM: dts: imx1: Fix sram node
     - net: phy: at803x: fix passing the wrong reference for config_intr
     - ionic: pass opcode to devcmd_wait
     - ionic: bypass firmware cmds when stuck in reset
     - block/rnbd-srv: Check for unlikely string overflow
     - ARM: dts: imx25: Fix the iim compatible string
     - ARM: dts: imx25/27: Pass timing0
     - ARM: dts: imx27-apf27dev: Fix LED name
     - ARM: dts: imx23-sansa: Use preferred i2c-gpios properties
     - ARM: dts: imx23/28: Fix the DMA controller node name
     - scsi: hisi_sas: Set .phy_attached before notifing phyup event
       HISI_PHYE_PHY_UP_PM
     - ice: fix ICE_AQ_VSI_Q_OPT_RSS_* register values
     - net: atlantic: eliminate double free in error handling logic
     - ne

 linux (6.5.0-39.39) mantic; urgency=medium
 .
   * mantic/linux: 6.5.0-39.39 -proposed tracker (LP: #2063709)
 .
   * RTL8852BE fw security fail then lost WIFI function during suspend/resume
     cycle (LP: #2063096)
     - wifi: rtw89: download firmware with five times retry
 .
   * Fix bluetooth connections with 3.0 device (LP: #2063067)
     - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
 .
   * cifs: Copying file to same directory results in page fault (LP: #2060919)
     - SAUCE: Revert "cifs: fix flushing folio regression for 6.1 backport"
 .
   * USB stick can't be detected (LP: #2040948)
     - usb: Disable USB3 LPM at shutdown
 .
   * CVE-2024-26733
     - arp: Prevent overflow in arp_req_get().
 .
   * CVE-2024-26736
     - afs: Increase buffer size in afs_update_volume_status()
 .
   * CVE-2024-26801
     - Bluetooth: Avoid potential use-after-free in hci_error_reset
 .
   * CVE-2024-26805
     - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
 .
   * CVE-2024-26809
     - netfilter: nft_set_pipapo: release elements in clone only from destroy path
 .
   * CVE-2024-26792
     - btrfs: fix double free of anonymous device after snapshot creation failure
 .
   * CVE-2024-26782
     - mptcp: fix double-free on socket dismantle
 .
   * CVE-2024-26748
     - usb: cdns3: fix memory double free when handle zero packet
 .
   * CVE-2024-26735
     - ipv6: sr: fix possible use-after-free and null-ptr-deref
 .
   * CVE-2024-26789
     - crypto: arm64/neonbs - fix out-of-bounds access on short input
 .
   * CVE-2024-26734
     - devlink: fix possible use-after-free and memory leaks in devlink_init()
 .
   * The keyboard does not work after latest kernel update (LP: #2060727)
     - Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID
 .
   * proc_sched_rt01 from ubuntu_ltp failed (LP: #2057734)
     - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
     - sched/rt: Disallow writing invalid values to sched_rt_period_us
 .
   * Avoid creating non-working backlight sysfs knob from ASUS board
     (LP: #2060422)
     - platform/x86: asus-wmi: Consider device is absent when the read is ~0
 .
   * [Ubuntu 22.04.4/linux-image-6.5.0-26-generic] Kernel output "UBSAN: array-
     index-out-of-bounds in /build/linux-hwe-6.5-34pCLi/linux-
     hwe-6.5-6.5.0/drivers/net/hyperv/netvsc.c:1445:41" multiple times,
     especially during boot. (LP: #2058477)
     - hv: hyperv.h: Replace one-element array with flexible-array member
 .
   * Fix acpi_power_meter accessing IPMI region before it's ready (LP: #2059263)
     - ACPI: IPMI: Add helper to wait for when SMI is selected
     - hwmon: (acpi_power_meter) Ensure IPMI space handler is ready on Dell systems
 .
   * Include cifs.ko in linux-modules package (LP: #2042546)
     - [Packaging] Replace fs/cifs with fs/smb/client in inclusion list
 .
   * Mantic update: upstream stable patchset 2024-04-16 (LP: #2061814)
     - btrfs: add and use helper to check if block group is used
     - btrfs: do not delete unused block group if it may be used soon
     - btrfs: forbid creating subvol qgroups
     - btrfs: forbid deleting live subvol qgroup
     - btrfs: send: return EOPNOTSUPP on unknown flags
     - btrfs: don't reserve space for checksums when writing to nocow files
     - btrfs: reject encoded write if inode has nodatasum flag set
     - btrfs: don't drop extent_map for free space inode on write error
     - driver core: Fix device_link_flag_is_sync_state_only()
     - of: unittest: Fix compile in the non-dynamic case
     - KVM: selftests: Fix a semaphore imbalance in the dirty ring logging test
     - wifi: iwlwifi: Fix some error codes
     - wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table()
     - of: property: Improve finding the supplier of a remote-endpoint property
     - net: openvswitch: limit the number of recursions from action sets
     - lan966x: Fix crash when adding interface under a lag
     - spi: ppc4xx: Drop write-only variable
     - ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
     - net: sysfs: Fix /sys/class/net/ path for statistics
     - nouveau/svm: fix kvcalloc() argument order
     - MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler
     - i40e: Do not allow untrusted VF to remove administratively set MAC
     - i40e: Fix waiting for queues of all VSIs to be disabled
     - scs: add CONFIG_MMU dependency for vfree_atomic()
     - tracing/trigger: Fix to return error if failed to alloc snapshot
     - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
     - scsi: storvsc: Fix ring buffer size calculation
     - dm-crypt, dm-verity: disable tasklets
     - ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF
     - parisc: Prevent hung tasks when printing inventory on serial console
     - ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift
       1 SF114-32
     - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
     - HID: i2c-hid-of: fix NULL-deref on failed power up
     - HID: wacom: generic: Avoid reporting a serial of '0' to userspace
     - HID: wacom: Do not register input devices until after hid_hw_start
     - iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP
     - usb: ucsi: Add missing ppm_lock
     - usb: ulpi: Fix debugfs directory leak
     - usb: ucsi_acpi: Fix command completion handling
     - USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
     - usb: f_mass_storage: forbid async queue when shutdown happen
     - usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend
     - interconnect: qcom: sc8180x: Mark CO0 BCM keepalive
     - media: ir_toy: fix a memleak in irtoy_tx
     - driver core: fw_devlink: Improve detection of overlapping cycles
     - cifs: fix underflow in parse_server_interfaces()
     - i2c: qcom-geni: Correct I2C TRE sequence
     - irqchip/loongson-eiointc: Use correct

 linux (6.5.0-34.34) mantic; urgency=medium
 .
   * mantic/linux: 6.5.0-34.34 -proposed tracker (LP: #2061443)
 .
   * CVE-2024-2201
     - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
     - x86/syscall: Don't force use of indirect calls for system calls
     - x86/bhi: Add support for clearing branch history at syscall entry
     - x86/bhi: Define SPEC_CTRL_BHI_DIS_S
     - x86/bhi: Enumerate Branch History Injection (BHI) bug
     - x86/bhi: Add BHI mitigation knob
     - x86/bhi: Mitigate KVM by default
     - KVM: x86: Add BHI_NO
     - [Config] Set CONFIG_BHI to enabled (auto)
 .