Package "linux-tools-host"

  linux (6.5.0-44.44) mantic; urgency=medium

  * mantic/linux: 6.5.0-44.44 -proposed tracker (LP: #2068341)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2024.06.10)

  * Some DUTs can't boot up after installing the proposed kernel on Mantic
    (LP: #2061940)
    - SAUCE: Revert "x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat
      section"
    - SAUCE: Revert "x86/boot: Increase section and file alignment to 4k/512"
    - SAUCE: Revert "x86/boot: Split off PE/COFF .data section"
    - SAUCE: Revert "x86/boot: Drop PE/COFF .reloc section"
    - SAUCE: Revert "x86/boot: Construct PE/COFF .text section from assembler"
    - SAUCE: Revert "x86/boot: Derive file size from _edata symbol"
    - SAUCE: Revert "x86/boot: Define setup size in linker script"
    - SAUCE: Revert "x86/boot: Set EFI handover offset directly in header asm"
    - SAUCE: Revert "x86/boot: Grab kernel_info offset from zoffset header
      directly"
    - SAUCE: Revert "x86/boot: Drop redundant code setting the root device"
    - SAUCE: Revert "x86/boot: Drop references to startup_64"
    - SAUCE: Revert "x86/boot: Omit compression buffer from PE/COFF image memory
      footprint"
    - SAUCE: Revert "x86/boot: Remove the 'bugger off' message"
    - SAUCE: Revert "x86/efi: Drop alignment flags from PE section headers"
    - SAUCE: Revert "x86/efi: Drop EFI stub .bss from .data section"

  * CVE-2023-52880
    - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc

  * i915 cannot probe successfully on HP ZBook Power 16 G11 (LP: #2067883)
    - drm/i915/mtl: Remove the 'force_probe' requirement for Meteor Lake

  * CVE-2024-26838
    - RDMA/irdma: Fix KASAN issue with tasklet

  * mtk_t7xx WWAN module fails to probe with: Invalid device status 0x1
    (LP: #2049358)
    - Revert "UBUNTU: SAUCE: net: wwan: t7xx: PCIe reset rescan"
    - Revert "UBUNTU: SAUCE: net: wwan: t7xx: Add AP CLDMA"
    - net: wwan: t7xx: Add AP CLDMA
    - wwan: core: Add WWAN fastboot port type
    - net: wwan: t7xx: Add sysfs attribute for device state machine
    - net: wwan: t7xx: Infrastructure for early port configuration
    - net: wwan: t7xx: Add fastboot WWAN port

  * TCP memory leak, slow network (arm64) (LP: #2045560)
    - net: make SK_MEMORY_PCPU_RESERV tunable
    - net: fix sk_memory_allocated_{add|sub} vs softirqs

  * CVE-2024-26923
    - af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
    - af_unix: Fix garbage collector racing against connect()

  * Add support for Quectel EM160R-GL modem [1eac:100d] (LP: #2063399)
    - Add support for Quectel EM160R-GL modem

  * Add support for Quectel RM520N-GL modem [1eac:1007] (LP: #2063529)
    - Add support for Quectel RM520N-GL modem
    - Add support for Quectel RM520N-GL modem

  * [SRU][22.04.4]: megaraid_sas: Critical Bug Fixes (LP: #2046722)
    - scsi: megaraid_sas: Log message when controller reset is requested but not
      issued
    - scsi: megaraid_sas: Driver version update to 07.727.03.00-rc1

  * Fix the RTL8852CE BT FW Crash based on SER false alarm (LP: #2060904)
    - wifi: rtw89: disable txptctrl IMR to avoid flase alarm
    - wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of
      firmware command

  * CVE-2024-23307
    - md/raid5: fix atomicity violation in raid5_cache_count

  * CVE-2024-26889
    - Bluetooth: hci_core: Fix possible buffer overflow

  * CVE-2024-24861
    - media: xc4000: Fix atomicity violation in xc4000_get_frequency

  * CVE-2023-6270
    - aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts

  * CVE-2024-26642
    - netfilter: nf_tables: disallow anonymous set with timeout flag

  * CVE-2024-26926
    - binder: check offset alignment in binder_get_object()

  * CVE-2024-26922
    - drm/amdgpu: validate the parameters of bo mapping operations more clearly

  * CVE-2024-26803
    - net: veth: clear GRO when clearing XDP even when down

  * CVE-2024-26790
    - dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read

  * CVE-2024-26890
    - Bluetooth: hci_h5: Add ability to allocate memory for private data
    - Bluetooth: btrtl: fix out of bounds memory access

  * CVE-2024-26802
    - stmmac: Clear variable when destroying workqueue

  * CVE-2024-26798
    - fbcon: always restore the old font data in fbcon_do_set_font()

  * RTL8852BE fw security fail then lost WIFI function during suspend/resume
    cycle (LP: #2063096)
    - wifi: rtw89: download firmware with five times retry

  * Fix bluetooth connections with 3.0 device (LP: #2063067)
    - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST

  * USB stick can't be detected (LP: #2040948)
    - usb: Disable USB3 LPM at shutdown

  * CVE-2024-26733
    - arp: Prevent overflow in arp_req_get().

  * CVE-2024-26736
    - afs: Increase buffer size in afs_update_volume_status()

  * CVE-2024-26792
    - btrfs: fix double free of anonymous device after snapshot creation failure

  * CVE-2024-26782
    - mptcp: fix double-free on socket dismantle

  * CVE-2024-26748
    - usb: cdns3: fix memory double free when handle zero packet

  * CVE-2024-26735
    - ipv6: sr: fix possible use-after-free and null-ptr-deref

  * CVE-2024-26789
    - crypto: arm64/neonbs - fix out-of-bounds access on short input

  * CVE-2024-26734
    - devlink: fix possible use-after-free and memory leaks in devlink_init()

  * The keyboard does not work after latest kernel update (LP: #2060727)
    - Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID

  * proc_sched_rt01 from ubuntu_ltp failed (LP: #2057734)
    - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
    - sched/rt: Disallow writing invalid values to sched_rt_period_us

  * Avoid creating non-working backlight sysfs knob from ASUS board
    (LP: #2060422)
    - platform/x86: asus-wmi: Consider device is absent when the read is ~0

  * [Ubuntu 22.04.4/li

  linux (6.5.0-41.41) mantic; urgency=medium

  * mantic/linux: 6.5.0-41.41 -proposed tracker (LP: #2065893)

  * CVE-2024-21823
    - VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist
    - dmaengine: idxd: add a new security check to deal with a hardware erratum
    - dmaengine: idxd: add a write() method for applications to submit work

  linux (6.5.0-40.40) mantic; urgency=medium

  * mantic/linux: 6.5.0-40.40 -proposed tracker (LP: #2063709)

  * [Mantic] Compile broken on armhf (cc1 out of memory) (LP: #2060446)
    - Revert "minmax: relax check to allow comparison between unsigned arguments
      and signed constants"
    - Revert "minmax: allow comparisons of 'int' against 'unsigned char/short'"
    - Revert "minmax: allow min()/max()/clamp() if the arguments have the same
      signedness."
    - Revert "minmax: add umin(a, b) and umax(a, b)"

  * Drop fips-checks script from trees (LP: #2055083)
    - [Packaging] Remove fips-checks script

  * alsa/realtek: adjust max output valume for headphone on 2 LG machines
    (LP: #2058573)
    - ALSA: hda/realtek: fix the hp playback volume issue for LG machines

  * Mantic update: upstream stable patchset 2024-03-27 (LP: #2059284)
    - asm-generic: make sparse happy with odd-sized put_unaligned_*()
    - powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
    - arm64: irq: set the correct node for VMAP stack
    - drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
    - powerpc: Fix build error due to is_valid_bugaddr()
    - powerpc/mm: Fix build failures due to arch_reserved_kernel_pages()
    - powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping()
    - x86/boot: Ignore NMIs during very early boot
    - powerpc: pmd_move_must_withdraw() is only needed for
      CONFIG_TRANSPARENT_HUGEPAGE
    - powerpc/lib: Validate size for vector operations
    - x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel
    - perf/core: Fix narrow startup race when creating the perf nr_addr_filters
      sysfs file
    - debugobjects: Stop accessing objects after releasing hash bucket lock
    - regulator: core: Only increment use_count when enable_count changes
    - audit: Send netlink ACK before setting connection in auditd_set
    - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
    - PNP: ACPI: fix fortify warning
    - ACPI: extlog: fix NULL pointer dereference check
    - ACPI: NUMA: Fix the logic of getting the fake_pxm value
    - PM / devfreq: Synchronize devfreq_monitor_[start/stop]
    - ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous
      events
    - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
    - jfs: fix array-index-out-of-bounds in dbAdjTree
    - pstore/ram: Fix crash when setting number of cpus to an odd number
    - crypto: octeontx2 - Fix cptvf driver cleanup
    - erofs: fix ztailpacking for subpage compressed blocks
    - crypto: stm32/crc32 - fix parsing list of devices
    - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
    - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
    - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
    - jfs: fix array-index-out-of-bounds in diNewExt
    - arch: consolidate arch_irq_work_raise prototypes
    - s390/vfio-ap: fix sysfs status attribute for AP queue devices
    - s390/ptrace: handle setting of fpc register correctly
    - KVM: s390: fix setting of fpc register
    - SUNRPC: Fix a suspicious RCU usage warning
    - ecryptfs: Reject casefold directory inodes
    - ext4: fix inconsistent between segment fstrim and full fstrim
    - ext4: unify the type of flexbg_size to unsigned int
    - ext4: remove unnecessary check from alloc_flex_gd()
    - ext4: avoid online resizing failures due to oversized flex bg
    - wifi: rt2x00: restart beacon queue when hardware reset
    - selftests/bpf: satisfy compiler by having explicit return in btf test
    - selftests/bpf: Fix pyperf180 compilation failure with clang18
    - wifi: rt2x00: correct wrong BBP register in RxDCOC calibration
    - selftests/bpf: Fix issues in setup_classid_environment()
    - soc: xilinx: Fix for call trace due to the usage of smp_processor_id()
    - soc: xilinx: fix unhandled SGI warning message
    - scsi: lpfc: Fix possible file string name overflow when updating firmware
    - PCI: Add no PM reset quirk for NVIDIA Spectrum devices
    - bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
    - net: usb: ax88179_178a: avoid two consecutive device resets
    - scsi: arcmsr: Support new PCI device IDs 1883 and 1886
    - ARM: dts: imx7d: Fix coresight funnel ports
    - ARM: dts: imx7s: Fix lcdif compatible
    - ARM: dts: imx7s: Fix nand-controller #size-cells
    - wifi: ath9k: Fix potential array-index-out-of-bounds read in
      ath9k_htc_txstatus()
    - wifi: ath11k: fix race due to setting ATH11K_FLAG_EXT_IRQ_ENABLED too early
    - bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers
    - scsi: libfc: Don't schedule abort twice
    - scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
    - bpf: Set uattr->batch.count as zero before batched update or deletion
    - wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()
    - ARM: dts: rockchip: fix rk3036 hdmi ports node
    - ARM: dts: imx25/27-eukrea: Fix RTC node name
    - ARM: dts: imx: Use flash@0,0 pattern
    - ARM: dts: imx27: Fix sram node
    - ARM: dts: imx1: Fix sram node
    - net: phy: at803x: fix passing the wrong reference for config_intr
    - ionic: pass opcode to devcmd_wait
    - ionic: bypass firmware cmds when stuck in reset
    - block/rnbd-srv: Check for unlikely string overflow
    - ARM: dts: imx25: Fix the iim compatible string
    - ARM: dts: imx25/27: Pass timing0
    - ARM: dts: imx27-apf27dev: Fix LED name
    - ARM: dts: imx23-sansa: Use preferred i2c-gpios properties
    - ARM: dts: imx23/28: Fix the DMA controller node name
    - scsi: hisi_sas: Set .phy_attached before notifing phyup event
      HISI_PHYE_PHY_UP_PM
    - ice: fix ICE_AQ_VSI_Q_OPT_RSS_* register values
    - net: atlantic: eliminate double free in error handling logic
    - net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path
    - block: prevent an integer overflow in bvec

  linux (6.5.0-34.34) mantic; urgency=medium

  * mantic/linux: 6.5.0-34.34 -proposed tracker (LP: #2061443)

  * CVE-2024-2201
    - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
    - x86/syscall: Don't force use of indirect calls for system calls
    - x86/bhi: Add support for clearing branch history at syscall entry
    - x86/bhi: Define SPEC_CTRL_BHI_DIS_S
    - x86/bhi: Enumerate Branch History Injection (BHI) bug
    - x86/bhi: Add BHI mitigation knob
    - x86/bhi: Mitigate KVM by default
    - KVM: x86: Add BHI_NO
    - [Config] Set CONFIG_BHI to enabled (auto)

  linux (6.5.0-33.33) mantic; urgency=medium

  * mantic/linux: 6.5.0-33.33 -proposed tracker (LP: #2060448)

  * [Mantic] Compile broken on armhf (cc1 out of memory) (LP: #2060446)
    - Revert "minmax: relax check to allow comparison between unsigned arguments
      and signed constants"
    - Revert "minmax: allow comparisons of 'int' against 'unsigned char/short'"
    - Revert "minmax: allow min()/max()/clamp() if the arguments have the same
      signedness."
    - Revert "minmax: add umin(a, b) and umax(a, b)"