UbuntuUpdates.org

Package "linux-source-5.4.0"

This package belongs to a PPA: Canonical Kernel Team

Name: linux-source-5.4.0

Description:

Linux kernel source for version 5.4.0 with Ubuntu patches

Latest version: 5.4.0-200.220
Release: focal (20.04)
Level: base
Repository: main
Head package: linux

Links


Download "linux-source-5.4.0"


Other versions of "linux-source-5.4.0" in Focal

Repository Area Version
base main 5.4.0-26.30
security main 5.4.0-200.220
updates main 5.4.0-200.220
proposed main 5.4.0-192.212

Changelog

Version: 5.4.0-200.220 2024-09-27 18:08:50 UTC

 linux (5.4.0-200.220) focal; urgency=medium
 .
   * focal/linux: 5.4.0-200.220 -proposed tracker (LP: #2082937)
 .
   * Packaging resync (LP: #1786013)
     - [Packaging] debian.master/dkms-versions -- update from kernel-versions
       (main/2024.09.30)
 .
   * CVE-2024-26800
     - tls: rx: coalesce exit paths in tls_decrypt_sg()
     - tls: separate no-async decryption request handling from async
     - tls: fix use-after-free on failed backlog decryption
 .
   * CVE-2024-26641
     - ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
 .
   * CVE-2021-47212
     - net/mlx5: Update error handler for UCTX and UMEM
 .
   * wbt:wbt_* trace event NULL pointer dereference with GENHD_FL_HIDDEN disks
     (LP: #2081085)
     - bdi: use bdi_dev_name() to get device name
 .
   * Focal update: v5.4.284 upstream stable release (LP: #2081278)
     - drm: panel-orientation-quirks: Add quirk for OrangePi Neo
     - i2c: Fix conditional for substituting empty ACPI functions
     - net: usb: qmi_wwan: add MeiG Smart SRM825L
     - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr
     - drm/amdgpu: fix overflowed array index read warning
     - drm/amd/display: Check gpio_id before used as array index
     - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6
     - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
     - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within
       dal_gpio_service_create
     - drm/amdgpu: fix ucode out-of-bounds read warning
     - drm/amdgpu: fix mc_data out-of-bounds read warning
     - drm/amdkfd: Reconcile the definition and use of oem_id in struct
       kfd_topology_device
     - apparmor: fix possible NULL pointer dereference
     - ionic: fix potential irq name truncation
     - usbip: Don't submit special requests twice
     - usb: typec: ucsi: Fix null pointer dereference in trace
     - smack: tcp: ipv4, fix incorrect labeling
     - wifi: cfg80211: make hash table duplicates more survivable
     - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
     - media: uvcvideo: Enforce alignment of frame and interval
     - block: initialize integrity buffer to zero before writing it to media
     - net: set SOCK_RCU_FREE before inserting socket into hashtable
     - virtio_net: Fix napi_skb_cache_put warning
     - udf: Limit file size to 4TB
     - i2c: Use IS_REACHABLE() for substituting empty ACPI functions
     - sch/netem: fix use after free in netem_dequeue
     - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
     - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius
       devices
     - ata: libata: Fix memory leak for error path in ata_host_alloc()
     - irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init()
     - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
     - mmc: sdhci-of-aspeed: fix module autoloading
     - fuse: update stats for pages in dropped aux writeback list
     - fuse: use unsigned type for getxattr/listxattr size truncation
     - reset: hi6220: Add support for AO reset controller
     - clk: hi6220: use CLK_OF_DECLARE_DRIVER
     - clk: qcom: clk-alpha-pll: Fix the pll post div mask
     - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API
     - ila: call nf_unregister_net_hooks() sooner
     - sched: sch_cake: fix bulk flow accounting logic for host fairness
     - nilfs2: fix missing cleanup on rollforward recovery error
     - nilfs2: fix state management in error path of log writing function
     - ALSA: hda: Add input value sanity checks to HDMI channel map controls
     - smack: unix sockets: fix accept()ed socket label
     - irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1
     - af_unix: Remove put_pid()/put_cred() in copy_peercred().
     - netfilter: nf_conncount: fix wrong variable type
     - udf: Avoid excessive partition lengths
     - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
     - usb: uas: set host status byte on data completion error
     - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
     - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
     - pcmcia: Use resource_size function on resource object
     - can: bcm: Remove proc entry when dev is unregistered.
     - igb: Fix not clearing TimeSync interrupts for 82580
     - platform/x86: dell-smbios: Fix error path in dell_smbios_init()
     - tcp_bpf: fix return value of tcp_bpf_sendmsg()
     - cx82310_eth: re-enable ethernet mode after router reboot
     - drivers/net/usb: Remove all strcpy() uses
     - net: usb: don't write directly to netdev->dev_addr
     - usbnet: modern method to get random MAC
     - net: bridge: fdb: convert is_local to bitops
     - net: bridge: fdb: convert is_static to bitops
     - net: bridge: fdb: convert is_sticky to bitops
     - net: bridge: fdb: convert added_by_user to bitops
     - net: bridge: fdb: convert added_by_external_learn to use bitops
     - net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN
     - net: dsa: vsc73xx: fix possible subblocks range of CAPT block
     - ASoC: topology: Properly initialize soc_enum values
     - dm init: Handle minors larger than 255
     - iommu/vt-d: Handle volatile descriptor status read
     - cgroup: Protect css->cgroup write under css_set_lock
     - um: line: always fill *error_out in setup_one_line()
     - devres: Initialize an uninitialized struct member
     - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
     - hwmon: (adc128d818) Fix underflows seen when writing limit attributes
     - hwmon: (lm95234) Fix underflows seen when writing limit attributes
     - hwmon: (nct6775-core) Fix underflows seen when writing limit attributes
     - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes
     - libbpf: Add NULL checks to bpf_object__{prev_map,next_map}
     - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
     - smp: Add

Source diff to previous version
1786013 Packaging resync
2081085 wbt:wbt_* trace event NULL pointer dereference with GENHD_FL_HIDDEN disks
2081278 Focal update: v5.4.284 upstream stable release
2080595 Focal update: v5.4.283 upstream stable release
2078388 Focal update: v5.4.282 upstream stable release
2076097 Focal update: v5.4.281 upstream stable release
CVE-2024-26800 In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request g
CVE-2024-26641 In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip
CVE-2021-47212 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Update error handler for UCTX and UMEM In the fast unload flow, the d
CVE-2024-42244 In the Linux kernel, the following vulnerability has been resolved: USB: serial: mos7840: fix crash on resume Since commit c49cfa917025 ("USB: seri
CVE-2024-40929 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: check n_ssids before accessing the ssids In some versions o
CVE-2024-41073 In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retrie
CVE-2024-41071 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Avoid address calculations via out of bounds array indexing req
CVE-2024-42229 In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 spe
CVE-2024-38611 In the Linux kernel, the following vulnerability has been resolved: media: i2c: et8ek8: Don't strip remove function when driver is builtin Using __
CVE-2024-38602 In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issues of ax25_dev The ax25_addr_ax25dev() and a
CVE-2024-35848 In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessi
CVE-2024-26669 In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: Fix chain template offload When a qdisc is deleted from a ne
CVE-2024-26668 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: reject configurations that cause integer overflow Reject
CVE-2024-26640 In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages in
CVE-2024-26607 In the Linux kernel, the following vulnerability has been resolved: drm/bridge: sii902x: Fix probing race issue A null pointer dereference crash ha
CVE-2023-52614 In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in tra
CVE-2023-52531 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is k
CVE-2022-36402 An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file
CVE-2024-27051 In the Linux kernel, the following vulnerability has been resolved: cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value cpuf
CVE-2024-26891 In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected Fo
CVE-2024-26885 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix DEVMAP_HASH overflow check on 32-bit arches The devmap code allocates
CVE-2024-45016 In the Linux kernel, the following vulnerability has been resolved: netem: fix return value if duplicate enqueue fails There is a bug in netem_enqu
CVE-2024-38630 In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger When the
CVE-2024-27397 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a time
CVE-2024-26960 In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previo

Version: 5.4.0-197.217 2024-09-13 17:08:34 UTC

 linux (5.4.0-197.217) focal; urgency=medium
 .
   * focal/linux: 5.4.0-197.217 -proposed tracker (LP: #2080615)
 .
   * Packaging resync (LP: #1786013)
     - [Packaging] debian.master/dkms-versions -- update from kernel-versions
       (main/2024.09.02)
 .
   * Focal update: v5.4.283 upstream stable release (LP: #2080595)
     - fuse: Initialize beyond-EOF page contents before setting uptodate
     - ALSA: usb-audio: Support Yamaha P-125 quirk entry
     - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration
     - s390/dasd: fix error recovery leading to data corruption on ESE devices
     - arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to
       NUMA_NO_NODE
     - dm resume: don't return EINVAL when signalled
     - dm persistent data: fix memory allocation failure
     - vfs: Don't evict inode under the inode lru traversing context
     - bitmap: introduce generic optimized bitmap_size()
     - fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
     - selinux: fix potential counting error in avc_add_xperms_decision()
     - drm/amdgpu: Actually check flags for all context ops.
     - memcg_write_event_control(): fix a user-triggerable oops
     - overflow.h: Add flex_array_size() helper
     - overflow: Implement size_t saturating arithmetic helpers
     - s390/cio: rename bitmap_size() -> idset_bitmap_size()
     - btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits()
     - s390/uv: Panic for set and remove shared access UVC errors
     - net/mlx5e: Correctly report errors for ethtool rx flows
     - atm: idt77252: prevent use after free in dequeue_rx()
     - net: axienet: Fix DMA descriptor cleanup path
     - net: axienet: Improve DMA error handling
     - net: axienet: Factor out TX descriptor chain cleanup
     - net: axienet: Check for DMA mapping errors
     - net: axienet: Drop MDIO interrupt registers from ethtools dump
     - net: axienet: Wrap DMA pointer writes to prepare for 64 bit
     - net: axienet: Upgrade descriptors to hold 64-bit addresses
     - net: axienet: Autodetect 64-bit DMA capability
     - net: axienet: Fix register defines comment description
     - net: dsa: vsc73xx: pass value in phy_write operation
     - net: hns3: fix a deadlock problem when config TC during resetting
     - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7
     - ssb: Fix division by zero issue in ssb_calc_clock_rate
     - wifi: cw1200: Avoid processing an invalid TIM IE
     - i2c: riic: avoid potential division by zero
     - media: radio-isa: use dev_name to fill in bus_info
     - staging: ks7010: disable bh on tx_dev_lock
     - binfmt_misc: cleanup on filesystem umount
     - scsi: spi: Fix sshdr use
     - gfs2: setattr_chown: Add missing initialization
     - wifi: iwlwifi: abort scan when rfkill on but device enabled
     - IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock
     - powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu
     - nvmet-trace: avoid dereferencing pointer too early
     - ext4: do not trim the group with corrupted block bitmap
     - quota: Remove BUG_ON from dqget()
     - media: pci: cx23885: check cx23885_vdev_init() return
     - fs: binfmt_elf_efpic: don't use missing interpreter's properties
     - scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list()
     - net/sun3_82586: Avoid reading past buffer in debug output
     - drm/lima: set gp bus_stop bit before hard reset
     - virtiofs: forbid newlines in tags
     - md: clean up invalid BUG_ON in md_ioctl
     - x86: Increase brk randomness entropy for 64-bit systems
     - powerpc/boot: Handle allocation failure in simple_realloc()
     - powerpc/boot: Only free if realloc() succeeds
     - btrfs: change BUG_ON to assertion when checking for delayed_node root
     - btrfs: handle invalid root reference found in may_destroy_subvol()
     - btrfs: send: handle unexpected data in header buffer in begin_cmd()
     - btrfs: delete pointless BUG_ON check on quota root in
       btrfs_qgroup_account_extent()
     - f2fs: fix to do sanity check in update_sit_entry
     - usb: gadget: fsl: Increase size of name buffer for endpoints
     - nvme: clear caller pointer on identify failure
     - Bluetooth: bnep: Fix out-of-bound access
     - nvmet-tcp: do not continue for invalid icreq
     - NFS: avoid infinite loop in pnfs_update_layout.
     - openrisc: Call setup_memory() earlier in the init sequence
     - s390/iucv: fix receive buffer virtual vs physical address confusion
     - usb: dwc3: core: Skip setting event buffers for host only controllers
     - irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc
     - ext4: set the type of max_zeroout to unsigned int to avoid overflow
     - nvmet-rdma: fix possible bad dereference when freeing rsps
     - hrtimer: Prevent queuing of hrtimer without a function callback
     - gtp: pull network headers in gtp_dev_xmit()
     - block: use "unsigned long" for blk_validate_block_size().
     - media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c)
     - dm mpath: pass IO start time to path selector
     - dm: do not use waitqueue for request-based DM
     - dm suspend: return -ERESTARTSYS instead of -EINTR
     - Bluetooth: Make use of __check_timeout on hci_sched_le
     - Bluetooth: hci_core: Fix not handling link timeouts propertly
     - Bluetooth: hci_core: Fix LE quote calculation
     - tc-testing: don't access non-existent variable on exception
     - kcm: Serialise kcm_sendmsg() for the same socket.
     - netfilter: nft_counter: Synchronize nft_counter_reset() against reader.
     - net: dsa: mv88e6xxx: global2: Expose ATU stats register
     - net: dsa: mv88e6xxx: global1_atu: Add helper for get next
     - net: dsa: mv88e6xxx: read FID when handling ATU violations
     - net: dsa: mv88e6xxx: replace ATU violation prints with trace points
     - net: dsa: mv88e6xxx: Fix out-o

Source diff to previous version
1786013 Packaging resync
2080595 Focal update: v5.4.283 upstream stable release
2078388 Focal update: v5.4.282 upstream stable release
2076097 Focal update: v5.4.281 upstream stable release
CVE-2024-38630 In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger When the
CVE-2024-27051 In the Linux kernel, the following vulnerability has been resolved: cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value cpuf
CVE-2024-26891 In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected Fo
CVE-2024-27397 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a time
CVE-2024-26960 In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previo
CVE-2024-26885 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix DEVMAP_HASH overflow check on 32-bit arches The devmap code allocates
CVE-2024-39494 In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name ->d_name.name can change on re
CVE-2024-42160 In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fs_build_fault_attr() - It missed to
CVE-2024-38570 In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix potential glock use-after-free on unmount When a DLM lockspace is rel
CVE-2024-42228 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc In
CVE-2022-48791 In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sas_task Currently a use-after
CVE-2024-26787 In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DM
CVE-2024-27012 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: restore set elements when delete set fails From abort pat
CVE-2022-48863 In the Linux kernel, the following vulnerability has been resolved: mISDN: Fix memory leak in dsp_pipeline_build() dsp_pipeline_build() allocates d
CVE-2021-47188 In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on
CVE-2024-26677 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construc

Version: 5.4.0-195.215 2024-08-02 23:08:57 UTC

 linux (5.4.0-195.215) focal; urgency=medium
 .
   * focal/linux: 5.4.0-195.215 -proposed tracker (LP: #2075954)
 .
   * Focal update: v5.4.280 upstream stable release (LP: #2075175)
     - Compiler Attributes: Add __uninitialized macro
     - drm/lima: fix shared irq handling on driver remove
     - media: dvb: as102-fe: Fix as10x_register_addr packing
     - media: dvb-usb: dib0700_devices: Add missing release_firmware()
     - IB/core: Implement a limit on UMAD receive List
     - scsi: qedf: Make qedf_execute_tmf() non-preemptible
     - drm/amdgpu: Initialize timestamp for some legacy SOCs
     - drm/amd/display: Skip finding free audio for unknown engine_id
     - media: dw2102: Don't translate i2c read into write
     - sctp: prefer struct_size over open coded arithmetic
     - firmware: dmi: Stop decoding on broken entry
     - Input: ff-core - prefer struct_size over open coded arithmetic
     - net: dsa: mv88e6xxx: Correct check for empty list
     - media: dvb-frontends: tda18271c2dd: Remove casting during div
     - media: s2255: Use refcount_t instead of atomic_t for num_channels
     - media: dvb-frontends: tda10048: Fix integer overflow
     - i2c: i801: Annotate apanel_addr as __ro_after_init
     - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n
     - orangefs: fix out-of-bounds fsid access
     - powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"
     - jffs2: Fix potential illegal address access in jffs2_free_inode
     - s390/pkey: Wipe sensitive data on failure
     - tcp: tcp_mark_head_lost is only valid for sack-tcp
     - tcp: add ece_ack flag to reno sack functions
     - net: tcp better handling of reordering then loss cases
     - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open()
     - tcp_metrics: validate source addr length
     - wifi: wilc1000: fix ies_len type in connect path
     - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
     - selftests: fix OOM in msg_zerocopy selftest
     - selftests: make order checking verbose in msg_zerocopy selftest
     - inet_diag: Initialize pad field in struct inet_diag_req_v2
     - nilfs2: fix inode number range checks
     - nilfs2: add missing check for inode numbers on directory entries
     - mm: optimize the redundant loop of mm_update_owner_next()
     - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct
     - fsnotify: Do not generate events for O_PATH file descriptors
     - Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(),
       again"
     - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes
     - drm/amdgpu/atomfirmware: silence UBSAN warning
     - media: dw2102: fix a potential buffer overflow
     - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr
     - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897
     - nvme-multipath: find NUMA path only for online numa-node
     - nilfs2: fix incorrect inode allocation from reserved inodes
     - filelock: fix potential use-after-free in posix_lock_inode
     - fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading
     - vfs: don't mod negative dentry count when on shrinker list
     - tcp: add TCP_INFO status for failed client TFO
     - tcp: fix incorrect undo caused by DSACK of TLP retransmit
     - octeontx2-af: Fix incorrect value output on error path in
       rvu_check_rsrc_availability()
     - net: lantiq_etop: add blank line after declaration
     - net: ethernet: lantiq_etop: fix double free in detach
     - ppp: reject claimed-as-LCP but actually malformed packets
     - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().
     - s390: Mark psw in __load_psw_mask() as __unitialized
     - ARM: davinci: Convert comma to semicolon
     - octeontx2-af: fix detection of IP layer
     - USB: serial: option: add Telit generic core-dump composition
     - USB: serial: option: add Telit FN912 rmnet compositions
     - USB: serial: option: add Fibocom FM350-GL
     - USB: serial: option: add support for Foxconn T99W651
     - USB: serial: option: add Netprisma LCUK54 series modules
     - USB: serial: option: add Rolling RW350-GL variants
     - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k
     - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()
     - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the
       descriptor
     - hpet: Support 32-bit userspace
     - nvmem: meson-efuse: Fix return value of nvmem callbacks
     - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX
     - libceph: fix race between delayed_work() and ceph_monc_stop()
     - SUNRPC: Fix RPC client cleaned up the freed pipefs dentries
     - tcp: refactor tcp_retransmit_timer()
     - net: tcp: fix unexcepted socket die when snd_wnd is 0
     - tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
     - tcp: avoid too many retransmit packets
     - nilfs2: fix kernel bug on rename operation of broken directory
     - i2c: rcar: bring hardware to known state when probing
     - Linux 5.4.280
 .
   * [SRU] UBSAN warnings in bnx2x kernel driver (LP: #2074215) // Focal update:
     v5.4.280 upstream stable release (LP: #2075175)
     - bnx2x: Fix multiple UBSAN array-index-out-of-bounds
 .
   * Focal update: v5.4.279 upstream stable release (LP: #2073621)
     - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
     - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
     - wifi: cfg80211: pmsr: use correct nla_get_uX functions
     - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64
     - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef
     - wifi: iwlwifi: mvm: don't read past the mfuart notifcation
     - ipv6: sr: block BH in seg6_output_core() and seg6_input_core()
     - net: sched: sch_multiq: fix possible OOB write in multiq_tune()
     - vxlan: Fix regression when d

Source diff to previous version
2075175 Focal update: v5.4.280 upstream stable release
2074215 [SRU] UBSAN warnings in bnx2x kernel driver
2073621 Focal update: v5.4.279 upstream stable release
CVE-2024-26921 In the Linux kernel, the following vulnerability has been resolved: inet: inet_defrag: prevent sk release while still in use ip_local_out() and oth
CVE-2024-26929 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of fcport The server was crashing after LOGO bec
CVE-2024-39484 In the Linux kernel, the following vulnerability has been resolved: mmc: davinci: Don't strip remove function when driver is builtin Using __exit f
CVE-2024-36901 In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a
CVE-2024-26830 In the Linux kernel, the following vulnerability has been resolved: i40e: Do not allow untrusted VF to remove administratively set MAC Currently wh
CVE-2024-24860 A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dere
CVE-2023-52760 In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in gfs2_qd_dealloc In gfs2_put_super(), whether w
CVE-2024-2201 Native Branch History Injection
CVE-2023-52629 In the Linux kernel, the following vulnerability has been resolved: sh: push-switch: Reorder cleanup operations to avoid use-after-free bug The ori
CVE-2021-46926 In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: intel-sdw-acpi: harden detection of controller The existing code cur

Version: 5.4.0-192.212 2024-07-05 13:11:19 UTC

 linux (5.4.0-192.212) focal; urgency=medium
 .
   * focal/linux: 5.4.0-192.212 -proposed tracker (LP: #2072305)
 .
   * Focal update: v5.4.278 upstream stable release (LP: #2071668)
     - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
     - speakup: Fix sizeof() vs ARRAY_SIZE() bug
     - ring-buffer: Fix a race between readers and resize checks
     - net: smc91x: Fix m68k kernel compilation for ColdFire CPU
     - nilfs2: fix unexpected freezing of nilfs_segctor_sync()
     - nilfs2: fix potential hang in nilfs_detach_log_writer()
     - wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt
       class
     - net: usb: qmi_wwan: add Telit FN920C04 compositions
     - drm/amd/display: Set color_mgmt_changed to true on unsuspend
     - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating
     - ASoC: dt-bindings: rt5645: add cbj sleeve gpio property
     - ASoC: da7219-aad: fix usage of device_get_named_child_node()
     - drm/amdkfd: Flush the process wq before creating a kfd_process
     - nvme: find numa distance only if controller has valid numa id
     - openpromfs: finish conversion to the new mount API
     - crypto: bcm - Fix pointer arithmetic
     - firmware: raspberrypi: Use correct device for DMA mappings
     - ecryptfs: Fix buffer size for tag 66 packet
     - nilfs2: fix out-of-range warning
     - parisc: add missing export of __cmpxchg_u8()
     - crypto: ccp - drop platform ifdef checks
     - s390/cio: fix tracepoint subchannel type field
     - jffs2: prevent xattr node from overflowing the eraseblock
     - null_blk: Fix missing mutex_destroy() at module removal
     - md: fix resync softlockup when bitmap size is less than array size
     - wifi: ath10k: poll service ready message before failing
     - x86/boot: Ignore relocations in .notes sections in walk_relocs() too
     - qed: avoid truncating work queue length
     - scsi: ufs: qcom: Perform read back after writing reset bit
     - scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV
     - scsi: ufs: core: Perform read back after disabling interrupts
     - scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL
     - irqchip/alpine-msi: Fix off-by-one in allocation error path
     - ACPI: disable -Wstringop-truncation
     - cpufreq: Reorganize checks in cpufreq_offline()
     - cpufreq: Split cpufreq_offline()
     - cpufreq: Rearrange locking in cpufreq_remove_dev()
     - cpufreq: exit() callback is optional
     - scsi: libsas: Fix the failure of adding phy with zero-address to port
     - scsi: hpsa: Fix allocation size for Scsi_Host private data
     - x86/purgatory: Switch to the position-independent small code model
     - wifi: ath10k: Fix an error code problem in
       ath10k_dbg_sta_write_peer_debug_trigger()
     - wifi: ath10k: populate board data for WCN3990
     - tcp: minor optimization in tcp_add_backlog()
     - tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
     - tcp: avoid premature drops in tcp_add_backlog()
     - macintosh/via-macii: Fix "BUG: sleeping function called from invalid
       context"
     - wifi: carl9170: add a proper sanity check for endpoints
     - wifi: ar5523: enable proper endpoint verification
     - sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe()
     - Revert "sh: Handle calling csum_partial with misaligned data"
     - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors
     - scsi: bfa: Ensure the copied buf is NUL terminated
     - scsi: qedf: Ensure the copied buf is NUL terminated
     - wifi: mwl8k: initialize cmd->addr[] properly
     - usb: aqc111: stop lying about skb->truesize
     - net: usb: sr9700: stop lying about skb->truesize
     - m68k: Fix spinlock race in kernel thread creation
     - m68k: mac: Fix reboot hang on Mac IIci
     - net: ethernet: cortina: Locking fixes
     - af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
     - net: usb: smsc95xx: stop lying about skb->truesize
     - net: openvswitch: fix overwriting ct original tuple for ICMPv6
     - ipv6: sr: add missing seg6_local_exit
     - ipv6: sr: fix incorrect unregister order
     - ipv6: sr: fix invalid unregister error path
     - drm/amd/display: Fix potential index out of bounds in color transformation
       function
     - mtd: rawnand: hynix: fixed typo
     - fbdev: shmobile: fix snprintf truncation
     - drm/mediatek: Add 0 size check to mtk_drm_gem_obj
     - powerpc/fsl-soc: hide unused const variable
     - fbdev: sisfb: hide unused variables
     - media: ngene: Add dvb_ca_en50221_init return value check
     - media: radio-shark2: Avoid led_names truncations
     - platform/x86: wmi: Make two functions static
     - fbdev: sh7760fb: allow modular build
     - drm/arm/malidp: fix a possible null pointer dereference
     - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
     - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector
     - RDMA/hns: Use complete parentheses in macros
     - x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map
     - ext4: avoid excessive credit estimate in ext4_tmpfile()
     - sunrpc: removed redundant procp check
     - SUNRPC: Fix gss_free_in_token_pages()
     - selftests/kcmp: Make the test output consistent and clear
     - selftests/kcmp: remove unused open mode
     - RDMA/IPoIB: Fix format truncation compilation errors
     - netrom: fix possible dead-lock in nr_rt_ioctl()
     - af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
     - sched/topology: Don't set SD_BALANCE_WAKE on cpuset domain relax
     - sched/fair: Allow disabling sched_balance_newidle with
       sched_relax_domain_level
     - greybus: lights: check return of get_channel_from_mode
     - soundwire: cadence/intel: simplify PDI/port mapping
     - soundwire: intel: don't filter out PDI0/1
     - soundwire: cadence_master: improve PDI allocat

Source diff to previous version
2071668 Focal update: v5.4.278 upstream stable release
2070179 Focal update: v5.4.277 upstream stable release
2069758 Focal update: v5.4.276 upstream stable release
2061091 Freezing user space processes failed after 20.008 seconds (1 tasks refusing to freeze, wq_busy=0)
CVE-2024-27019 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() nft_unreg
CVE-2024-26886 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: af_bluetooth: Fix deadlock Attemting to do sock_lock on .recvmsg may
CVE-2023-52752 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB ses
CVE-2022-48674 In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with C
CVE-2024-36016 In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following
CVE-2022-48655 In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domain
CVE-2024-26907 In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment ------------
CVE-2024-26585 In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous
CVE-2024-26584 In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_
CVE-2024-26583 In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one

Version: 5.4.0-189.209 2024-06-07 17:12:04 UTC

 linux (5.4.0-189.209) focal; urgency=medium
 .
   * focal/linux: 5.4.0-189.209 -proposed tracker (LP: #2068454)
 .
   * Focal update: v5.4.275 upstream stable release (LP: #2067865)
     - batman-adv: Avoid infinite loop trying to resize local TT
     - Bluetooth: Fix memory leak in hci_req_sync_complete()
     - nouveau: fix function cast warning
     - net: openvswitch: fix unwanted error log on timeout policy probing
     - u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file
     - geneve: fix header validation in geneve[6]_xmit_skb
     - ipv6: fib: hide unused 'pn' variable
     - ipv4/route: avoid unused-but-set-variable warning
     - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
     - net/mlx5: Properly link new fs rules into the tree
     - net: ena: Fix potential sign extension issue
     - btrfs: qgroup: correctly model root qgroup rsv in convert
     - drm/client: Fully protect modes[] with dev->mode_config.mutex
     - vhost: Add smp_rmb() in vhost_vq_avail_empty()
     - selftests: timers: Fix abs() warning in posix_timers test
     - x86/apic: Force native_apic_mem_read() to use the MOV instruction
     - btrfs: record delayed inode root in transaction
     - selftests/ftrace: Limit length in subsystem-enable tests
     - kprobes: Fix possible use-after-free issue on kprobe registration
     - Revert "tracing/trigger: Fix to return error if failed to alloc snapshot"
     - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
     - tun: limit printing rate when illegal packet received by tun dev
     - RDMA/rxe: Fix the problem "mutex_destroy missing"
     - RDMA/mlx5: Fix port number for counter query in multi-port configuration
     - drm: nv04: Fix out of bounds access
     - clk: Remove prepare_lock hold assertion in __clk_release()
     - clk: Mark 'all_lists' as const
     - clk: remove extra empty line
     - clk: Print an info line before disabling unused clocks
     - clk: Initialize struct clk_core kref earlier
     - clk: Get runtime PM before walking tree during disable_unused
     - x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ
     - comedi: vmk80xx: fix incomplete endpoint checking
     - serial/pmac_zilog: Remove flawed mitigation for rx irq flood
     - USB: serial: option: add Fibocom FM135-GL variants
     - USB: serial: option: add support for Fibocom FM650/FG650
     - USB: serial: option: add Lonsung U8300/U9300 product
     - USB: serial: option: support Quectel EM060K sub-models
     - USB: serial: option: add Rolling RW101-GL and RW135-GL support
     - USB: serial: option: add Telit FN920C04 rmnet compositions
     - usb: dwc2: host: Fix dereference issue in DDMA completion flow.
     - speakup: Avoid crash on very long word
     - fs: sysfs: Fix reference leak in sysfs_break_active_protection()
     - nouveau: fix instmem race condition around ptr stores
     - nilfs2: fix OOB in nilfs_set_de_type
     - KVM: async_pf: Cleanup kvm_setup_async_pf()
     - arm64: dts: rockchip: fix alphabetical ordering RK3399 puma
     - arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma
     - arm64: dts: mediatek: mt7622: fix IR nodename
     - arm64: dts: mediatek: mt7622: fix ethernet controller "compatible"
     - arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block
     - arm64: dts: mt2712: add ethernet device node
     - arm64: dts: mediatek: mt2712: fix validation errors
     - ARC: [plat-hsdk]: Remove misplaced interrupt-cells property
     - vxlan: drop packets from invalid src-address
     - mlxsw: core: Unregister EMAD trap using FORWARD action
     - NFC: trf7970a: disable all regulators on removal
     - net: usb: ax88179_178a: stop lying about skb->truesize
     - net: gtp: Fix Use-After-Free in gtp_dellink
     - ipvs: Fix checksumming on GSO of SCTP packets
     - net: openvswitch: Fix Use-After-Free in ovs_ct_exit
     - mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work
     - mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update
     - mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash
     - mlxsw: spectrum_acl_tcam: Rate limit error message
     - mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
     - mlxsw: spectrum_acl_tcam: Fix warning during rehash
     - mlxsw: spectrum_acl_tcam: Fix incorrect list API usage
     - mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work
     - i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
     - iavf: Fix TC config comparison with existing adapter TC config
     - af_unix: Suppress false-positive lockdep splat for spin_lock() in
       __unix_gc().
     - serial: core: Provide port lock wrappers
     - serial: mxs-auart: add spinlock around changing cts state
     - Revert "crypto: api - Disallow identical driver names"
     - net/mlx5e: Fix a race in command alloc flow
     - tracing: Show size of requested perf buffer
     - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker
       together
     - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
     - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853
     - btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
     - arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma
     - drm/amdgpu: Fix leak when GPU memory allocation fails
     - irqchip/gic-v3-its: Prevent double free on error
     - ethernet: Add helper for assigning packet type when dest address does not
       match device address
     - net: b44: set pause params only when interface is up
     - stackdepot: respect __GFP_NOLOCKDEP allocation flag
     - mtd: diskonchip: work around ubsan link failure
     - tcp: Clean up kernel listener's reqsk in inet_twsk_purge()
     - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()
     - dmaengine: owl: fix register access functions
     - idma64: Don't try to serve int

2067865 Focal update: v5.4.275 upstream stable release
2067857 Focal update: v5.4.274 upstream stable release
2064561 Focal update: v5.4.273 upstream stable release
2064555 Focal update: v5.4.272 upstream stable release
CVE-2024-26586 In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added
CVE-2024-26923 In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does
CVE-2024-23307 Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow
CVE-2024-26889 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix possible buffer overflow struct hci_dev_info has a fix
CVE-2024-26828 In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through
CVE-2024-24861 A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return valu
CVE-2023-6270 A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct n
CVE-2024-26642 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets a
CVE-2024-26926 In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("bin
CVE-2024-26922 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verif
CVE-2024-26925 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The co
CVE-2024-26643 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
CVE-2024-2201 Native Branch History Injection



About   -   Send Feedback to @ubuntu_updates