Package "linux"

 linux (5.15.0-91.101) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-91.101 -proposed tracker (LP: #2043452)
 .
   * USB bus error after upgrading to proposed kernel on lunar and jammy
     (LP: #2043197)
     - USB: core: Fix oversight in SuperSpeed initialization
 .

 linux (5.15.0-90.100) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-90.100 -proposed tracker (LP: #2041603)
 .
   * CVE-2023-25775
     - RDMA/irdma: Remove irdma_uk_mw_bind()
     - RDMA/irdma: Remove irdma_sc_send_lsmm_nostag()
     - RDMA/irdma: Remove irdma_cqp_up_map_cmd()
     - RDMA/irdma: Remove irdma_get_hw_addr()
     - RDMA/irdma: Make irdma_uk_cq_init() return a void
     - RDMA/irdma: optimize rx path by removing unnecessary copy
     - RDMA/irdma: Remove enum irdma_status_code
     - RDMA/irdma: Remove excess error variables
     - RDMA/irdma: Prevent zero-length STAG registration
 .
   * CVE-2023-39189
     - netfilter: nfnetlink_osf: avoid OOB read
 .
   * SMC stats: Wrong bucket calculation for payload of exactly 4096 bytes
     (LP: #2039575)
     - net/smc: Fix pos miscalculation in statistics
 .
   * CVE-2023-45871
     - igb: set max size RX buffer when store bad packet is enabled
 .
   * CVE-2023-39193
     - netfilter: xt_sctp: validate the flag_info count
 .
   * CVE-2023-39192
     - netfilter: xt_u32: validate user space input
 .
   * CVE-2023-31085
     - ubi: Refuse attaching if mtd's erasesize is 0
 .
   * CVE-2023-5717
     - perf: Disallow mis-matched inherited group reads
 .
   * CVE-2023-5178
     - nvmet-tcp: Fix a possible UAF in queue intialization setup
 .
   * CVE-2023-5158
     - vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
 .
   * [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
     (LP: #2033406)
     - [Packaging] Make WWAN driver loadable modules
 .
   * HP ProBook 450 G8 Notebook fail to wifi test (LP: #2037513)
     - iwlwifi: mvm: Don't fail if PPAG isn't supported
     - wifi: iwlwifi: fw: skip PPAG for JF
 .
   * usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439)
     - [Packaging] Make linux-tools-common depend on hwdata
 .
   * scripts/pahole-flags.sh change return to exit 0 (LP: #2035123)
     - SAUCE: scripts/pahole-flags.sh change return to exit 0
 .
   * Unable to use nvme drive to install Ubuntu 23.10 (LP: #2040157)
     - misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to
       probe
 .
   * Jammy update: v5.15.131 upstream stable release (LP: #2039610)
     - erofs: ensure that the post-EOF tails are all zeroed
     - ksmbd: fix wrong DataOffset validation of create context
     - ksmbd: replace one-element array with flex-array member in struct
       smb2_ea_info
     - ARM: pxa: remove use of symbol_get()
     - mmc: au1xmmc: force non-modular build and remove symbol_get usage
     - net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index
     - rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff
     - modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
     - USB: serial: option: add Quectel EM05G variant (0x030e)
     - USB: serial: option: add FOXCONN T99W368/T99W373 product
     - ALSA: usb-audio: Fix init call orders for UAC1
     - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption
     - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0
     - HID: wacom: remove the battery when the EKR is off
     - staging: rtl8712: fix race condition
     - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race
       condition
     - wifi: mt76: mt7921: do not support one stream on secondary antenna only
     - serial: qcom-geni: fix opp vote on shutdown
     - serial: sc16is7xx: fix broken port 0 uart init
     - serial: sc16is7xx: fix bug when first setting GPIO direction
     - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
     - fsi: master-ast-cf: Add MODULE_FIRMWARE macro
     - tcpm: Avoid soft reset when partner does not support get_status
     - nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
     - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
     - pinctrl: amd: Don't show `Invalid config param` errors
     - usb: typec: tcpci: move tcpci.h to include/linux/usb/
     - usb: typec: tcpci: clear the fault status bit
     - Linux 5.15.131
 .
   * Jammy update: v5.15.130 upstream stable release (LP: #2039608)
     - ACPI: thermal: Drop nocrt parameter
     - module: Expose module_init_layout_section()
     - arm64: module-plts: inline linux/moduleloader.h
     - arm64: module: Use module_init_layout_section() to spot init sections
     - ARM: module: Use module_init_layout_section() to spot init sections
     - rcu: Prevent expedited GP from enabling tick on offline CPU
     - rcu-tasks: Fix IPI failure handling in trc_wait_for_one_reader
     - rcu-tasks: Wait for trc_read_check_handler() IPIs
     - rcu-tasks: Add trc_inspect_reader() checks for exiting critical section
     - Linux 5.15.130
 .
   * CVE-2023-42754
     - ipv4: fix null-deref in ipv4_link_failure
 .
   * Jammy update: v5.15.129 upstream stable release (LP: #2039227)
     - NFSv4.2: fix error handling in nfs42_proc_getxattr
     - NFSv4: fix out path in __nfs4_get_acl_uncached
     - xprtrdma: Remap Receive buffers after a reconnect
     - PCI: acpiphp: Reassign resources on bridge if necessary
     - dlm: improve plock logging if interrupted
     - dlm: replace usage of found with dedicated list iterator variable
     - fs: dlm: add pid to debug log
     - fs: dlm: change plock interrupted message to debug again
     - fs: dlm: use dlm_plock_info for do_unlock_close
     - fs: dlm: fix mismatch of plock results from userspace
     - MIPS: cpu-features: Enable octeon_cache by cpu_type
     - MIPS: cpu-features: Use boot_cpu_type for CPU type based features
     - fbdev: Improve performance of sys_imageblit()
     - fbdev: Fix sys_imageblit() for arbitrary image widths
     - fbdev: fix potential OOB read in fast_imageblit()
     - ALSA: pcm: Fix potential data race at PCM memory allocation helpers
     - jbd2: remove t_checkpoint_io_list
     - jbd2: remove journal_clean_one_cp_list()
     - jbd2: fix a race when checking checkpoint buffer bu

 linux (5.15.0-88.98) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-88.98 -proposed tracker (LP: #2038055)
 .
   * CVE-2023-4244
     - netfilter: nf_tables: don't skip expired elements during walk
     - netfilter: nf_tables: adapt set backend to use GC transaction API
     - netfilter: nft_set_hash: mark set element as dead when deleting from packet
       path
     - netfilter: nf_tables: GC transaction API to avoid race with control plane
     - netfilter: nf_tables: remove busy mark and gc batch API
     - netfilter: nf_tables: don't fail inserts if duplicate has expired
     - netfilter: nf_tables: fix kdoc warnings after gc rework
     - netfilter: nf_tables: fix GC transaction races with netns and netlink event
       exit path
     - netfilter: nf_tables: GC transaction race with netns dismantle
     - netfilter: nf_tables: GC transaction race with abort path
     - netfilter: nf_tables: use correct lock to protect gc_list
     - netfilter: nf_tables: defer gc run if previous batch is still pending
     - netfilter: nft_dynset: disallow object maps
     - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
 .
   * CVE-2023-42756
     - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
 .
   * CVE-2023-4623
     - net/sched: sch_hfsc: Ensure inner classes have fsc curve
 .
   * PCI BARs larger than 128GB are disabled (LP: #2037403)
     - PCI: Support BAR sizes up to 8TB
 .
   * Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
     - ALSA: hda/realtek - ALC287 I2S speaker platform support
 .
   * Check for changes relevant for security certifications (LP: #1945989)
     - [Packaging] Add a new fips-checks script
 .
   * Jammy update: v5.15.126 upstream stable release (LP: #2037593)
     - io_uring: gate iowait schedule on having pending requests
     - perf: Fix function pointer case
     - net/mlx5: Free irqs only on shutdown callback
     - arm64: errata: Add workaround for TSB flush failures
     - arm64: errata: Add detection for TRBE write to out-of-range
     - [Config] updateconfigs for ARM64_ERRATUM_ and
       ARM64_WORKAROUND_TSB_FLUSH_FAILURE
     - iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
     - iommu/arm-smmu-v3: Document MMU-700 erratum 2812531
     - iommu/arm-smmu-v3: Add explicit feature for nesting
     - iommu/arm-smmu-v3: Document nesting-related errata
     - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux
     - word-at-a-time: use the same return type for has_zero regardless of
       endianness
     - KVM: s390: fix sthyi error handling
     - wifi: cfg80211: Fix return value in scan logic
     - net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
     - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
     - bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing
     - rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length
     - net: dsa: fix value check in bcm_sf2_sw_probe()
     - perf test uprobe_from_different_cu: Skip if there is no gcc
     - net: sched: cls_u32: Fix match key mis-addressing
     - mISDN: hfcpci: Fix potential deadlock on &hc->lock
     - qed: Fix kernel-doc warnings
     - qed: Fix scheduling in a tasklet while getting stats
     - net: annotate data-races around sk->sk_max_pacing_rate
     - net: add missing READ_ONCE(sk->sk_rcvlowat) annotation
     - net: add missing READ_ONCE(sk->sk_sndbuf) annotation
     - net: add missing READ_ONCE(sk->sk_rcvbuf) annotation
     - net: add missing data-race annotations around sk->sk_peek_off
     - net: add missing data-race annotation for sk_ll_usec
     - net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX.
     - bpf, cpumap: Handle skb as well when clean up ptr_ring
     - bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire
     - net: ll_temac: Switch to use dev_err_probe() helper
     - net: ll_temac: fix error checking of irq_of_parse_and_map()
     - net: korina: handle clk prepare error in korina_probe()
     - net: netsec: Ignore 'phy-mode' on SynQuacer in DT mode
     - net: dcb: choose correct policy to parse DCB_ATTR_BCN
     - s390/qeth: Don't call dev_close/dev_open (DOWN/UP)
     - ip6mr: Fix skb_under_panic in ip6mr_cache_report()
     - vxlan: Fix nexthop hash size
     - net/mlx5: fs_core: Make find_closest_ft more generic
     - net/mlx5: fs_core: Skip the FTs in the same FS_TYPE_PRIO_CHAINS fs_prio
     - prestera: fix fallback to previous version on same major version
     - tcp_metrics: fix addr_same() helper
     - tcp_metrics: annotate data-races around tm->tcpm_stamp
     - tcp_metrics: annotate data-races around tm->tcpm_lock
     - tcp_metrics: annotate data-races around tm->tcpm_vals[]
     - tcp_metrics: annotate data-races around tm->tcpm_net
     - tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
     - scsi: zfcp: Defer fc_rport blocking until after ADISC response
     - scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices
     - libceph: fix potential hang in ceph_osdc_notify()
     - USB: zaurus: Add ID for A-300/B-500/C-700
     - ceph: defer stopping mdsc delayed_work
     - firmware: arm_scmi: Drop OF node reference in the transport channel setup
     - exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree
     - exfat: release s_lock before calling dir_emit()
     - mtd: spinand: toshiba: Fix ecc_get_status
     - mtd: rawnand: meson: fix OOB available bytes for ECC
     - arm64: dts: stratix10: fix incorrect I2C property for SCL signal
     - wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC)
     - rbd: prevent busy loop when requesting exclusive lock
     - bpf: Disable preemption in bpf_event_output
     - open: make RESOLVE_CACHED correctly test for O_TMPFILE
     - drm/ttm: check null pointer before accessing when swapping
     - bpf, cpumap: Make sure kthread is running before

 linux (5.15.0-86.96) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-86.96 -proposed tracker (LP: #2036575)
 .
   * 5.15.0-85 live migration regression (LP: #2036675)
     - Revert "KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES"
     - Revert "x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0"
 .
   * Regression for ubuntu_bpf test build on Jammy 5.15.0-85.95 (LP: #2035181)
     - selftests/bpf: fix static assert compilation issue for test_cls_*.c
 .
   * `refcount_t: underflow; use-after-free.` on hidon w/ 5.15.0-85-generic
     (LP: #2034447)
     - crypto: rsa-pkcs1pad - Use helper to set reqsize
 .

 linux (5.15.0-85.95) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-85.95 -proposed tracker (LP: #2033821)
 .
   * Please enable Renesas RZ platform serial installer (LP: #2022361)
     - [Config] enable hihope RZ/G2M serial console
     - [Config] Mark sh-sci as built-in
 .
   * Request backport of xen timekeeping performance improvements (LP: #2033122)
     - x86/xen/time: prefer tsc as clocksource when it is invariant
 .
   * kdump doesn't work with UEFI secure boot and kernel lockdown enabled on
     ARM64 (LP: #2033007)
     - [Config]: Enable CONFIG_KEXEC_IMAGE_VERIFY_SIG
     - kexec, KEYS: make the code in bzImage64_verify_sig generic
     - arm64: kexec_file: use more system keyrings to verify kernel image signature
 .
   * ubuntu_kernel_selftests:net:vrf-xfrm-tests.sh: 8 failed test cases on
     jammy/fips (LP: #2019880)
     - selftests: net: vrf-xfrm-tests: change authentication and encryption algos
 .
   * ubuntu_kernel_selftests:net:tls: 88 failed test cases on jammy/fips
     (LP: #2019868)
     - selftests/harness: allow tests to be skipped during setup
     - selftests: net: tls: check if FIPS mode is enabled
 .
   * A general-proteciton exception during guest migration to unsupported PKRU
     machine (LP: #2032164)
     - x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0
     - KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES
 .
   * CVE-2023-4569
     - netfilter: nf_tables: deactivate catchall elements in next generation
 .
   * CVE-2023-20569
     - x86/cpu, kvm: Add support for CPUID_80000021_EAX
     - x86/srso: Add a Speculative RAS Overflow mitigation
     - x86/srso: Add IBPB_BRTYPE support
     - x86/srso: Add SRSO_NO support
     - x86/srso: Add IBPB
     - x86/srso: Add IBPB on VMEXIT
     - x86/srso: Fix return thunks in generated code
     - x86/srso: Tie SBPB bit setting to microcode patch detection
     - x86: fix backwards merge of GDS/SRSO bit
     - x86/srso: Fix build breakage with the LLVM linker
     - x86/cpu: Fix __x86_return_thunk symbol type
     - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk()
     - x86/alternative: Make custom return thunk unconditional
     - objtool: Add frame-pointer-specific function ignore
     - x86/ibt: Add ANNOTATE_NOENDBR
     - x86/cpu: Clean up SRSO return thunk mess
     - x86/cpu: Rename original retbleed methods
     - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1
     - x86/cpu: Cleanup the untrain mess
     - x86/srso: Explain the untraining sequences a bit more
     - x86/static_call: Fix __static_call_fixup()
     - x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()
     - x86/srso: Disable the mitigation on unaffected configurations
     - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG
     - objtool/x86: Fixup frame-pointer vs rethunk
     - x86/srso: Correct the mitigation status when SMT is disabled
     - objtool/x86: Fix SRSO mess
     - Ubuntu: [Config]: enable Speculative Return Stack Overflow mitigation
 .
   * Fix unreliable ethernet cable detection on I219 NIC (LP: #2028122)
     - e1000e: Use PME poll to circumvent unreliable ACPI wake
 .
   * Need to get fine-grained control for FAN(TFN) Participant. (LP: #2031333)
     - ACPI: fan: Separate file for attributes creation
     - ACPI: fan: Optimize struct acpi_fan_fif
     - ACPI: fan: Properly handle fine grain control
     - ACPI: fan: Add additional attributes for fine grain control
 .
   * [SRU][Ubuntu 22.04.1] Unable to interpret the frequency values in
     cpuinfo_min_freq and cpuino_max_freq sysfs files. (LP: #2030924)
     - cpufreq: intel_pstate: Fix scaling for hybrid-capable
 .
   * CVE-2023-40283
     - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
 .
   * CVE-2023-20588
     - x86/bugs: Increase the x86 bugs vector size to two u32s
     - x86/CPU/AMD: Do not leak quotient data after a division by 0
     - x86/CPU/AMD: Fix the DIV(0) initial fix attempt
 .
   * CVE-2023-4194
     - net: tun_chr_open(): set sk_uid from current_fsuid()
     - net: tap_open(): set sk_uid from current_fsuid()
 .
   * CVE-2023-4155
     - KVM: SEV: Refactor out sev_es_state struct
     - KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary
     - KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure
     - KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors
     - KVM: SEV: snapshot the GHCB before accessing it
     - KVM: SEV: only access GHCB fields once
 .
   * CVE-2023-1206
     - tcp: Reduce chance of collisions in inet6_hashfn().
 .
   * Crashing with CPU soft lock on GA kernel 5.15.0.79.76 and HWE kernel
     5.19.0-46.47-22.04.1 (LP: #2032176)
     - Revert "KVM: x86: enable TDP MMU by default"
 .
   * Jammy update: v5.15.122 upstream stable release (LP: #2032690)
     - Linux 5.15.122
     - Upstream stable to v5.15.122
 .
   * Jammy update: v5.15.121 upstream stable release (LP: #2032689)
     - netfilter: nf_tables: drop map element references from preparation phase
     - fs: pipe: reveal missing function protoypes
     - x86/resctrl: Only show tasks' pid in current pid namespace
     - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
     - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
     - md/raid10: fix overflow of md/safe_mode_delay
     - md/raid10: fix wrong setting of max_corr_read_errors
     - md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
     - md/raid10: fix io loss while replacement replace rdev
     - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
     - svcrdma: Prevent page release when nothing was received
     - posix-timers: Prevent RT livelock in itimer_delete()
     - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode().
     - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
     - PM: domains: fix integer overflow issues in genpd_parse_state()
     - perf/arm-cmn: Fix DTC reset
     - powercap: