Package "linux-bluefield"

  linux-bluefield (5.4.0-1105.112) focal; urgency=medium

  * focal/linux-bluefield: 5.4.0-1105.112 -proposed tracker (LP: #2106830)

  [ Ubuntu: 5.4.0-216.236 ]

  * focal/linux: 5.4.0-216.236 -proposed tracker (LP: #2106869)
  * CVE-2023-52741
    - cifs: Fix use-after-free in rdata->read_into_pages()
  * CVE-2021-47191
    - scsi: scsi_debug: Fix out-of-bound read in resp_readcap16()
  * iommu/arm-smmu-v3: Don't reserve implementation defined register space
    (LP: #2067864)
    - iommu/arm-smmu-v3: Don't reserve implementation defined register space
  * CVE-2025-21971
    - net_sched: Prevent creation of classes with TC_H_ROOT
  * CVE-2024-56599
    - wifi: ath10k: avoid NULL pointer error during sdio remove
  * Focal update: v5.4.291 upstream stable release (LP: #2106002)
    - perf cs-etm: Add missing variable in cs_etm__process_queues()
    - udf: Fix use of check_add_overflow() with mixed type arguments
    - overflow: Add __must_check attribute to check_*() helpers
    - overflow: Correct check_shl_overflow() comment
    - overflow: Allow mixed type arguments
    - afs: Fix directory format encoding struct
    - partitions: ldm: remove the initial kernel-doc notation
    - drm/etnaviv: Fix page property being used for non writecombine buffers
    - wifi: rtlwifi: do not complete firmware loading needlessly
    - rtlwifi: rtl8192se Rename RT_TRACE to rtl_dbg
    - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
    - wifi: rtlwifi: usb: fix workqueue leak when probe fails
    - dt-bindings: mmc: controller: clarify the address-cells description
    - rtlwifi: replace usage of found with dedicated list iterator variable
    - wifi: rtlwifi: remove unused timer and related code
    - wifi: rtlwifi: remove unused dualmac control leftovers
    - wifi: rtlwifi: pci: wait for firmware loading before releasing memory
    - cpupower: fix TSC MHz calculation
    - regulator: of: Implement the unwind path of of_regulator_match()
    - wifi: wlcore: fix unbalanced pm_runtime calls
    - selftests/harness: Display signed values correctly
    - selftests: harness: fix printing of mismatch values in __EXPECT()
    - clk: analogbits: Fix incorrect calculation of vco rate delta
    - net/mlxfw: Drop hard coded max FW flash image size
    - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
    - ASoC: sun4i-spdif: Add clock multiplier settings
    - perf header: Fix one memory leakage in process_bpf_btf()
    - perf header: Fix one memory leakage in process_bpf_prog_info()
    - ktest.pl: Remove unused declarations in run_bisect_test function
    - padata: fix sysfs store callback check
    - perf top: Don't complain about lack of vmlinux when not resolving some
      kernel samples
    - perf report: Fix misleading help message about --demangle
    - RDMA/mlx4: Avoid false error about access to uninitialized gids array
    - arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
    - arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
    - ARM: dts: mediatek: mt7623: fix IR nodename
    - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
    - media: rc: iguanair: handle timeouts
    - media: lmedm04: Use GFP_KERNEL for URB allocation/submission.
    - media: lmedm04: Handle errors for lme2510_int_read
    - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
    - media: mipi-csis: Add check for clk_enable()
    - media: camif-core: Add check for clk_enable()
    - media: uvcvideo: Propagate buf->error to userspace
    - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
    - scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
    - scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
    - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
    - module: Extend the preempt disabled section in
      dereference_symbol_descriptor().
    - dmaengine: ti: edma: fix OF node reference leaks in edma_driver
    - net: fec: implement TSO descriptor cleanup
    - PM: hibernate: Add error handling for syscore_suspend()
    - perf trace: Fix runtime error of index out of bounds
    - vsock: Allow retrying on connect() failure
    - net: sh_eth: Fix missing rtnl lock in suspend/resume path
    - genksyms: fix memory leak when the same symbol is added from source
    - genksyms: fix memory leak when the same symbol is read from *.symref file
    - hexagon: fix using plain integer as NULL pointer warning in cmpxchg
    - hexagon: Fix unbalanced spinlock in die()
    - NFSD: Reset cb_seq_status after NFS4ERR_DELAY
    - ktest.pl: Check kernelrelease return in get_version
    - drivers/card_reader/rtsx_usb: Restore interrupt based detection
    - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
    - btrfs: output the reason for open_ctree() failure
    - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling
    - sched: Don't try to catch up excess steal time.
    - x86/amd_nb: Restrict init function to AMD-based systems
    - tun: fix group permission check
    - mmc: core: Respect quirk_max_rate for non-UHS SDIO card
    - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id
    - HID: Wacom: Add PCI Wacom device support
    - APEI: GHES: Have GHES honor the panic= setting
    - x86/mm: Don't disable PCID when INVLPG has been fixed by microcode
    - spi-mxs: Fix chipselect glitch
    - nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link
    - nilfs2: eliminate staggered calls to kunmap in nilfs_rename
    - media: uvcvideo: Only save async fh if success
    - kbuild: userprogs: use correct lld when linking through clang
    - tasklet: Introduce new initialization API
    - net: usb: rtl8150: use new tasklet API
    - usb: xhci: Add timeout argument in address_device USB HCD callback
    - nvme: handle connectivity loss in nvme_set_queue_count
    - firmwar

  linux-bluefield (5.4.0-1103.110) focal; urgency=medium

  * focal/linux-bluefield: 5.4.0-1103.110 -proposed tracker (LP: #2102594)

  [ Ubuntu: 5.4.0-214.234 ]

  * focal/linux: 5.4.0-214.234 -proposed tracker (LP: #2102635)
  * CVE-2024-50256
    - netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
  * CVE-2025-21702
    - pfifo_tail_enqueue: Drop new packet when sch->limit == 0
  * CVE-2025-21703
    - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
  * CVE-2024-26915
    - drm/amdgpu: Reset IH OVERFLOW_CLEAR bit
  * CVE-2025-21700
    - net: sched: Disallow replacing of child qdisc from one parent to another
  * CVE-2024-46826
    - ELF: fix kernel.randomize_va_space double read
  * CVE-2024-56651
    - can: hi311x: hi3110_can_ist(): fix potential use-after-free
  * CVE-2024-53237
    - driver core: Introduce device_find_any_child() helper
    - Bluetooth: fix use-after-free in device_for_each_child()
  * CVE-2024-35958
    - net: ena: Fix incorrect descriptor free behavior
  * CVE-2024-49974
    - NFSD: Limit the number of concurrent async COPY operations
  * CVE-2021-47119
    - ext4: fix memory leak in ext4_fill_super
  * CVE-2024-56658
    - net: defer final 'struct net' free in netns dismantle
  * CVE-2024-35864
    - smb: client: fix potential UAF in smb2_is_valid_lease_break()
  * CVE-2024-35864/CVE-2024-26928
    - smb: client: fix potential UAF in cifs_debug_files_proc_show()

 -- Bartlomiej Zolnierkiewicz <email address hidden> Wed, 26 Mar 2025 15:15:29 +0100

  linux-bluefield (5.4.0-1102.109) focal; urgency=medium

  * focal/linux-bluefield: 5.4.0-1102.109 -proposed tracker (LP: #2102325)

  [ Ubuntu: 5.4.0-212.232 ]

  * focal/linux: 5.4.0-212.232 -proposed tracker (LP: #2102367)
  * CVE-2024-56658
    - net: defer final 'struct net' free in netns dismantle
  * CVE-2024-35864
    - smb: client: fix potential UAF in smb2_is_valid_lease_break()
  * CVE-2024-35864/CVE-2024-26928
    - smb: client: fix potential UAF in cifs_debug_files_proc_show()

 -- Bartlomiej Zolnierkiewicz <email address hidden> Tue, 25 Mar 2025 13:25:05 +0100

  linux-bluefield (5.4.0-1101.108) focal; urgency=medium

  * focal/linux-bluefield: 5.4.0-1101.108 -proposed tracker (LP: #2101956)

  [ Ubuntu: 5.4.0-211.231 ]

  * focal/linux: 5.4.0-211.231 -proposed tracker (LP: #2101996)
  * cve-2018-5803 kernel panic (LP: #2101091)
    - SAUCE: sctp: sysctl: pass right argument to container_of

  linux-bluefield (5.4.0-1099.106) focal; urgency=medium

  * focal/linux-bluefield: 5.4.0-1099.106 -proposed tracker (LP: #2093743)

  * Focal update: v5.4.285 upstream stable release (LP: #2089233)
    - [Config] bluefield: updateconfigs for SND_MESON_CARD_UTILS

  * Add list of source files to linux-buildinfo (LP: #2086606)
    - [Packaging] bluefield: Add dwarfdump package in the Build-Depends

  [ Ubuntu: 5.4.0-207.227 ]

  * focal/linux: 5.4.0-207.227 -proposed tracker (LP: #2095347)
  * Remove "ftrace: Fix possible use-after-free issue in ftrace_location()" bad
    commit from focal (LP: #2095348)
    - Revert "ftrace: Fix possible use-after-free issue in ftrace_location()"

  [ Ubuntu: 5.4.0-206.226 ]

  * focal/linux: 5.4.0-206.226 -proposed tracker (LP: #2093785)
  * nouveau keeps showing `disp: ctrl 00000080` and crippling the system
    (LP: #2078011)
    - drm/nouveau/disp/gv100-: halt NV_PDISP_FE_RM_INTR_STAT_CTRL_DISP_ERROR
      storms
    - drm/nouveau/kms/gv100-: move window ownership setup into modesetting path
    - drm/nouveau/kms/gv100-: avoid sending a core update until the first modeset
  * CVE-2024-43863
    - drm/vmwgfx: Fix a deadlock in dma buf fence polling
  * CVE-2024-40911
    - wifi: cfg80211: Lock wiphy in cfg80211_get_station
  * CVE-2024-35896
    - netfilter: validate user input for expected length
    - netfilter: complete validation of user input
  * CVE-2023-52458
    - block: add check that partition length needs to be aligned with block size
  * kernel:nft "Could not process rule: Device or resource busy" on unreferenced
    chain (LP: #2089699)
    - SAUCE: netfilter: nf_tables: Fix EBUSY on deleting unreferenced chain
  * CVE-2024-35887
    - lockdep: Add preemption enabled/disabled assertion APIs
    - timers: Don't block on ->expiry_lock for TIMER_IRQSAFE timers
    - Documentation: Remove bogus claim about del_timer_sync()
    - ARM: spear: Do not use timer namespace for timer_shutdown() function
    - clocksource/drivers/arm_arch_timer: Do not use timer namespace for
      timer_shutdown() function
    - clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown()
      function
    - timers: Get rid of del_singleshot_timer_sync()
    - timers: Replace BUG_ON()s
    - timers: Rename del_timer() to timer_delete()
    - Documentation: Replace del_timer/del_timer_sync()
    - timers: Silently ignore timers with a NULL function
    - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode
    - timers: Add shutdown mechanism to the internal functions
    - timers: Provide timer_shutdown[_sync]()
    - timers: Update the documentation to reflect on the new timer_shutdown() API
    - ax25: fix use-after-free bugs caused by ax25_ds_del_timer
  * CVE-2024-40965
    - clk: Add a devm variant of clk_rate_exclusive_get()
    - clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get()
    - i2c: lpi2c: Avoid calling clk_get_rate during transfer
  * CVE-2024-40982
    - ssb: Fix potential NULL pointer dereference in ssb_device_uevent()
  * CVE-2024-41066
    - ibmvnic: Add tx check to prevent skb leak
  * CVE-2024-42252
    - closures: Change BUG_ON() to WARN_ON()
  * CVE-2024-46731
    - drm/amd/pm: fix the Out-of-bounds read warning
  * Focal update: v5.4.286 upstream stable release (LP: #2089558)
    - arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-
      excavator
    - arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328
    - arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards
    - arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion
    - ARM: dts: rockchip: fix rk3036 acodec node
    - ARM: dts: rockchip: drop grf reference from rk3036 hdmi
    - ARM: dts: rockchip: Fix the spi controller on rk3036
    - ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin
    - enetc: simplify the return expression of enetc_vf_set_mac_addr()
    - net: enetc: set MAC address to the VF net_device
    - can: c_can: fix {rx,tx}_errors statistics
    - media: stb0899_algo: initialize cfr before using it
    - media: dvb_frontend: don't play tricks with underflow values
    - media: adv7604: prevent underflow condition when reporting colorspace
    - ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init()
    - pwm: imx-tpm: Use correct MODULO value for EPWM mode
    - drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
    - dm cache: correct the number of origin blocks to match the target length
    - dm cache: optimize dirty bit checking with find_next_bit when resizing
    - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t
      overflow
    - mtd: rawnand: protect access to rawnand devices while in suspend
    - spi: fix use-after-free of the add_lock mutex
    - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in
      uvc_parse_format
    - fs/proc: fix compile warning about variable 'vmcore_mmap_ops'
    - USB: serial: qcserial: add support for Sierra Wireless EM86xx
    - USB: serial: option: add Fibocom FG132 0x0112 composition
    - USB: serial: option: add Quectel RG650V
    - irqchip/gic-v3: Force propagation of the active state with a read-back
    - ALSA: usb-audio: Support jack detection on Dell dock
    - ALSA: usb-audio: Add quirks for Dell WD19 dock
    - NFSD: Fix NFSv4's PUTPUBFH operation
    - ALSA: usb-audio: Add endianness annotations
    - 9p: Avoid creating multiple slab caches with the same name
    - HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
    - bpf: use kvzmalloc to allocate BPF verifier environment
    - sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML
    - powerpc/powernv: Free name on error in opal_event_init()
    - fs: Fix uninitialized value issue in from_kuid and from_kgid
    - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition
    - md/raid10: improve code of mrdev in raid10_sync_request
    - mm: clarify a confu