Package "linux"

  linux (5.15.0-58.64) jammy; urgency=medium

  * jammy/linux: 5.15.0-58.64 -proposed tracker (LP: #2001670)

  * CVE-2022-3643
    - xen/netback: Ensure protocol headers don't fall in the non-linear area

  * CVE-2022-4378
    - proc: proc_skip_spaces() shouldn't think it is working on C strings
    - proc: avoid integer type confusion in get_proc_long

  * CVE-2022-45934
    - Bluetooth: L2CAP: Fix u8 overflow

  * CVE-2022-42896
    - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
    - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

 -- Thadeu Lima de Souza Cascardo <email address hidden> Thu, 05 Jan 2023 08:07:03 -0300

  linux (5.15.0-57.63) jammy; urgency=medium

  * jammy/linux: 5.15.0-57.63 -proposed tracker (LP: #1997737)

  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - debian/dkms-versions -- update from kernel-versions (main/2022.11.14)

  * Expose built-in trusted and revoked certificates (LP: #1996892)
    - [Packaging] Expose built-in trusted and revoked certificates

  * TEE Support for CCP driver (LP: #1991608)
    - crypto: ccp: Add support for TEE for PCI ID 0x14CA

  * alsa: soc: the kernel print UBSAN calltrace on the machine with cs35l41
    codec (LP: #1996121)
    - ASoC: cs35l41: Add one more variable in the debug log
    - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t

  * Fix ath11k deadlock on WCN6855 (LP: #1995041)
    - wifi: ath11k: avoid deadlock during regulatory update in
      ath11k_regd_update()

  * [UBUNTU 20.04] boot: Add s390x secure boot trailer (LP: #1996071)
    - s390/boot: add secure boot trailer

  * Fix rfkill causing soft blocked wifi (LP: #1996198)
    - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi

  * Fix Thunderbolt device hotplug fail when connect via thunderbolt dock
    (LP: #1991366)
    - PCI: Fix used_buses calculation in pci_scan_child_bus_extend()
    - PCI: Pass available buses even if the bridge is already configured
    - PCI: Move pci_assign_unassigned_root_bus_resources()
    - PCI: Distribute available resources for root buses, too
    - PCI: Fix whitespace and indentation
    - PCI: Fix typo in pci_scan_child_bus_extend()

  * md: Replace snprintf with scnprintf (LP: #1993315)
    - md: Replace snprintf with scnprintf

  * input/keyboard: the keyboard on some Asus laptops can't work (LP: #1992266)
    - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA
    - ACPI: resource: Add ASUS model S5402ZA to quirks

  * Fix Turbostat is not working for fam: 6 model: 191: stepping: 2 CPU
    (LP: #1991365)
    - tools/power turbostat: Add support for RPL-S

  * pcieport 0000:00:1b.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal),
    type=Transaction Layer, (Requester ID) (LP: #1988797)
    - PCI/PTM: Cache PTM Capability offset
    - PCI/PTM: Add pci_upstream_ptm() helper
    - PCI/PTM: Separate configuration and enable
    - PCI/PTM: Add pci_suspend_ptm() and pci_resume_ptm()
    - PCI/PTM: Move pci_ptm_info() body into its only caller
    - PCI/PTM: Preserve RsvdP bits in PTM Control register
    - PCI/PTM: Reorder functions in logical order
    - PCI/PTM: Consolidate PTM interface declarations
    - PCI/PM: Always disable PTM for all devices during suspend
    - PCI/PM: Simplify pci_pm_suspend_noirq()

  * Fix RPL-S support on powercap/intel_rapl (LP: #1990161)
    - x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define
    - x86/cpu: Add new Alderlake and Raptorlake CPU model numbers
    - x86/cpu: Add new Raptor Lake CPU model number
    - powercap: intel_rapl: add support for RaptorLake
    - powercap: intel_rapl: Add support for RAPTORLAKE_P
    - powercap: intel_rapl: Add support for RAPTORLAKE_S

  * AMD Yellow Carp system hang on HDMI plug in/out over HP hook2 docking
    (LP: #1991974)
    - drm/amd/display: Fix for link encoder access for MST.
    - drm/amd/display: Fix MST link encoder availability check.
    - drm/amd/display: FEC configuration for dpia links
    - drm/amd/display: FEC configuration for dpia links in MST mode
    - drm/amd/display: Add work around for tunneled MST.

  * Jammy update: v5.15.74 upstream stable release (LP: #1995638)
    - nilfs2: fix use-after-free bug of struct nilfs_root
    - nilfs2: fix leak of nilfs_root in case of writer thread creation failure
    - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
    - ceph: don't truncate file in atomic_open
    - random: restore O_NONBLOCK support
    - random: clamp credited irq bits to maximum mixed
    - ALSA: hda: Fix position reporting on Poulsbo
    - efi: Correct Macmini DMI match in uefi cert quirk
    - USB: serial: qcserial: add new usb-id for Dell branded EM7455
    - Revert "powerpc/rtas: Implement reentrant rtas call"
    - Revert "crypto: qat - reduce size of mapped region"
    - random: avoid reading two cache lines on irq randomness
    - random: use expired timer rather than wq for mixing fast pool
    - Input: xpad - add supported devices as contributed on github
    - Input: xpad - fix wireless 360 controller breaking after suspend
    - misc: pci_endpoint_test: Aggregate params checking for xfer
    - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic
    - Linux 5.15.74

  * Jammy update: v5.15.73 upstream stable release (LP: #1995637)
    - Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
    - docs: update mediator information in CoC docs
    - xsk: Inherit need_wakeup flag for shared sockets
    - mm: gup: fix the fast GUP race against THP collapse
    - powerpc/64s/radix: don't need to broadcast IPI for radix pmd collapse flush
    - firmware: arm_scmi: Improve checks in the info_get operations
    - firmware: arm_scmi: Harden accesses to the sensor domains
    - firmware: arm_scmi: Add SCMI PM driver remove routine
    - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling
    - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property
    - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API
      failure
    - ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer
    - scsi: qedf: Fix a UAF bug in __qedf_probe()
    - net/ieee802154: fix uninit value bug in dgram_sendmsg
    - net: marvell: prestera: add support for for Aldrin2
    - ALSA: hda/hdmi: Fix the converter reuse for the silent stream
    - um: Cleanup syscall_handler_t cast in syscalls_32.h
    - um: Cleanup compiler warning in arch/x86/um/tls_32.c
    - arch: um: Mark the stack non-executable to fix a binutils warning
    - net: atlantic: fix potential memory leak

  linux (5.15.0-56.62) jammy; urgency=medium

  * jammy/linux: 5.15.0-56.62 -proposed tracker (LP: #1997079)

  * CVE-2022-3566
    - tcp: Fix data races around icsk->icsk_af_ops.

  * CVE-2022-3567
    - ipv6: annotate some data-races around sk->sk_prot
    - ipv6: Fix data races around sk->sk_prot.

  * CVE-2022-3621
    - nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()

  * CVE-2022-3564
    - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu

  * CVE-2022-3524
    - tcp/udp: Fix memory leak in ipv6_renew_options().

  * CVE-2022-3565
    - mISDN: fix use-after-free bugs in l1oip timer handlers

  * CVE-2022-3594
    - r8152: Rate limit overflow messages

  * CVE-2022-43945
    - SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation
    - SUNRPC: Fix svcxdr_init_encode's buflen calculation
    - NFSD: Protect against send buffer overflow in NFSv2 READDIR
    - NFSD: Protect against send buffer overflow in NFSv3 READDIR
    - NFSD: Protect against send buffer overflow in NFSv2 READ
    - NFSD: Protect against send buffer overflow in NFSv3 READ
    - NFSD: Remove "inline" directives on op_rsize_bop helpers
    - NFSD: Cap rsize_bop result based on send buffer size

  * CVE-2022-42703
    - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse

  * 5.15.0-53-generic no longer boots (LP: #1996740)
    - drm/amd/display: Add helper for blanking all dp displays

 -- Thadeu Lima de Souza Cascardo <email address hidden> Tue, 22 Nov 2022 12:08:58 -0300

  linux (5.15.0-53.59) jammy; urgency=medium

  * Fix blank screen on Thinkpad ADL 4K+ panel (LP: #1980621)
    - drm/i915: Implement WaEdpLinkRateDataReload

  * Kernel regresses openjdk on riscv64 (LP: #1992484)
    - SAUCE: Revert "riscv: mmap with PROT_WRITE but no PROT_READ is invalid"

  * iavf: SR-IOV VFs error with no traffic flow when MTU greater than 1500
    (LP: #1983656)
    - iavf: Fix set max MTU size with port VLAN and jumbo frames
    - i40e: Fix VF set max MTU size

  * [Ubuntu 22.04] mpt3sas: Request to include latest bug fix patches
    (LP: #1965927)
    - scsi: mpt3sas: Remove scsi_dma_map() error messages
    - scsi: mpt3sas: Update persistent trigger pages from sysfs interface

  * ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel
    systems (LP: #1990985)
    - ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel
      systems

  * Fix resume on AMD platforms when TBT monitor is plugged (LP: #1990920)
    - SAUCE: Revert "drm/amd/display: Add helper for blanking all dp displays"
    - drm/amd/display: Detect dpcd_rev when hotplug mst monitor
    - drm/amd/display: Release remote dc_sink under mst scenario

  * LSM: Configuring Too Many LSMs Causes Kernel Panic on Boot (LP: #1987998)
    - SAUCE: LSM: Change Landlock from LSMBLOB_NEEDED to LSMBLOB_NOT_NEEDED

  * To support Intel Maple Ridge Thunderbolt [8086:1134] (LP: #1990240)
    - thunderbolt: Add support for Intel Maple Ridge single port controller

  * Intel graphic driver is not probing[8086:468b] (LP: #1990242)
    - drm/i915/adl_s: Update ADL-S PCI IDs
    - drm/i915: Add new ADL-S pci id

  * Add HDMI codec ID for Intel Raptor Lake (LP: #1989578)
    - ALSA: hda: Add PCI and HDMI IDs for Intel Raptor Lake

  * Jammy update: v5.15.64 upstream stable release (LP: #1991717)
    - wifi: rtlwifi: remove always-true condition pointed out by GCC 12
    - eth: sun: cassini: remove dead code
    - audit: fix potential double free on error path from fsnotify_add_inode_mark
    - cgroup: Fix race condition at rebind_subsystems()
    - parisc: Make CONFIG_64BIT available for ARCH=parisc64 only
    - parisc: Fix exception handler for fldw and fstw instructions
    - kernel/sys_ni: add compat entry for fadvise64_64
    - x86/entry: Move CLD to the start of the idtentry macro
    - block: add a bdev_max_zone_append_sectors helper
    - block: add bdev_max_segments() helper
    - btrfs: zoned: revive max_zone_append_bytes
    - btrfs: replace BTRFS_MAX_EXTENT_SIZE with fs_info->max_extent_size
    - btrfs: convert count_max_extents() to use fs_info->max_extent_size
    - Input: i8042 - move __initconst to fix code styling warning
    - Input: i8042 - merge quirk tables
    - Input: i8042 - add TUXEDO devices to i8042 quirk tables
    - Input: i8042 - add additional TUXEDO devices to i8042 quirk tables
    - drivers/base: fix userspace break from using bin_attributes for cpumap and
      cpulist
    - scsi: qla2xxx: Fix response queue handler reading stale packets
    - scsi: qla2xxx: edif: Fix dropped IKE message
    - btrfs: put initial index value of a directory in a constant
    - btrfs: pass the dentry to btrfs_log_new_name() instead of the inode
    - btrfs: remove unnecessary parameter delalloc_start for writepage_delalloc()
    - riscv: lib: uaccess: fold fixups into body
    - riscv: lib: uaccess: fix CSR_STATUS SR_SUM bit
    - xfrm: fix refcount leak in __xfrm_policy_check()
    - xfrm: clone missing x->lastused in xfrm_do_migrate
    - xfrm: policy: fix metadata dst->dev xmit null pointer dereference
    - fs: require CAP_SYS_ADMIN in target namespace for idmapped mounts
    - net: use eth_hw_addr_set() instead of ether_addr_copy()
    - Revert "net: macsec: update SCI upon MAC address change."
    - NFS: Don't allocate nfs_fattr on the stack in __nfs42_ssc_open()
    - NFSv4.2 fix problems with __nfs42_ssc_open
    - SUNRPC: RPC level errors should set task->tk_rpc_status
    - mm/smaps: don't access young/dirty bit if pte unpresent
    - ntfs: fix acl handling
    - rose: check NULL rose_loopback_neigh->loopback
    - r8152: fix the units of some registers for RTL8156A
    - r8152: fix the RX FIFO settings when suspending
    - nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout
    - ice: xsk: Force rings to be sized to power of 2
    - ice: xsk: prohibit usage of non-balanced queue id
    - net/mlx5e: Properly disable vlan strip on non-UL reps
    - net/mlx5: Avoid false positive lockdep warning by adding lock_class_key
    - net/mlx5e: Fix wrong application of the LRO state
    - net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off
    - net: ipa: don't assume SMEM is page-aligned
    - net: phy: Don't WARN for PHY_READY state in mdio_bus_phy_resume()
    - net: moxa: get rid of asymmetry in DMA mapping/unmapping
    - bonding: 802.3ad: fix no transmission of LACPDUs
    - net: ipvtap - add __init/__exit annotations to module init/exit funcs
    - netfilter: ebtables: reject blobs that don't provide all entry points
    - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips
    - netfilter: nf_tables: disallow updates of implicit chain
    - netfilter: nf_tables: make table handle allocation per-netns friendly
    - netfilter: nft_payload: report ERANGE for too long offset and length
    - netfilter: nft_payload: do not truncate csum_offset and csum_type
    - netfilter: nf_tables: do not leave chain stats enabled on error
    - netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families
    - netfilter: nft_tunnel: restrict it to netdev family
    - netfilter: nf_tables: consolidate rule verdict trace call
    - netfilter: nft_cmp: optimize comparison for 16-bytes
    - netfilter: bitwise: improve error goto labels
    - netfilter: nf_tables: upfront validation of data via nft_data_init()
    - netfilter: nf_tables: disallow jump to implicit chain from set element
    - netfilter: nf_tables:

  linux (5.15.0-52.58) jammy; urgency=medium

  * CVE-2022-2602
    - SAUCE: io_uring/af_unix: defer registered files gc to io_uring release
    - SAUCE: io_uring/af_unix: fix memleak during unix GC

  * CVE-2022-41674
    - mac80211: move CRC into struct ieee802_11_elems
    - mac80211: mlme: find auth challenge directly
    - mac80211: mesh: clean up rx_bcn_presp API
    - mac80211: always allocate struct ieee802_11_elems
    - mac80211: fix memory leaks with element parsing
    - SAUCE: wifi: cfg80211: fix u8 overflow in
      cfg80211_update_notlisted_nontrans()
    - SAUCE: wifi: cfg80211/mac80211: reject bad MBSSID elements
    - SAUCE: wifi: cfg80211: ensure length byte is present before access
    - SAUCE: wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
    - SAUCE: wifi: cfg80211: update hidden BSSes to avoid WARN_ON

  * CVE-2022-42722
    - SAUCE: wifi: mac80211: fix crash in beacon protection for P2P-device

  * CVE-2022-42721
    - SAUCE: wifi: cfg80211: avoid nontransmitted BSS list corruption

  * CVE-2022-42720
    - SAUCE: wifi: cfg80211: fix BSS refcounting bugs

  * CVE-2022-42719
    - SAUCE: wifi: mac80211: fix MBSSID parsing use-after-free

 -- Stefan Bader <email address hidden> Thu, 13 Oct 2022 09:40:20 +0200