Package "linux-modules-5.8.0-67-lowlatency"

 linux-hwe-5.8 (5.8.0-67.75) focal; urgency=medium
 .
   * focal/linux-hwe-5.8: 5.8.0-67.75 -proposed tracker (LP: #1947262)
 .
   * CVE-2021-3744 // CVE-2021-3764
     - crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
 .
   * CVE-2020-36385
     - RDMA/cma: Add missing locking to rdma_accept()
     - RDMA/ucma: Fix the locking of ctx->file
     - RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy
 .
   * Packaging resync (LP: #1786013)
     - [Packaging] update Ubuntu.md

 linux-hwe-5.8 (5.8.0-66.74) focal; urgency=medium
 .
   * focal/linux-hwe-5.8: 5.8.0-66.74 -proposed tracker (LP: #1944903)
 .
   * Packaging resync (LP: #1786013)
     - debian/dkms-versions -- update from kernel-versions (main/2021.09.27)
 .
   * linux: btrfs: fix NULL pointer dereference when deleting device by invalid
     id (LP: #1945987)
     - btrfs: fix NULL pointer dereference when deleting device by invalid id
 .
   * CVE-2021-38199
     - NFSv4: Initialise connection to the server in nfs4_alloc_client()
 .
   * BCM57800 SRIOV bug causes interfaces to disappear (LP: #1945707)
     - bnx2x: Fix enabling network interfaces without VFs
 .
   * CVE-2021-3759
     - memcg: enable accounting of ipc resources
 .
   * CVE-2019-19449
     - f2fs: fix wrong total_sections check and fsmeta check
     - f2fs: fix to do sanity check on segment/section count
 .
   * Support builtin revoked certificates (LP: #1932029)
     - Revert "UBUNTU: SAUCE: Dump stack when X.509 certificates cannot be loaded"
     - integrity: Move import of MokListRT certs to a separate routine
     - integrity: Load certs from the EFI MOK config table
     - certs: Add EFI_CERT_X509_GUID support for dbx entries
     - certs: Move load_system_certificate_list to a common function
     - certs: Add ability to preload revocation certs
     - integrity: Load mokx variables into the blacklist keyring
     - certs: add 'x509_revocation_list' to gitignore
     - SAUCE: Dump stack when X.509 certificates cannot be loaded
     - [Packaging] build canonical-revoked-certs.pem from branch/arch certs
     - [Packaging] Revoke 2012 UEFI signing certificate as built-in
     - [Config] Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys
 .
   * Support importing mokx keys into revocation list from the mok table
     (LP: #1928679)
     - efi: Support for MOK variable config table
     - efi: mokvar-table: fix some issues in new code
     - efi: mokvar: add missing include of asm/early_ioremap.h
     - efi/mokvar: Reserve the table only if it is in boot services data
     - SAUCE: integrity: add informational messages when revoking certs
 .
   * Support importing mokx keys into revocation list from the mok table
     (LP: #1928679) // CVE-2020-26541 when certificates are revoked via
     MokListXRT.
     - SAUCE: integrity: Load mokx certs from the EFI MOK config table
 .
   * CVE-2020-36311
     - KVM: SVM: Periodically schedule when unregistering regions on destroy
 .
   * CVE-2021-22543
     - KVM: do not allow mapping valid but non-reference-counted pages
 .
   * CVE-2021-3612
     - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
 .
   * CVE-2021-38207
     - net: ll_temac: Fix TX BD buffer overwrite
 .
   * CVE-2021-40490
     - ext4: fix race writing to an inline_data file while its xattrs are changing
 .
   * LRMv5: switch primary version handling to kernel-versions data set
     (LP: #1928921)
     - [Packaging] switch to kernel-versions

 linux-hwe-5.8 (5.8.0-65.73) focal; urgency=medium
 .
   * focal/linux-hwe-5.8: 5.8.0-65.73 -proposed tracker (LP: #1939805)
 .
   * Packaging resync (LP: #1786013)
     - [Packaging] update variants
     - debian/dkms-versions -- update from kernel-versions (main/2021.08.16)
 .
   * CVE-2021-3656
     - SAUCE: KVM: nSVM: always intercept VMLOAD/VMSAVE when nested
 .
   * CVE-2021-3653
     - KVM: nSVM: introduce nested_svm_load_cr3()/nested_npt_enabled()
     - SAUCE: KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

 linux-hwe-5.8 (5.8.0-64.72) focal; urgency=medium
 .
   * focal/linux-hwe-5.8: 5.8.0-64.72 -proposed tracker (LP: #1937067)
 .
   * Packaging resync (LP: #1786013)
     - [Packaging] update update.conf
 .
   * large_dir in ext4 broken (LP: #1933074)
     - SAUCE: ext4: fix directory index node split corruption
 .
   * Add l2tp.sh in net from ubuntu_kernel_selftests back (LP: #1934293)
     - Revert "UBUNTU: SAUCE: selftests/net -- disable l2tp.sh test"
 .
   * icmp_redirect.sh in net from ubuntu_kernel_selftests failed on F-OEM-5.6 /
     F-OEM-5.10 / F-OEM-5.13 / F / G / H (LP: #1880645)
     - selftests: icmp_redirect: support expected failures
 .
   * ubuntu-host driver lacks lseek ops (LP: #1934110)
     - ubuntu-host: add generic lseek op
 .
   * ubuntu_kernel_selftests ftrace fails on arm64 F / aws-5.8 / amd64 F
     azure-5.8 (LP: #1927749)
     - selftests/ftrace: fix event-no-pid on 1-core machine
 .
   * pmtu.sh from net in ubuntu_kernel_selftests failed with no error message
     (LP: #1887661)
     - selftests: pmtu.sh: improve the test result processing
 .
   * cifs: On cifs_reconnect, resolve the hostname again (LP: #1929831)
     - cifs: rename reconn_inval_dfs_target()
     - cifs: Simplify reconnect code when dfs upcall is enabled
     - cifs: Avoid error pointer dereference
     - cifs: On cifs_reconnect, resolve the hostname again.
 .
   * Pixel format change broken for Elgato Cam Link 4K (LP: #1932367)
     - (upstream) media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
 .
   * Groovy update: upstream stable patchset 2021-06-28 (LP: #1933877)
     - proc: Track /proc/$pid/attr/ opener mm_struct
     - ASoC: max98088: fix ni clock divider calculation
     - spi: Fix spi device unregister flow
     - net/nfc/rawsock.c: fix a permission check bug
     - ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet
     - ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet
     - vfio-ccw: Serialize FSM IDLE state with I/O completion
     - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE
     - spi: sprd: Add missing MODULE_DEVICE_TABLE
     - isdn: mISDN: netjet: Fix crash in nj_probe:
     - bonding: init notify_work earlier to avoid uninitialized use
     - netlink: disable IRQs for netlink_lock_table()
     - net: mdiobus: get rid of a BUG_ON()
     - cgroup: disable controllers at parse time
     - wq: handle VM suspension in stall detection
     - net/qla3xxx: fix schedule while atomic in ql_sem_spinlock
     - RDS tcp loopback connection can hang
     - scsi: bnx2fc: Return failure if io_req is already in ABTS processing
     - scsi: vmw_pvscsi: Set correct residual data length
     - scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq
     - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal
     - net: macb: ensure the device is available before accessing GEMGXL control
       registers
     - net: appletalk: cops: Fix data race in cops_probe1
     - net: dsa: microchip: enable phy errata workaround on 9567
     - nvme-fabrics: decode host pathing error for connect
     - MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER
     - dm verity: fix require_signatures module_param permissions
     - bnx2x: Fix missing error code in bnx2x_iov_init_one()
     - nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME
     - powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers
     - powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers
     - spi: Don't have controller clean up spi device before driver unbind
     - spi: Cleanup on failure of initial setup
     - i2c: mpc: Make use of i2c_recover_bus()
     - i2c: mpc: implement erratum A-004447 workaround
     - x86/boot: Add .text.* to setup.ld
     - spi: bcm2835: Fix out-of-bounds access with more than 4 slaves
     - drm: Fix use-after-free read in drm_getunique()
     - drm: Lock pointer access in drm_master_release()
     - kvm: avoid speculation-based attacks from out-of-range memslot accesses
     - staging: rtl8723bs: Fix uninitialized variables
     - btrfs: return value from btrfs_mark_extent_written() in case of error
     - btrfs: promote debugging asserts to full-fledged checks in validate_super
     - cgroup1: don't allow '\n' in renaming
     - USB: f_ncm: ncm_bitrate (speed) is unsigned
     - usb: f_ncm: only first packet of aggregate needs to start timer
     - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms
     - usb: dwc3: ep0: fix NULL pointer exception
     - usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling
     - usb: typec: wcove: Use LE to CPU conversion when accessing msg->header
     - usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path
     - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind
     - USB: serial: ftdi_sio: add NovaTech OrionMX product ID
     - USB: serial: omninet: add device id for Zyxel Omni 56K Plus
     - USB: serial: quatech2: fix control-request directions
     - USB: serial: cp210x: fix alternate function for CP2102N QFN20
     - usb: gadget: eem: fix wrong eem header operation
     - usb: fix various gadgets null ptr deref on 10gbps cabling.
     - usb: fix various gadget panics on 10gbps cabling
     - regulator: core: resolve supply for boot-on/always-on regulators
     - regulator: max77620: Use device_set_of_node_from_dev()
     - usb: typec: mux: Fix copy-paste mistake in typec_mux_match
     - RDMA/ipoib: Fix warning caused by destroying non-initial netns
     - RDMA/mlx4: Do not map the core_clock page to user space unless enabled
     - vmlinux.lds.h: Avoid orphan section with !SMP
     - perf: Fix data race between pin_count increment/decrement
     - sched/fair: Make sure to update tg contrib for blocked load
     - KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message
     - IB/mlx5: Fix initializing CQ fragments buffer
     - NFS: Fix a potential NULL dereference in nfs_get_client()
     - NFSv

 linux-hwe-5.8 (5.8.0-61.68~20.04.1) focal; urgency=medium
 .
   * focal/linux-hwe-5.8: 5.8.0-61.68~20.04.1 -proposed tracker (LP: #1934092)
 .
   [ Ubuntu: 5.8.0-61.68 ]
 .
   * test_pmtu_vti4_link_add_mtu() test from net/pmtu.sh in
     ubuntu_kernel_selftests cannot finish properly on 5.11 and 5.8
     (LP: #1933969)
     - ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
     - sit: proper dev_{hold|put} in ndo_[un]init methods
     - ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
     - ipv6: remove extra dev_hold() for fallback tunnels
 .