[ubuntu/focal-security] linux-ibm-5.15 5.15.0-1074.77~20.04.1 (Accepted)
Andy Whitcroft
apw at canonical.com
Tue Apr 22 11:18:38 UTC 2025
linux-ibm-5.15 (5.15.0-1074.77~20.04.1) focal; urgency=medium
* focal/linux-ibm-5.15: 5.15.0-1074.77~20.04.1 -proposed tracker
(LP: #2102550)
[ Ubuntu: 5.15.0-1074.77 ]
* jammy/linux-ibm: 5.15.0-1074.77 -proposed tracker (LP: #2102551)
* jammy/linux: 5.15.0-138.148 -proposed tracker (LP: #2102587)
* ipsec_offload in rtnetlink.sh from ubunsu_kselftests_net fails on O/J
(LP: #2096976)
- SAUCE: selftest: netfilter: fix null IP field in kci_test_ipsec_offload
* CVE-2025-21756
- vsock: Keep the binding until socket destruction
- vsock: Orphan socket after transport release
* CVE-2024-50256
- netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
* CVE-2025-21702
- pfifo_tail_enqueue: Drop new packet when sch->limit == 0
* CVE-2025-21703
- netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
* CVE-2025-21700
- net: sched: Disallow replacing of child qdisc from one parent to another
* CVE-2024-46826
- ELF: fix kernel.randomize_va_space double read
* CVE-2024-56651
- can: hi311x: hi3110_can_ist(): fix potential use-after-free
* iBFT iSCSI out-of-bounds shift UBSAN warning (LP: #2097824)
- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
* CVE-2024-50248
- ntfs3: Add bounds checking to mi_enum_attr()
- fs/ntfs3: Sequential field availability check in mi_enum_attr()
* CVE-2022-0995
- watch_queue: Use the bitmap API when applicable
* CVE-2024-26837
- net: bridge: switchdev: Skip MDB replays of deferred events on offload
* CVE-2025-21701
- net: avoid race between device unregistration and ethnl ops
* CVE-2024-57798
- drm/dp_mst: Skip CSN if topology probing is not done yet
- drm/dp_mst: Ensure mst_primary pointer is valid in
drm_dp_mst_handle_up_req()
* CVE-2024-56658
- net: defer final 'struct net' free in netns dismantle
* CVE-2024-35864
- smb: client: fix potential UAF in smb2_is_valid_lease_break()
* CVE-2024-35864/CVE-2024-26928
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
linux-ibm-5.15 (5.15.0-1073.76~20.04.1) focal; urgency=medium
* focal/linux-ibm-5.15: 5.15.0-1073.76~20.04.1 -proposed tracker
(LP: #2102393)
[ Ubuntu: 5.15.0-1073.76 ]
* jammy/linux-ibm: 5.15.0-1073.76 -proposed tracker (LP: #2102394)
* jammy/linux: 5.15.0-136.147 -proposed tracker (LP: #2102429)
* CVE-2024-57798
- drm/dp_mst: Skip CSN if topology probing is not done yet
- drm/dp_mst: Ensure mst_primary pointer is valid in
drm_dp_mst_handle_up_req()
* CVE-2024-56658
- net: defer final 'struct net' free in netns dismantle
* CVE-2024-35864
- smb: client: fix potential UAF in smb2_is_valid_lease_break()
* CVE-2024-35864/CVE-2024-26928
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
linux-ibm-5.15 (5.15.0-1072.75~20.04.1) focal; urgency=medium
* focal/linux-ibm-5.15: 5.15.0-1072.75~20.04.1 -proposed tracker
(LP: #2098267)
[ Ubuntu: 5.15.0-1072.75 ]
* jammy/linux-ibm: 5.15.0-1072.75 -proposed tracker (LP: #2098268)
* jammy/linux: 5.15.0-135.146 -proposed tracker (LP: #2098300)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.02.10)
* Jammy update: v5.15.178 upstream stable release (LP: #2098441)
- ASoC: wm8994: Add depends on MFD core
- ASoC: samsung: Add missing selects for MFD_WM8994
- seccomp: Stub for !CONFIG_SECCOMP
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
- irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
- ASoC: samsung: Add missing depends on I2C
- regmap: detach regmap from dev on regmap_exit
- mptcp: don't always assume copied data in mptcp_cleanup_rbuf()
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
- net: sched: fix ets qdisc OOB Indexing
- vfio/platform: check the bounds of read/write syscalls
- fs/ntfs3: Additional check in ntfs_file_release
- platform/chrome: cros_ec_typec: Check for EC driver
- ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
- scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
- wifi: iwlwifi: add a few rate index validity checks
- USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
- ALSA: usb-audio: Add delay quirk for USB Audio Device
- Input: atkbd - map F23 key to support default copilot shortcut
- Input: xpad - add unofficial Xbox 360 wireless receiver clone
- Input: xpad - add support for wooting two he (arm)
- drm/v3d: Assign job pointer to NULL before signaling the fence
- Linux 5.15.178
* CVE-2024-49925
- fbdev: efifb: Register sysfs groups through driver core
* Jammy update: v5.15.177 upstream stable release (LP: #2097298)
- ceph: give up on paths longer than PATH_MAX
- jbd2: flush filesystem device before updating tail sequence
- dm array: fix releasing a faulty array block twice in dm_array_cursor_end
- dm array: fix unreleased btree blocks on closing a faulty array cursor
- dm array: fix cursor index when skipping across block boundaries
- exfat: fix the infinite loop in exfat_readdir()
- exfat: fix the infinite loop in __exfat_free_cluster()
- ASoC: mediatek: disable buffer pre-allocation
- ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
- net: 802: LLC+SNAP OID:PID lookup on start of skb data
- tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
- tcp/dccp: allow a connection when sk_max_ack_backlog is zero
- net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails
- cxgb4: Avoid removal of uninserted tid
- tls: Fix tls_sw_sendmsg error handling
- netfilter: nf_tables: imbalance in flowtable binding
- netfilter: conntrack: clamp maximum hashtable size to INT_MAX
- drm/mediatek: Add support for 180-degree rotation in the display driver
- ksmbd: fix a missing return value check bug
- afs: Fix the maximum cell name length
- dm thin: make get_first_thin use rcu-safe list first function
- dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
- sctp: sysctl: rto_min/max: avoid using current->nsproxy
- sctp: sysctl: auth_enable: avoid using current->nsproxy
- sctp: sysctl: udp_port: avoid using current->nsproxy
- sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
- drm/amd/display: Add check for granularity in dml ceil/floor helpers
- riscv: Fix sleeping in invalid context in die()
- ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
- ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[]
- drm/amd/display: increase MAX_SURFACES to the value supported by hw
- scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity
- USB: serial: option: add MeiG Smart SRM815
- USB: serial: option: add Neoway N723-EA support
- staging: iio: ad9834: Correct phase range check
- staging: iio: ad9832: Correct phase range check
- usb-storage: Add max sectors quirk for Nokia 208
- USB: serial: cp210x: add Phoenix Contact UPS Device
- usb: dwc3: gadget: fix writing NYET threshold
- topology: Keep the cpumask unchanged when printing cpumap
- USB: usblp: return error when setting unsupported protocol
- USB: core: Disable LPM only for non-suspended ports
- usb: fix reference leak in usb_new_device()
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
- iio: pressure: zpa2326: fix information leak in triggered buffer
- iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered
buffer
- iio: light: vcnl4035: fix information leak in triggered buffer
- iio: imu: kmx61: fix information leak in triggered buffer
- iio: adc: ti-ads8688: fix information leak in triggered buffer
- iio: gyro: fxas21002c: Fix missing data update in trigger handler
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
- iio: adc: at91: call input_free_device() on allocated iio_dev
- iio: inkern: call iio_device_put() only on mapped devices
- iio: adc: ad7124: Disable all channels at probe time
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
- arm64: dts: rockchip: add hevc power domain clock to rk3328
- of: unittest: Add bus address range parsing tests
- of/address: Add support for 3 address cell bus
- of: address: Fix address translation when address-size is greater than 2
- of: address: Remove duplicated functions
- of: address: Store number of bus flag cells rather than bool
- of: address: Preserve the flags portion on 1:1 dma-ranges mapping
- phy: usb: Add "wake on" functionality for newer Synopsis XHCI controllers
- phy: usb: Toggle the PHY power during init
- ocfs2: correct return value of ocfs2_local_free_info()
- ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
- mptcp: drop port parameter of mptcp_pm_add_addr_signal
- mptcp: fix TCP options overflow.
- phy: usb: Use slow clock for wake enabled suspend
- phy: usb: Fix clock imbalance for suspend/resume
- net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
- bpf: Fix bpf_sk_select_reuseport() memory leak
- pktgen: Avoid out-of-bounds access in get_imix_entries
- net: add exit_batch_rtnl() method
- gtp: use exit_batch_rtnl() method
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
- gtp: Destroy device along with udp socket's netns dismantle.
- nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
- net: xilinx: axienet: Fix IRQ coalescing packet count overflow
- net/mlx5: Add priorities for counters in RDMA namespaces
- net/mlx5: Refactor mlx5_get_flow_namespace
- net/mlx5: Fix RDMA TX steering prio
- drm/v3d: Ensure job pointer is set to NULL after job completion
- Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data"
- i2c: mux: demux-pinctrl: check initial mux selection, too
- i2c: rcar: fix NACK handling when being a target
- mac802154: check local interfaces before deleting sdata list
- hfs: Sanity check the root record
- fs: fix missing declaration of init_files
- kheaders: Ignore silly-rename files
- ACPI: resource: acpi_dev_irq_override(): Check DMI match last
- poll_wait: add mb() to fix theoretical race between waitqueue_active() and
.poll()
- nvmet: propagate npwg topology
- net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
- vsock/virtio: cancel close work in the destructor
- vsock: reset socket state when de-assigning the transport
- vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
- filemap: avoid truncating 64-bit offset to 32 bits
- fs/proc: fix softlockup in __read_vmcore (part 2)
- gpiolib: cdev: Fix use after free in lineinfo_changed_notify
- irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
- hrtimers: Handle CPU state correctly on hotplug
- drm/i915/fb: Relax clear color alignment to 64 bytes
- iio: imu: inv_icm42600: fix spi burst write not supported
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
- iio: adc: rockchip_saradc: fix information leak in triggered buffer
- Revert "drm/amdgpu: rework resume handling for display (v2)"
- Revert "regmap: detach regmap from dev on regmap_exit"
- vsock/virtio: discard packets if the transport changes
- ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
- nfsd: add list_head nf_gc to struct nfsd_file
- x86/xen: fix SLS mitigation in xen_hypercall_iret()
- scsi: sg: Fix slab-use-after-free read in sg_release()
- net: fix data-races around sk->sk_forward_alloc
- xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
- Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM
conditionals
- Linux 5.15.177
* CVE-2024-46784
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
* CVE-2024-44938
- jfs: Fix shift-out-of-bounds in dbDiscardAG
* CVE-2024-43900
- media: xc2028: avoid use-after-free in load_firmware_cb()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327)
- ALSA: usb: Fix UBSAN warning in parse_audio_unit()
- usb: cdns3: Add quirk flag to enable suspend residency
- ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP
- PCI: vmd: Create domain symlink before pci_bus_add_devices()
- PCI: Add ACS quirk for Broadcom BCM5760X NIC
- MIPS: Loongson64: DTS: Fix msi node for ls7a
- usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with
iommu enabled
- i2c: pnx: Fix timeout in wait functions
- erofs: fix incorrect symlink detection in fast symlink
- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll
- ionic: use ee->offset when returning sprom data
- net: hinic: Fix cleanup in create_rxqs/txqs()
- net: ethernet: bgmac-platform: fix an OF node reference leak
- netfilter: ipset: Fix for recursive locking warning
- net: mdiobus: fix an OF node reference leak
- mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk
- chelsio/chtls: prevent potential integer overflow on 32bit
- i2c: riic: Always round-up when calculating bus period
- efivarfs: Fix error on non-existent file
- USB: serial: option: add TCL IK512 MBIM & ECM
- USB: serial: option: add MeiG Smart SLM770A
- USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready
- USB: serial: option: add MediaTek T7XX compositions
- USB: serial: option: add Telit FE910C04 rmnet compositions
- hwmon: (tmp513) Don't use "proxy" headers
- hwmon: (tmp513) Simplify with dev_err_probe()
- hwmon: (tmp513) Use SI constants from units.h
- hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit
Registers
- hwmon: (tmp513) Fix Current Register value interpretation
- hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit
Registers
- hwmon: (tmp513) Fix division of negative numbers
- sh: clk: Fix clk_enable() to return 0 on NULL clk
- zram: refuse to use zero sized block device as backing device
- btrfs: tree-checker: reject inline extent items with 0 ref count
- tracing: Fix test_event_printk() to process entire print argument
- tracing: Add missing helper functions in event pointer dereference check
- tracing: Add "%s" check in test_event_printk()
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget
- of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one()
- udmabuf: also check for F_SEAL_FUTURE_WRITE
- of: Fix error path in of_parse_phandle_with_args_map()
- of: Fix refcount leakage for OF node returned by __of_get_dma_parent()
- ceph: validate snapdirname option length when mounting
- epoll: Add synchronous wakeup support for ep_poll_callback
- drm/amdgpu: Handle NULL bo->tbo.resource (again) in amdgpu_vm_bo_update
- mm/vmstat: fix a W=1 clang compiler warning
- tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress()
- tcp_bpf: Add sk_rmem_alloc related logic for tcp_bpf ingress redirection
- bpf: Check negative offsets in __bpf_skb_min_len()
- nfsd: restore callback functionality for NFSv4.0
- mtd: diskonchip: Cast an operand to prevent potential overflow
- mtd: rawnand: arasan: Fix double assertion of chip-select
- mtd: rawnand: arasan: Fix missing de-registration of NAND
- phy: core: Fix an OF node refcount leakage in _of_phy_get()
- phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup()
- phy: core: Fix that API devm_phy_put() fails to release the phy
- phy: core: Fix that API devm_of_phy_provider_unregister() fails to
unregister the phy provider
- phy: core: Fix that API devm_phy_destroy() fails to destroy the phy
- dmaengine: mv_xor: fix child node refcount handling in early exit
- dmaengine: dw: Select only supported masters for ACPI devices
- mtd: rawnand: fix double free in atmel_pmecc_create_user()
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label
update
- watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040
- ALSA: hda/conexant: fix Z60MR100 startup pop issue
- regmap: Use correct format specifier for logging range errors
- platform/x86: asus-nb-wmi: Ignore unknown event 0xCF
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load
time
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN
as an error
- virtio-blk: don't keep queue frozen during system suspend
- vmalloc: fix accounting with i915
- MIPS: Probe toolchain support of -msym32
- arm64: mm: Rename asid2idx() to ctxid2asid()
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit
ASIDs
- drm/dp_mst: Verify request type in the corresponding down message reply
- lib: stackinit: hide never-taken branch from compiler
- ksmbd: fix racy issue from session lookup and expire
- tracing: Constify string literal data member in struct trace_event_call
- btrfs: avoid monopolizing a core when activating a swap file
- x86/hyperv: Fix hv tsc page based sched_clock for hibernation
- selinux: ignore unknown extended permissions
- tracing: Have process_string() also allow arrays
- thunderbolt: Add support for Intel Raptor Lake
- thunderbolt: Add support for Intel Meteor Lake
- thunderbolt: Add Intel Barlow Ridge PCI ID
- thunderbolt: Add support for Intel Lunar Lake
- thunderbolt: Add support for Intel Panther Lake-M/P
- xhci: retry Stop Endpoint on buggy NEC controllers
- usb: xhci: Limit Stop Endpoint retries
- xhci: Turn NEC specific quirk for handling Stop Endpoint errors generic
- RDMA/mlx5: Enforce same type port association for multiport RoCE
- RDMA/bnxt_re: Add check for path mtu in modify_qp
- RDMA/bnxt_re: Fix reporting hw_ver in query_device
- RDMA/bnxt_re: Fix max_qp_wrs reported
- RDMA/bnxt_re: Fix the locking while accessing the QP table
- drm/bridge: adv7511_audio: Update Audio InfoFrame properly
- RDMA/hns: Remove redundant 'attr_mask' in modify_qp_init_to_init()
- RDMA/hns: Remove redundant 'bt_level' for hem_list_alloc_item()
- RDMA/hns: Fix mapping error of zero-hop WQE buffer
- RDMA/hns: Fix warning storm caused by invalid input in IO path
- RDMA/hns: Fix missing flush CQE for DWQE
- net: stmmac: platform: provide devm_stmmac_probe_config_dt()
- net: stmmac: don't create a MDIO bus if unnecessary
- net: stmmac: restructure the error path of stmmac_probe_config_dt()
- drm/i915/dg1: Fix power gate sequence.
- net: llc: reset skb->transport_header
- ALSA: usb-audio: US16x08: Initialize array before use
- eth: bcmsysport: fix call balance of priv->clk handling routines
- net: mv643xx_eth: fix an OF node reference leak
- net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init()
- btrfs: rename and export __btrfs_cow_block()
- btrfs: sysfs: convert scnprintf and snprintf to sysfs_emit
- btrfs: sysfs: fix direct super block member reads
- wifi: mac80211: wake the queues in case of failure in resume
- sound: usb: enable DSD output for ddHiFi TC44C
- sound: usb: format: don't warn that raw DSD is unsupported
- bpf: fix potential error return
- net: usb: qmi_wwan: add Telit FE910C04 compositions
- irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base
- ARC: build: Try to guess GCC variant of cross compiler
- usb: xhci: Avoid queuing redundant Stop Endpoint commands
- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host
- modpost: fix the missed iteration for the max bit in do_input()
- kcov: mark in_softirq_really() as __always_inline
- sky2: Add device ID 11ab:4373 for Marvell 88E8075
- net/sctp: Prevent autoclose integer overflow in sctp_association_init()
- drm: adv7511: Drop dsi single lane support
- dt-bindings: display: adi,adv7533: Drop single lane support
- Linux 5.15.176
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57884
- mm: vmscan: account for free pages to prevent infinite Loop in
throttle_direct_reclaim()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57889
- pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57890
- RDMA/uverbs: Prevent integer overflow issue
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57896
- btrfs: flush delalloc workers queue before stopping cleaner kthread during
unmount
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57897
- drm/amdkfd: Correct the migration DMA map direction
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56759
- btrfs: fix use-after-free when COWing tree bock and tracing is enabled
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57900
- ila: serialize calls to nf_register_net_hooks()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57901
- af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57902
- af_packet: fix vlan_get_tci() vs MSG_PEEK
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57903
- net: restrict SO_REUSEPORT to inet sockets
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-36476
- RDMA/rtrs: Ensure 'ib_sge list' is accessible
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57802
- netrom: check buffer length before accessing it
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57841
- net: fix memory leak in tcp_conn_request()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-49998
- net: dsa: improve shutdown sequence
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-50121
- nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57792
- power: supply: gpio-charger: Fix set charge current limits
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56763
- tracing: Prevent bad count for tracing_cpumask_write
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56626
- ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56627
- ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56616
- drm/dp_mst: Fix MST sideband message body length check
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-53099
- bpf: Check validity of link->type in bpf_link_show_fdinfo()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57807
- scsi: megaraid_sas: Fix for a potential deadlock
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56767
- dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56769
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-53690
- nilfs2: prevent use of deleted inode
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-55881
- KVM: x86: Play nice with protected guests in complete_hypercall_exit()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-55916
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56369
- drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56715
- ionic: Fix netdev notifier unregister on failure
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56716
- netdevsim: prevent bad user input in nsim_dev_health_break_write()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57791
- net/smc: check return value of sock_recvmsg when draining clc data
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-47408
- net/smc: check smcd_v2_ext_offset when receiving proposal msg
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-49571
- net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal
msg
* Jammy update: v5.15.175 upstream stable release (LP: #2095302)
- tcp: check space before adding MPTCP SYN options
- ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5
- usb: host: max3421-hcd: Correctly abort a USB request.
- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys()
- usb: dwc2: Fix HCD resume
- usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature
- usb: dwc2: Fix HCD port connection race
- usb: ehci-hcd: fix call balance of clocks handling routines
- drm/i915: Fix memory leak by correcting cache object name in error handler
- xfs: update btree keys correctly when _insrec splits an inode root block
- xfs: don't drop errno values when we fail to ficlone the entire range
- xfs: return from xfs_symlink_verify early on V4 filesystems
- xfs: fix scrub tracepoints when inode-rooted btrees are involved
- bpf, sockmap: Fix update element with same
- batman-adv: Do not send uninitialized TT changes
- batman-adv: Remove uninitialized data in full table TT response
- batman-adv: Do not let TT changes list grows indefinitely
- tipc: fix NULL deref in cleanup_bearer()
- selftests: mlxsw: sharedbuffer: Remove h1 ingress test case
- selftests: mlxsw: sharedbuffer: Remove duplicate test cases
- ptp: kvm: Use decrypted memory in confidential guest on x86
- ptp: kvm: x86: Return EOPNOTSUPP instead of ENODEV from kvm_arch_ptp_init()
- net: sparx5: fix FDMA performance issue
- net: sparx5: fix the maximum frame length register
- ACPI: resource: Fix memory resource type union access
- cxgb4: use port number to set mac addr
- qca_spi: Fix clock speed for multiple QCA7000
- qca_spi: Make driver probing reliable
- Documentation: PM: Clarify pm_runtime_resume_and_get() return value
- bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
- team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
- ACPICA: events/evxfregn: don't release the ContextMutex that was never
acquired
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights()
- tracing/kprobes: Skip symbol counting logic for module symbols in
create_local_trace_kprobe()
- xen/netfront: fix crash when removing device
- x86: make get_cpu_vendor() accessible from Xen code
- objtool/x86: allow syscall instruction
- x86/static-call: provide a way to do very early static-call updates
- x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0
- x86/asm: Make serialize() always_inline
- x86/xen: don't do PV iret hypercall through hypercall page
- x86/xen: add central hypercall functions
- x86/xen: use new hypercall functions instead of hypercall page
- x86/xen: remove hypercall page
- ALSA: usb-audio: Fix a DMA to stack memory bug
- x86/static-call: fix 32-bit build
- Linux 5.15.175
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-53125
- bpf: sync_linked_regs() must preserve subreg_def
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-56770
- net/sched: netem: account for backlog updates from child qdisc
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-56659
- net: lapb: increase LAPB_HEADER_LEN
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-56662
- acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-42315
- exfat: fix potential deadlock on __exfat_get_dentry_set
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-53119
- virtio/vsock: Fix accept_queue memory leak
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-56670
- usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to
accessing null pointer
* Jammy update: v5.15.174 upstream stable release (LP: #2095283)
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer
- media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled
- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate()
- media: uvcvideo: Stop stream during unregister
- vmstat: call fold_vm_zone_numa_events() before show per zone NUMA event
- iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables
- leds: lp55xx: Remove redundant test for invalid channel number
- clk: qcom: gcc-qcs404: fix initial rate of GPLL3
- samples: pktgen: correct dev to DEV
- ARM: 9419/1: mm: Fix kernel memory mapping for xip kernels
- x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y
- vdpa/mlx5: Fix PA offset with unaligned starting iotlb map
- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled
- ocfs2: fix UBSAN warning in ocfs2_verify_volume()
- drm/bridge: tc358768: Fix DSI command tx
- mmc: sunxi-mmc: Add D1 MMC variant
- mmc: sunxi-mmc: Fix A100 compatible description
- lib/buildid: Fix build ID parsing logic
- media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set
- NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point
- NFSD: Async COPY result needs to return a write verifier
- NFSD: Initialize struct nfsd4_copy earlier
- NFSD: Never decrement pending_async_copies on error
- mm: revert "mm: shmem: fix data-race in shmem_getattr()"
- mm: avoid unsafe VMA hook invocation when error arises on mmap hook
- mm: unconditionally close VMAs on error
- mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling
- NFS: nfs_async_write_reschedule_io must not recurse into the writeback code
- ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet
- ASoC: Intel: sst: Support LPE0F28 ACPI HID
- wifi: iwlwifi: mvm: Use the sync timepoint API in suspend
- mac80211: fix user-power when emulating chanctx
- usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver
- selftests/watchdog-test: Fix system accidentally reset after watchdog-test
- ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB
- net: usb: qmi_wwan: add Quectel RG650V
- soc: qcom: Add check devm_kasprintf() returned value
- regulator: rk808: Add apply_bit for BUCK3 on RK809
- platform/x86: dell-smbios-base: Extends support to Alienware products
- platform/x86: dell-wmi-base: Handle META key Lock/Unlock events
- can: j1939: fix error in J1939 documentation.
- ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate()
- ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div()
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
- ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry
- ARM: 9420/1: smp: Fix SMP for xip kernels
- ipmr: Fix access to mfc_cache_list without lock held
- nvme: fix metadata handling in nvme-passthrough
- x86/barrier: Do not serialize MSR accesses on AMD
- kselftest/arm64: mte: fix printf type warnings about longs
- s390/cio: Do not unregister the subchannel based on DNV
- brd: remove brd_devices_mutex mutex
- mips: asm: fix warning when disabling MIPS_FP_SUPPORT
- m68k: mvme147: Fix SCSI controller IRQ numbers
- m68k: mvme16x: Add and use "mvme16x.h"
- m68k: mvme147: Reinstate early console
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG
- acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block()
- s390/syscalls: Avoid creation of arch/arch/ directory
- firmware: google: Unregister driver_info on failure
- crypto: qat - remove faulty arbiter config reset
- thermal: core: Initialize thermal zones before registering them
- EDAC/fsl_ddr: Fix bad bit shift operations
- crypto: cavium - Fix the if condition to exit loop after timeout
- ACPI: CPPC: Fix _CPC register setting issue
- crypto: caam - add error check to caam_rsa_set_priv_key_form
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw()
- time: Fix references to _msecs_to_jiffies() handling of values
- timekeeping: Consolidate fast timekeeper
- seqlock/latch: Provide raw_read_seqcount_latch_retry()
- kcsan, seqlock: Support seqcount_latch_t
- kcsan, seqlock: Fix incorrect assumption in read_seqbegin()
- clocksource/drivers:sp804: Make user selectable
- spi: spi-fsl-lpspi: downgrade log level for pio mode
- spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq()
- soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq()
- mmc: mmc_spi: drop buggy snprintf()
- tpm: fix signed/unsigned bug when checking event logs
- arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4
- arm64: dts: mt8183: kukui: Fix the address of eeprom at i2c4
- arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source
trackpad
- Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline"
- cgroup/bpf: only cgroup v2 can be attached by bpf programs
- arm64: dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns
- arm64: dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns
- arm64: dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns
- pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle
- ARM: dts: cubieboard4: Fix DCDC5 regulator constraints
- pmdomain: ti-sci: Add missing of_node_put() for args.np
- spi: tegra210-quad: Avoid shift-out-of-bounds
- spi: zynqmp-gqspi: Undo runtime PM changes at driver exit time
- regmap: irq: Set lockdep class for hierarchical IRQ domains
- arm64: dts: mt8183: jacuzzi: remove unused ddc-i2c-bus
- arm64: dts: mt8183: jacuzzi: Move panel under aux-bus
- arm64: dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names
- arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed
regulators
- selftests/resctrl: Protect against array overrun during iMC config parsing
- media: venus: venc: Use pmruntime autosuspend
- media: venus: vdec: decoded picture buffer handling during reconfig sequence
- media: venus : Addition of EOS Event support for Encoder
- media: venus : Addition of support for VIDIOC_TRY_ENCODER_CMD
- venus: venc: add handling for VIDIOC_ENCODER_CMD
- media: venus: provide ctx queue lock for ioctl synchronization
- media: atomisp: remove #ifdef HAS_NO_HMEM
- platform/x86: panasonic-laptop: Replace snprintf in show functions with
sysfs_emit
- platform/x86: panasonic-laptop: Return errno correctly in show callback
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused
- drm/omap: Fix possible NULL dereference
- drm/omap: Fix locking in omap_gem_new_dmabuf()
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq()
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq()
- drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq()
- drm/v3d: Address race-condition in MMU flush
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2
- dt-bindings: vendor-prefixes: Add NeoFidelity, Inc
- ASoC: fsl_micfil: Drop unnecessary register read
- ASoC: fsl_micfil: do not define SHIFT/MASK for single bits
- ASoC: fsl_micfil: use GENMASK to define register bit fields
- ASoC: fsl_micfil: fix regmap_write_bits usage
- ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode
- drm/bridge: anx7625: Drop EDID cache on bridge power off
- libbpf: Fix output .symtab byte-order during linking
- bpf: Fix the xdp_adjust_tail sample prog issue
- libbpf: fix sym_is_subprog() logic for weak global subprogs
- xfrm: rename xfrm_state_offload struct to allow reuse
- xfrm: store and rely on direction to construct offload flags
- netdevsim: rely on XFRM state direction instead of flags
- netdevsim: copy addresses for both in and out paths
- drm/bridge: tc358767: Fix link properties discovery
- selftests/bpf: Fix msg_verify_data in test_sockmap
- selftests/bpf: Fix txmsg_redir of test_txmsg_pull in test_sockmap
- drm: fsl-dcu: enable PIXCLK on LS1021A
- drm/panfrost: Remove unused id_mask from struct panfrost_model
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited
- drm/etnaviv: fix power register offset on GC300
- drm/etnaviv: hold GPU lock across perfmon sampling
- wifi: wfx: Fix error handling in wfx_core_init()
- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk()
- netfilter: nf_tables: skip transaction if update object is not implemented
- netfilter: nf_tables: must hold rcu read lock while iterating object type
list
- netlink: typographical error in nlmsg_type constants definition
- selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap
- selftests/bpf: Fix SENDPAGE data logic in test_sockmap
- selftests, bpf: Add one test for sockmap with strparser
- selftests/bpf: Fix total_bytes in msg_loop_rx in test_sockmap
- selftests/bpf: Add push/pop checking for msg_verify_data in test_sockmap
- bpf, sockmap: Several fixes to bpf_msg_push_data
- bpf, sockmap: Fix sk_msg_reset_curr
- selftests: net: really check for bg process completion
- drm/amdkfd: Fix wrong usage of INIT_WORK()
- net: rfkill: gpio: Add check for clk_enable()
- driver core: Introduce device_find_any_child() helper
- netpoll: Use rcu_access_pointer() in netpoll_poll_lock
- wireguard: selftests: load nf_conntrack if not present
- trace/trace_event_perf: remove duplicate samples on the first tracepoint
event
- pinctrl: zynqmp: drop excess struct member description
- powerpc/vdso: Flag VDSO64 entry points as functions
- mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race
- mfd: da9052-spi: Change read-mask to write-mask
- mfd: intel_soc_pmic_bxtwc: Use dev_err_probe()
- cpufreq: loongson2: Unregister platform_driver on failure
- mtd: rawnand: atmel: Fix possible memory leak
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey
- clk: imx: lpcg-scu: SW workaround for errata (e10858)
- clk: imx: clk-scu: fix clk enable state save and restore
- mfd: rt5033: Fix missing regmap_del_irq_chip()
- scsi: fusion: Remove unused variable 'rc'
- RDMA/hns: Fix out-of-order issue of requester when setting FENCE
- powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static
- powerpc/kexec: Fix return of uninitialized variable
- fbdev/sh7760fb: Alloc DMA memory from hardware device
- dt-bindings: clock: axi-clkgen: include AXI clk
- clk: clk-axi-clkgen: make sure to enable the AXI bus clock
- pinctrl: k210: Undef K210_PC_DEFAULT
- mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb()
- perf cs-etm: Don't flush when packet_queue fills up
- perf probe: Fix libdw memory leak
- perf probe: Correct demangled symbols in C++ program
- PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads
- PCI: cpqphp: Fix PCIBIOS_* return value confusion
- f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block
- f2fs: remove struct segment_allocation default_salloc_ops
- f2fs: open code allocate_segment_by_default
- f2fs: remove the unused flush argument to change_curseg
- f2fs: check curseg->inited before write_sum_page in change_curseg
- perf trace: avoid garbage when not printing a trace event's arguments
- m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x
- m68k: coldfire/device.c: only build FEC when HW macros are defined
- perf trace: Do not lose last events in a race
- perf trace: Avoid garbage when not printing a syscall's arguments
- rpmsg: glink: Add TX_DATA_CONT command while sending
- rpmsg: glink: Send READ_NOTIFY command in FIFO full case
- rpmsg: glink: Fix GLINK command prefix
- rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length
- remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region
- NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
- sunrpc: simplify two-level sysctl registration for svcrdma_parm_table
- NFSD: Fix nfsd4_shutdown_copy()
- hwmon: (tps23861) Fix reporting of negative temperatures
- vdpa/mlx5: Fix suboptimal range on iotlb iteration
- selftests/mount_setattr: Fix failures on 64K PAGE_SIZE kernels
- fs_parser: update mount_api doc to match function signature
- power: supply: core: Remove might_sleep() from power_supply_put()
- power: supply: bq27xxx: Fix registers of bq27426
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
- tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL
configuration
- net: mdio-ipq4019: add missing error check
- marvell: pxa168_eth: fix call balance of pep->clk handling routines
- net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
- octeontx2-af: RPM: Fix mismatch in lmac type
- spi: atmel-quadspi: Fix register name in verbose logging function
- net: hsr: fix hsr_init_sk() vs network/transport headers.
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down
- iio: light: al3010: Fix an error handling path in al3010_probe()
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()
- usb: yurex: make waiting on yurex_write interruptible
- USB: chaoskey: fail open after removal
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock
- misc: apds990x: Fix missing pm_runtime_disable()
- counter: stm32-timer-cnt: Add check for clk_enable()
- ALSA: hda/realtek: Update ALC256 depop procedure
- apparmor: fix 'Do simple duplicate message elimination'
- usb: ehci-spear: fix call balance of sehci clk handling routines
- Revert "drivers: clk: zynqmp: update divider round rate logic"
- ASoC: Intel: sst: Fix used of uninitialized ctx to log an error
- soc: qcom: socinfo: fix revision check in qcom_socinfo_probe()
- ext4: supress data-race warnings in ext4_free_inodes_{count,set}()
- ext4: fix FS_IOC_GETFSMAP handling
- jfs: xattr: check invalid xattr size more strictly
- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata()
- perf/x86/intel/pt: Fix buffer full but size is 0 case
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit
- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector
- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status
- fsnotify: fix sending inotify event with unexpected filename
- tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler
- locking/lockdep: Avoid creating new name string literals in
lockdep_set_subclass()
- exfat: fix uninit-value in __exfat_get_dentry_set
- Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}()
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue
- Revert "usb: gadget: composite: fix OS descriptors w_value logic"
- serial: sh-sci: Clean sci_ports[0] after at earlycon exit
- Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit"
- gpio: exar: set value when external pull-up or pull-down is present
- spi: Fix acpi deferred irq probe
- mtd: spi-nor: core: replace dummy buswidth from addr to data
- cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power()
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement
- ubi: wl: Put source PEB into correct list if trying locking LEB failed
- serial: 8250: omap: Move pm_runtime_get_sync
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
- soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting()
- media: v4l2-core: v4l2-dv-timings: check cvt/gtf result
- ALSA: hda/realtek: Update ALC225 depop procedure
- ALSA: hda/realtek: Set PCBeep to default value for ALC274
- ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max
- ALSA: hda/realtek: Apply quirk for Medion E15433
- usb: dwc3: gadget: Fix checking for number of TRBs left
- lib: string_helpers: silence snprintf() output truncation warning
- rpmsg: glink: Propagate TX failures in intentless mode as well
- um: Fix the return value of elf_core_copy_task_fpregs
- um: Always dump trace for specified task in show_stack
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq()
- rtc: abx80x: Fix WDT bit position of the status register
- ubifs: Correct the total block count by deducting journal reservation
- jffs2: fix use of uninitialized variable
- block: return unsigned int from bdev_io_min
- 9p/xen: fix init sequence
- rtc: ab-eoz9: don't fail temperature reads on undervoltage notification
- modpost: remove incorrect code in do_eisa_entry()
- nfs: ignore SB_RDONLY when mounting nfs
- sunrpc: remove unnecessary test in rpc_task_set_client()
- SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE
- ASoC: fsl_micfil: fix the naming style for mask definition
- xfs: fix log recovery when unknown rocompat bits are set
- xfs: remove unknown compat feature check in superblock write validation
- btrfs: add might_sleep() annotations
- util_macros.h: fix/rework find_closest() macros
- scsi: ufs: exynos: Fix hibern8 notify callbacks
- PCI: keystone: Add link up check to ks_pcie_other_map_bus()
- ovl: properly handle large files in ovl_security_fileattr
- dm thin: Add missing destroy_work_on_stack()
- PCI: rockchip-ep: Fix address translation unit programming
- drm/etnaviv: flush shader L1 cache after user commandstream
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
- watchdog: mediatek: Make sure system reset gets asserted in
mtk_wdt_restart()
- can: peak_usb: CANFD: store 64-bits hw timestamps
- can: do not increase rx statistics when generating a CAN rx error message
frame
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation
fails
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
- ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
- ptp: Add error handling for adjfine callback in ptp_clock_adjtime
- net/sched: tbf: correct backlog statistic for GSO packets
- net/smc: Limit backlog connections
- net/qed: allow old cards not supporting "num_images" to work
- net: sched: fix erspan_opt settings in cls_flower
- netfilter: nft_set_hash: skip duplicated elements pending gc run
- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
- ethtool: Fix wrong mod state in case of verbose and no_mask bitset
- gpio: grgpio: use a helper variable to store the address of ofdev->dev
- dt_bindings: rs485: Correct delay values
- dt-bindings: serial: rs485: Fix rs485-rts-delay property
- serial: amba-pl011: Use port lock wrappers
- serial: amba-pl011: Fix RX stall when DMA is used
- bpftool: Remove asserts from JIT disassembler
- bpftool: fix potential NULL pointer dereferencing in prog_dump()
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter
- ALSA: pcm: Add more disconnection checks at file ops
- ALSA: pcm: Avoid reference to status->state
- ALSA: usb-audio: Notify xrun for low-latency mode
- tools: Override makefile ARCH variable if defined, but empty
- drm/v3d: Enable Performance Counters before clearing them
- bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie
- bpf: Fix exact match conditions in trie_get_next_key()
- watchdog: rti: of: honor timeout-sec property
- tracing: Fix cmp_entries_dup() to respect sort() comparison rules
- ALSA: usb-audio: add mixer mapping for Corsair HS80
- ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8
- ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG)
- scsi: qla2xxx: Fix abort in bsg timeout
- scsi: qla2xxx: Fix NVMe and NPIV connect issue
- scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
- scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
- dma-buf: fix dma_fence_array_signaled v4
- regmap: detach regmap from dev on regmap_exit
- mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10
tablet
- mmc: core: Further prevent card detect during shutdown
- ocfs2: update seq_file index in ocfs2_dlm_seq_next
- epoll: annotate racy check
- btrfs: avoid unnecessary device path update for the same device
- kselftest/arm64: Don't leak pipe fds in pac.exec_sign_all()
- media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
- media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
- drm/vc4: hvs: Set AXI panic modes for the HVS
- drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
- drm/mcde: Enable module autoloading
- drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()
- r8169: don't apply UDP padding quirk on RTL8126A
- samples/bpf: Fix a resource leak
- net: fec_mpc52xx_phy: Use %pa to format resource_size_t
- net: ethernet: fs_enet: Use %pa to format resource_size_t
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
- Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc
- wifi: ath5k: add PCI ID for SX76X
- wifi: ath5k: add PCI ID for Arcadyan devices
- drm/panel: simple: Add Microchip AC69T88A LVDS Display panel
- drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih
- drm/amdgpu: Dereference the ATCS ACPI buffer
- drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr
- drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov
- wifi: ipw2x00: libipw_rx_any(): fix bad alignment
- ASoC: hdmi-codec: reorder channel allocation list
- rocker: fix link status detection in rocker_carrier_init()
- net/neighbor: clear error in case strict check is not set
- netpoll: Use rcu_access_pointer() in __netpoll_setup
- pinctrl: freescale: fix COMPILE_TEST error with PINCTRL_IMX_SCU
- tracing: Use atomic64_inc_return() in trace_clock_counter()
- scsi: st: Don't modify unknown block number in MTIOCGET
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
- pinctrl: qcom-pmic-gpio: add support for PM8937
- nvdimm: rectify the illogical code within nd_dax_probe()
- PCI: Detect and trust built-in Thunderbolt chips
- PCI: Add 'reset_subordinate' to reset hierarchy below bridge
- PCI: Add ACS quirk for Wangxun FF5xxx NICs
- usb: chipidea: udc: handle USB Error Interrupt if IOC not set
- misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
- modpost: Include '.text.*' in TEXT_SECTIONS
- modpost: Add .irqentry.text to OTHER_SECTIONS
- sched/core: Remove the unnecessary need_resched() check in nohz_csd_func()
- sched/fair: Add NOHZ balancer flag for nohz.next_balance updates
- sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU turning
busy
- sched/core: Prevent wakeup of ksoftirqd during idle load balance
- btrfs: fix missing snapshot drew unlock when root is dead during swap
activation
- tracing/eprobe: Fix to release eprobe when failed to add dyn_event
- Revert "unicode: Don't special case ignorable code points"
- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device
- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE
- jffs2: Fix rtime decompressor
- mm/damon/vaddr-test: split a test function having >1024 bytes frame size
- mm/damon/vaddr: fix issue in damon_va_evenly_split_region()
- xhci: dbc: Fix STALL transfer event handling
- mmc: mtk-sd: Fix error handle of probe function
- ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume"
- Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()"
- scsi: core: Fix scsi_mode_select() buffer length handling
- gve: Fixes for napi_poll when budget is 0
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint
- net: dsa: microchip: correct KSZ8795 static MAC table access
- drm/amdgpu: rework resume handling for display (v2)
- serial: amba-pl011: fix build regression
- media: venus: vdec: fixed possible memory leak issue
- net/smc: Fix af_ops of child socket pointing to released memory
- Bluetooth: hci_core: Fix calling mgmt_device_connected
- Linux 5.15.174
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-46871
- drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-49950
- Bluetooth: L2CAP: Fix uaf in l2cap_connect
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-50275
- arm64/sve: Discard stale CPU state when handling SVE traps
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-47730
- crypto: hisilicon/qm - inject error before stopping queue
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-46809
- drm/amd/display: Check BIOS images before it is used
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-57850
- jffs2: Prevent rtime decompress memory corruption
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56781
- powerpc/prom_init: Fixup missing powermac #size-cells
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56785
- MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-43098
- i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to
avoid deadlock
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-45828
- i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56586
- f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56587
- leds: class: Protect brightness_show() with led_cdev->led_access mutex
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56589
- scsi: hisi_sas: Add cond_resched() for no forced preemption model
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56590
- Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56593
- wifi: brcmfmac: Fix oops due to NULL pointer dereference in
brcmf_sdiod_sglist_rw()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56594
- drm/amdgpu: set the right AMDGPU sg segment limitation
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56595
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56596
- jfs: fix array-index-out-of-bounds in jfs_readdir
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56597
- jfs: fix shift-out-of-bounds in dbSplit
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56598
- jfs: array-index-out-of-bounds fix in dtReadFirst
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-47143
- dma-debug: fix a possible deadlock on radix_lock
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56600
- net: inet6: do not leave a dangling sk pointer in inet6_create()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56601
- net: inet: do not leave a dangling sk pointer in inet_create()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56602
- net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56603
- net: af_can: do not leave a dangling sk pointer in can_create()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56605
- Bluetooth: L2CAP: do not leave dangling sk pointer on error in
l2cap_sock_create()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56606
- af_packet: avoid erroring out after sock_init_data() in packet_create()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56787
- soc: imx8m: Probe the SoC driver as platform driver
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56610
- kcsan: Turn report_filterlist_lock into a raw_spinlock
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-57849
- s390/cpum_sf: Handle CPU hotplug remove during sampling
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56568
- iommu/arm-smmu: Defer probe of clients after smmu device bound
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56614
- xsk: fix OOB map writes when deleting elements
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56615
- bpf: fix OOB devmap writes when deleting elements
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-48881
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56619
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56622
- scsi: ufs: core: sysfs: Prevent div by zero
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56623
- scsi: qla2xxx: Fix use after free on unload
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-57874
- arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56625
- can: dev: can_set_termination(): allow sleeping GPIOs
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56629
- HID: wacom: fix when get product name maybe null pointer
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56630
- ocfs2: free inode when ocfs2_get_init_inode() fails
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-50051
- spi: mpc52xx: Add cancel_work_sync before module remove
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56633
- tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56634
- gpio: grgpio: Add NULL check in grgpio_probe
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56636
- geneve: do not assume mac header is set in geneve_xmit_skb()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56637
- netfilter: ipset: Hold module reference while requesting a module
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-52332
- igb: Fix potential invalid memory access in igb_init_module()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56640
- net/smc: fix LGR and link use-after-free issue
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56642
- tipc: Fix use-after-free of kernel socket in cleanup_bearer().
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56643
- dccp: Fix memory leak in dccp_feat_change_recv
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56644
- net/ipv6: release expired exception dst cached in socket
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56645
- can: j1939: j1939_session_new(): fix skb reference counting
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56648
- net: hsr: avoid potential out-of-bound access in fill_frame_info()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56650
- netfilter: x_tables: fix LED ID check in led_tg_check()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56776
- drm/sti: avoid potential dereference of error pointers
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56777
- drm/sti: avoid potential dereference of error pointers in
sti_gdp_atomic_check
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56778
- drm/sti: avoid potential dereference of error pointers in
sti_hqvdp_atomic_check
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-46841
- btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in
walk_down_proc()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56779
- nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56558
- nfsd: make sure exp active before svc_export_show
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56562
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-57838
- s390/entry: Mark IRQ entries to fix stack depot warnings
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56567
- ad7780: fix division by zero in ad7780_write_raw()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56581
- btrfs: ref-verify: fix use-after-free after invalid ref action
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56774
- btrfs: add a sanity check for btrfs root in btrfs_search_slot()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56780
- quota: flush quota_release_work upon quota writeback
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53165
- sh: intc: Fix use-after-free bug in register_intc_controller()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56688
- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56704
- 9p/xen: fix release of IRQ
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53171
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53172
- ubi: fastmap: Fix duplicate slab cache names while attaching
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56739
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53173
- NFSv4.0: Fix a use-after-free problem in the asynchronous open()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53145
- um: Fix potential integer overflow during physmem setup
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53174
- SUNRPC: make sure cache entry active before cache_show
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53146
- NFSD: Prevent a potential integer overflow
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56698
- usb: dwc3: gadget: Fix looping of queued SG entries
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53180
- ALSA: pcm: Add sanity NULL check for the default mmap fault handler
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56700
- media: wl128x: Fix atomicity violation in fmc_send_cmd()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2022-49034
- sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53181
- um: vector: Do not use drvdata in release
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53183
- um: net: Do not use drvdata in release
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53184
- um: ubd: Do not use drvdata in release
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-50055
- driver core: bus: Fix double free in driver API bus_register()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56741
- apparmor: test: Fix memory leak for aa_unpack_strdup()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53148
- comedi: Flush partial mappings in error case
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53194
- PCI: Fix use-after-free of slot->bus on hot remove
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53197
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox
devices
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53150
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53198
- xen: Fix the issue of resource not being properly released in
xenbus_dev_probe()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-50283
- ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53206
- tcp: Fix use-after-free of nreq in reqsk_timer_handler().
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53214
- vfio/pci: Properly hide first-in-list PCIe extended capability
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53215
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53217
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53151
- svcrdma: Address an integer overflow
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56745
- PCI: Fix reset_method_store() memory leak
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56746
- fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53155
- ocfs2: fix uninitialized value in ocfs2_file_read_iter()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53226
- RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56747
- scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56748
- scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53227
- scsi: bfa: Fix use-after-free in bfad_im_module_exit()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56701
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56678
- powerpc/mm/fault: Fix kfence page fault reporting
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56723
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56724
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56691
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56694
- bpf: fix recursive lock when verdict program return SK_PASS
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53237
- Bluetooth: fix use-after-free in device_for_each_child()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53239
- ALSA: 6fire: Release resources at card release
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56531
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56532
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56533
- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56720
- bpf, sockmap: Several fixes to bpf_msg_pop_data
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56726
- octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56728
- octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56679
- octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56539
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_config_scan()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53156
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56705
- media: atomisp: Add check for rgby_data memory allocation failure
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53157
- firmware: arm_scpi: Check the DVFS OPP count returned by the firmware
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53158
- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56681
- crypto: bcm - add error check in the ahash_hmac_init function
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56708
- EDAC/igen6: Avoid segmentation fault on module unload
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56690
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return
-EBUSY
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53161
- EDAC/bluefield: Fix potential integer overflow
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56754
- crypto: caam - Fix the pointer passed to caam_qi_shutdown()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56548
- hfsplus: don't query the device logical block size multiple times
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56756
- nvme-pci: fix freeing of the HMB descriptor table
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53142
- initramfs: avoid filename buffer overrun
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56693
- brd: defer automatic disk creation until module initialization succeeds
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-49996
- cifs: Fix buffer overflow when parsing NFS reparse points
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53096
- mm: resolve faulty mmap_region() error path behaviour
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53122
- mptcp: cope racing subflow creation in mptcp_rcv_space_adjust
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-49974
- NFSD: Limit the number of concurrent async COPY operations
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53127
- Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53130
- nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53131
- nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53135
- KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind
CONFIG_BROKEN
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53112
- ocfs2: uncache inode which has failed entering the group
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53113
- mm: fix NULL pointer dereference in alloc_pages_bulk_noprof
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53120
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53138
- net/mlx5e: kTLS, Fix incorrect page refcounting
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53121
- net/mlx5: fs, lock FTE when checking if active
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53129
- drm/rockchip: vop: Fix a dereferenced before check warning
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53140
- netlink: terminate outstanding dump on socket close
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56569
- ftrace: Fix regression with module command in stack_trace_filter
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56570
- ovl: Filter invalid inodes with missing lookup function
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56572
- media: platform: allegro-dvt: Fix possible memory leak in
allocate_buffers_internal()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56574
- media: ts2020: fix null-ptr-deref in ts2020_probe()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56575
- media: imx-jpeg: Ensure power suppliers be suspended before detach them
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56576
- media: i2c: tc358743: Fix crash in the probe error path when using polling
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56578
- media: imx-jpeg: Set video drvdata before register video device
* CVE-2024-56672
- blk-cgroup: Fix UAF in blkcg_unpin_online()
linux-ibm-5.15 (5.15.0-1071.74~20.04.1) focal; urgency=medium
* focal/linux-ibm-5.15: 5.15.0-1071.74~20.04.1 -proposed tracker
(LP: #2097911)
* Packaging resync (LP: #1786013)
- [Packaging] debian.ibm-5.15/dkms-versions -- update from kernel-versions
(main/s2025.01.13)
[ Ubuntu: 5.15.0-1071.74 ]
* jammy/linux-ibm: 5.15.0-1071.74 -proposed tracker (LP: #2097912)
* Packaging resync (LP: #1786013)
- [Packaging] debian.ibm/dkms-versions -- update from kernel-versions
(main/s2025.01.13)
* jammy/linux: 5.15.0-134.145 -proposed tracker (LP: #2097944)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/s2025.01.13)
* CVE-2024-56672
- blk-cgroup: Fix UAF in blkcg_unpin_online()
* CVE-2025-0927
- SAUCE: fs: hfs/hfsplus: add key_len boundary check to hfs_bnode_read_key
linux-ibm-5.15 (5.15.0-1070.73~20.04.1) focal; urgency=medium
* focal/linux-ibm-5.15: 5.15.0-1070.73~20.04.1 -proposed tracker
(LP: #2093701)
* Add list of source files to linux-buildinfo (LP: #2086606)
- [Packaging] Add dwarfdump package in the Build-Depends
[ Ubuntu: 5.15.0-1070.73 ]
* jammy/linux-ibm: 5.15.0-1070.73 -proposed tracker (LP: #2093702)
* Add list of source files to linux-buildinfo (LP: #2086606)
- [Packaging] Add dwarfdump package to Build-Depends
* jammy/linux: 5.15.0-132.143 -proposed tracker (LP: #2093735)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.01.13)
* KVM: Cache CPUID at KVM.ko module init to reduce latency of VM-Enter and VM-
Exit (LP: #2093146)
- kvm: x86: Fix xstate_required_size() to follow XSTATE alignment rule
- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init
* Jammy update: v5.15.173 upstream stable release (LP: #2089541)
- 9p: Avoid creating multiple slab caches with the same name
- irqchip/ocelot: Fix trigger register address
- block: Fix elevator_get_default() checking for NULL q->tag_set
- HID: multitouch: Add support for B2402FVA track point
- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
- bpf: use kvzmalloc to allocate BPF verifier environment
- crypto: marvell/cesa - Disable hash algorithms
- sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML
- drm/vmwgfx: Limit display layout ioctl array size to
VMWGFX_NUM_DISPLAY_UNITS
- powerpc/powernv: Free name on error in opal_event_init()
- vDPA/ifcvf: Fix pci_read_config_byte() return code handling
- fs: Fix uninitialized value issue in from_kuid and from_kgid
- HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad
- HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition
- md/raid10: improve code of mrdev in raid10_sync_request
- mm/memory: add non-anonymous page check in the copy_present_page()
- udf: Allocate name buffer in directory iterator on heap
- udf: Avoid directory type conversion failure due to ENOMEM
- 9p: fix slab cache name creation for real
- Linux 5.15.173
* Jammy update: v5.15.173 upstream stable release (LP: #2089541) //
CVE-2024-41080
- io_uring: fix possible deadlock in io_register_iowq_max_workers()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533)
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-
excavator
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc
- arm64: dts: imx8mp: correct sdhc ipg clk
- ARM: dts: rockchip: fix rk3036 acodec node
- ARM: dts: rockchip: drop grf reference from rk3036 hdmi
- ARM: dts: rockchip: Fix the spi controller on rk3036
- ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible
- NFS: Add a tracepoint to show the results of nfs_set_cache_invalid()
- NFSv3: handle out-of-order write replies.
- nfs: avoid i_lock contention in nfs_clear_invalid_mapping
- net: enetc: set MAC address to the VF net_device
- can: c_can: fix {rx,tx}_errors statistics
- net: phy: ti: add PHY_RST_AFTER_CLK_EN flag
- net: stmmac: Fix unbalanced IRQ wake disable warning on single irq case
- Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown"
- media: stb0899_algo: initialize cfr before using it
- media: dvb_frontend: don't play tricks with underflow values
- media: adv7604: prevent underflow condition when reporting colorspace
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer
- ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init()
- media: pulse8-cec: fix data timestamp at pulse8_setup()
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl()
- pwm: imx-tpm: Use correct MODULO value for EPWM mode
- drm/amdgpu: Adjust debugfs eviction and IB access permissions
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
- thermal/drivers/qcom/lmh: Remove false lockdep backtrace
- dm cache: correct the number of origin blocks to match the target length
- dm cache: optimize dirty bit checking with find_next_bit when resizing
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t
overflow
- ALSA: usb-audio: Add quirk for HP 320 FHD Webcam
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone
- io_uring: rename kiocb_end_write() local helper
- fs: create kiocb_{start,end}_write() helpers
- io_uring: use kiocb_{start,end}_write() helpers
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in
uvc_parse_format
- fs/proc: fix compile warning about variable 'vmcore_mmap_ops'
- usb: dwc3: fix fault at system suspend if device was already runtime
suspended
- USB: serial: qcserial: add support for Sierra Wireless EM86xx
- USB: serial: option: add Fibocom FG132 0x0112 composition
- USB: serial: option: add Quectel RG650V
- irqchip/gic-v3: Force propagation of the active state with a read-back
- ucounts: fix counter leak in inc_rlimit_get_ucounts()
- ALSA: usb-audio: Support jack detection on Dell dock
- ALSA: usb-audio: Add quirks for Dell WD19 dock
- ACPI: PRM: Clean up guid type in struct prm_handler_info
- ALSA: usb-audio: Add endianness annotations
- Linux 5.15.172
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50265
- ocfs2: remove entry once instead of null-ptr-dereference in
ocfs2_xa_remove()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50267
- USB: serial: io_edgeport: fix use after free in debug printk
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50268
- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50269
- usb: musb: sunxi: Fix accessing an released usb phy
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50036
- net: do not delay dst_entries_add() in dst_release()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-42291
- ice: Add a per-VF limit on number of FDIR filters
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50273
- btrfs: reinitialize delayed ref list after deleting it from the list
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-53066
- nfs: Fix KMSAN warning in decode_getfattr_attrs()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-53052
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50278
- dm cache: fix potential out-of-bounds access on the first resume
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50279
- dm cache: fix out-of-bounds access to the dirty bitset when resizing
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50282
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50287
- media: v4l2-tpg: prevent the risk of a division by zero
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50290
- media: cx24116: prevent overflows on SNR calculus
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-53061
- media: s5p-jpeg: prevent buffer overflows
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50292
- ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-53063
- media: dvbdev: prevent the risk of out of memory access
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50295
- net: arc: fix the device for dma_map_single/dma_unmap_single
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50296
- net: hns3: fix kernel crash when uninstalling driver
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-53088
- i40e: fix race condition by adding filter's intermediate sync state
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50299
- sctp: properly validate chunk size in sctp_sf_ootb()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50301
- security/keys: fix slab-out-of-bounds in key_task_permission
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50302
- HID: core: zero-initialize the report buffer
* Jammy update: v5.15.171 upstream stable release (LP: #2089405)
- selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test
- ACPI: PRM: Remove unnecessary blank lines
- ACPI: PRM: Change handler_addr type to void pointer
- cgroup: Fix potential overflow issue when checking max_depth
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys
- wifi: brcm80211: BRCM_TRACING should depend on TRACING
- RDMA/cxgb4: Dump vendor specific QP details
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down
- RDMA/bnxt_re: synchronize the qp-handle table array
- mac80211: do drv_reconfig_complete() before restarting all
- mac80211: Add support to trigger sta disconnect on hardware restart
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe()
- gtp: allow -1 to be specified as file description from userspace
- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension
- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state()
- fs/ntfs3: Fix warning possible deadlock in ntfs_set_state
- scsi: scsi_transport_fc: Allow setting rport state to current state
- net: amd: mvme147: Fix probe banner message
- NFS: remove revoked delegation from server's delegation list
- misc: sgi-gru: Don't disable preemption in GRU driver
- usbip: tools: Fix detach_port() invalid port error path
- usb: phy: Fix API devm_usb_put_phy() can not release the phy
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes()
- xhci: Fix Link TRB DMA in command ring stopped completion event
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems
- Revert "driver core: Fix uevent_show() vs driver detach race"
- iio: light: veml6030: fix microlux value calculation
- riscv: vdso: Prevent the compiler from inserting calls to memset()
- riscv: efi: Set NX compat flag in PE/COFF header
- riscv: Use '%u' to format the output of 'cpu'
- riscv: Remove unused GENERATING_ASM_OFFSETS
- riscv: Remove duplicated GET_RM
- mm/page_alloc: call check_new_pages() while zone spinlock is not held
- mm/page_alloc: fix tracepoint mm_page_alloc_zone_locked()
- mm/page_alloc: split out buddy removal code from rmqueue into separate
helper
- mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE
- mm/page_alloc: treat RT tasks similar to __GFP_HIGH
- mm/page_alloc: explicitly record high-order atomic allocations in
alloc_flags
- mm/page_alloc: explicitly define what alloc flags deplete min reserves
- mm/page_alloc: explicitly define how __GFP_HIGH non-blocking allocations
accesses reserves
- Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device"
- vt: prevent kernel-infoleak in con_font_get()
- mac80211: always have ieee80211_sta_restart()
- Linux 5.15.171
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2023-52913
- drm/i915: Fix potential context UAFs
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50228
- mm: shmem: fix data-race in shmem_getattr()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-53055
- wifi: iwlwifi: mvm: fix 6 GHz scan construction
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50230
- nilfs2: fix kernel bug due to missing clearing of checked flag
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50072
- x86/bugs: Use code segment selector for VERW operand
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50218
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50219
- mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50229
- nilfs2: fix potential deadlock with newly created symlinks
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50232
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50233
- staging: iio: frequency: ad9832: fix division by zero in
ad9832_calc_freqreg()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50234
- wifi: iwlegacy: Clear stale interrupts before resuming device
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50236
- wifi: ath10k: Fix memory leak in management tx
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50237
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50244
- fs/ntfs3: Additional check in ni_clear()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50245
- fs/ntfs3: Fix possible deadlock in mi_read
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50247
- fs/ntfs3: Check if more than chunk-size bytes are written
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50249
- ACPI: CPPC: Make rmw_lock a raw_spin_lock
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50251
- netfilter: nft_payload: sanitize offset and length before calling
skb_checksum()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50257
- netfilter: Fix use-after-free in get_info()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50262
- bpf: Fix out-of-bounds write in trie_get_next_key()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50259
- netdevsim: Add trailing zero to terminate the string in
nsim_nexthop_bucket_activity_write()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-53042
- ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-53058
- net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-53059
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50141
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50086
- ksmbd: fix user-after-free from session log off
* Jammy update: v5.15.170 upstream stable release (LP: #2089272)
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure
- x86/resctrl: Avoid overflow in MB settings in bw_validate()
- ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
- RDMA/irdma: Fix misspelling of "accept*"
- ipv4: give an IPv4 dev to blackhole_netdev
- RDMA/bnxt_re: Return more meaningful error
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation
- drm/msm: Allocate memory for disp snapshot with kvzalloc()
- net: usb: usbnet: fix race in probe failure
- octeontx2-af: Fix potential integer overflows on integer shifts
- macsec: don't increment counters for an unrelated SA
- net: ethernet: aeroflex: fix potential memory leak in
greth_start_xmit_gbit()
- net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid
- net: xilinx: axienet: fix potential memory leak in axienet_start_xmit()
- genetlink: hold RCU in genlmsg_mcast()
- s390: Initialize psw mask in perf_arch_fetch_caller_regs()
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian
- KVM: s390: gaccess: Check if guest address is in memslot
- usb: gadget: Add function wakeup support
- XHCI: Separate PORT and CAPs macros into dedicated file
- usb: dwc3: core: Fix system suspend on TI AM62 platforms
- block, bfq: fix procress reference leakage for bfqq in merge chain
- ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to
default regs values
- ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit
- arm64: Force position-independent veneers
- platform/x86: dell-wmi: Ignore suspend notifications
- arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning
- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string
- platform/x86: dell-sysman: add support for alienware products
- jfs: Fix sanity check in dbMount
- xfrm: extract dst lookup parameters into a struct
- xfrm: respect ip protocols rules criteria when performing dst lookups
- net: plip: fix break; causing plip to never transmit
- net: dsa: mv88e6xxx: Fix error when setting port policy on mv88e6393x
- net: usb: usbnet: fix name regression
- r8169: avoid unsolicited interrupts
- posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
- bpf,perf: Fix perf_event_detach_bpf_prog error handling
- ALSA: hda/realtek: Update default depop procedure
- btrfs: zoned: fix zone unusable accounting for freed reserved extent
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid
detection issue
- openat2: explicitly return -E2BIG for (usize > PAGE_SIZE)
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event
- selinux: improve error checking in sel_write_load()
- net: phy: dp83822: Fix reset pin definitions
- Linux 5.15.170
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50142
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50103
- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50058
- serial: protect uart_port_dtr_rts() in uart_shutdown() too
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50110
- xfrm: fix one more kernel-infoleak in algo dumping
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50115
- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50116
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50117
- drm/amd: Guard against bad data for ATIF ACPI method
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50205
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50127
- net: sched: fix use-after-free in taprio_change()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50128
- net: wwan: fix global oob in wwan_rtnl_policy
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50167
- be2net: fix potential memory leak in be_xmit()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50168
- net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50131
- tracing: Consider the NULL character when validating the event length
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50143
- udf: fix uninit-value use in udf_get_fileshortad
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50134
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real
VLA
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50010
- exec: don't WARN for racy path_noexec check
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50194
- arm64: probes: Fix uprobes for big-endian kernels
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50148
- Bluetooth: bnep: fix wild-memory-access in proto_unregister
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50150
- usb: typec: altmode should keep reference to parent
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50151
- smb: client: fix OOBs when building SMB2_IOCTL request
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50153
- scsi: target: core: Fix null-ptr-deref in target_alloc_device()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50154
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50171
- net: systemport: fix potential memory leak in bcm_sysport_xmit()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50156
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50208
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50160
- ALSA: hda/cs8409: Fix possible NULL dereference
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50209
- RDMA/bnxt_re: Add a check for memory allocation
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50162
- bpf: devmap: provide rxq after redirect
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50163
- bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
* kernel:nft "Could not process rule: Device or resource busy" on unreferenced
chain (LP: #2089699)
- SAUCE: netfilter: nf_tables: Fix EBUSY on deleting unreferenced chain
* WARN in trc_wait_for_one_reader about failed IPIs (LP: #2089373)
- SAUCE: rcu-tasks: fix mismerge in trc_inspect_reader
- rcu-tasks: Idle tasks on offline CPUs are in quiescent states
* CVE-2024-35887
- ax25: fix use-after-free bugs caused by ax25_ds_del_timer
* CVE-2024-40965
- clk: Add a devm variant of clk_rate_exclusive_get()
- clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get()
- i2c: lpi2c: Avoid calling clk_get_rate during transfer
* CVE-2024-40982
- ssb: Fix potential NULL pointer dereference in ssb_device_uevent()
* CVE-2024-41066
- ibmvnic: Add tx check to prevent skb leak
* CVE-2024-42252
- closures: Change BUG_ON() to WARN_ON()
* CVE-2024-53097
- mm: krealloc: Fix MTE false alarm in __do_krealloc
* Add list of source files to linux-buildinfo (LP: #2086606)
- [Packaging] Sort build dependencies alphabetically
- [Packaging] Add list of used source files to buildinfo package
* UFS: uspi->s_3apb UBSAN: shift-out-of-bounds (LP: #2087853)
- ufs: ufs_sb_private_info: remove unused s_{2, 3}apb fields
* Jammy update: v5.15.169 upstream stable release (LP: #2088231)
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2
- udf: New directory iteration code
- udf: Convert udf_expand_dir_adinicb() to new directory iteration
- udf: Move udf_expand_dir_adinicb() to its callsite
- udf: Implement searching for directory entry using new iteration code
- udf: Provide function to mark entry as deleted using new directory iteration
code
- udf: Convert udf_rename() to new directory iteration code
- udf: Convert udf_readdir() to new directory iteration
- udf: Convert udf_lookup() to use new directory iteration code
- udf: Convert udf_get_parent() to new directory iteration code
- udf: Convert empty_dir() to new directory iteration code
- udf: Convert udf_rmdir() to new directory iteration code
- udf: Convert udf_unlink() to new directory iteration code
- udf: Implement adding of dir entries using new iteration code
- udf: Convert udf_add_nondir() to new directory iteration
- udf: Convert udf_mkdir() to new directory iteration code
- udf: Convert udf_link() to new directory iteration code
- udf: Remove old directory iteration code
- udf: Handle error when expanding directory
- udf: Don't return bh from udf_expand_dir_adinicb()
- udf: Fix bogus checksum computation in udf_rename()
- net: enetc: remove xdp_drops statistic from enetc_xdp_drop()
- net: enetc: add missing static descriptor and inline keyword
- posix-clock: Fix missing timespec64 check in pc_clock_settime()
- arm64: probes: Remove broken LDR (literal) uprobe support
- arm64: probes: Fix simulate_ldr*_literal()
- net: macb: Avoid 20s boot delay by skipping MDIO bus registration for fixed-
link PHY
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1
- fat: fix uninitialized variable
- mm/swapfile: skip HugeTLB pages for unuse_vma
- secretmem: disable memfd_secret() if arch cannot set direct map
- dm-crypt, dm-verity: disable tasklets
- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
- drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)
- io_uring/sqpoll: do not allow pinning outside of cpuset
- io_uring/sqpoll: retain test for whether the CPU is valid
- io_uring/sqpoll: do not put cpumask on stack
- iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR
- KVM: s390: Change virtual to physical address access in diag 0x258 handler
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag
- x86/entry: Have entry_ibpb() invalidate return predictions
- x86/bugs: Skip RSB fill at VMEXIT
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
- io_uring/sqpoll: close race on waiting for sqring entries
- drm/radeon: Fix encoder->possible_clones
- drm/vmwgfx: Handle surface check failure correctly
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig
- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
- iio: hid-sensors: Fix an error handling path in
_hid_sensor_set_report_latency()
- iio: light: veml6030: fix ALS sensor resolution
- iio: light: veml6030: fix IIO device retrieval from embedded device
- iio: light: opt3001: add missing full-scale range value
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
- Bluetooth: Remove debugfs directory on module init failure
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
- xhci: Fix incorrect stream context type macro
- xhci: Mitigate failed set dequeue pointer commands
- USB: serial: option: add support for Quectel EG916Q-GL
- USB: serial: option: add Telit FN920C04 MBIM compositions
- parport: Proper fix for array out-of-bounds access
- x86/resctrl: Annotate get_mem_config() functions as __init
- x86/apic: Always explicitly disarm TSC-deadline timer
- x86/entry_32: Do not clobber user EFLAGS.ZF
- x86/entry_32: Clear CPU buffers after register restore in NMI return
- pinctrl: ocelot: fix system hang on level based interrupts
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
- mptcp: track and update contiguous data status
- mptcp: handle consistently DSS corruption
- tcp: fix mptcp DSS corruption due to large pmtu xmit
- mptcp: fallback when MPTCP opts are dropped after 1st data
- mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
- mptcp: prevent MPC handshake on port-based signal endpoints
- nilfs2: propagate directory read errors from nilfs_find_entry()
- powerpc/mm: Always update max/min_low_pfn in mem_topology_setup()
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne
1000 G2
- Linux 5.15.169
Date: 2025-04-02 14:58:16.108992+00:00
Changed-By: GuoqingJiang <guoqing.jiang at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-ibm-5.15/5.15.0-1074.77~20.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list