[ubuntu/focal-proposed] linux 5.4.0-218.238 (Accepted)
Andy Whitcroft
apw at canonical.com
Thu May 22 17:01:03 UTC 2025
linux (5.4.0-218.238) focal; urgency=medium
* focal/linux: 5.4.0-218.238 -proposed tracker (LP: #2110876)
* Rotate the Canonical Livepatch key (LP: #2111244)
- [Config] Prepare for Canonical Livepatch key rotation
* CVE-2025-2312 cifs.upcall could access incorrect kerberos credentials cache
(LP: #2099914) // CVE-2025-2312
- CIFS: New mount option for cifs.upcall namespace resolution
* Focal update: v5.4.292 upstream stable release (LP: #2109357)
- vlan: fix memory leak in vlan_newlink()
- clockevents/drivers/i8253: Fix stop sequence for timer 0
- sched/isolation: Prevent boot crash when the boot CPU is nohz_full
- Revert "UBUNTU: SAUCE: sctp: sysctl: pass right argument to container_of"
- Revert "sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy"
- Revert "sctp: sysctl: auth_enable: avoid using current->nsproxy"
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
- sctp: sysctl: auth_enable: avoid using current->nsproxy
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value
- netpoll: Fix use correct return type for ndo_start_xmit()
- netpoll: remove dev argument from netpoll_send_skb_on_dev()
- netpoll: move netpoll_send_skb() out of line
- netpoll: netpoll_send_skb() returns transmit status
- netpoll: hold rcu read lock in __netpoll_send_skb()
- drivers/hv: Replace binary semaphore with mutex
- Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio()
- ipvs: prevent integer overflow in do_ip_vs_get_ctl()
- netfilter: nft_exthdr: fix offset with ipv4_find_option()
- net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices
- nvme-fc: go straight to connecting state when initializing
- hrtimers: Mark is_migration_base() with __always_inline
- powercap: call put_device() on an error path in
powercap_register_control_type()
- ACPI: resource: IRQ override for Eluktronics MECH-17
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell
- s390/cio: Fix CHPID "configure" attribute caching
- ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime()
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done
- sctp: Fix undefined behavior in left shift operation
- nvme: only allow entering LIVE from CONNECTING state
- fuse: don't truncate cached, mutated symlink
- x86/irq: Define trace events conditionally
- drm/nouveau: Do not override forced connector status
- block: fix 'kmem_cache of name 'bio-108' already exists'
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3
- USB: serial: option: add Telit Cinterion FE990B compositions
- USB: serial: option: fix Telit Cinterion FE990A name
- USB: serial: option: match on interface class for Telit FN990B
- drm/atomic: Filter out redundant DPMS calls
- qlcnic: fix memory leak issues in qlcnic_sriov_common.c
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data()
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe()
- i2c: ali1535: Fix an error handling path in ali1535_probe()
- i2c: ali15x3: Fix an error handling path in ali15x3_probe()
- i2c: sis630: Fix an error handling path in sis630_probe()
- firmware: imx-scu: fix OF node leak in .probe()
- xfrm_output: Force software GSO only in tunnel mode
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path
- RDMA/hns: Fix wrong value of max_sge_rd
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().
- net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES
- i2c: omap: fix IRQ storms
- drm/v3d: Don't run jobs that have errors flagged in its fence
- mmc: atmel-mci: Add missing clk_disable_unprepare()
- ARM: shmobile: smp: Enforce shmobile_smp_* alignment
- batman-adv: Ignore own maximum aggregation size during RX
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names
- HID: hid-plantronics: Add mic mute mapping and generalize quirks
- ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed()
- ARM: 9351/1: fault: Add "cut here" line for prefetch aborts
- ARM: Remove address checking for MMUless devices
- counter: stm32-lptimer-cnt: fix error handling when enabling
- tty: serial: 8250: Add some more device IDs
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition
- net: usb: usbnet: restore usb%d name exception for local mac addresses
- serial: 8250_dma: terminate correct DMA in tx_dma_flush()
- x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
- x86/fpu: Avoid copying dynamic FP state from init_task in
arch_dup_task_struct()
- x86/platform: Only allow CONFIG_EISA for 32-bit
- [Config] updateconfigs for HAVE_EISA
- selinux: Chain up tool resolving errors in install_policy.sh
- EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
- EDAC/ie31200: Fix the DIMM size mask for several SoCs
- EDAC/ie31200: Fix the error path order of ie31200_init()
- PM: sleep: Fix handling devices with direct_complete set on errors
- lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
- ALSA: hda/realtek: Always honor no_shutup_pins
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
- PCI/portdrv: Only disable pciehp interrupts early when needed
- PCI: Remove stray put_device() in pci_register_host_bridge()
- PCI: pciehp: Don't enable HPIE when resuming in poll mode
- fbdev: au1100fb: Move a variable assignment behind a null pointer check
- mdacon: rework dependency list
- fbdev: sm501fb: Add some geometry checks.
- clk: amlogic: gxbb: drop incorrect flag on 32k clock
- bpf: Use preempt_count() directly in bpf_send_signal_common()
- lib: 842: Improve error handling in sw842_compress()
- pinctrl: renesas: rza2: Fix missing of_node_put() call
- clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
- IB/mad: Check available slots before posting receive WRs
- clk: amlogic: g12b: fix cluster A parent data
- clk: amlogic: gxbb: drop non existing 32k clock parent
- clk: amlogic: g12a: fix mmc A peripheral clock
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
- power: supply: max77693: Fix wrong conversion of charge input threshold
value
- mfd: sm501: Switch to BIT() to mitigate integer overflows
- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to
misplaced assignment
- isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
- coresight: catu: Fix number of pages while using 64k pages
- iio: accel: mma8452: Ensure error return on failure to matching oversampling
ratio
- perf units: Fix insufficient array space
- kexec: initialize ELF lowest address to ULONG_MAX
- perf python: Fixup description of sample.id event member
- perf python: Decrement the refcount of just created event on failure
- perf python: Check if there is space to copy all the event
- fs/procfs: fix the comment above proc_pid_wchan()
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
- ring-buffer: Fix bytes_dropped calculation issue
- octeontx2-af: Fix mbox INTR handler when num VFs > 64
- sched/smt: Always inline sched_smt_active()
- wifi: iwlwifi: fw: allocate chained SG tables for dump
- affs: generate OFS sequence numbers starting at 1
- affs: don't write overlarge OFS data block size fields
- sched/deadline: Use online cpus for validating runtime
- locking/semaphore: Use wake_q to wake up processes outside lock critical
section
- can: statistics: use atomic access in hot path
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
- ntb: intel: Fix using link status DB's
- vsock: avoid timeout during connect() if the socket is closing
- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
- net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
- can: flexcan: only change CAN state when link up in system PM
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
- x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
- jfs: add index corruption check to DT_GETPAGE()
- Linux 5.4.292
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-39735
- jfs: fix slab-out-of-bounds read in ea_get()
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-22035
- tracing: Fix use-after-free in print_graph_function_flags during tracer
switching
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-22045
- x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-22054
- arcnet: Add NULL check in com20020pci_probe()
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-38637
- net_sched: skbprio: Remove overly strict queue assertions
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-22063
- netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2023-53034
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-22071
- spufs: fix a leak in spufs_create_context()
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-22073
- spufs: fix a leak on spufs_new_file() failure
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-22079
- ocfs2: validate l_tree_depth to avoid out-of-bounds access
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-22086
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2024-58093
- PCI/ASPM: Fix link state exit during switch upstream function removal
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-23136
- thermal: int340x: Add NULL check for adev
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-22020
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-22021
- netfilter: socket: Lookup orig tuple for IPv6 SNAT
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-22018
- atm: Fix NULL pointer dereference
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-21996
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-22004
- net: atm: fix use after free in lec_send()
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-22005
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-22007
- Bluetooth: Fix error code in chan_alloc_skb_cb()
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-21956
- drm/amd/display: Assign normalized_pix_clk when color depth = 14
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-21991
- x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-21992
- HID: ignore non-functional sensor in HP 5MP Camera
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-21957
- scsi: qla1280: Fix kernel oops when debug level > 2
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-21993
- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
* Focal update: v5.4.292 upstream stable release (LP: #2109357) //
CVE-2025-21959
- netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in
insert_tree()
* CVE-2024-53168
- net: make sock_inuse_add() available
- sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
* CVE-2024-56551
- drm/amdgpu: fix usage slab after free
* CVE-2021-47211
- ALSA: usb-audio: fix null pointer dereference on pointer cs_desc
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
Date: 2025-05-19 10:34:12.863166+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux/5.4.0-218.238
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list