Public bug reported:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
v6.0.18 upstream stable release
from git://git.kernel.org/
Linux 6.0.18
cifs: prevent copying past input buffer boundaries
drm/amd/pm: correct the fan speed retrieving in PWM for some SMU13 asics
drm/amd/pm: bump SMU13.0.0 driver_if header to version 0x34
drm/amd/pm: add missing SMU13.0.7 mm_dpm feature mapping
drm/amd/pm: add missing SMU13.0.0 mm_dpm feature mapping
drm/i915/migrate: Account for the reserved_space
drm/i915: improve the catch-all evict to handle lock contention
drm/amdgpu: make display pinning more flexible (v2)
drm/amdgpu: handle polaris10/11 overlap asics (v2)
drm/amd/display: Add DCN314 display SG Support
drm/i915/ttm: consider CCS for backup objects
ext4: allocate extended attribute value in vmalloc area
ext4: avoid unaccounted block allocation when expanding inode
ext4: initialize quota before expanding inode in setproject ioctl
ext4: fix inode leak in ext4_xattr_inode_create() on an error path
ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
ext4: fix deadlock due to mbcache entry corruption
ext4: avoid BUG_ON when creating xattrs
ext4: fix corrupt backup group descriptors after online resize
ext4: dont return EINVAL from GETFSUUID when reporting UUID length
ext4: fix bad checksum after online resize
ext4: fix error code return to user-space in ext4_get_branch()
ext4: fix corruption when online resizing a 1K bigalloc fs
ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
ext4: don't fail GETFSUUID when the caller provides a long buffer
ext4: init quota for 'old.inode' in 'ext4_rename'
ext4: fix uninititialized value in 'ext4_evict_inode'
ext4: fix off-by-one errors in fast-commit block filling
ext4: fix unaligned memory access in ext4_fc_reserve_space()
ext4: add missing validation of fast-commit record lengths
ext4: don't set up encryption key during jbd2 transaction
ext4: fix leaking uninitialized memory in fast-commit journal
ext4: disable fast-commit of encrypted dir operations
ext4: don't allow journal inode to have encrypt flag
ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
ext4: check and assert if marking an no_delete evicting inode dirty
ext4: journal_path mount options should follow links
ext4: fix reserved cluster accounting in __es_remove_extent()
ext4: fix bug_on in __es_tree_search caused by bad quota inode
ext4: add helper to check quota inums
ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
ext4: fix undefined behavior in bit shift for ext4_check_flag_values
ext4: fix use-after-free in ext4_orphan_cleanup
fs: ext4: initialize fsdata in pagecache_write()
ext4: remove trailing newline from ext4_msg() message
ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite
loop
ext4: silence the warning when evicting inode with dioread_nolock
drm/etnaviv: reap idle mapping if it doesn't match the softpin address
drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init()
drm/i915/dsi: fix VBT send packet port selection for dual link DSI
drm/etnaviv: move idle mapping reaping into separate function
drm/vmwgfx: Validate the box size for the snooped cursor
drm/connector: send hotplug uevent on connector cleanup
device_cgroup: Roll back to original exceptions after copy failure
parisc: Drop PMD_SHIFT from calculation in pgtable.h
parisc: Add missing FORCE prerequisites in Makefile
parisc: Fix locking in pdc_iodc_print() firmware call
parisc: led: Fix potential null-ptr-deref in start_task()
remoteproc: imx_rproc: Correct i.MX93 DRAM mapping
remoteproc: core: Do pm_relax when in RPROC_OFFLINE state
remoteproc: imx_dsp_rproc: Add mutex protection for workqueue
test_kprobes: Fix implicit declaration error of test_kprobes
iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options
iommu/amd: Fix ivrs_acpihid cmdline parsing code
phy: qcom-qmp-combo: fix sc8180x reset
bus: mhi: host: Fix race between channel preparation and M0 event
driver core: Fix bus_type.match() error handling in __driver_attach()
crypto: ccp - Add support for TEE for PCI ID 0x14CA
crypto: n2 - add missing hash statesize
riscv: mm: notify remote harts about mmu cache updates
riscv: stacktrace: Fixup ftrace_graph_ret_addr retp argument
RISC-V: kexec: Fix memory leak of elf header buffer
riscv: Fixup compile error with !MMU
RISC-V: kexec: Fix memory leak of fdt buffer
PCI/sysfs: Fix double free in error path
PCI: Fix pci_device_is_present() for VFs by checking PF
crypto: ccree,hisilicon - Fix dependencies to correct algorithm
ima: Fix memory leak in __ima_inode_hash()
mtd: spi-nor: gigadevice: gd25q256: replace gd25q256_default_init with
gd25q256_post_bfpt
ipmi: fix use after free in _ipmi_destroy_user()
ima: Fix a potential NULL pointer access in ima_restore_measurement_list
mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type()
ipmi: fix long wait in unload when IPMI disconnect
ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection()
ASoC: jz4740-i2s: Handle independent FIFO flush bits
wifi: wilc1000: sdio: fix module autoloading
efi: Add iMac Pro 2017 to uefi skip cert quirk
md/bitmap: Fix bitmap chunk size overflow issues
block: mq-deadline: Do not break sequential write streams to zoned HDDs
block: mq-deadline: Fix dd_finish_request() for zoned devices
drm/amdgpu: fix mmhub register base coding error
rtc: ds1347: fix value written to century register
ravb: Fix "failed to switch device to config mode" message during unbind
cifs: set correct status of tcon ipc when reconnecting
cifs: set correct ipc status after initial tree connect
cifs: set correct tcon status after initial tree connect
cifs: fix missing display of three mount options
cifs: fix confusing debug message
media: dvb-core: Fix UAF due to refcount races at releasing
media: dvb-core: Fix double free in dvb_register_device()
ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
arm64: dts: mediatek: mt8195-demo: fix the memory size of node secmon
staging: media: tegra-video: fix device_node use after free
staging: media: tegra-video: fix chan->mipi value on error
tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
tracing: Fix issue of missing one synthetic field
tracing/probes: Handle system names with hyphens
tracing/hist: Fix wrong return value in parse_action_params()
tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE
powerpc/ftrace: fix syscall tracing on PPC64_ELF_ABI_V1
tracing: Fix race where eprobes can be called before the event
x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK
x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK
ftrace/x86: Add back ftrace_expected for ftrace bug reports
x86/microcode/intel: Do not retry microcode reloading on the APs
KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1
KVM: x86: fix APICv/x2AVIC disabled when vm reboot by itself
KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails
KVM: VMX: Resume guest immediately when injecting #GP on ECREATE
ima: Fix hash dependency to correct algorithm
of/kexec: Fix reading 32-bit "linux,initrd-{start,end}" values
xtensa: add __umulsidi3 helper
perf/core: Call LSM hook after copying perf_event_attr
tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx'
PCI/DOE: Fix maximum data object length miscalculation
dm cache: set needs_check flag after aborting metadata
dm cache: Fix UAF in destroy()
dm clone: Fix UAF in clone_dtr()
dm integrity: Fix UAF in dm_integrity_dtr()
dm thin: Fix UAF in run_timer_softirq()
dm thin: resume even if in FAIL mode
dm thin: Use last transaction's pmd->root when commit failed
dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata
dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
mptcp: use proper req destructor for IPv6
mptcp: dedicated request sock for subflow in v6
mptcp: remove MPTCP 'ifdef' in TCP SYN cookies
mptcp: netlink: fix some error return code
fs: dlm: retry accept() until -EAGAIN or error returns
fs: dlm: fix sock release if listen fails
ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops
ALSA: patch_realtek: Fix Dell Inspiron Plus 16
bpf: Resolve fext program type when checking map compatibility
media: s5p-mfc: Fix in register read and write for H264
media: s5p-mfc: Clear workbit to handle error condition
media: s5p-mfc: Fix to handle reference queue during finishing
ext2: unbugger ext2_empty_dir()
cpufreq: Init completion before kobject_init_and_add()
PM/devfreq: governor: Add a private governor_data for governor
x86/MCE/AMD: Clear DFR errors found in THR handler
selftests: Use optional USERCFLAGS and USERLDFLAGS
EDAC/mc_sysfs: Increase legacy channel support to 12
cxl/region: Fix missing probe failure
arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength
x86/fpu/xstate: Fix XSTATE_WARN_ON() to emit relevant diagnostics
arm64: dts: qcom: sdm850-samsung-w737: correct I2C12 pins drive strength
ARM: ux500: do not directly dereference __iomem
btrfs: fix resolving backrefs for inline extent followed by prealloc
btrfs: fix extent map use-after-free when handling missing device in
read_one_chunk
drm/amd/pm: correct SMU13.0.0 pstate profiling clock settings
drm/amd/pm: update SMU13.0.0 reported maximum shader clock
phy: qcom-qmp-combo: fix out-of-bounds clock access
mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K
arm64: dts: qcom: sc8280xp: fix UFS reference clocks
arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength
perf/x86/intel/uncore: Clear attr_update properly
perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D
jbd2: use the correct print format
ktest.pl minconfig: Unset configs instead of just removing them
kest.pl: Fix grub2 menu handling for rebooting
soc: qcom: Select REMAP_MMIO for ICC_BWMON driver
soc: qcom: Select REMAP_MMIO for LLCC driver
arm64: Prohibit instrumentation on arch_stack_walk()
arm64: dts: qcom: sc8280xp: fix UFS DMA coherency
cxl/region: Fix memdev reuse check
media: stv0288: use explicitly signed char
drm/amdgpu: skip MES for S0ix as well since it's part of GFX
** Affects: linux-oem-6.0 (Ubuntu)
Importance: Undecided
Status: Confirmed
** Affects: linux-oem-6.0 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Tags: kernel-stable-tracking-bug
** Changed in: linux-oem-6.0 (Ubuntu)
Status: New => Confirmed
** Tags added: kernel-stable-tracking-bug
** Also affects: linux-oem-6.0 (Ubuntu Jammy)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-6.0 in Ubuntu.
https://bugs.launchpad.net/bugs/2002677
Title:
Jammy update: v6.0.18 upstream stable release
Status in linux-oem-6.0 package in Ubuntu:
Confirmed
Status in linux-oem-6.0 source package in Jammy:
New
Bug description:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
v6.0.18 upstream stable release
from git://git.kernel.org/
Linux 6.0.18
cifs: prevent copying past input buffer boundaries
drm/amd/pm: correct the fan speed retrieving in PWM for some SMU13 asics
drm/amd/pm: bump SMU13.0.0 driver_if header to version 0x34
drm/amd/pm: add missing SMU13.0.7 mm_dpm feature mapping
drm/amd/pm: add missing SMU13.0.0 mm_dpm feature mapping
drm/i915/migrate: Account for the reserved_space
drm/i915: improve the catch-all evict to handle lock contention
drm/amdgpu: make display pinning more flexible (v2)
drm/amdgpu: handle polaris10/11 overlap asics (v2)
drm/amd/display: Add DCN314 display SG Support
drm/i915/ttm: consider CCS for backup objects
ext4: allocate extended attribute value in vmalloc area
ext4: avoid unaccounted block allocation when expanding inode
ext4: initialize quota before expanding inode in setproject ioctl
ext4: fix inode leak in ext4_xattr_inode_create() on an error path
ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
ext4: fix deadlock due to mbcache entry corruption
ext4: avoid BUG_ON when creating xattrs
ext4: fix corrupt backup group descriptors after online resize
ext4: dont return EINVAL from GETFSUUID when reporting UUID length
ext4: fix bad checksum after online resize
ext4: fix error code return to user-space in ext4_get_branch()
ext4: fix corruption when online resizing a 1K bigalloc fs
ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
ext4: don't fail GETFSUUID when the caller provides a long buffer
ext4: init quota for 'old.inode' in 'ext4_rename'
ext4: fix uninititialized value in 'ext4_evict_inode'
ext4: fix off-by-one errors in fast-commit block filling
ext4: fix unaligned memory access in ext4_fc_reserve_space()
ext4: add missing validation of fast-commit record lengths
ext4: don't set up encryption key during jbd2 transaction
ext4: fix leaking uninitialized memory in fast-commit journal
ext4: disable fast-commit of encrypted dir operations
ext4: don't allow journal inode to have encrypt flag
ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
ext4: check and assert if marking an no_delete evicting inode dirty
ext4: journal_path mount options should follow links
ext4: fix reserved cluster accounting in __es_remove_extent()
ext4: fix bug_on in __es_tree_search caused by bad quota inode
ext4: add helper to check quota inums
ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
ext4: fix undefined behavior in bit shift for ext4_check_flag_values
ext4: fix use-after-free in ext4_orphan_cleanup
fs: ext4: initialize fsdata in pagecache_write()
ext4: remove trailing newline from ext4_msg() message
ext4: add inode table check in __ext4_get_inode_loc to aovid possible
infinite loop
ext4: silence the warning when evicting inode with dioread_nolock
drm/etnaviv: reap idle mapping if it doesn't match the softpin address
drm/ingenic: Fix missing platform_driver_unregister() call in
ingenic_drm_init()
drm/i915/dsi: fix VBT send packet port selection for dual link DSI
drm/etnaviv: move idle mapping reaping into separate function
drm/vmwgfx: Validate the box size for the snooped cursor
drm/connector: send hotplug uevent on connector cleanup
device_cgroup: Roll back to original exceptions after copy failure
parisc: Drop PMD_SHIFT from calculation in pgtable.h
parisc: Add missing FORCE prerequisites in Makefile
parisc: Fix locking in pdc_iodc_print() firmware call
parisc: led: Fix potential null-ptr-deref in start_task()
remoteproc: imx_rproc: Correct i.MX93 DRAM mapping
remoteproc: core: Do pm_relax when in RPROC_OFFLINE state
remoteproc: imx_dsp_rproc: Add mutex protection for workqueue
test_kprobes: Fix implicit declaration error of test_kprobes
iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options
iommu/amd: Fix ivrs_acpihid cmdline parsing code
phy: qcom-qmp-combo: fix sc8180x reset
bus: mhi: host: Fix race between channel preparation and M0 event
driver core: Fix bus_type.match() error handling in __driver_attach()
crypto: ccp - Add support for TEE for PCI ID 0x14CA
crypto: n2 - add missing hash statesize
riscv: mm: notify remote harts about mmu cache updates
riscv: stacktrace: Fixup ftrace_graph_ret_addr retp argument
RISC-V: kexec: Fix memory leak of elf header buffer
riscv: Fixup compile error with !MMU
RISC-V: kexec: Fix memory leak of fdt buffer
PCI/sysfs: Fix double free in error path
PCI: Fix pci_device_is_present() for VFs by checking PF
crypto: ccree,hisilicon - Fix dependencies to correct algorithm
ima: Fix memory leak in __ima_inode_hash()
mtd: spi-nor: gigadevice: gd25q256: replace gd25q256_default_init with
gd25q256_post_bfpt
ipmi: fix use after free in _ipmi_destroy_user()
ima: Fix a potential NULL pointer access in ima_restore_measurement_list
mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type()
ipmi: fix long wait in unload when IPMI disconnect
ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection()
ASoC: jz4740-i2s: Handle independent FIFO flush bits
wifi: wilc1000: sdio: fix module autoloading
efi: Add iMac Pro 2017 to uefi skip cert quirk
md/bitmap: Fix bitmap chunk size overflow issues
block: mq-deadline: Do not break sequential write streams to zoned HDDs
block: mq-deadline: Fix dd_finish_request() for zoned devices
drm/amdgpu: fix mmhub register base coding error
rtc: ds1347: fix value written to century register
ravb: Fix "failed to switch device to config mode" message during unbind
cifs: set correct status of tcon ipc when reconnecting
cifs: set correct ipc status after initial tree connect
cifs: set correct tcon status after initial tree connect
cifs: fix missing display of three mount options
cifs: fix confusing debug message
media: dvb-core: Fix UAF due to refcount races at releasing
media: dvb-core: Fix double free in dvb_register_device()
ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
arm64: dts: mediatek: mt8195-demo: fix the memory size of node secmon
staging: media: tegra-video: fix device_node use after free
staging: media: tegra-video: fix chan->mipi value on error
tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
tracing: Fix issue of missing one synthetic field
tracing/probes: Handle system names with hyphens
tracing/hist: Fix wrong return value in parse_action_params()
tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE
powerpc/ftrace: fix syscall tracing on PPC64_ELF_ABI_V1
tracing: Fix race where eprobes can be called before the event
x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK
x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK
ftrace/x86: Add back ftrace_expected for ftrace bug reports
x86/microcode/intel: Do not retry microcode reloading on the APs
KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1
KVM: x86: fix APICv/x2AVIC disabled when vm reboot by itself
KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails
KVM: VMX: Resume guest immediately when injecting #GP on ECREATE
ima: Fix hash dependency to correct algorithm
of/kexec: Fix reading 32-bit "linux,initrd-{start,end}" values
xtensa: add __umulsidi3 helper
perf/core: Call LSM hook after copying perf_event_attr
tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx'
PCI/DOE: Fix maximum data object length miscalculation
dm cache: set needs_check flag after aborting metadata
dm cache: Fix UAF in destroy()
dm clone: Fix UAF in clone_dtr()
dm integrity: Fix UAF in dm_integrity_dtr()
dm thin: Fix UAF in run_timer_softirq()
dm thin: resume even if in FAIL mode
dm thin: Use last transaction's pmd->root when commit failed
dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata
dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
mptcp: use proper req destructor for IPv6
mptcp: dedicated request sock for subflow in v6
mptcp: remove MPTCP 'ifdef' in TCP SYN cookies
mptcp: netlink: fix some error return code
fs: dlm: retry accept() until -EAGAIN or error returns
fs: dlm: fix sock release if listen fails
ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops
ALSA: patch_realtek: Fix Dell Inspiron Plus 16
bpf: Resolve fext program type when checking map compatibility
media: s5p-mfc: Fix in register read and write for H264
media: s5p-mfc: Clear workbit to handle error condition
media: s5p-mfc: Fix to handle reference queue during finishing
ext2: unbugger ext2_empty_dir()
cpufreq: Init completion before kobject_init_and_add()
PM/devfreq: governor: Add a private governor_data for governor
x86/MCE/AMD: Clear DFR errors found in THR handler
selftests: Use optional USERCFLAGS and USERLDFLAGS
EDAC/mc_sysfs: Increase legacy channel support to 12
cxl/region: Fix missing probe failure
arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength
x86/fpu/xstate: Fix XSTATE_WARN_ON() to emit relevant diagnostics
arm64: dts: qcom: sdm850-samsung-w737: correct I2C12 pins drive strength
ARM: ux500: do not directly dereference __iomem
btrfs: fix resolving backrefs for inline extent followed by prealloc
btrfs: fix extent map use-after-free when handling missing device in
read_one_chunk
drm/amd/pm: correct SMU13.0.0 pstate profiling clock settings
drm/amd/pm: update SMU13.0.0 reported maximum shader clock
phy: qcom-qmp-combo: fix out-of-bounds clock access
mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K
arm64: dts: qcom: sc8280xp: fix UFS reference clocks
arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength
perf/x86/intel/uncore: Clear attr_update properly
perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D
jbd2: use the correct print format
ktest.pl minconfig: Unset configs instead of just removing them
kest.pl: Fix grub2 menu handling for rebooting
soc: qcom: Select REMAP_MMIO for ICC_BWMON driver
soc: qcom: Select REMAP_MMIO for LLCC driver
arm64: Prohibit instrumentation on arch_stack_walk()
arm64: dts: qcom: sc8280xp: fix UFS DMA coherency
cxl/region: Fix memdev reuse check
media: stv0288: use explicitly signed char
drm/amdgpu: skip MES for S0ix as well since it's part of GFX
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-oem-6.0/+bug/2002677/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
