This bug was fixed in the package linux-gke - 5.15.0-1075.81
---------------
linux-gke (5.15.0-1075.81) jammy; urgency=medium
* jammy/linux-gke: 5.15.0-1075.81 -proposed tracker (LP: #2097141)
* IDPF: TX timeout and crash (LP: #2093622)
- Revert "idpf: trigger SW interrupt when exiting wb_on_itr mode"
- Revert "idpf: add support for SW triggered interrupts"
- Revert "idpf: fix idpf_vc_core_init error path"
- Revert "idpf: avoid vport access in idpf_get_link_ksettings"
- Revert "idpf: enable WB_ON_ITR"
linux-gke (5.15.0-1074.80) jammy; urgency=medium
* jammy/linux-gke: 5.15.0-1074.80 -proposed tracker (LP: #2093699)
* Add list of source files to linux-buildinfo (LP: #2086606)
- [Packaging] Add dwarfdump to build dependencies
* IDPF: TX timeout and crash (LP: #2093622)
- idpf: enable WB_ON_ITR
- idpf: avoid vport access in idpf_get_link_ksettings
- idpf: fix idpf_vc_core_init error path
- idpf: add support for SW triggered interrupts
- idpf: trigger SW interrupt when exiting wb_on_itr mode
[ Ubuntu: 5.15.0-132.143 ]
* jammy/linux: 5.15.0-132.143 -proposed tracker (LP: #2093735)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.01.13)
* KVM: Cache CPUID at KVM.ko module init to reduce latency of VM-Enter and VM-
Exit (LP: #2093146)
- kvm: x86: Fix xstate_required_size() to follow XSTATE alignment rule
- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init
* Jammy update: v5.15.173 upstream stable release (LP: #2089541)
- 9p: Avoid creating multiple slab caches with the same name
- irqchip/ocelot: Fix trigger register address
- block: Fix elevator_get_default() checking for NULL q->tag_set
- HID: multitouch: Add support for B2402FVA track point
- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
- bpf: use kvzmalloc to allocate BPF verifier environment
- crypto: marvell/cesa - Disable hash algorithms
- sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML
- drm/vmwgfx: Limit display layout ioctl array size to
VMWGFX_NUM_DISPLAY_UNITS
- powerpc/powernv: Free name on error in opal_event_init()
- vDPA/ifcvf: Fix pci_read_config_byte() return code handling
- fs: Fix uninitialized value issue in from_kuid and from_kgid
- HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad
- HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition
- md/raid10: improve code of mrdev in raid10_sync_request
- mm/memory: add non-anonymous page check in the copy_present_page()
- udf: Allocate name buffer in directory iterator on heap
- udf: Avoid directory type conversion failure due to ENOMEM
- 9p: fix slab cache name creation for real
- Linux 5.15.173
* Jammy update: v5.15.173 upstream stable release (LP: #2089541) //
CVE-2024-41080
- io_uring: fix possible deadlock in io_register_iowq_max_workers()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533)
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-
excavator
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc
- arm64: dts: imx8mp: correct sdhc ipg clk
- ARM: dts: rockchip: fix rk3036 acodec node
- ARM: dts: rockchip: drop grf reference from rk3036 hdmi
- ARM: dts: rockchip: Fix the spi controller on rk3036
- ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible
- NFS: Add a tracepoint to show the results of nfs_set_cache_invalid()
- NFSv3: handle out-of-order write replies.
- nfs: avoid i_lock contention in nfs_clear_invalid_mapping
- net: enetc: set MAC address to the VF net_device
- can: c_can: fix {rx,tx}_errors statistics
- net: phy: ti: add PHY_RST_AFTER_CLK_EN flag
- net: stmmac: Fix unbalanced IRQ wake disable warning on single irq case
- Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown"
- media: stb0899_algo: initialize cfr before using it
- media: dvb_frontend: don't play tricks with underflow values
- media: adv7604: prevent underflow condition when reporting colorspace
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer
- ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init()
- media: pulse8-cec: fix data timestamp at pulse8_setup()
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl()
- pwm: imx-tpm: Use correct MODULO value for EPWM mode
- drm/amdgpu: Adjust debugfs eviction and IB access permissions
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
- thermal/drivers/qcom/lmh: Remove false lockdep backtrace
- dm cache: correct the number of origin blocks to match the target length
- dm cache: optimize dirty bit checking with find_next_bit when resizing
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t
overflow
- ALSA: usb-audio: Add quirk for HP 320 FHD Webcam
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone
- io_uring: rename kiocb_end_write() local helper
- fs: create kiocb_{start,end}_write() helpers
- io_uring: use kiocb_{start,end}_write() helpers
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in
uvc_parse_format
- fs/proc: fix compile warning about variable 'vmcore_mmap_ops'
- usb: dwc3: fix fault at system suspend if device was already runtime
suspended
- USB: serial: qcserial: add support for Sierra Wireless EM86xx
- USB: serial: option: add Fibocom FG132 0x0112 composition
- USB: serial: option: add Quectel RG650V
- irqchip/gic-v3: Force propagation of the active state with a read-back
- ucounts: fix counter leak in inc_rlimit_get_ucounts()
- ALSA: usb-audio: Support jack detection on Dell dock
- ALSA: usb-audio: Add quirks for Dell WD19 dock
- ACPI: PRM: Clean up guid type in struct prm_handler_info
- ALSA: usb-audio: Add endianness annotations
- Linux 5.15.172
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50265
- ocfs2: remove entry once instead of null-ptr-dereference in
ocfs2_xa_remove()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50267
- USB: serial: io_edgeport: fix use after free in debug printk
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50268
- usb: typec: fix potential out of bounds in
ucsi_ccg_update_set_new_cam_cmd()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50269
- usb: musb: sunxi: Fix accessing an released usb phy
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50036
- net: do not delay dst_entries_add() in dst_release()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-42291
- ice: Add a per-VF limit on number of FDIR filters
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50273
- btrfs: reinitialize delayed ref list after deleting it from the list
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-53066
- nfs: Fix KMSAN warning in decode_getfattr_attrs()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-53052
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50278
- dm cache: fix potential out-of-bounds access on the first resume
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50279
- dm cache: fix out-of-bounds access to the dirty bitset when resizing
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50282
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50287
- media: v4l2-tpg: prevent the risk of a division by zero
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50290
- media: cx24116: prevent overflows on SNR calculus
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-53061
- media: s5p-jpeg: prevent buffer overflows
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50292
- ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-53063
- media: dvbdev: prevent the risk of out of memory access
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50295
- net: arc: fix the device for dma_map_single/dma_unmap_single
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50296
- net: hns3: fix kernel crash when uninstalling driver
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-53088
- i40e: fix race condition by adding filter's intermediate sync state
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50299
- sctp: properly validate chunk size in sctp_sf_ootb()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50301
- security/keys: fix slab-out-of-bounds in key_task_permission
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50302
- HID: core: zero-initialize the report buffer
* Jammy update: v5.15.171 upstream stable release (LP: #2089405)
- selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test
- ACPI: PRM: Remove unnecessary blank lines
- ACPI: PRM: Change handler_addr type to void pointer
- cgroup: Fix potential overflow issue when checking max_depth
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys
- wifi: brcm80211: BRCM_TRACING should depend on TRACING
- RDMA/cxgb4: Dump vendor specific QP details
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down
- RDMA/bnxt_re: synchronize the qp-handle table array
- mac80211: do drv_reconfig_complete() before restarting all
- mac80211: Add support to trigger sta disconnect on hardware restart
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe()
- gtp: allow -1 to be specified as file description from userspace
- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension
- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state()
- fs/ntfs3: Fix warning possible deadlock in ntfs_set_state
- scsi: scsi_transport_fc: Allow setting rport state to current state
- net: amd: mvme147: Fix probe banner message
- NFS: remove revoked delegation from server's delegation list
- misc: sgi-gru: Don't disable preemption in GRU driver
- usbip: tools: Fix detach_port() invalid port error path
- usb: phy: Fix API devm_usb_put_phy() can not release the phy
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes()
- xhci: Fix Link TRB DMA in command ring stopped completion event
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems
- Revert "driver core: Fix uevent_show() vs driver detach race"
- iio: light: veml6030: fix microlux value calculation
- riscv: vdso: Prevent the compiler from inserting calls to memset()
- riscv: efi: Set NX compat flag in PE/COFF header
- riscv: Use '%u' to format the output of 'cpu'
- riscv: Remove unused GENERATING_ASM_OFFSETS
- riscv: Remove duplicated GET_RM
- mm/page_alloc: call check_new_pages() while zone spinlock is not held
- mm/page_alloc: fix tracepoint mm_page_alloc_zone_locked()
- mm/page_alloc: split out buddy removal code from rmqueue into separate
helper
- mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE
- mm/page_alloc: treat RT tasks similar to __GFP_HIGH
- mm/page_alloc: explicitly record high-order atomic allocations in
alloc_flags
- mm/page_alloc: explicitly define what alloc flags deplete min reserves
- mm/page_alloc: explicitly define how __GFP_HIGH non-blocking allocations
accesses reserves
- Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device"
- vt: prevent kernel-infoleak in con_font_get()
- mac80211: always have ieee80211_sta_restart()
- Linux 5.15.171
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2023-52913
- drm/i915: Fix potential context UAFs
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50228
- mm: shmem: fix data-race in shmem_getattr()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-53055
- wifi: iwlwifi: mvm: fix 6 GHz scan construction
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50230
- nilfs2: fix kernel bug due to missing clearing of checked flag
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50072
- x86/bugs: Use code segment selector for VERW operand
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50218
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50219
- mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50229
- nilfs2: fix potential deadlock with newly created symlinks
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50232
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50233
- staging: iio: frequency: ad9832: fix division by zero in
ad9832_calc_freqreg()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50234
- wifi: iwlegacy: Clear stale interrupts before resuming device
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50236
- wifi: ath10k: Fix memory leak in management tx
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50237
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50244
- fs/ntfs3: Additional check in ni_clear()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50245
- fs/ntfs3: Fix possible deadlock in mi_read
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50247
- fs/ntfs3: Check if more than chunk-size bytes are written
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50249
- ACPI: CPPC: Make rmw_lock a raw_spin_lock
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50251
- netfilter: nft_payload: sanitize offset and length before calling
skb_checksum()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50257
- netfilter: Fix use-after-free in get_info()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50262
- bpf: Fix out-of-bounds write in trie_get_next_key()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50259
- netdevsim: Add trailing zero to terminate the string in
nsim_nexthop_bucket_activity_write()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-53042
- ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-53058
- net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-53059
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50141
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50086
- ksmbd: fix user-after-free from session log off
* Jammy update: v5.15.170 upstream stable release (LP: #2089272)
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure
- x86/resctrl: Avoid overflow in MB settings in bw_validate()
- ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
- RDMA/irdma: Fix misspelling of "accept*"
- ipv4: give an IPv4 dev to blackhole_netdev
- RDMA/bnxt_re: Return more meaningful error
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation
- drm/msm: Allocate memory for disp snapshot with kvzalloc()
- net: usb: usbnet: fix race in probe failure
- octeontx2-af: Fix potential integer overflows on integer shifts
- macsec: don't increment counters for an unrelated SA
- net: ethernet: aeroflex: fix potential memory leak in
greth_start_xmit_gbit()
- net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid
- net: xilinx: axienet: fix potential memory leak in axienet_start_xmit()
- genetlink: hold RCU in genlmsg_mcast()
- s390: Initialize psw mask in perf_arch_fetch_caller_regs()
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian
- KVM: s390: gaccess: Check if guest address is in memslot
- usb: gadget: Add function wakeup support
- XHCI: Separate PORT and CAPs macros into dedicated file
- usb: dwc3: core: Fix system suspend on TI AM62 platforms
- block, bfq: fix procress reference leakage for bfqq in merge chain
- ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to
default regs values
- ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit
- arm64: Force position-independent veneers
- platform/x86: dell-wmi: Ignore suspend notifications
- arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse
warning
- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string
- platform/x86: dell-sysman: add support for alienware products
- jfs: Fix sanity check in dbMount
- xfrm: extract dst lookup parameters into a struct
- xfrm: respect ip protocols rules criteria when performing dst lookups
- net: plip: fix break; causing plip to never transmit
- net: dsa: mv88e6xxx: Fix error when setting port policy on mv88e6393x
- net: usb: usbnet: fix name regression
- r8169: avoid unsolicited interrupts
- posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
- bpf,perf: Fix perf_event_detach_bpf_prog error handling
- ALSA: hda/realtek: Update default depop procedure
- btrfs: zoned: fix zone unusable accounting for freed reserved extent
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid
detection issue
- openat2: explicitly return -E2BIG for (usize > PAGE_SIZE)
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event
- selinux: improve error checking in sel_write_load()
- net: phy: dp83822: Fix reset pin definitions
- Linux 5.15.170
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50142
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50103
- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50058
- serial: protect uart_port_dtr_rts() in uart_shutdown() too
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50110
- xfrm: fix one more kernel-infoleak in algo dumping
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50115
- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50116
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50117
- drm/amd: Guard against bad data for ATIF ACPI method
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50205
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50127
- net: sched: fix use-after-free in taprio_change()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50128
- net: wwan: fix global oob in wwan_rtnl_policy
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50167
- be2net: fix potential memory leak in be_xmit()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50168
- net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50131
- tracing: Consider the NULL character when validating the event length
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50143
- udf: fix uninit-value use in udf_get_fileshortad
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50134
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with
real
VLA
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50010
- exec: don't WARN for racy path_noexec check
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50194
- arm64: probes: Fix uprobes for big-endian kernels
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50148
- Bluetooth: bnep: fix wild-memory-access in proto_unregister
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50150
- usb: typec: altmode should keep reference to parent
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50151
- smb: client: fix OOBs when building SMB2_IOCTL request
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50153
- scsi: target: core: Fix null-ptr-deref in target_alloc_device()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50154
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50171
- net: systemport: fix potential memory leak in bcm_sysport_xmit()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50156
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50208
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50160
- ALSA: hda/cs8409: Fix possible NULL dereference
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50209
- RDMA/bnxt_re: Add a check for memory allocation
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50162
- bpf: devmap: provide rxq after redirect
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50163
- bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
* kernel:nft "Could not process rule: Device or resource busy" on unreferenced
chain (LP: #2089699)
- SAUCE: netfilter: nf_tables: Fix EBUSY on deleting unreferenced chain
* WARN in trc_wait_for_one_reader about failed IPIs (LP: #2089373)
- SAUCE: rcu-tasks: fix mismerge in trc_inspect_reader
- rcu-tasks: Idle tasks on offline CPUs are in quiescent states
* CVE-2024-35887
- ax25: fix use-after-free bugs caused by ax25_ds_del_timer
* CVE-2024-40965
- clk: Add a devm variant of clk_rate_exclusive_get()
- clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get()
- i2c: lpi2c: Avoid calling clk_get_rate during transfer
* CVE-2024-40982
- ssb: Fix potential NULL pointer dereference in ssb_device_uevent()
* CVE-2024-41066
- ibmvnic: Add tx check to prevent skb leak
* CVE-2024-42252
- closures: Change BUG_ON() to WARN_ON()
* CVE-2024-53097
- mm: krealloc: Fix MTE false alarm in __do_krealloc
* Add list of source files to linux-buildinfo (LP: #2086606)
- [Packaging] Sort build dependencies alphabetically
- [Packaging] Add list of used source files to buildinfo package
* UFS: uspi->s_3apb UBSAN: shift-out-of-bounds (LP: #2087853)
- ufs: ufs_sb_private_info: remove unused s_{2, 3}apb fields
* Jammy update: v5.15.169 upstream stable release (LP: #2088231)
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2
- udf: New directory iteration code
- udf: Convert udf_expand_dir_adinicb() to new directory iteration
- udf: Move udf_expand_dir_adinicb() to its callsite
- udf: Implement searching for directory entry using new iteration code
- udf: Provide function to mark entry as deleted using new directory
iteration
code
- udf: Convert udf_rename() to new directory iteration code
- udf: Convert udf_readdir() to new directory iteration
- udf: Convert udf_lookup() to use new directory iteration code
- udf: Convert udf_get_parent() to new directory iteration code
- udf: Convert empty_dir() to new directory iteration code
- udf: Convert udf_rmdir() to new directory iteration code
- udf: Convert udf_unlink() to new directory iteration code
- udf: Implement adding of dir entries using new iteration code
- udf: Convert udf_add_nondir() to new directory iteration
- udf: Convert udf_mkdir() to new directory iteration code
- udf: Convert udf_link() to new directory iteration code
- udf: Remove old directory iteration code
- udf: Handle error when expanding directory
- udf: Don't return bh from udf_expand_dir_adinicb()
- udf: Fix bogus checksum computation in udf_rename()
- net: enetc: remove xdp_drops statistic from enetc_xdp_drop()
- net: enetc: add missing static descriptor and inline keyword
- posix-clock: Fix missing timespec64 check in pc_clock_settime()
- arm64: probes: Remove broken LDR (literal) uprobe support
- arm64: probes: Fix simulate_ldr*_literal()
- net: macb: Avoid 20s boot delay by skipping MDIO bus registration for
fixed-
link PHY
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1
- fat: fix uninitialized variable
- mm/swapfile: skip HugeTLB pages for unuse_vma
- secretmem: disable memfd_secret() if arch cannot set direct map
- dm-crypt, dm-verity: disable tasklets
- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
- drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)
- io_uring/sqpoll: do not allow pinning outside of cpuset
- io_uring/sqpoll: retain test for whether the CPU is valid
- io_uring/sqpoll: do not put cpumask on stack
- iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR
- KVM: s390: Change virtual to physical address access in diag 0x258 handler
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag
- x86/entry: Have entry_ibpb() invalidate return predictions
- x86/bugs: Skip RSB fill at VMEXIT
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
- io_uring/sqpoll: close race on waiting for sqring entries
- drm/radeon: Fix encoder->possible_clones
- drm/vmwgfx: Handle surface check failure correctly
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig
- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
- iio: hid-sensors: Fix an error handling path in
_hid_sensor_set_report_latency()
- iio: light: veml6030: fix ALS sensor resolution
- iio: light: veml6030: fix IIO device retrieval from embedded device
- iio: light: opt3001: add missing full-scale range value
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in
Kconfig
- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in
Kconfig
- Bluetooth: Remove debugfs directory on module init failure
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
- xhci: Fix incorrect stream context type macro
- xhci: Mitigate failed set dequeue pointer commands
- USB: serial: option: add support for Quectel EG916Q-GL
- USB: serial: option: add Telit FN920C04 MBIM compositions
- parport: Proper fix for array out-of-bounds access
- x86/resctrl: Annotate get_mem_config() functions as __init
- x86/apic: Always explicitly disarm TSC-deadline timer
- x86/entry_32: Do not clobber user EFLAGS.ZF
- x86/entry_32: Clear CPU buffers after register restore in NMI return
- pinctrl: ocelot: fix system hang on level based interrupts
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
- mptcp: track and update contiguous data status
- mptcp: handle consistently DSS corruption
- tcp: fix mptcp DSS corruption due to large pmtu xmit
- mptcp: fallback when MPTCP opts are dropped after 1st data
- mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
- mptcp: prevent MPC handshake on port-based signal endpoints
- nilfs2: propagate directory read errors from nilfs_find_entry()
- powerpc/mm: Always update max/min_low_pfn in mem_topology_setup()
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne
1000 G2
- Linux 5.15.169
-- Benjamin Wheeler <benjamin.whee...@canonical.com> Mon, 03 Feb 2025
10:49:09 -0500
** Changed in: linux-gke (Ubuntu Jammy)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-gke in Ubuntu.
https://bugs.launchpad.net/bugs/2093622
Title:
IDPF: TX timeout and crash
Status in linux-gcp package in Ubuntu:
In Progress
Status in linux-gke package in Ubuntu:
In Progress
Status in linux-gkeop package in Ubuntu:
In Progress
Status in linux-gcp source package in Jammy:
Fix Released
Status in linux-gke source package in Jammy:
Fix Released
Status in linux-gcp source package in Noble:
In Progress
Status in linux-gke source package in Noble:
In Progress
Status in linux-gkeop source package in Noble:
In Progress
Status in linux-gcp source package in Oracular:
Fix Released
Bug description:
SRU Justification
[Impact]
Google has requested a patchset to be backported to resolve an issue in the
IDPF module. The issue can lead to timeouts and potentially a system crash.
[Fix]
Backport a patchset from linux upstream to all IDPF-enabled Google kernels.
[Test Plan]
Compile and boot tested.
[Regression Potential]
This is a medium size backport and affects several kernels. Only the Oracular
patches were applied cleanly, which increases the chance of human error in the
backport process. Problems related to this fix could lead to further issues in
the Intel IDPF module, but there have been no changes to other drivers or the
core kernel.
[Other]
SF #00404007
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-gcp/+bug/2093622/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
