Public bug reported:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
v7.0.4 upstream stable release
from git://git.kernel.org/
Linux 7.0.4
ipmi:ssif: NULL thread on error
ipmi:ssif: Remove unnecessary indention
netfilter: reject zero shift in nft_bitwise
net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels
mm/slab: return NULL early from kmalloc_nolock() in NMI on UP
mm/page_alloc: return NULL early from alloc_frozen_pages_nolock() in NMI on UP
vmalloc: fix buffer overflow in vrealloc_node_align()
ALSA: aloop: Fix peer runtime UAF during format-change stop
ALSA: caiaq: fix usb_dev refcount leak on probe failure
drm/imagination: Fix segfault when updating ftrace mask
drm/amdgpu: fix zero-size GDS range init on RDNA4
ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
ALSA: caiaq: Don't abort when no input device is available
ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path
driver core: Add kernel-doc for DEV_FLAG_COUNT enum value
crypto: authencesn - reject short ahash digests during instance creation
mei: me: add nova lake point H DID
mei: me: use PCI_DEVICE_DATA macro
mm: avoid deadlock when holding rmap on mmap_prepare error
mm: various small mmap_prepare cleanups
wifi: mt76: mt792x: fix mt7925u USB WFSYS reset handling
wifi: mt76: mt792x: describe USB WFSYS reset with a descriptor
iio: frequency: admv1013: fix NULL pointer dereference on str
iio: frequency: admv1013: add dev variable
perf loongarch: Fix build failure with CONFIG_LIBDW_DWARF_UNWIND
seg6: fix seg6 lwtunnel output redirect for L2 reduced encap mode
scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails
sched_ext: Documentation: Clarify ops.dispatch() role in task lifecycle
rxgk: Fix potential integer overflow in length check
rtmutex: Use waiter::task instead of current in remove_waiter()
ntfs3: fix integer overflow in run_unpack() volume boundary check
ntfs3: add buffer boundary checks to run_unpack()
NFSv4.1: Apply session size limits on clone path
ktest: Fix the month in the name of the failure directory
IB/core: Fix zero dmac race in neighbor resolution
gtp: disable BH before calling udp_tunnel_xmit_skb()
ceph: only d_add() negative dentries when they are unhashed
ceph: fix num_ops off-by-one when crypto allocation fails
erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap()
dm mirror: fix integer overflow in create_dirty_log()
crypto: nx - Fix packed layout in struct nx842_crypto_header
crypto: nx - fix context leak in nx842_crypto_free_ctx
crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx
crypto: atmel-sha204a - Fix uninitialized data access on OTP read error
crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path
crypto: atmel-sha204a - Fix error codes in OTP reads
crypto: atmel-tdes - fix DMA sync direction
crypto: ccree - fix a memory leak in cc_mac_digest()
crypto: hisilicon - Fix dma_unmap_single() direction
crypto: atmel-ecc - Release client on allocation failure
crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup
crypto: arm64/aes - Fix 32-bit aes_mac_update() arg treated as 64-bit
crypto: acomp - fix wrong pointer stored by acomp_save_req()
can: ucan: fix devres lifetime
bus: mhi: host: pci_generic: Switch to async power up to avoid boot delays
Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
apparmor: use target task's context in apparmor_getprocattr()
9p: fix access mode flags being ORed instead of replaced
mfd: core: Preserve OF node when ACPI handle is present
mptcp: sync the msk->sndbuf at accept() time
taskstats: set version in TGID exit notifications
tcp: call sk_data_ready() after listener migration
wifi: rtl8xxxu: fix potential use of uninitialized value
x86/shstk: Prevent deadlock during shstk sigreturn
x86/cpu: Disable FRED when PTI is forced on
inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails
HID: apple: ensure the keyboard backlight is off if suspending
mm, swap: speed up hibernation allocation and writeout
check-uapi: link into shared objects
md/raid5: validate payload size before accessing journal metadata
md/raid5: fix soft lockup in retry_aligned_read()
md/md-llbitmap: raise barrier before state machine transition
md/md-llbitmap: skip reading rdevs that are not in_sync
amdgpu/jpeg: fix deepsleep register for jpeg 5_0_0 and 5_0_2
mtd: spinand: winbond: Declare the QE bit on W25NxxJW
mtd: spi-nor: sst: Fix write enable before AAI sequence
udf: fix partition descriptor append bookkeeping
ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all()
ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access
ring-buffer: Do not double count the reader_page
ARM: 9472/1: fix race condition on PG_dcache_clean in __sync_icache_dcache()
KVM: nSVM: Always intercept VMMCALL when L2 is active
KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1
KVM: nSVM: Add missing consistency check for nCR3 validity
KVM: nSVM: Drop the non-architectural consistency check for NP_ENABLE
KVM: nSVM: Add missing consistency check for EFER, CR0, CR4, and CS
KVM: nSVM: Clear tracking of L1->L2 NMI and soft IRQ on nested #VMEXIT
KVM: nSVM: Clear EVENTINJ fields in vmcb12 on nested #VMEXIT
KVM: nSVM: Clear GIF on nested #VMEXIT(INVALID)
KVM: nSVM: Triple fault if mapping VMCB12 fails on nested #VMEXIT
KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT
KVM: nSVM: Refactor writing vmcb12 on nested #VMEXIT as a helper
KVM: nSVM: Refactor checking LBRV enablement in vmcb12 into a helper
KVM: nSVM: Always inject a #GP if mapping VMCB12 fails on nested VMRUN
KVM: SVM: Add missing save/restore handling of LBR MSRs
KVM: SVM: Switch svm_copy_lbrs() to a macro
KVM: nSVM: Delay setting soft IRQ RIP tracking fields until vCPU run
KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12
KVM: arm64: Account for RESx bits in __compute_fgt()
KVM: nSVM: Use vcpu->arch.cr2 when updating vmcb12 on nested #VMEXIT
KVM: nSVM: Delay stuffing L2's current RIP into NextRIP until vCPU run
KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN
KVM: nSVM: Ensure AVIC is inhibited when restoring a vCPU to guest mode
KVM: SVM: Explicitly mark vmcb01 dirty after modifying VMCB intercepts
KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0
KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2
KVM: nSVM: Sync NextRIP to cached vmcb12 after VMRUN of L2
KVM: nSVM: Mark all of vmcb02 dirty when restoring nested state
KVM: x86: Defer non-architectural deliver of exception payload to userspace read
LoongArch: KVM: Use CSR_CRMD_PLV in kvm_arch_vcpu_in_kernel()
userfaultfd: allow registration of ranges below mmap_min_addr
mm/damon/core: disallow non-power of two min_region_sz on damon_start()
mm/damon/core: disallow time-quota setting zero esz
mm/damon/core: use time_in_range_open() for damos quota window start
mm/damon/core: validate damos_quota_goal->nid for node_memcg_{used,free}_bp
mm/damon/core: validate damos_quota_goal->nid for node_mem_{used,free}_bp
mm/damon/stat: fix memory leak on damon_start() failure in damon_stat_start()
mm/mempolicy: fix memory leaks in weighted_interleave_auto_store()
mm/memfd_luo: fix physical address conversion in put_folios cleanup
mm/vmalloc: take vmap_purge_lock in shrinker
rtc: ntxec: fix OF node reference imbalance
tpm: tpm_tis: stop transmit if retries are exhausted
tpm: tpm_tis: add error logging for data transfer
tpm: Use kfree_sensitive() to free auth session in tpm_dev_release()
tpm: Fix auth session leak in tpm2_get_random() error path
tpm2-sessions: Fix missing tpm_buf_destroy() in tpm2_read_public()
pwm: imx-tpm: Count the number of enabled channels in probe
crypto: talitos - rename first/last to first_desc/last_desc
crypto: talitos - fix SEC1 32k ahash request limitation
firmware: exynos-acpm: Drop fake 'const' on handle pointer
firmware: google: framebuffer: Do not unregister platform device
xfs: fix a resource leak in xfs_alloc_buftarg()
xfs: start gc on zonegc_low_space attribute updates
crypto: qat - fix IRQ cleanup on 6xxx probe failure
arm64: dts: ti: am62-verdin: Enable pullup for eMMC data pins
mmc: sdhci-of-dwcmshc: Disable clock before DLL configuration
mmc: block: use single block write in retry
randomize_kstack: Maintain kstack_offset per task
hwmon: (pt5161l) Fix bugs in pt5161l_read_block_data()
selinux: fix overlayfs mmap() and mprotect() access checks
lsm: add backing_file LSM hooks
fs: prepare for adding LSM blob to backing_file
media: rzv2h-ivc: Fix AXIRX_VBLANK register write
media: rzv2h-ivc: Revise default VBLANK formula
hwmon: (powerz) Avoid cacheline sharing for DMA buffer
hwmon: (isl28022) Fix integer overflow in power calculation on 32-bit
power: supply: axp288_charger: Do not cancel work before initializing it
fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info
LoongArch: Show CPU vulnerabilites correctly
LoongArch: Make arch_irq_work_has_interrupt() true only if IPI HW exist
tpm: avoid -Wunused-but-set-variable
extract-cert: Wrap key_pass with '#ifdef USE_PKCS11_ENGINE'
apparmor: Fix string overrun due to missing termination
spi: fix resource leaks on device setup failure
libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()
ipv4: icmp: validate reply type before using icmp_pointers
printf: Compile the kunit test with DISABLE_BRANCH_PROFILING
DISABLE_BRANCH_PROFILING
RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv
tracing/fprobe: Reject registration of a registered fprobe before init
slub: fix data loss and overflow in krealloc()
drm/arcpgu: fix device node leak
net: ks8851: Avoid excess softirq scheduling
net: mctp: fix don't require received header reserved bits to be zero
netconsole: avoid out-of-bounds access on empty string in trim_newline()
net: bridge: use a stable FDB dst snapshot in RCU readers
net: ks8851: Reinstate disabling of BHs around IRQ handler
net/smc: avoid early lgr access in smc_clc_wait_msg
net: txgbe: fix firmware version check
net: rds: fix MR cleanup on copy error
net: qrtr: ns: Limit the total number of nodes
net: qrtr: ns: Free the node during ctrl_cmd_bye()
net: qrtr: ns: Limit the maximum number of lookups
net: qrtr: ns: Limit the maximum server registration per node
arm64: dts: marvell: uDPU: add ethernet aliases
net: txgbe: fix RTNL assertion warning when remove module
tools/accounting: handle truncated taskstats netlink messages
EDAC/versalnet: Fix memory leak in remove and probe error paths
rxrpc: Fix rxrpc_input_call_event() to only unshare DATA packets
rxrpc: Fix re-decryption of RESPONSE packets
rxrpc: Fix error handling in rxgk_extract_token()
rxrpc: Fix rxkad crypto unalignment handling
rxrpc: Fix conn-level packet handling to unshare RESPONSE packets
rxrpc: Fix memory leaks in rxkad_verify_response()
rxrpc: Fix potential UAF after skb_unshare() failure
iio: adc: ad7768-1: remove switch to one-shot mode
iio: adc: ad7768-1: fix one-shot mode data acquisition
ALSA: pcmtest: Fix resource leaks in module init error paths
ALSA: pcmtest: fix reference leak on failed device registration
ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa2xxx
ALSA: 6fire: Fix input volume change detection
ALSA: caiaq: Handle probe errors properly
ALSA: caiaq: Fix control_put() result and cache rollback
ALSA: core: Fix potential data race at fasync handling
module.lds.S: Fix modules on 32-bit parisc architecture
module.lds,codetag: force 0 sh_addr for sections
io_uring/poll: ensure EPOLL_ONESHOT is propagated for EPOLL_URING_WAKE
io_uring/poll: fix signed comparison in io_poll_get_ownership()
io_uring/zcrx: fix user_struct uaf
io_uring/register: fix ring resizing with mixed/large SQEs/CQEs
iio: adc: ti-ads7950: use iio_push_to_buffers_with_ts_unaligned()
block: relax pgmap check in bio_add_page for compatible zone device pages
io_uring/timeout: check unused sqe fields
io_uring/zcrx: return back two step unregistration
block: fix zone write plugs refcount handling in
disk_zone_wplug_schedule_bio_work()
mm/zone_device: do not touch device folio after calling ->folio_free()
rbd: fix null-ptr-deref when device_add_disk() fails
selftests/landlock: Skip stale records in audit_match_record()
selftests/landlock: Fix snprintf truncation checks in audit helpers
selftests/landlock: Fix format warning for __u64 in net_test
selftests/landlock: Drain stale audit records on init
landlock: Allow TSYNC with LOG_SUBDOMAINS_OFF and fd=-1
landlock: Fix LOG_SUBDOMAINS_OFF inheritance across fork()
selftests/mqueue: Fix incorrectly named file
sched: Use u64 for bandwidth ratio calculations
reset: rzv2h-usb2phy: Keep PHY clock enabled for entire device lifetime
remoteproc: xlnx: Only access buffer information if IPI is buffered
RDMA/mana_ib: Disable RX steering on RSS QP destroy
perf annotate: Use jump__delete when freeing LoongArch jumps
PCI: imx6: Fix reference clock source selection for i.MX95
PCI: cadence: Use cdns_pcie_read_sz() for byte or word read access
parisc: Drop ip_fast_csum() inline assembly implementation
parisc: _llseek syscall is only available for 32-bit userspace
nvme: respect NVME_QUIRK_DISABLE_WRITE_ZEROES when wzsl is set
nvme-pci: add NVME_QUIRK_DISABLE_WRITE_ZEROES for Kingston OM3SGP4
mtd: docg3: fix use-after-free in docg3_release()
mm/hugetlb: fix early boot crash on parameters without '=' separator
mm/damon/core: fix damos_walk() vs kdamond_fn() exit race
mm/damon/core: fix damon_call() vs kdamond_fn() exit race
mm/alloc_tag: clear codetag for pages allocated before page_ext initialization
mfd: stpmic1: Attempt system shutdown twice in case PMIC is confused
media: rockchip: rkcif: comply with minimum number of buffers requirement
media: rockchip: rkcif: fix off by one bugs
media: rc: igorplugusb: heed coherency rules
md/raid10: fix deadlock with check operation and nowait requests
KVM: selftests: Fix reserved value WRMSR testcase for multi-feature MSRs
jbd2: fix deadlock in jbd2_journal_cancel_revoke()
ipmi:ssif: Clean up kthread on errors
erofs: fix the out-of-bounds nameoff handling for trailing dirents
ALSA: seq_oss: return full count for successful SEQ_FULLSIZE writes
ALSA: ctxfi: Add fallback to default RSR for S/PDIF
ALSA: aoa: Skip devices with no codecs in i2sbus_resume()
ALSA: aoa: i2sbus: fix OF node lifetime handling
ALSA: aoa: i2sbus: clear stale prepared state
mm/zsmalloc: copy KMSAN metadata in zs_page_migrate()
ext2: reject inodes with zero i_nlink and valid mode in ext2_iget()
net: qrtr: ns: Fix use-after-free in driver remove()
media: i2c: imx219: Check return value of devm_gpiod_get_optional() in
imx219_probe()
lib/ts_kmp: fix integer overflow in pattern length calculation
PCI: epf-mhi: Return 0, not remaining timeout, when eDMA ops complete
phy: qcom: m31-eusb2: clear PLL_EN during init
Revert "ALSA: usb: Increase volume range that triggers a warning"
PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown
crypto: atmel-sha204a - Fix OTP sysfs read and error handling
media: mtk-jpeg: fix use-after-free in release path due to uncancelled work
net: strparser: fix skb_head leak in strp_abort_strp()
net: caif: clear client service pointer on teardown
ALSA: control: Validate buf_len before strnlen() in
snd_ctl_elem_init_enum_names()
media: amphion: Fix race between m2m job_abort and device_run
PCI: imx6: Skip waiting for L2/L3 Ready on i.MX6SX
EDAC/versalnet: Fix device_node leak in mc_probe()
hwmon: (powerz) Fix missing usb_kill_urb() on signal interrupt
of: unittest: fix use-after-free in testdrv_probe()
of: unittest: fix use-after-free in of_unittest_changeset()
dt-bindings: display: ti, am65x-dss: Fix AM62L DSS reg and clock constraints
crypto: pcrypt - Fix handling of MAY_BACKLOG requests
crypto: algif_aead - snapshot IV for async AEAD requests
spi: ch341: fix memory leaks on probe failures
spi: imx: fix use-after-free on unbind
thermal: core: Fix thermal zone governor cleanup issues
um: drivers: call kernel_strrchr() explicitly in cow_user.c
vfio/cdx: Fix NULL pointer dereference in interrupt trigger path
vfio/cdx: Serialize VFIO_DEVICE_SET_IRQS with a per-device mutex
vfio/virtio: Convert list_lock from spinlock to mutex
vfio/xe: Add a missing vfio_pci_core_release_dev()
vfio: selftests: Fix VLA initialisation in vfio_pci_irq_set()
wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()
wifi: rtw88: check for PCI upstream bridge existence
zram: do not forget to endio for partial discard requests
Input: edt-ft5x06 - fix use-after-free in debugfs teardown
ocfs2: split transactions in dio completion to avoid credit exhaustion
mm: fix deferred split queue races during migration
mm: prevent droppable mappings from being locked
mm: migrate: requeue destination folio on deferred split queue
arm64: mm: Fix rodata=full block mapping support for realm guests
arm64/mm: Enable batched TLB flush in unmap_hotplug_range()
lib: test_hmm: evict device pages on file close to avoid use-after-free
firmware: google: framebuffer: Do not mark framebuffer as busy
fs: afs: revert mmap_prepare() change
kbuild: rust: allow `clippy::uninlined_format_args`
rust: dma: remove DMA_ATTR_NO_KERNEL_MAPPING from public attrs
drm/nouveau: fix nvkm_device leak on aperture removal failure
device property: Make modifications of fwnode "flags" thread safe
driver core: Don't let a device probe until it's ready
sysfs: attribute_group: Respect is_visible_const() when changing owner
ibmasm: fix heap over-read in ibmasm_send_i2o_message()
ibmasm: fix OOB reads in command_file_write due to missing size checks
misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt()
greybus: gb-beagleplay: fix sleep in atomic context in hdlc_tx_frames()
greybus: gb-beagleplay: bound bootloader receive buffering
leds: qcom-lpg: Check for array overflow when selecting the high resolution
drm/nouveau: fix u32 overflow in pushbuf reloc bounds check
LoongArch: Add spectre boundry for syscall dispatch table
ALSA: usb-audio: Evaluate packsize caps at the right place
usb: chipidea: core: allow ci_irq_handler() handle both ID and VBUS change
usb: chipidea: otg: not wait vbus drop if use role_switch
usb: xhci: Make usb_host_endpoint.hcpriv survive endpoint_disable()
ALSA: usb-audio: Fix Audio Advantage Micro II SPDIF switch
ALSA: usb-audio: Avoid false E-MU sample-rate notifications
ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Confirmed
** Affects: linux (Ubuntu Resolute)
Importance: Undecided
Status: New
** Tags: kernel-stable-tracking-bug
** Changed in: linux (Ubuntu)
Status: New => Confirmed
** Also affects: linux (Ubuntu Resolute)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2152552
Title:
Resolute update: v7.0.4 upstream stable release
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2152552/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
