Comment 1 Quality Assurance 2023-05-03 11:00:11 CEST

--- mirror/ftp/pool/main/l/linux-signed-amd64/linux-signed-amd64_4.19.269+1.dsc
+++ apt/ucs_5.0-0-errata5.0-3/source/linux-signed-amd64_4.19.282+1.dsc
@@ -1,6 +1,994 @@
-4.19.269+1 [Tue, 20 Dec 2022 23:56:34 +0100] Ben Hutchings <benh@debian.org>:
+4.19.282+1 [Sat, 29 Apr 2023 22:07:39 +0200] Ben Hutchings <benh@debian.org>:
 
-  * Sign kernel from linux 4.19.269-1
+  * Sign kernel from linux 4.19.282-1
+
+  * New upstream stable update:
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.270
+    - mm/khugepaged: fix GUP-fast interaction by sending IPI
+    - mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
+    - block: unhash blkdev part inode when the part is deleted
+    - nfp: fix use-after-free in area_cache_get() (CVE-2022-3545)
+    - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
+    - can: sja1000: fix size of OCR_MODE_MASK define
+    - can: mcba_usb: Fix termination command argument
+    - ASoC: ops: Correct bounds check for second channel on SX controls
+    - udf: Discard preallocation before extending file with a hole
+    - udf: Fix preallocation discarding at indirect extent boundary
+    - udf: Do not bother looking for prealloc extents if i_lenExtents matches
+      i_size
+    - udf: Fix extending file within last block
+    - usb: gadget: uvc: Prevent buffer overflow in setup handler
+    - USB: serial: option: add Quectel EM05-G modem
+    - USB: serial: cp210x: add Kamstrup RF sniffer PIDs
+    - USB: serial: f81534: fix division by zero on line-speed change
+    - igb: Initialize mailbox message for VF reset
+    - Bluetooth: L2CAP: Fix u8 overflow (CVE-2022-45934)
+    - net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
+    - [arm*] usb: musb: remove extra check in musb_gadget_vbus_draw
+    - [armhf] soc: ti: smartreflex: Fix PM disable depth imbalance in
+      omap_sr_probe
+    - [armhf] dts: dove: Fix assigned-addresses for every PCIe Root Port
+    - [armhf] dts: armada-370: Fix assigned-addresses for every PCIe Root Port
+    - [armhf] dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
+    - [armhf] dts: armada-375: Fix assigned-addresses for every PCIe Root Port
+    - [armhf] dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
+    - [armhf] dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
+    - [armhf] dts: turris-omnia: Add ethernet aliases
+    - [armhf] dts: turris-omnia: Add switch port 6 node
+    - pstore/ram: Fix error return code in ramoops_probe()
+    - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
+    - [x86] tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
+    - [arm64] cpuidle: dt: Return the correct numbers of parsed idle states
+    - fs: don't audit the capability check in simple_xattr_list()
+    - selftests/ftrace: event_triggers: wait longer for test_event_enable
+    - perf: Fix possible memleak in pmu_dev_alloc()
+    - timerqueue: Use rb_entry_safe() in timerqueue_getnext()
+    - ocfs2: fix memory leak in ocfs2_stack_glue_init()
+    - PNP: fix name memory leak in pnp_alloc_dev()
+    - [x86] perf/x86/intel/uncore: Fix reference count leak in
+      hswep_has_limit_sbox() (regression in 4.19.189)
+    - [x86] cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()
+    - lib/notifier-error-inject: fix error when writing -errno to debugfs file
+    - debugfs: fix error when writing negative value to atomic_t debugfs file
+      (regression in 4.19.160)
+    - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
+    - [x86] uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
+    - [x86] xen/events: only register debug interrupt for 2-level events
+    - [x86] xen: Fix memory leak in xen_smp_intr_init{_pv}()
+    - [x86] xen: Fix memory leak in xen_init_lock_cpu()
+    - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
+    - PM: runtime: Improve path in rpm_idle() when no callback
+    - PM: runtime: Do not call __rpm_callback() from rpm_idle()
+    - [x86] platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
+    - fs: sysv: Fix sysv_nblocks() returns wrong value
+    - relay: fix type mismatch when allocating memory in relay_create_buf()
+    - hfs: Fix OOB Write in hfs_asc2mac
+    - wifi: ath9k: hif_usb: fix memory leak of urbs in
+      ath9k_hif_usb_dealloc_tx_urbs() (regression in 4.19.154)
+    - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
+    - wifi: rtl8xxxu: Fix reading the vendor of combo chips
+    - can: kvaser_usb: do not increase tx statistics when sending error message
+      frames
+    - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
+    - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to
+      {leaf,usbcan}_cmd_can_error_event
+    - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
+    - can: kvaser_usb_leaf: Set Warning state even without bus errors
+    - can: kvaser_usb_leaf: Fix improved state not being reported
+    - can: kvaser_usb_leaf: Fix wrong CAN state after stopping
+    - can: kvaser_usb_leaf: Fix bogus restart events
+    - can: kvaser_usb: Add struct kvaser_usb_busparams
+    - can: kvaser_usb: Compare requested bittiming parameters with actual
+      parameters in do_set_{,data}_bittiming
+    - media: vivid: fix compose size exceed boundary
+    - mtd: Fix device name leak when register device failed in add_mtd_device()
+    - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port
+    - drm/radeon: Add the missed acpi_put_table() to fix memory leak
+    - regulator: core: fix unbalanced of node refcount in
+      regulator_dev_lookup()
+    - wifi: ath10k: Fix return value in ath10k_pci_init()
+    - [arm64] Input: elants_i2c - properly handle the reset GPIO when power is
+      off
+    - media: solo6x10: fix possible memory leak in solo_sysfs_init()
+    - HID: hid-sensor-custom: set fixed size for custom attributes
+    - bonding: Export skip slave logic to function
+    - media: imon: fix a race condition in send_packet()
+    - pinctrl: pinconf-generic: add missing of_node_put()
+    - media: dvb-core: Fix ignored return value in dvb_register_frontend()
+    - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
+      (CVE-2023-28328)
+    - [arm*] drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe()
+    - NFSv4.2: Fix a memory stomp in decode_attr_security_label
+    - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
+    - [x86] ALSA: asihpi: fix missing pci_disable_device()
+    - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
+    - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
+    - wifi: cfg80211: Fix not unregister reg_pdev when
+      load_builtin_regdb_keys() fails
+    - regulator: core: fix module refcount leak in set_supply()
+    - media: saa7164: fix missing pci_disable_device()
+    - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
+    - SUNRPC: Fix missing release socket in rpc_sockname()
+    - NFSv4.x: Fail client initialisation if state manager thread can't run
+    - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
+    - mmc: toshsd: fix return value check of mmc_add_host()
+    - mmc: vub300: fix return value check of mmc_add_host()
+    - [armhf] mmc: wmt-sdmmc: fix return value check of mmc_add_host()
+    - [arm64] mmc: meson-gx: fix return value check of mmc_add_host()
+    - mmc: via-sdmmc: fix return value check of mmc_add_host()
+    - [x86] mmc: wbsd: fix return value check of mmc_add_host()
+    - [arm*] mmc: mmci: fix return value check of mmc_add_host()
+    - [armhf] clk: samsung: Fix memory leak in _samsung_clk_register_pll()
+    - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
+    - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
+    - blktrace: Fix output non-blktrace event when blk_classic option enabled
+    - [armhf] clk: socfpga: use clk_hw_register for a5/c5
+    - [x86] net: vmw_vsock: vmci: Check memcpy_from_msg()
+    - net: defxx: Fix missing err handling in dfx_init()
+    - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
+    - ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
+    - [x86] net: farsync: Fix kmemleak when rmmods farsync
+    - net/tunnel: wait until all sk_user_data reader finish before releasing
+      the sock
+    - [i386] hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
+    - [i386] net: amd: lance: don't call dev_kfree_skb() under
+      spin_lock_irqsave()
+    - [amd64,arm64] net: amd-xgbe: Fix logic around active and passive cables
+    - [amd64,arm64] net: amd-xgbe: Check only the minimum speed for active/
+      passive cables
+    - Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
+    - Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
+    - Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
+    - [x86] Bluetooth: hci_bcsp: don't call kfree_skb() under
+      spin_lock_irqsave()
+    - Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
+    - Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
+      (regression in 4.19.254)
+    - [arm*] stmmac: fix potential division by 0 (regression in 4.19.122)
+    - apparmor: fix a memleak in multi_transaction_new()
+    - apparmor: fix lockdep warning when removing a namespace
+    - apparmor: Fix abi check to include v8 abi
+    - f2fs: fix normal discard process
+    - RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port
+    - [x86] scsi: scsi_debug: Fix a warning in resp_write_scat()
+    - PCI: Check for alloc failure in pci_request_irq()
+    - [amd64] RDMA/hfi: Decrease PCI device reference count in error path
+    - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create
+      failed
+    - scsi: hpsa: use local workqueues instead of system workqueues
+    - scsi: hpsa: Fix possible memory leak in hpsa_init_one()
+    - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
+    - scsi: hpsa: Fix error handling in hpsa_add_sas_host()
+    - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
+    - scsi: fcoe: Fix possible name leak when device_register() fails
+    - [x86] scsi: ipr: Fix WARNING in ipr_init()
+    - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
+    - scsi: snic: Fix possible UAF in snic_tgt_create()
+    - [amd64] RDMA/hfi1: Fix error return code in parse_platform_config()
+    - orangefs: Fix sysfs not cleanup when dev init failed
+    - [x86] hwrng: amd - Fix PCI device refcount leak
+    - [i386] hwrng: geode - Fix PCI device refcount leak
+    - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
+    - [arm*] serial: tegra: avoid reg access when clk disabled
+    - [arm*] serial: tegra: check for FIFO mode enabled status
+    - [arm*] serial: tegra: set maximum num of uart ports to 8
+    - [arm*] serial: tegra: add support to use 8 bytes trigger
+    - [arm*] serial: tegra: add support to adjust baud rate
+    - [arm*] serial: tegra: report clk rate errors
+    - [arm*] serial: tegra: Add PIO mode support
+    - [arm*] tty: serial: tegra: Activate RX DMA transfer by request
+    - [arm*] serial: tegra: Read DMA status before terminating
+    - [x86] usb: typec: Check for ops->exit instead of ops->enter in
+      altmode_exit
+    - [arm*] serial: amba-pl011: avoid SBSA UART accessing DMACR register
+    - [arm*] serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
+      (regression in 4.19.253)
+    - [i386] serial: pch: Fix PCI device refcount leak in pch_request_dma()
+    - [x86] misc: sgi-gru: fix use-after-free error in gru_set_context_option,
+      gru_fault and gru_handle_user_call_os (CVE-2022-3424)
+    - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
+    - usb: gadget: f_hid: optional SETUP/SET_REPORT mode
+    - usb: gadget: f_hid: fix f_hidg lifetime vs cdev
+    - usb: gadget: f_hid: fix refcount leak on error path
+    - chardev: fix error handling in cdev_device_add()
+    - [i386] i2c: pxa-pci: fix missing pci_disable_device() on error in
+      ce4100_i2c_probe
+    - [x86] staging: rtl8192u: Fix use after free in ieee80211_rx()
+    - [x86] staging: rtl8192e: Fix potential use-after-free in
+      rtllib_rx_Monitor()
+    - [x86] i2c: ismt: Fix an out-of-bounds bug in ismt_access()
+      (CVE-2022-2873)
+    - usb: storage: Add check for kcalloc
+    - tracing/hist: Fix issue of losting command info in error_log
+    - [x86] fbdev: pm2fb: fix missing pci_disable_device()
+    - [x86] fbdev: via: Fix error in via_core_init()
+    - [x86] fbdev: vermilion: decrease reference count in error path
+    - [x86] fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
+    - [armhf] HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
+    - [armhf] HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
+    - power: supply: fix residue sysfs file in error handle route of
+      __power_supply_register()
+    - perf symbol: correction while adjusting symbol (regression in 4.19.255)
+    - [armhf] HSI: omap_ssi_core: Fix error handling in ssi_init()
+    - include/uapi/linux/swab: Fix potentially missing __always_inline
+    - [armhf] rtc: snvs: Allow a time difference on clock register read
+    - [amd64] iommu/amd: Fix pci device refcount leak in ppr_notifier()
+    - nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
+      (regression in 4.19.130)
+    - [x86] mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under
+      spin_lock_irqsave()
+    - [x86] mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under
+      spin_lock_irqsave()
+    - [x86] mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under
+      spin_lock_irqsave()
+    - nfc: pn533: Clear nfc_target before being used
+    - r6040: Fix kmemleak in probe and remove
+    - openvswitch: Fix flow lookup to use unmasked key
+    - skbuff: Account for tail adjustment during pull operations
+    - net_sched: reject TCF_EM_SIMPLE case for complex ematch module
+    - rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
+    - myri10ge: Fix an error handling path in myri10ge_probe()
+    - net: stream: purge sk_error_queue in sk_stream_kill_queues()
+      (regression in 4.19.218)
+    - fs: jfs: fix shift-out-of-bounds in dbAllocAG
+    - udf: Avoid double brelse() in udf_rename()
+    - fs: jfs: fix shift-out-of-bounds in dbDiscardAG
+    - ACPICA: Fix error code path in acpi_ds_call_control_method()
+    - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
+    - acct: fix potential integer overflow in encode_comp_t()
+    - hfs: fix OOB Read in __hfs_brec_find
+    - wifi: ath9k: verify the expected usb_endpoints are present
+    - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
+    - bpf: make sure skb->len != 0 when redirecting to a tunneling device
+    - [i386] hamradio: baycom_epp: Fix return type of baycom_send_packet()
+    - wifi: brcmfmac: Fix potential shift-out-of-bounds in
+      brcmf_fw_alloc_request()
+    - igb: Do not free q_vector unless new one was allocated
+    - drm/amdgpu: Fix type of second parameter in trans_msg() callback
+    - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
+    - md/raid1: stop mdx_raid1 thread when raid1 array run failed
+    - mrp: introduce active flags to prevent UAF when applicant uninit
+    - ppp: associate skb with a device at tx
+    - media: dvb-frontends: fix leak of memory fw
+    - media: dvbdev: adopts refcnt to avoid UAF
+    - media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
+    - blk-mq: fix possible memleak when register 'hctx' failed
+    - regulator: core: fix use_count leakage when handling boot-on
+    - [arm64] mmc: f-sdh30: Add quirks for broken timeout clock capability
+    - media: si470x: Fix use-after-free in si470x_int_in_callback()
+    - orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
+    - [arm*] ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in
+      rk_spdif_runtime_resume()
+    - [x86] ASoC: rt5670: Remove unbalanced pm_runtime_put()
+    - [arm*] usb: dwc3: core: defer probe on ulpi_read_id timeout
+    - HID: wacom: Ensure bootloader PID is usable in hidraw mode
+    - reiserfs: Add missing calls to reiserfs_security_free()
+    - media: dvbdev: fix refcnt bug
+    - ata: ahci: Fix PCS quirk application for suspend (regression in 4.19.77)
+    - HID: plantronics: Additional PIDs for double volume key presses quirk
+    - hfsplus: fix bug causing custom uid and gid being unable to be assigned
+      with mount
+    - ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
+    - ALSA: line6: correct midi status byte when receiving data from podxt
+    - ALSA: line6: fix stack overflow in line6_midi_transmit
+    - pnode: terminate at peers of source
+    - md: fix a crash in mempool_free
+    - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
+    - SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
+    - media: stv0288: use explicitly signed char
+    - dm cache: Fix ABBA deadlock between shrink_slab and
+      dm_cache_metadata_abort
+    - dm thin: Use last transaction's pmd->root when commit failed
+    - dm thin: Fix UAF in run_timer_softirq()
+    - dm cache: Fix UAF in destroy()
+    - dm cache: set needs_check flag after aborting metadata
+    - [x86] microcode/intel: Do not retry microcode reloading on the APs
+    - tracing: Fix infinite loop in tracing_read_pipe on overflowed
+      print_trace_line
+    - media: dvb-core: Fix double free in dvb_register_device()
+      (regression in 4.19.77)
+    - media: dvb-core: Fix UAF due to refcount races at releasing
+      (CVE-2022-41218)
+    - md/bitmap: Fix bitmap chunk size overflow issues
+    - ipmi: fix long wait in unload when IPMI disconnect
+    - ipmi: fix use after free in _ipmi_destroy_user()
+    - PCI: Fix pci_device_is_present() for VFs by checking PF
+    - PCI/sysfs: Fix double free in error path
+    - [amd64] iommu/amd: Fix ivrs_acpihid cmdline parsing code
+    - device_cgroup: Roll back to original exceptions after copy failure
+    - drm/connector: send hotplug uevent on connector cleanup
+    - [x86] drm/vmwgfx: Validate the box size for the snooped cursor
+      (CVE-2022-36280)
+    - ext4: add inode table check in __ext4_get_inode_loc to aovid possible
+      infinite loop
+    - ext4: add helper to check quota inums
+    - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
+    - ext4: init quota for 'old.inode' in 'ext4_rename'
+    - ext4: fix corruption when online resizing a 1K bigalloc fs
+    - ext4: fix error code return to user-space in ext4_get_branch()
+    - ext4: avoid BUG_ON when creating xattrs
+    - ext4: fix inode leak in ext4_xattr_inode_create() on an error path
+    - ext4: initialize quota before expanding inode in setproject ioctl
+    - ext4: avoid unaccounted block allocation when expanding inode
+    - ext4: allocate extended attribute value in vmalloc area
+    - btrfs: send: avoid unnecessary backref lookups when finding clone source
+    - btrfs: replace strncpy() with strscpy()
+    - dm thin: resume even if in FAIL mode
+    - perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
+    - perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as
+      unsinged data
+    - driver core: Set deferred_probe_timeout to a longer default if
+      CONFIG_MODULES is set
+    - ext4: goto right label 'failed_mount3a'
+    - ext4: correct inconsistent error msg in nojournal mode
+    - ext4: use kmemdup() to replace kmalloc + memcpy
+    - mbcache: don't reclaim used entries
+    - mbcache: add functions to delete entry if unused
+    - ext4: remove EA inode entry from mbcache on inode eviction
+    - ext4: unindent codeblock in ext4_xattr_block_set()
+    - ext4: fix race when reusing xattr blocks
+    - mbcache: automatically delete entries from cache on freeing
+    - ext4: fix deadlock due to mbcache entry corruption
+    - SUNRPC: ensure the matching upcall is in-flight upon downcall
+    - bpf: pull before calling skb_postpull_rcsum()
+    - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
+    - nfc: Fix potential resource leaks
+    - [amd64,arm64] net: amd-xgbe: add missed tasklet_kill
+    - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
+    - net: sched: atm: dont intepret cls results when asked to drop
+      (CVE-2023-23455)
+    - usb: rndis_host: Secure rndis_query check against int overflow
+    - udf: Fix extension of the last extent in the file
+    - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071
+      tablet
+    - [x86] bugs: Flush IBP in ib_prctl_set() (CVE-2023-0045)
+    - nfsd: fix handling of readdir in v4root vs. mount upcall timeout
+    - ext4: don't allow journal inode to have encrypt flag
+    - hfs/hfsplus: use WARN_ON for sanity check
+    - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
+    - mbcache: Avoid nesting of cache->c_list_lock under bit locks
+    - driver core: Fix bus_type.match() error handling in __driver_attach()
+    - net: sched: disallow noqueue for qdisc classes (CVE-2022-47929)
+    - perf auxtrace: Fix address filter duplicate symbol selection
+    - net/ulp: prevent ULP without clone op from entering the LISTEN status
+      (CVE-2023-0461)
+    - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
+      (CVE-2023-0266)
+    - cifs: Fix uninitialized memory read for smb311 posix symlink create
+    - [x86] platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight
+      during probe
+    - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
+      (CVE-2023-0394)
+    - [x86] ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later
+    - quota: Factor out setup of quota inode
+    - ext4: fix bug_on in __es_tree_search caused by bad quota inode
+    - ext4: lost matching-pair of trace in ext4_truncate
+    - ext4: fix use-after-free in ext4_orphan_cleanup
+    - ext4: fix uninititialized value in 'ext4_evict_inode'
+    - netfilter: ipset: Fix overflow before widen in the bitmap_ip_create()
+      function.
+    - [x86] boot: Avoid using Intel mnemonics in AT&T syntax asm
+    - EDAC/device: Fix period calculation in edac_device_reset_delay_period()
+    - hvc/xen: lock console list traversal
+    - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
+    - net/mlx5: Rename ptp clock info
+    - net/mlx5: Fix ptp max frequency adjustment range
+    - drm/virtio: Fix GEM handle creation UAF
+    - [arm64] cmpxchg_double*: hazard against entire exchange variable
+    - efi: fix NULL-deref in init error path (regression in 4.19.142)
+    - [arm*] tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasn't
+      started
+    - [arm*] serial: tegra: Only print FIFO error message when an error occurs
+    - [arm*] serial: tegra: Change lower tolerance baud rate limit for tegra20
+      and tegra30
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.271
+    - pNFS/filelayout: Fix coalescing test for single DS
+    - net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats
+    - RDMA/srp: Move large values to a new enum for gcc13
+    - f2fs: let's avoid panic if extent_tree is not created
+    - nilfs2: fix general protection fault in nilfs_btree_insert()
+    - xhci-pci: set the dma max_seg_size
+    - usb: xhci: Check endpoint is valid before dereferencing it
+    - xhci: Fix null pointer dereference when host dies
+    - xhci: Add a flag to disable USB3 lpm on a xhci root port level.
+    - prlimit: do_prlimit needs to have a speculation check (CVE-2023-0458)
+    - USB: serial: option: add Quectel EM05-G (GR) modem
+    - USB: serial: option: add Quectel EM05-G (CS) modem
+    - USB: serial: option: add Quectel EM05-G (RS) modem
+    - USB: serial: option: add Quectel EC200U modem
+    - USB: serial: option: add Quectel EM05CN (SG) modem
+    - USB: serial: option: add Quectel EM05CN modem
+    - USB: misc: iowarrior: fix up header size for
+      USB_DEVICE_ID_CODEMERCS_IOW100
+    - usb: core: hub: disable autosuspend for TI TUSB8041
+    - [x86] comedi: adv_pci1760: Fix PWM instruction handling
+    - [arm*] mmc: sunxi-mmc: Fix clock refcount imbalance during unbind
+    - cifs: do not include page data when checking signature
+    - USB: serial: cp210x: add SCALANCE LPE-9000 device id
+    - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
+    - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210
+    - [i386] serial: pch_uart: Pass correct sg to dma_unmap_sg()
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.272
+    - [armhf] dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts'
+    - [amd64] intel_ish-hid: Add check for ishtp_dma_tx_map
+    - [amd64] IB/hfi1: Reject a zero-length user expected buffer
+    - [amd64] IB/hfi1: Reserve user expected TIDs
+    - [amd64] IB/hfi1: Fix expected receive setup error exit issues
+    - affs: initialize fsdata in affs_truncate()
+    - amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent
+    - amd-xgbe: Delay AN timeout during KR training
+    - bpf: Fix pointer-leak due to insufficient speculative store bypass
+      mitigation
+    - [arm64] phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in
+      rockchip_usb2phy_power_on()
+    - net: nfc: Fix use-after-free in local_cleanup()
+    - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid
+      (CVE-2023-23559)
+    - net: usb: sr9700: Handle negative len
+    - net: mdio: validate parameter addr in mdiobus_get_phy()
+    - HID: check empty report_list in hid_validate_values() (CVE-2023-1073)
+    - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
+    - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request
+    - net: mlx5: eliminate anonymous module_init & module_exit
+    - dmaengine: Fix double increment of client_count in dma_chan_get()
+    - [arm64] net: macb: fix PTP TX timestamp failure due to packet padding
+    - HID: betop: check shape of output reports
+    - tcp: avoid the lookup process failing to get sk in ehash table
+    - w1: fix deadloop in __w1_remove_master_device()
+    - w1: fix WARNING after calling w1_process()
+    - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state
+    - block: fix and cleanup bio_check_ro
+    - perf env: Do not return pointers to local variables
+    - fs: reiserfs: remove useless new_opts in reiserfs_remount
+    - Bluetooth: hci_sync: cancel cmd_timer if hci_open failed
+    - scsi: hpsa: Fix allocation size for scsi_host_alloc()
+    - module: Don't wait for GOING modules
+    - tracing: Make sure trace_printk() can output as soon as it can be used
+    - trace_events_hist: add check for return value of 'create_hist_field'
+    - smbd: Make upper layer decide when to destroy the transport
+    - cifs: Fix oops due to uncleared server->smbd_conn in reconnect
+    - EDAC/device: Respect any driver-supplied workqueue polling value
+    - net: fix UaF in netns ops registration error path (regression in
+      4.19.264)
+    - netfilter: nft_set_rbtree: skip elements in transaction from garbage
+      collection
+    - netlink: remove hash::nelems check in netlink_insert
+    - netlink: annotate data races around nlk->portid
+    - netlink: annotate data races around dst_portid and dst_group
+    - netlink: annotate data races around sk_state
+    - ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
+    - netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE
+    - [x86] netrom: Fix use-after-free of a listening socket. (regression in
+      4.19.199)
+    - sctp: fail if no bound addresses can be used for a given scope
+      (CVE-2023-1074)
+    - net/tg3: resolve deadlock in tg3_reset_task() during EEH
+    - [x86] Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU
+      to RMI mode" (regression in 4.19.268)
+    - [x86] i8259: Mark legacy PIC interrupts with IRQ_LEVEL
+    - [x86] drm/i915/display: fix compiler warning about array overrun
+    - [armhf] dts: imx: Fix pca9547 i2c-mux node name
+    - [armhf] dmaengine: imx-sdma: Fix a possible memory leak in
+      sdma_transfer_init
+    - panic: unset panic_on_warn inside panic()
+    - exit: Add and use make_task_dead.
+    - exit: Put an upper limit on how often we can oops
+    - exit: Expose "oops_count" to sysfs
+    - exit: Allow oops_limit to be disabled
+    - panic: Consolidate open-coded panic_on_warn checks
+    - panic: Introduce warn_limit
+    - panic: Expose "warn_count" to sysfs
+    - docs: Fix path paste-o for /sys/kernel/warn_count
+    - exit: Use READ_ONCE() for all oops/warn limit reads
+    - ipv6: ensure sane device mtu in tunnels
+    - [arm*] usb: host: xhci-plat: add wakeup entry at sysfs
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.273
+    - firewire: fix memory leak for payload of request subaction to IEC 61883-1
+      FCP region
+    - [arm*] bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
+    - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
+    - [x86] netrom: Fix use-after-free caused by accept on already connected
+      socket
+    - ata: libata: Fix sata_down_spd_limit() when no link speed is reported
+    - net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
+    - scsi: target: core: Fix warning on RT kernels
+    - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
+      (CVE-2023-2162)
+    - [arm*] i2c: rk3x: fix a bunch of kernel-doc warnings
+    - [arm64] usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API
+    - [arm64] usb: dwc3: qcom: enable vbus override when in OTG dr-mode
+    - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait
+    - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
+    - [x86] Input: i8042 - merge quirk tables
+    - [x86] Input: i8042 - add TUXEDO devices to i8042 quirk tables
+    - [x86] Input: i8042 - add Clevo PCX0DX to i8042 quirk table
+    - [x86] nVMX x86: Check VMX-preemption timer controls on vmentry of L2
+      guests
+    - [x86] KVM: VMX: Move caching of MSR_IA32_XSS to hardware_setup()
+    - [x86] KVM: x86/vmx: Do not skip segment attributes if unusable bit is set
+    - [x86] thermal: intel: int340x: Protect trip temperature from concurrent
+      updates
+    - fbcon: Check font dimension limits
+    - efi: Accept version 2 of memory attributes table
+    - iio: hid: fix the retval in accel_3d_capture_sample
+    - mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
+    - mm/swapfile: add cond_resched() in get_swap_pages()
+    - Squashfs: fix handling and sanity checking of xattr_ids count
+    - serial: 8250_dma: Fix DMA Rx completion race
+    - serial: 8250_dma: Fix DMA Rx rearm race
+    - [x86] thermal: intel: int340x: Add locking to
+      int340x_thermal_get_trip_type()
+    - btrfs: limit device extents to the device size
+    - [x86] ALSA: emux: Avoid potential array out-of-bound in
+      snd_emux_xg_control()
+    - [amd64] IB/hfi1: Restore allocated resources on failed copyout
+    - [arm64] net: phy: meson-gxl: add g12a support
+    - [arm64] net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal
+      PHY
+    - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078)
+    - ALSA: pci: lx6464es: fix a debug loop
+    - [arm*] pinctrl: single: fix potential NULL dereference
+    - [x86] pinctrl: intel: Convert unsigned to unsigned int
+    - [x86] pinctrl: intel: Restore the pins that used to be in Direct IRQ mode
+    - net: USB: Fix wrong-direction WARNING in plusb.c
+    - usb: core: add quirk for Alcor Link AK9563 smartcard reader
+    - [arm64] dts: meson-gx: Make mmc host controller interrupts level-
+      sensitive
+    - [arm64] dts: meson-axg: Make mmc host controller interrupts level-
+      sensitive
+    - bpf: Always return target ifindex in bpf_fib_lookup
+    - migrate: hugetlb: check for hugetlb shared PMD in node migration
+    - [x86] net/rose: Fix to not accept on connected socket
+    - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association
+    - aio: fix mremap after fork null-deref
+    - netfilter: nft_tproxy: restrict to prerouting hook
+    - mmc: sdio: fix possible resource leaks in some error paths
+    - ALSA: hda/conexant: add a new hda codec SN6180
+    - ALSA: hda/realtek - fixed wrong gpio assigned
+    - [armhf,i386] hugetlb: check for undefined shift on 32 bit architectures
+    - i40e: add double of VLAN header when computing the max MTU
+    - dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.
+    - net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
+    - [arm*] net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence
+    - bnxt_en: Fix mqprio and XDP ring checking logic
+    - [arm*] net: stmmac: Restrict warning on disabling DMA store and fwd mode
+    - net: mpls: fix stale pointer if allocation fails during device rename
+      (CVE-2023-26545)
+    - ipv6: Fix datagram socket connection with DSCP.
+    - ipv6: Fix tcp socket connection with DSCP.
+    - i40e: Add checking for null for nlmsg_find_attr()
+    - [x86] kvm: initialize all of the kvm_debugregs structure before sending
+      it to userspace (CVE-2023-1513)
+    - nilfs2: fix underflow in second superblock position calculations
+    - [arm64] net: phy: meson-gxl: Add generic dummy stubs for MMD register
+      access
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.274
+    - wifi: rtl8xxxu: gen2: Turn on the rate control
+    - random: always mix cycle counter in add_latent_entropy()
+    - can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len
+    - alarmtimer: Prevent starvation by small intervals and SIG_IGN
+    - [x86] drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
+      (CVE-2022-3707)
+    - mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh
+    - uaccess: Add speculation barrier to copy_from_user() (CVE-2023-0459)
+    - bpf: add missing header file include
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.275
+    - [armhf] dts: rockchip: add power-domains property to dp node on rk3288
+    - [amd64,arm64] ACPI: NFIT: fix a potential deadlock during NFIT teardown
+    - btrfs: send: limit number of clones and allocated memory size
+    - [amd64] IB/hfi1: Assign npages earlier
+    - net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues().
+    - vc_screen: don't clobber return value in vcs_read
+    - USB: serial: option: add support for VW/Skoda "Carstick LTE"
+    - USB: core: Don't hold device lock while reading the "descriptors" sysfs
+     file
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.276
+    - HID: asus: Remove check for same LED brightness on set
+    - HID: asus: use spinlock to protect concurrent accesses
+    - HID: asus: use spinlock to safely schedule workers (CVE-2023-1079)
+    - [armhf] OMAP2+: Fix memory leak in realtime_counter_init()
+    - [armhf] imx: Call ida_simple_remove() for ida_simple_get
+    - [arm64] dts: meson-axg: enable SCPI
+    - blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx
+    - block: bio-integrity: Copy flags when bio_integrity_payload is cloned
+    - wifi: rsi: Fix memory leak in rsi_coex_attach()
+    - wifi: libertas: fix memory leak in lbs_init_adapter()
+    - wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave()
+    - rtlwifi: fix -Wpointer-sign warning
+    - wifi: rtlwifi: Fix global-out-of-bounds bug in
+      _rtl8812ae_phy_set_txpower_limit()
+    - ipw2x00: switch from 'pci_' to 'dma_' API
+    - wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave()
+    - wifi: ipw2200: fix memory leak in ipw_wdev_init()
+    - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
+    - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
+    - wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave()
+    - wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave()
+    - wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave()
+    - wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave()
+    - [x86] wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave()
+    - [x86] ACPICA: Drop port I/O validation for some regions
+    - genirq: Fix the return type of kstat_cpu_irqs_sum()
+    - lib/mpi: Fix buffer overrun when SG is too long
+    - ACPICA: nsrepair: handle cases without a return value correctly
+    - [x86] wifi: orinoco: check return value of hermes_write_wordrec()
+    - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no
+      callback function
+    - wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
+    - wifi: ath9k: Fix potential stack-out-of-bounds write in
+      ath9k_wmi_rsp_callback()
+    - [x86] ACPI: battery: Fix missing NUL-termination with large strings
+    - crypto: seqiv - Handle EBUSY correctly
+    - Bluetooth: L2CAP: Fix potential user-after-free
+    - libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
+    - rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
+    - crypto: rsa-pkcs1pad - Use akcipher_request_complete
+    - wifi: iwl3945: Add missing check for create_singlethread_workqueue
+    - wifi: iwl4965: Add missing check for create_singlethread_workqueue()
+    - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
+    - wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
+    - can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of
+      a bus error
+    - [arm*] drm/vc4: dpi: Add option for inverting pixel clock and output
+      enable
+    - [arm*] drm/vc4: dpi: Fix format mapping for RGB565
+    - [arm64] drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
+    - ALSA: hda/ca0132: minor fix for allocation size
+    - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
+    - [arm64] drm/msm: use strscpy instead of strncpy
+    - [arm64] drm/msm/dpu: Add check for pstates
+    - [arm*] gpu: host1x: Don't skip assigning syncpoints to channels
+    - [x86] ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress()
+    - scsi: aic94xx: Add missing check for dma_map_single()
+    - nfsd: fix race to check ls_layouts
+    - gfs2: jdata writepage fix
+    - perf llvm: Fix inadvertent file creation
+    - [arm64] perf tools: Fix auto-complete on aarch64
+    - [armhf] mtd: rawnand: sunxi: Fix the size of the last OOB region
+    - Input: ads7846 - don't report pressure for ads7845
+    - Input: ads7846 - don't check penirq immediately for 7845
+    - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled()
+    - [armhf] media: platform: ti: Add missing check for devm_regulator_get
+    - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
+      (CVE-2023-1118)
+    - media: i2c: ov7670: 0 instead of -EINVAL was returned
+    - media: usb: siano: Fix use after free bugs caused by do_submit_urb
+    - [arm64] rpmsg: glink: Avoid infinite loop on intent for missing channel
+    - [armhf] dts: exynos: Use Exynos5420 compatible for the MIPI video phy
+    - wifi: brcmfmac: Fix potential stack-out-of-bounds in
+      brcmf_c_preinit_dcmds()
+    - rcu: Suppress smp_processor_id() complaint in
+      synchronize_rcu_expedited_wait()
+    - [x86] thermal: intel: Fix unsigned comparison with less than zero
+    - timers: Prevent union confusion from unexpected restart_syscall()
+    - [x86] bugs: Reset speculation control settings on init
+    - wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-
+      out-of-bounds
+    - inet: fix fast path in __inet_hash_connect()
+    - ACPI: Don't build ACPICA with '-Os'
+    - [x86] ACPI: video: Fix Lenovo Ideapad Z570 DMI match
+    - drm/amd/display: Fix potential null-deref in dm_resume
+    - [arm64] drm/msm/dsi: Add missing check for alloc_ordered_workqueue
+    - dm thin: add cond_resched() to various workqueue loops
+    - dm cache: add cond_resched() to various workqueue loops
+    - wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
+    - [arm64] rtc: pm8xxx: fix set-alarm race
+    - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
+    - fs: hfsplus: fix UAF issue in hfsplus_put_super
+    - f2fs: fix information leak in f2fs_move_inline_dirents()
+    - ocfs2: fix defrag path triggering jbd2 ASSERT
+    - ocfs2: fix non-auto defrag path not working issue
+    - udf: Truncate added extents on failed expansion
+    - udf: Do not bother merging very long extents
+    - udf: Do not update file length for failed writes to inline files
+    - udf: Fix file corruption when appending just after end of preallocated
+      extent
+    - [x86] virt: Force GIF=1 prior to disabling SVM (for reboot flows)
+    - [x86] crash: Disable virt in core NMI crash handler to avoid double
+      shootdown
+    - [x86] reboot: Disable virtualization in an emergency if SVM is supported
+    - [x86] reboot: Disable SVM, not just VMX, when stopping CPUs
+    - [x86] kprobes: Fix __recover_optprobed_insn check optimizing logic
+    - [x86] kprobes: Fix arch_check_optimized_kprobe check within
+      optimized_kprobe range
+    - [x86] microcode/amd: Remove load_microcode_amd()'s bsp parameter
+    - [x86] microcode/AMD: Add a @cpu parameter to the reloading functions
+    - [x86] microcode/AMD: Fix mixed steppings support
+    - [x86] speculation: Allow enabling STIBP with legacy IBRS (CVE-2023-1998)
+    - irqdomain: Fix association race
+    - irqdomain: Fix disassociation race
+    - irqdomain: Drop bogus fwspec-mapping error handling
+    - [x86] ALSA: ice1712: Do not left ice->gpio_mutex locked in
+      aureon_add_controls()
+    - ext4: optimize ea_inode block expansion
+    - ext4: refuse to create ea block when umounted
+    - wifi: rtl8xxxu: Use a longer retry limit of 48
+    - wifi: cfg80211: Fix use after free for wext
+    - dm flakey: fix logic when corrupting a bio
+    - dm flakey: don't corrupt the zero page
+    - [armhf] dts: exynos: correct TMU phandle in Exynos4
+    - [armhf] dts: exynos: correct TMU phandle in Odroid XU
+    - rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
+    - scsi: qla2xxx: Fix link failure in NPIV environment
+    - scsi: qla2xxx: Fix erroneous link down
+    - scsi: ses: Don't attach if enclosure has no components
+    - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
+    - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
+    - scsi: ses: Fix possible desc_ptr out-of-bounds accesses
+    - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
+    - [x86] PCI: Avoid FLR for AMD FCH AHCI adapters
+    - [x86] drm/radeon: Fix eDP for single-display iMac11,2
+    - wifi: ath9k: use proper statements in conditionals
+    - net/sched: Retire tcindex classifier (CVE-2023-1281, CVE-2023-1829)
+    - fs/jfs: fix shift exponent db_agl2size negative
+    - ubi: ensure that VID header offset + VID header size <= alloc, size
+    - ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
+    - ubifs: Rectify space budget for ubifs_xrename()
+    - ubifs: Fix wrong dirty space budget for dirty inode
+    - ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
+    - ubifs: Reserve one leb for each journal head while doing budget
+    - ubi: Fix use-after-free when volume resizing failed
+    - ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
+    - ubi: Fix possible null-ptr-deref in ubi_free_volume()
+    - ubifs: Re-statistic cleaned znode count if commit failed
+    - ubifs: dirty_cow_znode: Fix memleak in error handling path
+    - ubifs: ubifs_writepage: Mark page dirty after writing inode failed
+    - ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
+    - ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
+    - [x86] watchdog: pcwd_usb: Fix attempting to access uninitialized memory
+    - netfilter: ctnetlink: fix possible refcount leak in
+      ctnetlink_create_conntrack()
+    - net: fix __dev_kfree_skb_any() vs drop monitor
+    - 9p/xen: fix version parsing
+    - 9p/xen: fix connection sequence
+    - 9p/rdma: unmap receive dma buffer in rdma_request()/post_recv()
+    - nfc: fix memory leak of se_io context in nfc_genl_se_io
+    - tcp: tcp_check_req() can be called from process context
+    - vc_screen: modify vcs_size() handling in vcs_read()
+    - [x86] scsi: ipr: Work around fortify-string warning
+    - tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
+    - [x86] firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
+    - media: uvcvideo: Handle cameras with invalid descriptors
+    - media: uvcvideo: Handle errors from calls to usb_string
+    - media: uvcvideo: Silence memcpy() run-time false positive warnings
+    - tty: fix out-of-bounds access in tty_driver_lookup_tty()
+    - [x86] mei: bus-fixup:upon error print return values of send and receive
+    - USB: ene_usb6250: Allocate enough memory for full object
+    - [arm64] phy: rockchip-typec: Fix unsigned comparison with less than zero
+    - Bluetooth: hci_sock: purge socket queues in the destruct() callback
+    - tcp: Fix listen() regression in 4.19.270
+    - media: uvcvideo: Provide sync and async uvc_ctrl_status_event
+    - media: uvcvideo: Fix race condition with usb_kill_urb
+    - f2fs: fix cgroup writeback accounting with fs-layer encryption
+    - [x86] thermal: intel: powerclamp: Fix cur_state for multi package system
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.277
+    - wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for
+      wext"
+    - [x86] staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling
+      a script
+    - [x86] staging: rtl8192e: Remove call_usermodehelper starting
+      RadioPower.sh
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.278
+    - fs: prevent out-of-bounds array speculation when closing a file
+      descriptor
+    - [x86] CPU/AMD: Disable XSAVES on AMD family 0x17
+    - ext4: fix RENAME_WHITEOUT handling for inline directories (regression in
+      4.19.183)
+    - ext4: fix another off-by-one fsmap error on 1k block filesystems
+    - ext4: move where set the MAY_INLINE_DATA flag is set
+    - ext4: fix WARNING in ext4_update_inline_data
+    - ext4: zero i_disksize when initializing the bootloader inode
+    - nfc: change order inside nfc_se_io error path
+    - udf: reduce leakage of blocks related to named streams
+    - udf: Remove pointless union in udf_inode_info
+    - udf: Preserve link count of system files
+    - udf: Detect system inodes linked into directory hierarchy
+    - kbuild: fix false-positive need-builtin calculation
+    - kbuild: generate modules.order only in directories visited by obj-y/m
+    - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
+    - tipc: improve function tipc_wait_for_cond()
+    - [x86] drm/i915: Don't use BAR mappings for ring buffers with LLC
+    - ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.279
+    - ext4: fix cgroup writeback accounting with fs-layer encryption
+    - fs: sysfs_emit_at: Remove PAGE_SIZE alignment check (regression in
+      4.19.179)
+    - tcp: tcp_make_synack() can be called from process context
+    - nfc: pn533: initialize struct pn533_out_arg properly
+    - qed/qed_dev: guard against a possible division by zero
+    - net: tunnels: annotate lockless accesses to dev->needed_headroom
+    - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status
+      fails
+    - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
+      (CVE-2023-1990)
+    - net: usb: smsc75xx: Limit packet length to skb->len
+    - nvmet: avoid potential UAF in nvmet_req_complete()
+    - ipv4: Fix incorrect table ID in IOCTL path
+    - net: usb: smsc75xx: Move packet length check to prevent kernel panic in
+      skb_pull
+    - hwmon: (adt7475) Display smoothing attributes in correct order
+    - hwmon: (adt7475) Fix masking of hysteresis registers
+    - [arm64] hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due
+      to race condition (CVE-2023-1855)
+    - jffs2: correct logic when creating a hole in jffs2_write_begin
+    - ext4: fail ext4_iget if special inode unallocated
+    - ext4: fix task hung in ext4_xattr_delete_inode
+    - [amd64] drm/amdkfd: Fix an illegal memory access
+    - tracing: Check field value in hist_field_name()
+    - ftrace: Fix invalid address access in lookup_rec() when index is 0
+    - [x86] mm: Fix use of uninitialized buffer in sme_enable()
+    - [x86] drm/i915: Don't use stolen memory for ring buffers with LLC
+    - HID: core: Provide new max_buffer_size attribute to over-ride the default
+    - HID: uhid: Over-ride the default maximum data buffer value with our own
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.280
+    - power: supply: da9150: Fix use after free bug in da9150_charger_remove
+      due to race condition (CVE-2023-30772)
+    - i40evf: Change a VF mac without reloading the VF driver
+    - intel-ethernet: rename i40evf to iavf
+    - iavf: diet and reformat
+    - iavf: fix inverted Rx hash condition leading to disabled hash
+    - intel/igbvf: free irq on the error path in igbvf_request_msix()
+    - igbvf: Regard vf reset nack as success
+    - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
+    - net: usb: smsc95xx: Limit packet length to skb->len
+    - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
+    - [x86] xirc2ps_cs: Fix use after free bug in xirc2ps_detach
+      (CVE-2023-1670)
+    - [arm64] net: qcom/emac: Fix use after free bug in emac_remove due to race
+      condition
+    - bpf: Adjust insufficient default bpf_jit_limit
+    - net/mlx5: Read the TC mapping of all priorities on ETS query
+    - erspan: do not use skb_mac_header() in ndo_start_xmit()
+    - hvc/xen: prevent concurrent accesses to the shared ring
+    - [arm64] net: mdio: thunder: Add missing fwnode_handle_put()
+    - [arm64 ]Bluetooth: btqcomsmd: Fix command timeout after setting BD
+      address
+    - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to
+      unfinished work (CVE-2023-1989)
+    - [x86] hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs
+    - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
+    - [x86] thunderbolt: Use const qualifier for `ring_interrupt_index`
+    - scsi: target: iscsi: Fix an error message in iscsi_check_key()
+    - scsi: ufs: core: Add soft dependency on governor_simpleondemand
+    - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
+    - net: usb: qmi_wwan: add Telit 0x1080 composition
+    - cifs: empty interface list when server doesn't support query interfaces
+    - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
+    - usb: gadget: u_audio: don't let userspace block driver unbind
+    - igb: revert rtnl_lock() that causes deadlock (regression in 4.19.256)
+    - dm thin: fix deadlock when swapping to thin device
+    - [arm*] usb: chipdea: core: fix return -EINVAL if request role is the same
+      with current role
+    - [arm*] usb: chipidea: core: fix possible concurrent when switch role
+    - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
+    - [arm64] i2c: xgene-slimpro: Fix out-of-bounds bug in
+      xgene_slimpro_i2c_xfer() (CVE-2023-2194)
+    - dm stats: check for and propagate alloc_percpu failure
+    - dm crypt: add cond_resched() to dmcrypt_write()
+    - sched/fair: sanitize vruntime of entity being placed
+    - sched/fair: Sanitize vruntime of entity being migrated
+    - tun: avoid double free in tun_free_netdev (CVE-2022-4744)
+    - ocfs2: fix data corruption after failed write (regression in 4.19.155)
+    - md: avoid signed overflow in slot_store()
+    - [x86] ALSA: asihpi: check pao in control_message()
+    - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
+    - sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
+    - [i386] fbdev: lxfb: Fix potential divide by zero
+    - scsi: megaraid_sas: Fix crash after a double completion
+    - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
+    - i40e: fix registers dump after run ethtool adapter self test
+    - [arm*] net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only
+    - [arm*] net: mvneta: make tx buffer array agnostic
+    - [arm*] Input: alps - fix compatibility with -funsigned-char
+    - [arm*] Input: focaltech - use explicitly signed char type
+    - cifs: prevent infinite recursion in CIFSGetDFSRefer()
+    - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
+    - xen/netback: don't do grant copy across page boundary (regression in
+      4.19.269)
+    - [x86] ALSA: hda/conexant: Partial revert of a quirk for Lenovo
+      (regression in 4.19.256)
+    - ALSA: usb-audio: Fix regression on detection of Roland VS-100
+      (regression in 4.19.164)
+    - [armhf] drm/etnaviv: fix reference leak when mmaping imported buffer
+    - ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
+    - gfs2: Always check inode size of inline inodes
+    - net: sched: cbq: dont intepret cls results when asked to drop
+      (CVE-2023-23454)
+    - cgroup/cpuset: Change cpuset_rwsem and hotplug lock order
+    - cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock (regression
+      in 4.19.232)
+    - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.281
+    - pinctrl: Added IRQF_SHARED flag for amd-pinctrl driver
+    - pinctrl: amd: Use irqchip template
+    - pinctrl: amd: disable and mask interrupts on probe
+    - NFSv4: Convert struct nfs4_state to use refcount_t
+    - NFSv4: Check the return value of update_open_stateid()
+    - NFSv4: Fix hangs when recovering open state after a server reboot
+    - [arm64] pwm: cros-ec: Explicitly set .polarity in .get_state()
+    - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded
+      sta
+    - icmp: guard against too small mtu
+    - net: don't let netpoll invoke NAPI if in xmit context
+    - sctp: check send stream number after wait_for_sndbuf
+    - ipv6: Fix an uninit variable access bug in __ip6_make_skb()
+    - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
+    - USB: serial: option: add Telit FE990 compositions
+    - USB: serial: option: add Quectel RM500U-CN modem
+    - nilfs2: fix potential UAF of struct nilfs_sc_info in
+      nilfs_segctor_thread()
+    - nilfs2: fix sysfs interface lifetime
+    - [x86] ALSA: hda/realtek: Add quirk for Clevo X370SNW
+    - perf/core: Fix the same task check in perf_event_set_output
+    - ftrace: Mark get_lock_parent_ip() __always_inline
+    - ring-buffer: Fix race while reader and writer are on the same page
+    - mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
+    - [x86] ALSA: emu10k1: fix capture interrupt handler unlinking
+    - [x86] ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
+    - [x86] ALSA: i2c/cs8427: fix iec958 mixer control deactivation
+    - [x86] ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
+    - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
+    - Bluetooth: Fix race condition in hidp_session_thread
+    - mtdblock: tolerate corrected bit-flips
+    - 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race
+      condition (CVE-2023-1859)
+    - niu: Fix missing unwind goto in niu_alloc_channels()
+    - qlcnic: check pci_reset_function result
+    - sctp: fix a potential overflow in sctp_ifwdtsn_skip
+    - [arm64] net: macb: fix a memory corruption in extended buffer descriptor
+      mode
+    - udp6: fix potential access to stale information
+    - [arm64] power: supply: cros_usbpd: reclassify "default case!" as debug
+    - [x86] efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
+    - [amd64] verify_pefile: relax wrapper length check
+    - scsi: ses: Handle enclosure with just a primary component gracefully
+    - [x86] PCI: Add quirk for AMD XHCI controller that loses MSI-X state in
+      D3hot
+    - ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
+    - ubi: Fix deadlock caused by recursively holding work_sem
+    - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
+    - [arm64] watchdog: sbsa_wdog: Make sure the timeout programming is within
+      the limits
+    - [x86] KVM: nVMX: add missing consistency checks for CR0 and CR4
+      (CVE-2023-30456)
+    - [arm64] KVM: arm64: Factor out core register ID enumeration
+    - [arm64] KVM: arm64: Filter out invalid core register IDs in
+      KVM_GET_REG_LIST (regression in 4.19)
+    - [arm64] KVM: Fix system register enumeration
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.282
+    - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
+    - virtio_net: bugfix overflow inside xdp_linearize_page()
+    - i40e: fix accessing vsi->active_filters without holding lock
+    - i40e: fix i40e_setup_misc_vector() error handling
+    - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()
+    - e1000e: Disable TSO on i219-LM card to increase speed
+    - f2fs: Fix f2fs_truncate_partial_nodes ftrace event
+    - [x86] Input: i8042 - add quirk for Fujitsu Lifebook A574/H
+    - scsi: megaraid_sas: Fix fw_crash_buffer_show()
+    - scsi: core: Improve scsi_vpd_inquiry() checks
+    - xen/netback: use same error messages for same errors
+    - nilfs2: initialize unused bytes in segment summary blocks
+    - memstick: fix memory leak if card device is never registered
+    - [x86] purgatory: Don't generate debug info for purgatory.ro
+    - Revert "ext4: fix use-after-free in ext4_xattr_set_entry"  (regression in
+      4.19.256)
+    - ext4: remove duplicate definition of ext4_xattr_ibody_inline_set()
+    - ext4: fix use-after-free in ext4_xattr_set_entry
+    - udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM).
+    - tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().
+    - inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
+    - dccp: Call inet6_destroy_sock() via sk->sk_destruct().
+    - sctp: Call inet6_destroy_sock() via sk->sk_destruct().
+
+  [ Ben Hutchings ]
+  * Bump ABI to 24
+  * [armhf] Disable LOCK_DOWN_KERNEL, LOCK_DOWN_IN_EFI_SECURE_BOOT, and
+    MODULE_SIG where we don't sign code (Closes: #825141)
+  * [rt] Update to 4.19.280-rt123:
+    - workqueue: Fix deadlock due to recursive locking of pool->lock
+  * [rt] netpoll: Fix netif_local_xmit_active() for 4.19-rt
+
+4.19.269-1 [Tue, 20 Dec 2022 23:56:34 +0100] Ben Hutchings <benh@debian.org>:
 
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.261

<http://piuparts.knut.univention.de/5.0-3/#7293940407745058237>

Comment 2 Philipp Hahn 2023-05-03 11:06:45 CEST

*** This bug has been marked as a duplicate of bug 56032 ***