Univention Bugzilla – Bug 56972
linux: Multiple issues (5.0)
Last modified: 2024-01-24 15:15:53 CET
New Debian linux 4.19.304-1 fixes: This update addresses the following issues: 4.19.304-1 (Tue, 09 Jan 2024 00:13:47 +0000) * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.290 - xen/netback: Fix buffer overrun triggered by unusual packet (CVE-2023-34319) - [x86] fix backwards merge of GDS/SRSO bit https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.291 - gfs2: Don't deref jdesc in evict (CVE-2023-3212) - [x86] smp: Use dedicated cache-line for mwait_play_dead() - drm/edid: Fix uninitialized variable in drm_cvt_modes() - drm/amdgpu: Validate VM ioctl flags. - treewide: Remove uninitialized_var() usage - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter - md/raid10: fix overflow of md/safe_mode_delay - md/raid10: fix wrong setting of max_corr_read_errors - md/raid10: fix io loss while replacement replace rdev - clocksource/drivers: Unify the names to timer-* format - PM: domains: fix integer overflow issues in genpd_parse_state() - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx - nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect() - [x86] wifi: orinoco: Fix an error handling path in spectrum_cs_probe() - [x86] wifi: orinoco: Fix an error handling path in orinoco_cs_probe() - [x86] wifi: atmel: Fix an error handling path in atmel_probe() - net: create netdev->dev_addr assignment helpers - [x86] wifi: wl3501_cs: Fix an error handling path in wl3501_probe() - [x86] wifi: ray_cs: Utilize strnlen() in parse_addr() - [x86] wifi: ray_cs: Fix an error handling path in ray_probe() - wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes - watchdog/perf: more properly prevent false positives with turbo modes - kexec: fix a memory leak in crash_shrink_memory() - memstick r592: make memstick_debug_get_tpc_name() static - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (regression in 4.19.205) - wifi: ath9k: convert msecs to jiffies where needed - netlink: fix potential deadlock in netlink_set_err() - netlink: do not hard code device address lenth in fdb dumps - gtp: Fix use-after-free in __gtp_encap_destroy(). - lib/ts_bm: reset initial match offset for every block of text - netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. - ipvlan: Fix return value of ipvlan_queue_xmit() - netlink: Add __sock_i_ino() for __netlink_diag_dump(). - radeon: avoid double free in ci_dpm_init() - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H - [x86] ASoC: es8316: Increment max value for ALC Capture Target Volume control - [amd64] IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors - drm/radeon: fix possible division-by-zero errors - ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() - [x86] pinctrl: cherryview: Return correct value if pin in push-pull mode - perf dwarf-aux: Fix off-by-one in die_get_varname() - hwrng: virtio - add an internal buffer - hwrng: virtio - don't wait on cleanup - hwrng: virtio - don't waste entropy - hwrng: virtio - always add a pending request - hwrng: virtio - Fix race on data_avail and actual data - modpost: fix section mismatch message for R_ARM_ABS32 - modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} - USB: serial: option: add LARA-R6 01B PIDs - block: change all __u32 annotations to __be32 in affs_hardblocks.h - w1: fix loop in w1_fini() - media: usb: Check az6007_read() return value - media: usb: siano: Fix warning due to null work_func_t function pointer (regression in 4.19.276) - [x86] mfd: intel-lpss: Add missing check for platform_get_resource - [armhf] mfd: stmpe: Only disable the regulators if they are enabled - sctp: fix potential deadlock on &net->sctp.addr_wq_lock (regression in 4.19.191) - tg3: Add MODULE_FIRMWARE() for FIRMWARE_TG357766. - f2fs: fix error path handling in truncate_dnode() - net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode - tcp: annotate data races in __tcp_oow_rate_limited() - net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX - ALSA: jack: Fix mutex call in snd_jack_report() (regression in 4.19.247) - NFSD: add encoding of op_recall flag for write delegation - mmc: core: disable TRIM on Kingston EMMC04G-M627 - mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M - bcache: Remove unnecessary NULL point check in node allocations - integrity: Fix possible multiple allocation in integrity_inode_get() - jffs2: reduce stack usage in jffs2_build_xattr_subsystem() - btrfs: fix race when deleting quota root from the dirty cow roots list - netfilter: nf_tables: fix nat hook table deletion - netfilter: nf_tables: add rescheduling points during loop detection walks - netfilter: nftables: add helper function to set the base sequence number - netfilter: add helper function to set up the nfnetlink header and use it - netfilter: nf_tables: use net_generic infra for transaction data - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE (CVE-2023-3390) - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/ chain - netfilter: nf_tables: reject unbound anonymous set before commit phase - netfilter: nf_tables: unbind non-anonymous set if rule construction fails - netfilter: nf_tables: fix scheduling-while-atomic splat - netfilter: conntrack: Avoid nf_ct_helper_hash uses after free - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval (CVE-2023-35001) - net: lan743x: Don't sleep in atomic context - workqueue: clean up WORK_* constant types, clarify masking - [arm*] net: mvneta: fix txq_map in case of txq_number==1 - vrf: Increment Icmp6InMsgs on the original netdev - icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). - udp6: fix udp6_ehashfn() typo - ipv6/addrconf: fix a potential refcount underflow for idev - [x86] wifi: airo: avoid uninitialized warning in airo_get_rate() - net/sched: make psched_mtu() RTNL-less safe - pinctrl: amd: Fix mistake in handling clearing pins at startup - pinctrl: amd: Detect internal GPIO0 debounce handling - pinctrl: amd: Only use special debounce behavior for GPIO 0 - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation - SUNRPC: Fix UAF in svc_tcp_listen_data_ready() - [x86] perf intel-pt: Fix CYC timestamps after standalone CBR - ext4: fix wrong unit use in ext4_mb_clear_bb - ext4: only update i_reserved_data_blocks on successful block allocation - jfs: jfs_dmap: Validate db_l2nbperpage while mounting - PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold - PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 - PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked - md/raid0: add discard support for the 'original' layout - fs: dlm: return positive pid value for F_GETLK - [armhf] hwrng: imx-rngc - fix the timeout for init and self check - ceph: don't let check_caps skip sending responses for revoke msgs - [arm*] meson saradc: fix clock divider mask length - [armhf] tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error - [armhf] tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk - ring-buffer: Fix deadloop issue on reading trace_pipe - scsi: qla2xxx: Wait for io return on terminate rport - scsi: qla2xxx: Fix potential NULL pointer dereference - scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() - scsi: qla2xxx: Pointer may be dereferenced - drm/atomic: Fix potential use-after-free in nonblocking commits - tracing/histograms: Add histograms to hist_vars if they have referenced variables - fuse: revalidate: don't invalidate if interrupted - can: bcm: Fix UAF in bcm_proc_show() - ext4: correct inline offset when handling xattrs in inode body - nbd: Add the maximum limit of allocated index in nbd_dev_add - md: fix data corruption for raid456 when reshape restart while grow up - md/raid10: prevent soft lockup while flush writes - posix-timers: Ensure timer ID search-loop limit is valid - sched/fair: Don't balance task to its current running CPU - bpf: Address KCSAN report on bpf_lru_list - wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() - wifi: iwlwifi: mvm: avoid baid size integer overflow - igb: Fix igb_down hung on surprise removal - pinctrl: amd: Use amd_pinconf_set() for all config options - [armhf] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/ cpsw_ale_set_field() - net:ipv6: check return value of pskb_trim() - Revert "tcp: avoid the lookup process failing to get sk in ehash table" (regression in 4.19.272) - llc: Don't drop packet from non-root netns. - netfilter: nf_tables: fix spurious set element insertion failure - netfilter: nf_tables: can't schedule in nft_chain_validate - net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX - tcp: annotate data-races around tp->linger2 - tcp: annotate data-races around rskq_defer_accept - tcp: annotate data-races around tp->notsent_lowat - tcp: annotate data-races around fastopenq.max_qlen - tracing/histograms: Return an error if we fail to add histogram to hist_vars list - bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent - btrfs: fix extent buffer leak after tree mod log failure at split_node() - ext4: Fix reusing stale buffer heads from last failed mounting - PCI: Rework pcie_retrain_link() wait loop - PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() - PCI/ASPM: Factor out pcie_wait_for_retrain() - PCI/ASPM: Avoid link retraining race - dlm: cleanup plock_op vs plock_xop - dlm: rearrange async condition return - fs: dlm: interrupt posix locks only when process is killed - ftrace: Add information on number of page groups allocated - ftrace: Check if pages were allocated before calling free_pages() - ftrace: Store the order of pages allocated in ftrace_page - ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c - scsi: qla2xxx: Array index may go out of bound - ext4: fix to check return value of freeze_bdev() in ext4_shutdown() - i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() - ethernet: atheros: fix return value check in atl1e_tso_csum() - ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address - tcp: Reduce chance of collisions in inet6_hashfn(). (CVE-2023-1206) - bonding: reset bond's flags when down link is P2P device - team: reset team's flags when down link is P2P device - [x86] platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 - net/sched: mqprio: refactor nlattr parsing to a separate function - net/sched: mqprio: add extack to mqprio_parse_nlattr() - net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64 - benet: fix return value check in be_lancer_xmit_workarounds() - RDMA/mlx4: Make check for invalid flags stricter - [arm64] drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() - [armhf] ASoC: fsl_spdif: Silence output on stop - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths - ring-buffer: Fix wrong stat of cpu_buffer->read (regression in 4.19.172) - tracing: Fix warning in trace_buffered_event_disable() - USB: serial: option: support Quectel EM060K_128 - USB: serial: option: add Quectel EC200A module support - USB: serial: simple: add Kaufmann RKS+CAN VCP - USB: serial: simple: sort driver entries - can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED - [arm*] Revert "usb: dwc3: core: Enable AutoRetry feature in the controller" - [arm64] usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy - [arm*] usb: dwc3: don't reset device side if dwc3 was configured as host- only - USB: quirks: add quirk for Focusrite Scarlett - hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled - btrfs: check for commit error at btrfs_attach_transaction_barrier() - tpm_tis: Explicitly check for error code - virtio-net: fix race between set queues and probe - dm cache policy smq: ensure IO doesn't prevent cleaner policy progress - drm/client: Fix memory leak in drm_client_target_cloned - net/sched: cls_fw: Fix improper refcount update leads to use-after-free (CVE-2023-3776) - net/sched: sch_qfq: account for stab overhead in qfq_enqueue (CVE-2023-3611) - net/sched: cls_u32: Fix reference counter leak leading to overflow (CVE-2023-3609) - loop: Select I/O scheduler 'none' from inside add_disk() - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() - net: sched: cls_u32: Fix match key mis-addressing - net: add missing data-race annotations around sk->sk_peek_off - net: add missing data-race annotation for sk_ll_usec - net/sched: cls_u32: No longer copy tcf_result on update to avoid use- after-free (CVE-2023-4208) - net/sched: cls_route: No longer copy tcf_result on update to avoid use- after-free (CVE-2023-4206) - ip6mr: Fix skb_under_panic in ip6mr_cache_report() - tcp_metrics: fix addr_same() helper - tcp_metrics: annotate data-races around tm->tcpm_stamp - tcp_metrics: annotate data-races around tm->tcpm_lock - tcp_metrics: annotate data-races around tm->tcpm_vals[] - tcp_metrics: annotate data-races around tm->tcpm_net - tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen - libceph: fix potential hang in ceph_osdc_notify() - USB: zaurus: Add ID for A-300/B-500/C-700 - fs/sysv: Null check to prevent null-ptr-deref bug - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (CVE-2023-40283) - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb - test_firmware: fix a memory leak with reqs buffer - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation - PM / wakeirq: support enabling wake-up irq after runtime_suspend called - PM: sleep: wakeirq: fix wake irq arming - [armhf] dts: imx6sll: Make ssi node name same as other platforms - [armhf] dts: imx: add usb alias - [armhf] dts: imx6sll: fixup of operating points - [armhf] dts: nxp/imx6sll: fix wrong property name in usbphy node - drm/edid: fix objtool warning in drm_cvt_modes() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.292 - ipv6: adjust ndisc_is_useropt() to also return true for PIO - [arm*] dmaengine: pl330: Return DMA_PAUSED when transaction is paused - drm/nouveau/gr: enable memory loads on helper invocation on all channels - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput - [arm64] iio: cros_ec: Fix the allocation size for cros_ec_command - binder: fix memory leak in binder_init() - usb-storage: alauda: Fix uninit-value in alauda_check_media() - [arm*] usb: dwc3: Properly handle processing of pending events - [x86] cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 - [amd64] mm: Fix VDSO and VVAR placement on 5-level paging machines - drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (regression in 4.19.287) - net/packet: annotate data-races around tp->status - bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves - dccp: fix data-race around dp->dccps_mss_cache - drivers: net: prevent tun_build_skb() to exceed the packet size limit - [amd64] IB/hfi1: Fix possible panic during hotplug remove - wifi: cfg80211: fix sband iftype data lookup for AP_VLAN - btrfs: don't stop integrity writeback too early - netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush - netfilter: nf_tables: report use refcount overflow - [x86] scsi: storvsc: Fix handling of virtual Fibre Channel timeouts - scsi: snic: Fix possible memory leak if device_add() fails - scsi: core: Fix possible memory leak if device_add() fails - sch_netem: fix issues in netem_change() vs get_dist_table() (regression in 4.19.288) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.293 - drm/radeon: Fix integer overflow in radeon_cs_parser_init - ALSA: emu10k1: roll up loops in DSP setup code for Audigy - quota: Properly disable quotas when add_dquot_ref() fails - quota: fix warning in dqgrab() - HID: add quirk for 03f0:464a HP Elite Presenter Mouse - udf: Fix uninitialized array access for some pathnames - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev - FS: JFS: Fix null-ptr-deref Read in txBegin - FS: JFS: Check for read-only mounted filesystem in txBegin - media: v4l2-mem2mem: add lock to protect parameter num_rdy - gfs2: Fix possible data races in gfs2_show_options() - [x86] pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() - Bluetooth: L2CAP: Fix use-after-free - drm/amdgpu: Fix potential fence use-after-free v2 - iio: adc: stx104: Utilize iomap interface - iio: adc: stx104: Implement and utilize register structures - iio: addac: stx104: Fix race condition for stx104_write_raw() - iio: addac: stx104: Fix race condition when converting analog-to-digital - [x86] topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms - [arm64] usb: dwc3: qcom: Add helper functions to enable,disable wake irqs - [arm64] USB: dwc3: qcom: fix NULL-deref on suspend - [arm64] mmc: meson-gx: remove useless lock - [arm64] mmc: meson-gx: remove redundant mmc_request_done() call from irq context - mmc: Remove dev_err() usage after platform_get_irq() - [arm*] mmc: bcm2835: fix deferred probing - [arm*] mmc: sunxi: fix deferred probing - block: fix signed int overflow in Amiga partition support - nfsd4: kill warnings on testing stateids with mismatched clientids - nfsd: Remove incorrect check in nfsd4_validate_stateid - virtio-mmio: convert to devm_platform_ioremap_resource - virtio-mmio: Use to_virtio_mmio_device() to simply code - virtio-mmio: don't break lifecycle of vm_dev - btrfs: fix BUG_ON condition in btrfs_cancel_balance - net: xfrm: Fix xfrm_address_filter OOB read (CVE-2023-39194) - net: af_key: fix sadb_x_filter validation (regression in 4.19.148) - xfrm: fix slab-use-after-free in decode_session6 - ip6_vti: fix slab-use-after-free in decode_session6 - ip_vti: fix potential slab-use-after-free in decode_session6 - xfrm: add NULL check in xfrm_update_ae_params (CVE-2023-3772) - netfilter: nft_dynset: disallow object maps (CVE-2023-4244) - team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves - sock: Fix misuse of sk_under_memory_pressure() - net: do not allow gso_size to be set to GSO_BY_FRAGS - serial: 8250: Fix oops for port->pm on uart_change_pm() - ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. - cifs: Release folio lock on fscache read hit. - [x86] mmc: wbsd: fix double mmc_free_host() in wbsd_init() (regression in 4.19.270) - test_firmware: prevent race conditions by a correct implementation of locking - netfilter: set default timeout to 3 secs for sctp shutdown send and recv state - af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (CVE-2023-4622) - virtio-net: set queues after driver_ok - net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled - net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure - net: phy: broadcom: stub c45 read/write for 54810 - dlm: improve plock logging if interrupted - dlm: replace usage of found with dedicated list iterator variable - fs: dlm: add pid to debug log - fs: dlm: change plock interrupted message to debug again - fs: dlm: use dlm_plock_info for do_unlock_close - fs: dlm: fix mismatch of plock results from userspace - fbdev: Improve performance of sys_imageblit() - fbdev: Fix sys_imageblit() for arbitrary image widths - fbdev: fix potential OOB read in fast_imageblit() - dm integrity: increase RECALC_SECTORS to improve recalculate speed - dm integrity: reduce vmalloc space footprint on 32-bit architectures - regmap: Account for register length in SMBus I/O limits - drm/amd/display: do not wait for mpc idle if tg is disabled - drm/amd/display: check TG is non-null before checking if enabled - tracing: Fix memleak due to race between current_tracer and trace - sock: annotate data-races around prot->memory_pressure - dccp: annotate data-races in dccp_poll() - igb: Avoid starting unnecessary workqueues - net/sched: fix a qdisc modification with ambiguous command request - bonding: fix macvlan over alb bond support - ipvs: Improve robustness to the ipvs sysctl - ipvs: fix racy memcpy in proc_do_sync_threshold - nfsd: Fix race to FREE_STATEID and cl_revoked - batman-adv: Trigger events for auto adjusted MTU - batman-adv: Don't increase MTU when set by user - batman-adv: Do not get eth header before batadv_check_management_packet - batman-adv: Fix TT global entry leak when client roamed back - batman-adv: Fix batadv_v_ogm_aggr_send memory leak - [x86] fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (regression in 4.19.289-2) - mmc: block: Fix in_flight[issue_type] value error - sched/rt: pick_next_rt_entity(): check list_entry (CVE-2023-1077) - netfilter: nf_queue: fix socket leak (regression in 4.19.233) - scsi: snic: Fix double free in snic_tgt_create() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.294 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.295 - erofs: ensure that the post-EOF tails are all zeroed - modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules - USB: serial: option: add Quectel EM05G variant (0x030e) - USB: serial: option: add FOXCONN T99W368/T99W373 product - HID: wacom: remove the battery when the EKR is off - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (CVE-2023-1989) - nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse - pinctrl: amd: Don't show `Invalid config param` errors - 9p: virtio: make sure 'offs' is initialized in zc_request - ASoC: da7219: Flush pending AAD IRQ when suspending - ASoC: da7219: Check for failure reading AAD IRQ events - ethernet: atheros: fix return value check in atl1c_tso_csum() - vxlan: generalize vxlan_parse_gpe_hdr and remove unused args - fs/nls: make load_nls() take a const parameter - [x86] ASoc: codecs: ES8316: Fix DMIC config - [x86] platform/x86: intel: hid: Always call BTNL ACPI method - security: keys: perform capable check only on privileged operations - net: usb: qmi_wwan: add Quectel EM05GV2 - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock - bnx2x: fix page fault following EEH recovery - sctp: handle invalid error codes without calling BUG() - cifs: add a warning when the in-flight count goes negative - ALSA: seq: oss: Fix racy open/close of MIDI devices - net: Avoid address overwrite in kernel_connect - udf: Check consistency of Space Bitmap Descriptor - udf: Handle error when adding extent to a file - Revert "net: macsec: preserve ingress frame ordering" (regression in 4.19.123) - reiserfs: Check the return value from __getblk() - eventfd: Export eventfd_ctx_do_read() - eventfd: prevent underflow for eventfd semaphores - fs: new helper: lookup_positive_unlocked() - netfilter: nft_flow_offload: fix underflow in flowtable reference counter - netfilter: nf_tables: missing NFT_TRANS_PREPARE_ERROR in flowtable deactivatation - fs: Fix error checking for d_hash_and_lookup() - [x86] cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit() - bpf: Clear the probe_addr for uprobe - regmap: rbtree: Use alloc_flags for memory allocations - [arm*] spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() - can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM - wifi: mwifiex: Fix OOB and integer underflow when rx packets - mwifiex: switch from 'pci_' to 'dma_' API - wifi: mwifiex: fix error recovery in PCIE buffer descriptor management - Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() - lwt: Check LWTUNNEL_XMIT_CONTINUE strictly - fs: ocfs2: namei: check return value of ocfs2_add_entry() - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() - wifi: mwifiex: Fix missed return in oob checks failed path - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx - wifi: ath9k: protect WMI command response buffer replacement with a lock - wifi: mwifiex: avoid possible NULL skb pointer dereference - wifi: ath9k: use IS_ERR() with debugfs_create_dir() - [x86] net: arcnet: Do not call kfree_skb() under local_irq_disable() - net/sched: sch_hfsc: Ensure inner classes have fsc curve (CVE-2023-4623) - [x86] netrom: Deny concurrent connect(). - quota: avoid increasing DQST_LOOKUPS when iterating over dirty/inuse list - quota: factor out dquot_write_dquot() - quota: fix dqput() to follow the guarantees dquot_srcu should provide - [arm64] dts: msm8996: thermal: Add interrupt support - [arm64] dts: qcom: msm8996: Add missing interrupt to the USB2 controller - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() - [arm64] drm: adv7511: Fix low refresh rate register for ADV7533/5 - drm/tegra: Remove superfluous error messages around platform_get_irq() - drm/tegra: dpaux: Fix incorrect return value of platform_get_irq - [arm64] drm/msm/mdp5: Don't leak some plane state - audit: fix possible soft lockup in __audit_inode_child() - ALSA: ac97: Fix possible error value of *rac97 - PCI: pciehp: Use RMW accessors for changing LNKCTL - PCI/ASPM: Use RMW accessors for changing LNKCTL - PCI/ATS: Add pci_prg_resp_pasid_required() interface. - PCI: Decode PCIe 32 GT/s link speed - PCI: Add #defines for Enter Compliance, Transmit Margin - drm/amdgpu: Correct Transmit Margin masks - drm/amdgpu: Replace numbers with PCI_EXP_LNKCTL2 definitions - drm/amdgpu: Prefer pcie_capability_read_word() - drm/amdgpu: Use RMW accessors for changing LNKCTL - drm/radeon: Correct Transmit Margin masks - drm/radeon: Replace numbers with PCI_EXP_LNKCTL2 definitions - drm/radeon: Prefer pcie_capability_read_word() - drm/radeon: Use RMW accessors for changing LNKCTL - wifi: ath10k: Use RMW accessors for changing LNKCTL - nfs/blocklayout: Use the passed in gfp flags - jfs: validate max amount of blocks before allocation. - fs: lockd: avoid possible wrong NULL parameter - NFSD: da_addr_body field missing in some GETDEVICEINFO replies - media: Use of_node_name_eq for node name comparisons - media: v4l2-fwnode: fix v4l2_fwnode_parse_link handling - media: v4l2-fwnode: simplify v4l2_fwnode_parse_link - media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() - drivers: usb: smsusb: fix error handling code in smsusb_init_device - media: dib7000p: Fix potential division by zero - media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (regression in 4.19.226) - media: cx24120: Add retval check for cx24120_message_send() - [armhf] usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() - scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() - scsi: be2iscsi: Add length check when parsing nlattrs - scsi: qla4xxx: Add length check when parsing nlattrs - scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly - scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly - IB/uverbs: Fix an potential error pointer dereference - USB: gadget: f_mass_storage: Fix unused variable warning - scsi: core: Use 32-bit hostnum in scsi_host_lookup() - scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock - [arm*] serial: tegra: handle clk prepare error in tegra_uart_hw_init() - [arm*] amba: bus: fix refcount leak - Revert "IB/isert: Fix incorrect release of isert connection" (regression in 4.19.287) - HID: multitouch: Correct devm device reference for hidinput input_dev name - [arm64] rpmsg: glink: Add check for kstrdup - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (CVE-2023-42753) - netfilter: xt_u32: validate user space input (CVE-2023-39192) - netfilter: xt_sctp: validate the flag_info count (CVE-2023-39193) - skbuff: skb_segment, Call zero copy functions before using skbuff frags - igb: set max size RX buffer when store bad packet is enabled (CVE-2023-45871) - PM / devfreq: Fix leak in devfreq_dev_release() - ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl - ipmi_si: fix a memleak in try_smi_init() - [armhf] OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch() - [armhf] backlight/gpio_backlight: Compare against struct fb_info.device - media: dvb: symbol fixup for dvb_attach() - procfs: block chmod on /proc/thread-self/comm - dlm: fix plock lookup when using multiple lockspaces - dccp: Fix out of bounds access in DCCP error handler - X.509: if signature is unsupported skip validation - net: handle ARPHRD_PPP in dev_is_mac_header_xmit() - pstore/ram: Check start of empty przs during init - udf: initialize newblock to 0 - scsi: qla2xxx: fix inconsistent TMF timeout - scsi: qla2xxx: Turn off noisy message log - drm/ast: Fix DRAM init on AST2200 - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info - kconfig: fix possible buffer overflow - net: read sk->sk_family once in sk_mc_loop() - igb: disable virtualization features on 82580 - veth: Fixing transmit return status for dropped packets - net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr - af_unix: Fix data-races around user->unix_inflight. - af_unix: Fix data-race around unix_tot_inflight. - af_unix: Fix data-races around sk->sk_shutdown. - af_unix: Fix data race around sk->sk_err. - net: sched: sch_qfq: Fix UAF in qfq_dequeue() (CVE-2023-4921) - igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 - igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 - netfilter: nfnetlink_osf: avoid OOB read (CVE-2023-39189) - btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART - perf hists browser: Fix hierarchy mode header - ixgbe: fix timestamp configuration code - drm/amd/display: Fix a bug when searching for insert_above_mpcc - autofs: fix memory leak of waitqueues in autofs_catatonic_mode - btrfs: output extra debug info if we failed to find an inline backref - ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer - [x86] ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 - [arm*] hw_breakpoint: fix single-stepping when using bpf_overflow_handler - wifi: ath9k: fix printk specifier - wifi: mwifiex: fix fortify warning - crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() - tpm_tis: Resend command to recover from data transfer errors - [armhf] drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() - md: raid1: fix potential OOB in raid1_remove_disk() - fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() - jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount - media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer - media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() - media: af9005: Fix null-ptr-deref in af9005_i2c_xfer - media: anysee: fix null-ptr-deref in anysee_master_xfer - media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() - media: tuners: qt1010: replace BUG_ON with a regular error - media: pci: cx23885: replace BUG with error return - scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() - kobject: Add sanity check for kset->kobj.ktype in kset_register() - md/raid1: fix error: ISO C90 forbids mixed declarations - attr: block mode changes of symlinks - btrfs: fix lockdep splat and potential deadlock after failure running delayed items - nfsd: fix change_info in NFSv4 RENAME replies - net/sched: cls_fw: No longer copy tcf_result on update to avoid use- after-free (CVE-2023-4207) - net/sched: Retire rsvp classifier (CVE-2023-42755) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.296 - NFS/pNFS: Report EINVAL errors from connect() to the server - ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones - ata: libahci: clear pending interrupt status - netfilter: nf_tables: disallow element removal on anonymous sets - ipv4: fix null-deref in ipv4_link_failure (CVE-2023-42754) - [arm64] net: hns3: add 5ms delay before clear firmware reset irq source - net: add atomic_long_t to net_device_stats fields - net: bridge: use DEV_STATS_INC() - team: fix null-ptr-deref when team device type is changed - [x86] Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN - scsi: qla2xxx: Add protection mask module parameters - scsi: qla2xxx: Remove unsupported ql2xenabledif option - scsi: megaraid_sas: Load balance completions across all MSI-X - scsi: megaraid_sas: Fix deadlock on firmware crashdump - ext4: remove the 'group' parameter of ext4_trim_extent - ext4: add new helper interface ext4_try_to_trim_range() - ext4: scope ret locally in ext4_try_to_trim_range() - ext4: change s_last_trim_minblks type to unsigned long - ext4: mark group as trimmed only if it was fully scanned - ext4: replace the traditional ternary conditional operator with with max()/min() - ext4: move setting of trimmed bit into ext4_try_to_trim_range() - ext4: do not let fstrim block system suspend - [armhf] dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot - ring-buffer: Avoid softlockup in ring_buffer_resize() - ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() - nvme-pci: do not set the NUMA node of device if it has none - [x86] watchdog: iTCO_wdt: No need to stop the timer in probe - [x86] watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running - net: Fix unwanted sign extension in netdev_stats_to_stats64() - scsi: megaraid_sas: Enable msix_load_balance for Invader and later controllers - serial: 8250_port: Check IRQ data before use (regression in 4.19.283) - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() - [x86] ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES - [x86] i2c: i801: unregister tco_pdev in i801_probe() error path - btrfs: properly report 0 avail for very full file systems - net: thunderbolt: Fix TCPv6 GSO checksum calculation - ata: libata-core: Fix ata_port_request_pm() locking - ata: libata-core: Fix port and device removal - ata: libata-core: Do not register PM operations for SAS ports - ata: libata-sata: increase PMP SRST timeout to 10s - ata: libata: disallow dev-initiated LPM transitions to unsupported states - media: dvb: symbol fixup for dvb_attach() - again - qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info - wifi: mwifiex: Fix tlv_buf_left calculation - net: replace calls to sock->ops->connect() with kernel_connect() - ubi: Refuse attaching if mtd's erasesize is 0 - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet - regmap: rbtree: Fix wrong register marked as in-cache when creating new node - scsi: target: core: Fix deadlock due to recursive locking - ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg - tcp: fix quick-ack counting to count actual ACKs of new data - tcp: fix delayed ACKs for MSS boundary condition - sctp: update transport state when processing a dupcook packet - sctp: update hb timer immediately after users change hb_interval - IB/mlx4: Fix the size of a buffer in add_port_entries() - RDMA/cma: Fix truncation compilation warning in make_cma_ports - RDMA/mlx5: Fix NULL string error - dccp: fix dccp_v4_err()/dccp_v6_err() again - rtnetlink: Reject negative ifindexes in RTM_NEWLINK - xen/events: replace evtchn_rwlock with RCU (CVE-2023-34324) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.297 - [x86] indirect call wrappers: helpers to speed-up indirect calls of builtin - [x86] net: use indirect calls helpers at the socket layer - net: prevent rewrite of msg_name in sock_sendmsg() - RDMA/cxgb4: Check skb value for failure to allocate - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect - quota: Fix slow quotaoff - net: prevent address rewrite in kernel_bind() - [armhf] drm: etvnaviv: fix bad backport leading to warning (regression in 4.19.280) - [arm64] drm/msm/dsi: skip the wait for video mode done if not applicable - xen-netback: use default TX queue size for vifs - [x86] drm/vmwgfx: fix typo of sizeof argument - ixgbe: fix crash with empty VF macvlan list - net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() - nfc: nci: assert requested protocol is valid - workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() - sched,idle,rcu: Push rcu_idle deeper into the idle path - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read - [arm*] usb: dwc3: Soft reset phy on probe for host - [arm*] usb: musb: Get the musb_qh poniter after musb_giveback - [arm*] usb: musb: Modify the "HWVers" register address - [x86] iio: pressure: bmp280: Fix NULL pointer exception - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() - Input: powermate - fix use-after-free in powermate_config_complete - Input: psmouse - fix fast_reconnect function for PS/2 mode - [x86] Input: xpad - add PXN V900 support - cgroup: Remove duplicates in cgroup v1 tasks file - [x86] cpu: Fix AMD erratum #1485 on Zen4-based CPUs - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call - dev_forward_skb: do not scrub skb mark within the same name space - usb: hub: Guard against accesses to uninitialized BOS descriptors - Bluetooth: hci_event: Ignore NULL link key - Bluetooth: Reject connection with the device which has same BD_ADDR - Bluetooth: Fix a refcnt underflow problem for hci_conn - [x86] Bluetooth: vhci: Fix race when opening vhci device - Bluetooth: avoid memcmp() out of bounds warning - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() - regmap: fix NULL deref on lookup (regression in 4.19.135) - [x86] KVM: x86: Mask LVTPC when handling a PMI - netfilter: nft_payload: fix wrong mac header matching - xfrm: fix a data-race in xfrm_gen_index() - xfrm: interface: use DEV_STATS_INC() - net: ipv4: fix return value check in esp_remove_trailer - net: ipv6: fix return value check in esp_remove_trailer - tcp: fix excessive TLP and RACK timeouts from HZ rounding - tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() - i40e: prevent crash on probe if hw registers have invalid values - net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve - netfilter: nft_set_rbtree: .deactivate fails if element has expired - net: pktgen: Fix interface flags printing - libceph: fix unaligned accesses in ceph_entity_addr handling - libceph: use kernel_connect() - [armhf] dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone - btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 - btrfs: initialize start_slot in btrfs_log_prealloc_extents - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter - overlayfs: set ctime when setting mtime and atime - ata: libata-eh: Fix compilation warning in ata_eh_link_report() - tracing: relax trace_event_eval_update() execution with cond_resched() - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event - Bluetooth: Avoid redundant authentication - Bluetooth: hci_core: Fix build warnings - wifi: mac80211: allow transmitting EAPOL frames with tainted key - wifi: cfg80211: avoid leaking stack data into trace - drm: panel-orientation-quirks: Add quirk for One Mix 2S - btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c - Bluetooth: hci_event: Fix using memcmp when comparing keys - ACPI: irq: Fix incorrect return value in acpi_register_gsi() - USB: serial: option: add Telit LE910C4-WWX 0x1035 composition - USB: serial: option: add entry for Sierra EM9191 with new firmware - USB: serial: option: add Fibocom to DELL custom modem FM101R-GL - perf: Disallow mis-matched inherited group reads (CVE-2023-5717) - Bluetooth: hci_sock: fix slab oob read in create_monitor_event - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name - xfrm6: fix inet6_dev refcount underflow problem https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.298 - mmc: sdio: Don't re-initialize powered-on removable SDIO cards at resume - mmc: core: sdio: hold retuning if sdio in 1-bit mode - virtio-mmio: fix memory leak of vm_dev - r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1 - r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1 - igb: Fix potential memory leak in igb_add_ethtool_nfc_entry - gtp: fix fragmentation needed check with gso - i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR - [armhf] i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() - [armhf] i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() - perf/core: Fix potential NULL deref - [armhf] iio: exynos-adc: request second interupt only when touchscreen mode is used - [x86] i8259: Skip probing when ACPI/MADT advertises PCAT compatibility - NFS: Don't call generic_error_remove_page() while holding locks - drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() - [arm64] fix a concurrency issue in emulation_proc_handler() - kobject: Fix slab-out-of-bounds in fill_kobj_path() (CVE-2023-45863) - f2fs: fix to do sanity check on inode type during garbage collection (CVE-2021-44879) - nfsd: lock_rename() needs both directories to live on the same fs - [x86] mm: Simplify RESERVE_BRK() - [x86] mm: Fix RESERVE_BRK() for older binutils - driver: platform: Add helper for safer setting of driver_override - [arm64] rpmsg: Constify local variable in field store macro - [arm64] rpmsg: Fix kfree() of static memory on setting driver_override - [arm64] rpmsg: Fix calling device_lock() on non-initialized device - [arm64] rpmsg: glink: Release driver_override - rpmsg: Fix possible refcount leak in rpmsg_register_device_override() - [x86] Fix .brk attribute in linker script - [armhf] ASoC: simple-card: fixup asoc_simple_probe() error handling - [x86] Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table - [x86] Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport - [x86] fbdev: atyfb: only use ioremap_uc() on i386 and ia64 - netfilter: nfnetlink_log: silence bogus compiler warning - ASoC: rt5650: fix the wrong result of key button - [x86] fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() - scsi: mpt3sas: Fix in error path - [x86] platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e - net: chelsio: cxgb4: add an error code check in t4_load_phy_fw - [i386] remove the sx8 block driver - [x86] PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device - usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility - tty: 8250: Remove UC-257 and UC-431 - tty: 8250: Add support for additional Brainboxes UC cards - tty: 8250: Add support for Brainboxes UP cards - tty: 8250: Add support for Intashield IS-100 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.299 - vfs: fix readahead(2) on block devices - [x86] genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() - i40e: fix potential memory leaks in i40e_remove() - tcp_metrics: add missing barriers on delete - tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() - tcp_metrics: do not create an entry from tcp_init_metrics() - wifi: rtlwifi: fix EDCA limit set by BT coexistence - can: dev: can_restart(): don't crash kernel if carrier is OK - can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() - thermal: core: prevent potential string overflow - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() - ipv6: avoid atomic fragment on GSO packets (regression in 4.19.170) - macsec: Fix traffic counters/statistics - macsec: use DEV_STATS_INC() - net: add DEV_STATS_READ() helper - ipvlan: properly track tx_errors - regmap: debugfs: Fix a erroneous check after snprintf() - [arm64] clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies - [x86] platform/x86: wmi: Fix probe failure when failing to register WMI devices - [x86] platform/x86: wmi: remove unnecessary initializations - [x86] platform/x86: wmi: Fix opening of char device - [x86] hwmon: (coretemp) Fix potentially truncated sysfs attribute name - [arm*] drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs - drm/radeon: possible buffer overflow - [arm64] drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() - [i386] hwrng: geode - fix accessing registers (regression in 4.19.270) - sched/rt: Provide migrate_disable/enable() inlines - nd_btt: Make BTT lanes preemptible - HID: cp2112: Use irqchip template - hid: cp2112: Fix duplicate workqueue initialization - [armhf] 9321/1: memset: cast the constant byte to unsigned char - ext4: move 'ix' sanity check to corrent position - [amd64] RDMA/hfi1: Workaround truncation compilation error - [x86] ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails - [arm*] leds: pwm: simplify if condition - [arm*] leds: pwm: convert to atomic PWM API - [arm*] leds: pwm: Don't disable the PWM when the LED should be off - ledtrig-cpu: Limit to 8 CPUs - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (regression in 4.19.163) - [arm*] usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency - [armhf] dmaengine: ti: edma: handle irq_of_parse_and_map() errors - [arm*] misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() - USB: usbip: fix stub_dev hub disconnect - f2fs: fix to initialize map.m_pblk in f2fs_precache_extents() - [x86] pcmcia: cs: fix possible hung task and memory leak pccardd() - [x86] pcmcia: ds: fix refcount leak in pcmcia_device_add() - [x86] pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() - media: bttv: fix use after free error due to btv->timeout timer - media: dvb-usb-v2: af9035: fix missing unlock - [x86] Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() - llc: verify mac len before reading mac header - tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING - dccp: Call security_inet_conn_request() after setting IPv4 addresses. - dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. - r8169: improve rtl_set_rx_mode - net/smc: postpone release of clcsock - net/smc: wait for pending work before clcsock release_sock - net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT - tg3: power down device only on SYSTEM_POWER_OFF (regression in 4.19.259) - r8169: respect userspace disabling IFF_MULTICAST - netfilter: xt_recent: fix (increase) ipv6 literal buffer length - btrfs: use u64 for buffer sizes in the tree search ioctls https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.300 - perf/core: Bail out early if the request AUX area is out of bound - [armhf] clocksource/drivers/timer-imx-gpt: Fix potential memory leak - [x86] mm: Drop the 4 MB restriction on minimal NUMA node memory size - wifi: mac80211: don't return unset power in ieee80211_get_tx_power() - net: annotate data-races around sk->sk_tx_queue_mapping - net: annotate data-races around sk->sk_dst_pending_confirm - Bluetooth: Fix double free in hci_conn_cleanup - [x86] platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL - crypto: pcrypt - Fix hungtask for PADATA_RESET - fs/jfs: Add check for negative db_l2nbperpage - fs/jfs: Add validity check for db_maxag and db_agpref - jfs: fix array-index-out-of-bounds in dbFindLeaf - jfs: fix array-index-out-of-bounds in diAlloc - ALSA: hda: Fix possible null-ptr-deref when assigning a stream - atm: iphase: Do PCI error checks on own line - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W - usb: gadget: f_ncm: Always set current gadget in ncm_bind() - [armhf] i2c: sun6i-p2wi: Prevent potential division by zero - media: gspca: cpia1: shift-out-of-bounds in set_flicker - media: vivid: avoid integer overflow - gfs2: ignore negated quota changes - drm/amd/display: Avoid NULL dereference of timing generator - NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO - ipvlan: add ipvlan_route_v6_outbound() helper - tty: Fix uninit-value access in ppp_sync_receive() - tipc: Fix kernel-infoleak due to uninitialized TLV value - ppp: limit MRU to 64K - xen/events: fix delayed eoi list handling (regression in 4.19.155) - ptp: annotate data-race around q->head and q->tail - macvlan: Don't propagate promisc change to lower dev in passthru - cifs: spnego: add ';' in HOST_KEY_LEN - [arm64] media: venus: hfi: add checks to perform sanity on queue pointers - [x86] KVM: x86: Ignore MSR_AMD64_TW_CFG access - audit: don't take task_lock() in audit_exe_compare() code path - audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver - PCI/sysfs: Protect driver's D3cold preference from user space - [arm64] mmc: meson-gx: Remove setting of CMD_CFG_ERROR (regression in 4.19.88) - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware - mmc: vub300: fix an error code - PM: hibernate: Use __get_safe_page() rather than touching the list - PM: hibernate: Clean up sync_read handling in snapshot_write_next() - jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev - quota: explicitly forbid quota files from being encrypted - ALSA: info: Fix potential deadlock at disconnection - [x86] ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC - [arm*] tty: serial: meson: if no alias specified use an available id - [arm*] serial: meson: remove redundant initialization of variable id - [arm*] tty: serial: meson: retrieve port FIFO size from DT - [arm*] serial: meson: Use platform_get_irq() to get the interrupt - [arm*] tty: serial: meson: fix hard LOCKUP on crtscts mode - [x86] i2c: i801: fix potential race in i801_block_transaction_byte_by_byte - media: lirc: drop trailing space from scancode transmit - media: sharp: fix sharp encoding - [arm64] media: venus: hfi_parser: Add check to keep the number of codecs within range - [arm64] media: venus: hfi: fix the check to handle session buffer requirement - [arm64] media: venus: hfi: add checks to handle capabilities from firmware - ext4: correct offset of gdb backup in non meta_bg group to update_backups - ext4: correct return value of ext4_convert_meta_bg - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks - drm/amdgpu: fix error handling in amdgpu_bo_list_get() - scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids - iomap: Set all uptodate bits for an Uptodate page - net: sched: fix race condition in qdisc_graft() (CVE-2023-0590) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.301 - driver core: Release all resources during unbind before updating device links - RDMA/irdma: Prevent zero-length STAG registration (CVE-2023-25775) - [arm*] drm/panel: simple: Fix Innolux G101ICE-L01 timings - [i386] ata: pata_isapnp: Add missing error check for devm_ioport_map() - [arm*] drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full - HID: core: store the unique system identifier in hid_device - HID: fix HID device resource race between HID core and debugging support - net: usb: ax88179_178a: fix failed operations during ax88179_reset - [arm*] xen: fix xen_vcpu_info allocation alignment - amd-xgbe: handle corner-case during sfp hotplug - amd-xgbe: handle the corner-case during tx completion - amd-xgbe: propagate the correct speed and duplex status - [arm64] cpufeature: Extract capped perfmon fields - [arm64] KVM: arm64: limit PMU version to PMUv3 for ARMv8.1 - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() - USB: serial: option: add Luat Air72*U series products - [x86] hv_netvsc: Fix race of register_netdevice_notifier and VF register - [x86] hv_netvsc: Mark VF as slave before exposing it to user-mode - dm-delay: fix a race between delay_presuspend and delay_bio - bcache: check return value from btree_node_alloc_replacement() - bcache: prevent potential division by zero error - USB: serial: option: add Fibocom L7xx modules - USB: serial: option: don't claim interface 4 for ZTE MF290 - [arm*] USB: dwc2: write HCINT with INTMASK applied - [arm*] usb: dwc3: set the dma max_seg_size - [arm64] USB: dwc3: qcom: fix wakeup after probe deferral - pinctrl: avoid reload of p state in list iteration - firewire: core: fix possible memory leak in create_units() - mmc: block: Do not lose cache flush during CQE error recovery - [x86] ALSA: hda: Disable power-save on KONTRON SinglePC - ALSA: hda/realtek: Headset Mic VREF to 100% - dm-verity: align struct dm_verity_fec_io properly - dm verity: don't perform FEC for failed readahead IO - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR - btrfs: fix off-by-one when checking chunk map includes logical address - btrfs: send: ensure send_fd is writable - [x86] Input: xpad - add HyperX Clutch Gladiate Support - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet (CVE-2023-6932) - smb3: fix touch -h of symlink - [x86] mtd: cfi_cmdset_0001: Support the absence of protection registers - ima: annotate iint mutex to avoid lockdep false positive warnings - ovl: skip overlayfs superblocks at global sync - [armhf] cpufreq: imx6q: don't warn for disabling a non-existing frequency - [armhf] cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily - mmc: cqhci: Increase recovery halt timeout - mmc: cqhci: Warn of halt or task clear failure - mmc: cqhci: Fix task clearing in CQE error recovery - mmc: block: Retry commands in CQE error recovery https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.302 - [armhf] spi: imx: add a device specific prepare_message callback - [armhf] spi: imx: move wml setting to later than setup_transfer - [armhf] spi: imx: correct wml as the last sg length - [armhf] spi: imx: mx51-ecspi: Move some initialisation to prepare_message hook. - hrtimers: Push pending hrtimers away from outgoing CPU earlier - netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test - tg3: Move the [rt]x_dropped counters to tg3_napi - tg3: Increment tx_dropped in tg3_tso_bug() - drm/amdgpu: correct chunk_ptr to a pointer to chunk. - ipv6: fix potential NULL deref in fib6_add() - [x86] net: arcnet: Fix RESET flag handling - [x86] net: arcnet: com20020 fix error handling - [x86] arcnet: restoring support for multiple Sohard Arcnet cards - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() - [arm64] net: hns: fix fake link up on xge port - netfilter: xt_owner: Add supplementary groups option - netfilter: xt_owner: Fix for unsafe access of sk->sk_socket - tcp: do not accept ACK of bytes we never sent - [x86] hwmon: (acpi_power_meter) Fix 4.29 MW bug - tracing: Fix a warning when allocating buffered events fails - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() - [armhf] imx: Check return value of devm_kasprintf in imx_mmdc_perf_init - [armhf] dts: imx: make gpt node name generic - ALSA: pcm: fix out-of-bounds in snd_pcm_state_names - packet: Move reference count in packet_sock to atomic_long_t - nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() - tracing: Always update snapshot buffer size - tracing: Fix incomplete locking when disabling buffered events - tracing: Fix a possible race when disabling buffered events - perf/core: Add a new read format to get a number of lost samples - perf: Fix perf_event_validate_size() (CVE-2023-6931) - gpiolib: sysfs: Fix error handling on failed export - usb: gadget: f_hid: fix report descriptor allocation (regression in 4.19.270) - parport: Add support for Brainboxes IX/UC/PX parallel cards - [x86] usb: typec: class: fix typec_altmode_put_partner to put plugs - [x86] CPU/AMD: Check vendor in the AMD microcode callback - nilfs2: fix missing error check for sb_set_blocksize call - netlink: don't call ->netlink_bind with table lock held - genetlink: add CAP_NET_ADMIN test for multicast bind - psample: Require 'CAP_NET_ADMIN' when joining "packets" group - drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group - IB/isert: Fix unaligned immediate-data handling - devcoredump : Serialize devcd_del work - devcoredump: Send uevent once devcd is ready https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.303 - atm: solos-pci: Fix potential deadlock on &cli_queue_lock - atm: solos-pci: Fix potential deadlock on &tx_queue_lock - atm: Fix Use-After-Free in do_vcc_ioctl (CVE-2023-51780) - [x86] net/rose: Fix Use-After-Free in rose_ioctl (CVE-2023-51782) - qed: Fix a potential use-after-free in qed_cxt_tables_alloc - net: Remove acked SYN flag from packet in the transmit queue correctly - sign-file: Fix incorrect return values check - vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() - [arm*] net: stmmac: Handle disabled MDIO busses from devicetree - appletalk: Fix Use-After-Free in atalk_ioctl (CVE-2023-51781) - cred: switch to using atomic_long_t - blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" - bcache: avoid oversize memory allocation by small stripe_size - bcache: avoid NULL checking to c->root in run_cache_set() - HID: add ALWAYS_POLL quirk for Apple kb - [x86] HID: hid-asus: reset the backlight brightness level on resume - [x86] HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad - asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation - net: usb: qmi_wwan: claim interface 4 for ZTE MF290 - perf: Fix perf_event_validate_size() lockdep splat - ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS (regression in 4.19.284) - [arm64] mm: Always make sw-dirty PTEs hw-dirty in pte_modify - team: Fix use-after-free when an option instance allocation fails - ring-buffer: Fix memory leak of free page - mmc: block: Be sure to wait while busy in CQE error recovery https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.304 - [x86] ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB - [x86] ALSA: hda/realtek: Enable headset onLenovo M70/M90 - [x86] ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 - ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE - reset: Fix crash when freeing non-existent optional resets - wifi: mac80211: mesh_plink: fix matches_local logic - net/mlx5: Fix fw tracer first block check - net: sched: ife: fix potential use-after-free - ethernet: atheros: fix a memleak in atl1e_setup_ring_resources - [x86] net/rose: fix races in rose_kill_by_device() - net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() - afs: Fix the dynamic root's d_delete to always delete unused dentries - net: warn if gso_type isn't set for a GSO SKB - net: check dev->gso_max_size in gso_features_check() - smb: client: fix NULL deref in asn1_ber_decoder() - btrfs: do not allow non subvolume root targets for snapshot - [x86] iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw - scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() - wifi: cfg80211: Add my certificate - wifi: cfg80211: fix certs build to not depend on file order - USB: serial: option: add Quectel EG912Y module support - USB: serial: option: add Foxconn T99W265 with new baseline - USB: serial: option: add Quectel RM500Q R13 firmware support - Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent - net: 9p: avoid freeing uninit memory in p9pdu_vreadf - net: rfkill: gpio: set GPIO direction - [x86] alternatives: Sync core before enabling interrupts - [arm*] usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (regression in 4.19.185) - smb: client: fix OOB in smbCalcSize() (CVE-2023-6606) - dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() - block: Don't invalidate pagecache for invalid falloc modes [ Ben Hutchings ] * Bump ABI to 26 * [rt] Update to 4.19.302-rt131: - Revert "sched/rt: Provide migrate_disable/enable() inlines" from 4.19.299
*** Bug 56987 has been marked as a duplicate of this bug. ***
--- mirror/ftp/pool/main/l/linux/linux_4.19.289-2.dsc +++ apt/ucs_5.0-0-errata5.0-6/source/linux_4.19.304-1.dsc @@ -1,3 +1,1113 @@ +4.19.304-1 [Tue, 09 Jan 2024 00:13:47 +0000] Ben Hutchings <benh@debian.org>: + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.290 + - xen/netback: Fix buffer overrun triggered by unusual packet + (CVE-2023-34319) + - [x86] fix backwards merge of GDS/SRSO bit + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.291 + - gfs2: Don't deref jdesc in evict (CVE-2023-3212) + - [x86] smp: Use dedicated cache-line for mwait_play_dead() + - drm/edid: Fix uninitialized variable in drm_cvt_modes() + - drm/amdgpu: Validate VM ioctl flags. + - treewide: Remove uninitialized_var() usage + - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter + - md/raid10: fix overflow of md/safe_mode_delay + - md/raid10: fix wrong setting of max_corr_read_errors + - md/raid10: fix io loss while replacement replace rdev + - clocksource/drivers: Unify the names to timer-* format + - PM: domains: fix integer overflow issues in genpd_parse_state() + - wifi: ath9k: fix AR9003 mac hardware hang check register offset + calculation + - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx + - nfc: llcp: fix possible use of uninitialized variable in + nfc_llcp_send_connect() + - [x86] wifi: orinoco: Fix an error handling path in spectrum_cs_probe() + - [x86] wifi: orinoco: Fix an error handling path in orinoco_cs_probe() + - [x86] wifi: atmel: Fix an error handling path in atmel_probe() + - net: create netdev->dev_addr assignment helpers + - [x86] wifi: wl3501_cs: Fix an error handling path in wl3501_probe() + - [x86] wifi: ray_cs: Utilize strnlen() in parse_addr() + - [x86] wifi: ray_cs: Fix an error handling path in ray_probe() + - wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes + - watchdog/perf: more properly prevent false positives with turbo modes + - kexec: fix a memory leak in crash_shrink_memory() + - memstick r592: make memstick_debug_get_tpc_name() static + - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (regression + in 4.19.205) + - wifi: ath9k: convert msecs to jiffies where needed + - netlink: fix potential deadlock in netlink_set_err() + - netlink: do not hard code device address lenth in fdb dumps + - gtp: Fix use-after-free in __gtp_encap_destroy(). + - lib/ts_bm: reset initial match offset for every block of text + - netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() + return value. + - ipvlan: Fix return value of ipvlan_queue_xmit() + - netlink: Add __sock_i_ino() for __netlink_diag_dump(). + - radeon: avoid double free in ci_dpm_init() + - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H + - [x86] ASoC: es8316: Increment max value for ALC Capture Target Volume + control + - [amd64] IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors + - drm/radeon: fix possible division-by-zero errors + - ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer + - scsi: 3w-xxxx: Add error handling for initialization failure in + tw_probe() + - [x86] pinctrl: cherryview: Return correct value if pin in push-pull mode + - perf dwarf-aux: Fix off-by-one in die_get_varname() + - hwrng: virtio - add an internal buffer + - hwrng: virtio - don't wait on cleanup + - hwrng: virtio - don't waste entropy + - hwrng: virtio - always add a pending request + - hwrng: virtio - Fix race on data_avail and actual data + - modpost: fix section mismatch message for R_ARM_ABS32 + - modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} + - USB: serial: option: add LARA-R6 01B PIDs + - block: change all __u32 annotations to __be32 in affs_hardblocks.h + - w1: fix loop in w1_fini() + - media: usb: Check az6007_read() return value + - media: usb: siano: Fix warning due to null work_func_t function pointer + (regression in 4.19.276) + - [x86] mfd: intel-lpss: Add missing check for platform_get_resource + - [armhf] mfd: stmpe: Only disable the regulators if they are enabled + - sctp: fix potential deadlock on &net->sctp.addr_wq_lock (regression in + 4.19.191) + - tg3: Add MODULE_FIRMWARE() for FIRMWARE_TG357766. + - f2fs: fix error path handling in truncate_dnode() + - net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode + - tcp: annotate data races in __tcp_oow_rate_limited() + - net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX + - ALSA: jack: Fix mutex call in snd_jack_report() (regression in 4.19.247) + - NFSD: add encoding of op_recall flag for write delegation + - mmc: core: disable TRIM on Kingston EMMC04G-M627 + - mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M + - bcache: Remove unnecessary NULL point check in node allocations + - integrity: Fix possible multiple allocation in integrity_inode_get() + - jffs2: reduce stack usage in jffs2_build_xattr_subsystem() + - btrfs: fix race when deleting quota root from the dirty cow roots list + - netfilter: nf_tables: fix nat hook table deletion + - netfilter: nf_tables: add rescheduling points during loop detection walks + - netfilter: nftables: add helper function to set the base sequence number + - netfilter: add helper function to set up the nfnetlink header and use it + - netfilter: nf_tables: use net_generic infra for transaction data + - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE + (CVE-2023-3390) + - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/ + chain + - netfilter: nf_tables: reject unbound anonymous set before commit phase + - netfilter: nf_tables: unbind non-anonymous set if rule construction fails + - netfilter: nf_tables: fix scheduling-while-atomic splat + - netfilter: conntrack: Avoid nf_ct_helper_hash uses after free + - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval + (CVE-2023-35001) + - net: lan743x: Don't sleep in atomic context + - workqueue: clean up WORK_* constant types, clarify masking + - [arm*] net: mvneta: fix txq_map in case of txq_number==1 + - vrf: Increment Icmp6InMsgs on the original netdev + - icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). + - udp6: fix udp6_ehashfn() typo + - ipv6/addrconf: fix a potential refcount underflow for idev + - [x86] wifi: airo: avoid uninitialized warning in airo_get_rate() + - net/sched: make psched_mtu() RTNL-less safe + - pinctrl: amd: Fix mistake in handling clearing pins at startup + - pinctrl: amd: Detect internal GPIO0 debounce handling + - pinctrl: amd: Only use special debounce behavior for GPIO 0 + - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation + - SUNRPC: Fix UAF in svc_tcp_listen_data_ready() + - [x86] perf intel-pt: Fix CYC timestamps after standalone CBR + - ext4: fix wrong unit use in ext4_mb_clear_bb + - ext4: only update i_reserved_data_blocks on successful block allocation + - jfs: jfs_dmap: Validate db_l2nbperpage while mounting + - PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold + - PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 + - PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked + - md/raid0: add discard support for the 'original' layout + - fs: dlm: return positive pid value for F_GETLK + - [armhf] hwrng: imx-rngc - fix the timeout for init and self check + - ceph: don't let check_caps skip sending responses for revoke msgs + - [arm*] meson saradc: fix clock divider mask length + - [armhf] tty: serial: samsung_tty: Fix a memory leak in + s3c24xx_serial_getclk() in case of error + - [armhf] tty: serial: samsung_tty: Fix a memory leak in + s3c24xx_serial_getclk() when iterating clk + - ring-buffer: Fix deadloop issue on reading trace_pipe + - scsi: qla2xxx: Wait for io return on terminate rport + - scsi: qla2xxx: Fix potential NULL pointer dereference + - scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() + - scsi: qla2xxx: Pointer may be dereferenced + - drm/atomic: Fix potential use-after-free in nonblocking commits + - tracing/histograms: Add histograms to hist_vars if they have referenced + variables + - fuse: revalidate: don't invalidate if interrupted + - can: bcm: Fix UAF in bcm_proc_show() + - ext4: correct inline offset when handling xattrs in inode body + - nbd: Add the maximum limit of allocated index in nbd_dev_add + - md: fix data corruption for raid456 when reshape restart while grow up + - md/raid10: prevent soft lockup while flush writes + - posix-timers: Ensure timer ID search-loop limit is valid + - sched/fair: Don't balance task to its current running CPU + - bpf: Address KCSAN report on bpf_lru_list + - wifi: wext-core: Fix -Wstringop-overflow warning in + ioctl_standard_iw_point() + - wifi: iwlwifi: mvm: avoid baid size integer overflow + - igb: Fix igb_down hung on surprise removal + - pinctrl: amd: Use amd_pinconf_set() for all config options + - [armhf] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/ + cpsw_ale_set_field() + - net:ipv6: check return value of pskb_trim() + - Revert "tcp: avoid the lookup process failing to get sk in ehash table" + (regression in 4.19.272) + - llc: Don't drop packet from non-root netns. + - netfilter: nf_tables: fix spurious set element insertion failure + - netfilter: nf_tables: can't schedule in nft_chain_validate + - net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX + - tcp: annotate data-races around tp->linger2 + - tcp: annotate data-races around rskq_defer_accept + - tcp: annotate data-races around tp->notsent_lowat + - tcp: annotate data-races around fastopenq.max_qlen + - tracing/histograms: Return an error if we fail to add histogram to + hist_vars list + - bcache: Fix __bch_btree_node_alloc to make the failure behavior + consistent + - btrfs: fix extent buffer leak after tree mod log failure at split_node() + - ext4: Fix reusing stale buffer heads from last failed mounting + - PCI: Rework pcie_retrain_link() wait loop + - PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() + - PCI/ASPM: Factor out pcie_wait_for_retrain() + - PCI/ASPM: Avoid link retraining race + - dlm: cleanup plock_op vs plock_xop + - dlm: rearrange async condition return + - fs: dlm: interrupt posix locks only when process is killed + - ftrace: Add information on number of page groups allocated + - ftrace: Check if pages were allocated before calling free_pages() + - ftrace: Store the order of pages allocated in ftrace_page + - ftrace: Fix possible warning on checking all pages used in + ftrace_process_locs() + - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c + - scsi: qla2xxx: Array index may go out of bound + - ext4: fix to check return value of freeze_bdev() in ext4_shutdown() + - i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() + - ethernet: atheros: fix return value check in atl1e_tso_csum() + - ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new + temporary address + - tcp: Reduce chance of collisions in inet6_hashfn(). (CVE-2023-1206) + - bonding: reset bond's flags when down link is P2P device + - team: reset team's flags when down link is P2P device + - [x86] platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 + - net/sched: mqprio: refactor nlattr parsing to a separate function + - net/sched: mqprio: add extack to mqprio_parse_nlattr() + - net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64 + - benet: fix return value check in be_lancer_xmit_workarounds() + - RDMA/mlx4: Make check for invalid flags stricter + - [arm64] drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in + a5xx_submit_in_rb() + - [armhf] ASoC: fsl_spdif: Silence output on stop + - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths + - ring-buffer: Fix wrong stat of cpu_buffer->read (regression in 4.19.172) + - tracing: Fix warning in trace_buffered_event_disable() + - USB: serial: option: support Quectel EM060K_128 + - USB: serial: option: add Quectel EC200A module support + - USB: serial: simple: add Kaufmann RKS+CAN VCP + - USB: serial: simple: sort driver entries + - can: gs_usb: gs_can_close(): add missing set of CAN state to + CAN_STATE_STOPPED + - [arm*] Revert "usb: dwc3: core: Enable AutoRetry feature in the + controller" + - [arm64] usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy + - [arm*] usb: dwc3: don't reset device side if dwc3 was configured as host- + only + - USB: quirks: add quirk for Focusrite Scarlett + - hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled + - btrfs: check for commit error at btrfs_attach_transaction_barrier() + - tpm_tis: Explicitly check for error code + - virtio-net: fix race between set queues and probe + - dm cache policy smq: ensure IO doesn't prevent cleaner policy progress + - drm/client: Fix memory leak in drm_client_target_cloned + - net/sched: cls_fw: Fix improper refcount update leads to use-after-free + (CVE-2023-3776) + - net/sched: sch_qfq: account for stab overhead in qfq_enqueue + (CVE-2023-3611) + - net/sched: cls_u32: Fix reference counter leak leading to overflow + (CVE-2023-3609) + - loop: Select I/O scheduler 'none' from inside add_disk() + - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() + - net: sched: cls_u32: Fix match key mis-addressing + - net: add missing data-race annotations around sk->sk_peek_off + - net: add missing data-race annotation for sk_ll_usec + - net/sched: cls_u32: No longer copy tcf_result on update to avoid use- + after-free (CVE-2023-4208) + - net/sched: cls_route: No longer copy tcf_result on update to avoid use- + after-free (CVE-2023-4206) + - ip6mr: Fix skb_under_panic in ip6mr_cache_report() + - tcp_metrics: fix addr_same() helper + - tcp_metrics: annotate data-races around tm->tcpm_stamp + - tcp_metrics: annotate data-races around tm->tcpm_lock + - tcp_metrics: annotate data-races around tm->tcpm_vals[] + - tcp_metrics: annotate data-races around tm->tcpm_net + - tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen + - libceph: fix potential hang in ceph_osdc_notify() + - USB: zaurus: Add ID for A-300/B-500/C-700 + - fs/sysv: Null check to prevent null-ptr-deref bug + - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb + (CVE-2023-40283) + - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb + - test_firmware: fix a memory leak with reqs buffer + - test_firmware: return ENOMEM instead of ENOSPC on failed memory + allocation + - PM / wakeirq: support enabling wake-up irq after runtime_suspend called + - PM: sleep: wakeirq: fix wake irq arming + - [armhf] dts: imx6sll: Make ssi node name same as other platforms + - [armhf] dts: imx: add usb alias + - [armhf] dts: imx6sll: fixup of operating points + - [armhf] dts: nxp/imx6sll: fix wrong property name in usbphy node + - drm/edid: fix objtool warning in drm_cvt_modes() + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.292 + - ipv6: adjust ndisc_is_useropt() to also return true for PIO + - [arm*] dmaengine: pl330: Return DMA_PAUSED when transaction is paused + - drm/nouveau/gr: enable memory loads on helper invocation on all channels + - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput + - [arm64] iio: cros_ec: Fix the allocation size for cros_ec_command + - binder: fix memory leak in binder_init() + - usb-storage: alauda: Fix uninit-value in alauda_check_media() + - [arm*] usb: dwc3: Properly handle processing of pending events + - [x86] cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 + - [amd64] mm: Fix VDSO and VVAR placement on 5-level paging machines + - drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes + (regression in 4.19.287) + - net/packet: annotate data-races around tp->status + - bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves + - dccp: fix data-race around dp->dccps_mss_cache + - drivers: net: prevent tun_build_skb() to exceed the packet size limit + - [amd64] IB/hfi1: Fix possible panic during hotplug remove + - wifi: cfg80211: fix sband iftype data lookup for AP_VLAN + - btrfs: don't stop integrity writeback too early + - netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush + - netfilter: nf_tables: report use refcount overflow + - [x86] scsi: storvsc: Fix handling of virtual Fibre Channel timeouts + - scsi: snic: Fix possible memory leak if device_add() fails + - scsi: core: Fix possible memory leak if device_add() fails + - sch_netem: fix issues in netem_change() vs get_dist_table() (regression + in 4.19.288) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.293 + - drm/radeon: Fix integer overflow in radeon_cs_parser_init + - ALSA: emu10k1: roll up loops in DSP setup code for Audigy + - quota: Properly disable quotas when add_dquot_ref() fails + - quota: fix warning in dqgrab() + - HID: add quirk for 03f0:464a HP Elite Presenter Mouse + - udf: Fix uninitialized array access for some pathnames + - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev + - FS: JFS: Fix null-ptr-deref Read in txBegin + - FS: JFS: Check for read-only mounted filesystem in txBegin + - media: v4l2-mem2mem: add lock to protect parameter num_rdy + - gfs2: Fix possible data races in gfs2_show_options() + - [x86] pcmcia: rsrc_nonstatic: Fix memory leak in + nonstatic_release_resource_db() + - Bluetooth: L2CAP: Fix use-after-free + - drm/amdgpu: Fix potential fence use-after-free v2 + - iio: adc: stx104: Utilize iomap interface + - iio: adc: stx104: Implement and utilize register structures + - iio: addac: stx104: Fix race condition for stx104_write_raw() + - iio: addac: stx104: Fix race condition when converting analog-to-digital + - [x86] topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms + - [arm64] usb: dwc3: qcom: Add helper functions to enable,disable wake irqs + - [arm64] USB: dwc3: qcom: fix NULL-deref on suspend + - [arm64] mmc: meson-gx: remove useless lock + - [arm64] mmc: meson-gx: remove redundant mmc_request_done() call from irq + context + - mmc: Remove dev_err() usage after platform_get_irq() + - [arm*] mmc: bcm2835: fix deferred probing + - [arm*] mmc: sunxi: fix deferred probing + - block: fix signed int overflow in Amiga partition support + - nfsd4: kill warnings on testing stateids with mismatched clientids + - nfsd: Remove incorrect check in nfsd4_validate_stateid + - virtio-mmio: convert to devm_platform_ioremap_resource + - virtio-mmio: Use to_virtio_mmio_device() to simply code + - virtio-mmio: don't break lifecycle of vm_dev + - btrfs: fix BUG_ON condition in btrfs_cancel_balance + - net: xfrm: Fix xfrm_address_filter OOB read (CVE-2023-39194) + - net: af_key: fix sadb_x_filter validation (regression in 4.19.148) + - xfrm: fix slab-use-after-free in decode_session6 + - ip6_vti: fix slab-use-after-free in decode_session6 + - ip_vti: fix potential slab-use-after-free in decode_session6 + - xfrm: add NULL check in xfrm_update_ae_params (CVE-2023-3772) + - netfilter: nft_dynset: disallow object maps (CVE-2023-4244) + - team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves + - sock: Fix misuse of sk_under_memory_pressure() + - net: do not allow gso_size to be set to GSO_BY_FRAGS + - serial: 8250: Fix oops for port->pm on uart_change_pm() + - ALSA: usb-audio: Add support for Mythware XA001AU capture and playback + interfaces. + - cifs: Release folio lock on fscache read hit. + - [x86] mmc: wbsd: fix double mmc_free_host() in wbsd_init() (regression in + 4.19.270) + - test_firmware: prevent race conditions by a correct implementation of + locking + - netfilter: set default timeout to 3 secs for sctp shutdown send and recv + state + - af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (CVE-2023-4622) + - virtio-net: set queues after driver_ok + - net: fix the RTO timer retransmitting skb every 1ms if linear option is + enabled + - net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure + - net: phy: broadcom: stub c45 read/write for 54810 + - dlm: improve plock logging if interrupted + - dlm: replace usage of found with dedicated list iterator variable + - fs: dlm: add pid to debug log + - fs: dlm: change plock interrupted message to debug again + - fs: dlm: use dlm_plock_info for do_unlock_close + - fs: dlm: fix mismatch of plock results from userspace + - fbdev: Improve performance of sys_imageblit() + - fbdev: Fix sys_imageblit() for arbitrary image widths + - fbdev: fix potential OOB read in fast_imageblit() + - dm integrity: increase RECALC_SECTORS to improve recalculate speed + - dm integrity: reduce vmalloc space footprint on 32-bit architectures + - regmap: Account for register length in SMBus I/O limits + - drm/amd/display: do not wait for mpc idle if tg is disabled + - drm/amd/display: check TG is non-null before checking if enabled + - tracing: Fix memleak due to race between current_tracer and trace + - sock: annotate data-races around prot->memory_pressure + - dccp: annotate data-races in dccp_poll() + - igb: Avoid starting unnecessary workqueues + - net/sched: fix a qdisc modification with ambiguous command request + - bonding: fix macvlan over alb bond support + - ipvs: Improve robustness to the ipvs sysctl + - ipvs: fix racy memcpy in proc_do_sync_threshold + - nfsd: Fix race to FREE_STATEID and cl_revoked + - batman-adv: Trigger events for auto adjusted MTU + - batman-adv: Don't increase MTU when set by user + - batman-adv: Do not get eth header before batadv_check_management_packet + - batman-adv: Fix TT global entry leak when client roamed back + - batman-adv: Fix batadv_v_ogm_aggr_send memory leak + - [x86] fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 + (regression in 4.19.289-2) + - mmc: block: Fix in_flight[issue_type] value error + - sched/rt: pick_next_rt_entity(): check list_entry (CVE-2023-1077) + - netfilter: nf_queue: fix socket leak (regression in 4.19.233) + - scsi: snic: Fix double free in snic_tgt_create() + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.294 + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.295 + - erofs: ensure that the post-EOF tails are all zeroed + - modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules + - USB: serial: option: add Quectel EM05G variant (0x030e) + - USB: serial: option: add FOXCONN T99W368/T99W373 product + - HID: wacom: remove the battery when the EKR is off + - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race + condition (CVE-2023-1989) + - nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() + - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse + - pinctrl: amd: Don't show `Invalid config param` errors + - 9p: virtio: make sure 'offs' is initialized in zc_request + - ASoC: da7219: Flush pending AAD IRQ when suspending + - ASoC: da7219: Check for failure reading AAD IRQ events + - ethernet: atheros: fix return value check in atl1c_tso_csum() + - vxlan: generalize vxlan_parse_gpe_hdr and remove unused args + - fs/nls: make load_nls() take a const parameter + - [x86] ASoc: codecs: ES8316: Fix DMIC config + - [x86] platform/x86: intel: hid: Always call BTNL ACPI method + - security: keys: perform capable check only on privileged operations + - net: usb: qmi_wwan: add Quectel EM05GV2 + - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock + - bnx2x: fix page fault following EEH recovery + - sctp: handle invalid error codes without calling BUG() + - cifs: add a warning when the in-flight count goes negative + - ALSA: seq: oss: Fix racy open/close of MIDI devices + - net: Avoid address overwrite in kernel_connect + - udf: Check consistency of Space Bitmap Descriptor + - udf: Handle error when adding extent to a file + - Revert "net: macsec: preserve ingress frame ordering" (regression in + 4.19.123) + - reiserfs: Check the return value from __getblk() + - eventfd: Export eventfd_ctx_do_read() + - eventfd: prevent underflow for eventfd semaphores + - fs: new helper: lookup_positive_unlocked() + - netfilter: nft_flow_offload: fix underflow in flowtable reference counter + - netfilter: nf_tables: missing NFT_TRANS_PREPARE_ERROR in flowtable + deactivatation + - fs: Fix error checking for d_hash_and_lookup() + - [x86] cpufreq: powernow-k8: Use related_cpus instead of cpus in + driver.exit() + - bpf: Clear the probe_addr for uprobe + - regmap: rbtree: Use alloc_flags for memory allocations + - [arm*] spi: tegra20-sflash: fix to check return value of + platform_get_irq() in tegra_sflash_probe() + - can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors + also in case of OOM + - wifi: mwifiex: Fix OOB and integer underflow when rx packets + - mwifiex: switch from 'pci_' to 'dma_' API + - wifi: mwifiex: fix error recovery in PCIE buffer descriptor management + - Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() + - lwt: Check LWTUNNEL_XMIT_CONTINUE strictly + - fs: ocfs2: namei: check return value of ocfs2_add_entry() + - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() + - wifi: mwifiex: Fix missed return in oob checks failed path + - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx + - wifi: ath9k: protect WMI command response buffer replacement with a lock + - wifi: mwifiex: avoid possible NULL skb pointer dereference + - wifi: ath9k: use IS_ERR() with debugfs_create_dir() + - [x86] net: arcnet: Do not call kfree_skb() under local_irq_disable() + - net/sched: sch_hfsc: Ensure inner classes have fsc curve (CVE-2023-4623) + - [x86] netrom: Deny concurrent connect(). + - quota: avoid increasing DQST_LOOKUPS when iterating over dirty/inuse list + - quota: factor out dquot_write_dquot() + - quota: fix dqput() to follow the guarantees dquot_srcu should provide + - [arm64] dts: msm8996: thermal: Add interrupt support + - [arm64] dts: qcom: msm8996: Add missing interrupt to the USB2 controller + - drm/amdgpu: avoid integer overflow warning in + amdgpu_device_resize_fb_bar() + - [arm64] drm: adv7511: Fix low refresh rate register for ADV7533/5 + - drm/tegra: Remove superfluous error messages around platform_get_irq() + - drm/tegra: dpaux: Fix incorrect return value of platform_get_irq + - [arm64] drm/msm/mdp5: Don't leak some plane state + - audit: fix possible soft lockup in __audit_inode_child() + - ALSA: ac97: Fix possible error value of *rac97 + - PCI: pciehp: Use RMW accessors for changing LNKCTL + - PCI/ASPM: Use RMW accessors for changing LNKCTL + - PCI/ATS: Add pci_prg_resp_pasid_required() interface. + - PCI: Decode PCIe 32 GT/s link speed + - PCI: Add #defines for Enter Compliance, Transmit Margin + - drm/amdgpu: Correct Transmit Margin masks + - drm/amdgpu: Replace numbers with PCI_EXP_LNKCTL2 definitions + - drm/amdgpu: Prefer pcie_capability_read_word() + - drm/amdgpu: Use RMW accessors for changing LNKCTL + - drm/radeon: Correct Transmit Margin masks + - drm/radeon: Replace numbers with PCI_EXP_LNKCTL2 definitions + - drm/radeon: Prefer pcie_capability_read_word() + - drm/radeon: Use RMW accessors for changing LNKCTL + - wifi: ath10k: Use RMW accessors for changing LNKCTL + - nfs/blocklayout: Use the passed in gfp flags + - jfs: validate max amount of blocks before allocation. + - fs: lockd: avoid possible wrong NULL parameter + - NFSD: da_addr_body field missing in some GETDEVICEINFO replies + - media: Use of_node_name_eq for node name comparisons + - media: v4l2-fwnode: fix v4l2_fwnode_parse_link handling + - media: v4l2-fwnode: simplify v4l2_fwnode_parse_link + - media: v4l2-core: Fix a potential resource leak in + v4l2_fwnode_parse_link() + - drivers: usb: smsusb: fix error handling code in smsusb_init_device + - media: dib7000p: Fix potential division by zero + - media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() + (regression in 4.19.226) + - media: cx24120: Add retval check for cx24120_message_send() + - [armhf] usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() + - scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() + - scsi: be2iscsi: Add length check when parsing nlattrs + - scsi: qla4xxx: Add length check when parsing nlattrs + - scsi: qedf: Do not touch __user pointer in + qedf_dbg_stop_io_on_error_cmd_read() directly + - scsi: qedf: Do not touch __user pointer in + qedf_dbg_fp_int_cmd_read() directly + - IB/uverbs: Fix an potential error pointer dereference + - USB: gadget: f_mass_storage: Fix unused variable warning + - scsi: core: Use 32-bit hostnum in scsi_host_lookup() + - scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock + - [arm*] serial: tegra: handle clk prepare error in tegra_uart_hw_init() + - [arm*] amba: bus: fix refcount leak + - Revert "IB/isert: Fix incorrect release of isert connection" (regression + in 4.19.287) + - HID: multitouch: Correct devm device reference for hidinput input_dev + name + - [arm64] rpmsg: glink: Add check for kstrdup + - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU + - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for + ip_set_hash_netportnet.c (CVE-2023-42753) + - netfilter: xt_u32: validate user space input (CVE-2023-39192) + - netfilter: xt_sctp: validate the flag_info count (CVE-2023-39193) + - skbuff: skb_segment, Call zero copy functions before using skbuff frags + - igb: set max size RX buffer when store bad packet is enabled + (CVE-2023-45871) + - PM / devfreq: Fix leak in devfreq_dev_release() + - ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl + - ipmi_si: fix a memleak in try_smi_init() + - [armhf] OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch() + - [armhf] backlight/gpio_backlight: Compare against struct fb_info.device + - media: dvb: symbol fixup for dvb_attach() + - procfs: block chmod on /proc/thread-self/comm + - dlm: fix plock lookup when using multiple lockspaces + - dccp: Fix out of bounds access in DCCP error handler + - X.509: if signature is unsupported skip validation + - net: handle ARPHRD_PPP in dev_is_mac_header_xmit() + - pstore/ram: Check start of empty przs during init + - udf: initialize newblock to 0 + - scsi: qla2xxx: fix inconsistent TMF timeout + - scsi: qla2xxx: Turn off noisy message log + - drm/ast: Fix DRAM init on AST2200 + - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info + - kconfig: fix possible buffer overflow + - net: read sk->sk_family once in sk_mc_loop() + - igb: disable virtualization features on 82580 + - veth: Fixing transmit return status for dropped packets + - net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr + - af_unix: Fix data-races around user->unix_inflight. + - af_unix: Fix data-race around unix_tot_inflight. + - af_unix: Fix data-races around sk->sk_shutdown. + - af_unix: Fix data race around sk->sk_err. + - net: sched: sch_qfq: Fix UAF in qfq_dequeue() (CVE-2023-4921) + - igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 + - igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 + - netfilter: nfnetlink_osf: avoid OOB read (CVE-2023-39189) + - btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART + - perf hists browser: Fix hierarchy mode header + - ixgbe: fix timestamp configuration code + - drm/amd/display: Fix a bug when searching for insert_above_mpcc + - autofs: fix memory leak of waitqueues in autofs_catatonic_mode + - btrfs: output extra debug info if we failed to find an inline backref + - ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer + - [x86] ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 + - [arm*] hw_breakpoint: fix single-stepping when using bpf_overflow_handler + - wifi: ath9k: fix printk specifier + - wifi: mwifiex: fix fortify warning + - crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() + - tpm_tis: Resend command to recover from data transfer errors + - [armhf] drm/exynos: fix a possible null-pointer dereference due to data + race in exynos_drm_crtc_atomic_disable() + - md: raid1: fix potential OOB in raid1_remove_disk() + - fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() + - jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount + - media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer + - media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() + - media: af9005: Fix null-ptr-deref in af9005_i2c_xfer + - media: anysee: fix null-ptr-deref in anysee_master_xfer + - media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() + - media: tuners: qt1010: replace BUG_ON with a regular error + - media: pci: cx23885: replace BUG with error return + - scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() + - kobject: Add sanity check for kset->kobj.ktype in kset_register() + - md/raid1: fix error: ISO C90 forbids mixed declarations + - attr: block mode changes of symlinks + - btrfs: fix lockdep splat and potential deadlock after failure running + delayed items + - nfsd: fix change_info in NFSv4 RENAME replies + - net/sched: cls_fw: No longer copy tcf_result on update to avoid use- + after-free (CVE-2023-4207) + - net/sched: Retire rsvp classifier (CVE-2023-42755) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.296 + - NFS/pNFS: Report EINVAL errors from connect() to the server + - ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones + - ata: libahci: clear pending interrupt status + - netfilter: nf_tables: disallow element removal on anonymous sets + - ipv4: fix null-deref in ipv4_link_failure (CVE-2023-42754) + - [arm64] net: hns3: add 5ms delay before clear firmware reset irq source + - net: add atomic_long_t to net_device_stats fields + - net: bridge: use DEV_STATS_INC() + - team: fix null-ptr-deref when team device type is changed + - [x86] Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN + - scsi: qla2xxx: Add protection mask module parameters + - scsi: qla2xxx: Remove unsupported ql2xenabledif option + - scsi: megaraid_sas: Load balance completions across all MSI-X + - scsi: megaraid_sas: Fix deadlock on firmware crashdump + - ext4: remove the 'group' parameter of ext4_trim_extent + - ext4: add new helper interface ext4_try_to_trim_range() + - ext4: scope ret locally in ext4_try_to_trim_range() + - ext4: change s_last_trim_minblks type to unsigned long + - ext4: mark group as trimmed only if it was fully scanned + - ext4: replace the traditional ternary conditional operator with with + max()/min() + - ext4: move setting of trimmed bit into ext4_try_to_trim_range() + - ext4: do not let fstrim block system suspend + - [armhf] dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot + - ring-buffer: Avoid softlockup in ring_buffer_resize() + - ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() + - nvme-pci: do not set the NUMA node of device if it has none + - [x86] watchdog: iTCO_wdt: No need to stop the timer in probe + - [x86] watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already + running + - net: Fix unwanted sign extension in netdev_stats_to_stats64() + - scsi: megaraid_sas: Enable msix_load_balance for Invader and later + controllers + - serial: 8250_port: Check IRQ data before use (regression in 4.19.283) + - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() + - [x86] ALSA: hda: Disable power save for solving pop issue on Lenovo + ThinkCentre M70q + - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION + CODES + - [x86] i2c: i801: unregister tco_pdev in i801_probe() error path + - btrfs: properly report 0 avail for very full file systems + - net: thunderbolt: Fix TCPv6 GSO checksum calculation + - ata: libata-core: Fix ata_port_request_pm() locking + - ata: libata-core: Fix port and device removal + - ata: libata-core: Do not register PM operations for SAS ports + - ata: libata-sata: increase PMP SRST timeout to 10s + - ata: libata: disallow dev-initiated LPM transitions to unsupported states + - media: dvb: symbol fixup for dvb_attach() - again + - qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info + - wifi: mwifiex: Fix tlv_buf_left calculation + - net: replace calls to sock->ops->connect() with kernel_connect() + - ubi: Refuse attaching if mtd's erasesize is 0 + - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet + - regmap: rbtree: Fix wrong register marked as in-cache when creating new + node + - scsi: target: core: Fix deadlock due to recursive locking + - ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() + - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg + - tcp: fix quick-ack counting to count actual ACKs of new data + - tcp: fix delayed ACKs for MSS boundary condition + - sctp: update transport state when processing a dupcook packet + - sctp: update hb timer immediately after users change hb_interval + - IB/mlx4: Fix the size of a buffer in add_port_entries() + - RDMA/cma: Fix truncation compilation warning in make_cma_ports + - RDMA/mlx5: Fix NULL string error + - dccp: fix dccp_v4_err()/dccp_v6_err() again + - rtnetlink: Reject negative ifindexes in RTM_NEWLINK + - xen/events: replace evtchn_rwlock with RCU (CVE-2023-34324) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.297 + - [x86] indirect call wrappers: helpers to speed-up indirect calls of + builtin + - [x86] net: use indirect calls helpers at the socket layer + - net: prevent rewrite of msg_name in sock_sendmsg() + - RDMA/cxgb4: Check skb value for failure to allocate + - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect + - quota: Fix slow quotaoff + - net: prevent address rewrite in kernel_bind() + - [armhf] drm: etvnaviv: fix bad backport leading to warning (regression in + 4.19.280) + - [arm64] drm/msm/dsi: skip the wait for video mode done if not applicable + - xen-netback: use default TX queue size for vifs + - [x86] drm/vmwgfx: fix typo of sizeof argument + - ixgbe: fix crash with empty VF macvlan list + - net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() + - nfc: nci: assert requested protocol is valid + - workqueue: Override implicit ordered attribute in + workqueue_apply_unbound_cpumask() + - sched,idle,rcu: Push rcu_idle deeper into the idle path + - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer + - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read + - [arm*] usb: dwc3: Soft reset phy on probe for host + - [arm*] usb: musb: Get the musb_qh poniter after musb_giveback + - [arm*] usb: musb: Modify the "HWVers" register address + - [x86] iio: pressure: bmp280: Fix NULL pointer exception + - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() + - Input: powermate - fix use-after-free in powermate_config_complete + - Input: psmouse - fix fast_reconnect function for PS/2 mode + - [x86] Input: xpad - add PXN V900 support + - cgroup: Remove duplicates in cgroup v1 tasks file + - [x86] cpu: Fix AMD erratum #1485 on Zen4-based CPUs + - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call + - dev_forward_skb: do not scrub skb mark within the same name space + - usb: hub: Guard against accesses to uninitialized BOS descriptors + - Bluetooth: hci_event: Ignore NULL link key + - Bluetooth: Reject connection with the device which has same BD_ADDR + - Bluetooth: Fix a refcnt underflow problem for hci_conn + - [x86] Bluetooth: vhci: Fix race when opening vhci device + - Bluetooth: avoid memcmp() out of bounds warning + - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() + - regmap: fix NULL deref on lookup (regression in 4.19.135) + - [x86] KVM: x86: Mask LVTPC when handling a PMI + - netfilter: nft_payload: fix wrong mac header matching + - xfrm: fix a data-race in xfrm_gen_index() + - xfrm: interface: use DEV_STATS_INC() + - net: ipv4: fix return value check in esp_remove_trailer + - net: ipv6: fix return value check in esp_remove_trailer + - tcp: fix excessive TLP and RACK timeouts from HZ rounding + - tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single + skb + - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() + - i40e: prevent crash on probe if hw registers have invalid values + - net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve + - netfilter: nft_set_rbtree: .deactivate fails if element has expired + - net: pktgen: Fix interface flags printing + - libceph: fix unaligned accesses in ceph_entity_addr handling + - libceph: use kernel_connect() + - [armhf] dts: ti: omap: Fix noisy serial with overrun-throttle-ms for + mapphone + - btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals + to 1 + - btrfs: initialize start_slot in btrfs_log_prealloc_extents + - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter + - overlayfs: set ctime when setting mtime and atime + - ata: libata-eh: Fix compilation warning in ata_eh_link_report() + - tracing: relax trace_event_eval_update() execution with cond_resched() + - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event + - Bluetooth: Avoid redundant authentication + - Bluetooth: hci_core: Fix build warnings + - wifi: mac80211: allow transmitting EAPOL frames with tainted key + - wifi: cfg80211: avoid leaking stack data into trace + - drm: panel-orientation-quirks: Add quirk for One Mix 2S + - btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c + - Bluetooth: hci_event: Fix using memcmp when comparing keys + - ACPI: irq: Fix incorrect return value in acpi_register_gsi() + - USB: serial: option: add Telit LE910C4-WWX 0x1035 composition + - USB: serial: option: add entry for Sierra EM9191 with new firmware + - USB: serial: option: add Fibocom to DELL custom modem FM101R-GL + - perf: Disallow mis-matched inherited group reads (CVE-2023-5717) + - Bluetooth: hci_sock: fix slab oob read in create_monitor_event + - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX + name + - xfrm6: fix inet6_dev refcount underflow problem + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.298 + - mmc: sdio: Don't re-initialize powered-on removable SDIO cards at resume + - mmc: core: sdio: hold retuning if sdio in 1-bit mode + - virtio-mmio: fix memory leak of vm_dev + - r8169: fix the KCSAN reported data-race in rtl_tx while reading + TxDescArray[entry].opts1 + - r8169: fix the KCSAN reported data race in rtl_rx while reading + desc->opts1 + - igb: Fix potential memory leak in igb_add_ethtool_nfc_entry + - gtp: fix fragmentation needed check with gso + - i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR + - [armhf] i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() + - [armhf] i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() + - perf/core: Fix potential NULL deref + - [armhf] iio: exynos-adc: request second interupt only when touchscreen + mode is used + - [x86] i8259: Skip probing when ACPI/MADT advertises PCAT compatibility + - NFS: Don't call generic_error_remove_page() while holding locks + - drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() + - [arm64] fix a concurrency issue in emulation_proc_handler() + - kobject: Fix slab-out-of-bounds in fill_kobj_path() (CVE-2023-45863) + - f2fs: fix to do sanity check on inode type during garbage collection + (CVE-2021-44879) + - nfsd: lock_rename() needs both directories to live on the same fs + - [x86] mm: Simplify RESERVE_BRK() + - [x86] mm: Fix RESERVE_BRK() for older binutils + - driver: platform: Add helper for safer setting of driver_override + - [arm64] rpmsg: Constify local variable in field store macro + - [arm64] rpmsg: Fix kfree() of static memory on setting driver_override + - [arm64] rpmsg: Fix calling device_lock() on non-initialized device + - [arm64] rpmsg: glink: Release driver_override + - rpmsg: Fix possible refcount leak in rpmsg_register_device_override() + - [x86] Fix .brk attribute in linker script + - [armhf] ASoC: simple-card: fixup asoc_simple_probe() error handling + - [x86] Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table + - [x86] Input: synaptics-rmi4 - handle reset delay when using SMBus + trsnsport + - [x86] fbdev: atyfb: only use ioremap_uc() on i386 and ia64 + - netfilter: nfnetlink_log: silence bogus compiler warning + - ASoC: rt5650: fix the wrong result of key button + - [x86] fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() + - scsi: mpt3sas: Fix in error path + - [x86] platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to + 0x2e + - net: chelsio: cxgb4: add an error code check in t4_load_phy_fw + - [i386] remove the sx8 block driver + - [x86] PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device + - usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" + compatibility + - tty: 8250: Remove UC-257 and UC-431 + - tty: 8250: Add support for additional Brainboxes UC cards + - tty: 8250: Add support for Brainboxes UP cards + - tty: 8250: Add support for Intashield IS-100 + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.299 + - vfs: fix readahead(2) on block devices + - [x86] genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() + - i40e: fix potential memory leaks in i40e_remove() + - tcp_metrics: add missing barriers on delete + - tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() + - tcp_metrics: do not create an entry from tcp_init_metrics() + - wifi: rtlwifi: fix EDCA limit set by BT coexistence + - can: dev: can_restart(): don't crash kernel if carrier is OK + - can: dev: can_restart(): fix race condition between controller restart + and netif_carrier_on() + - thermal: core: prevent potential string overflow + - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() + - ipv6: avoid atomic fragment on GSO packets (regression in 4.19.170) + - macsec: Fix traffic counters/statistics + - macsec: use DEV_STATS_INC() + - net: add DEV_STATS_READ() helper + - ipvlan: properly track tx_errors + - regmap: debugfs: Fix a erroneous check after snprintf() + - [arm64] clk: qcom: clk-rcg2: Fix clock rate overflow for high parent + frequencies + - [x86] platform/x86: wmi: Fix probe failure when failing to register WMI + devices + - [x86] platform/x86: wmi: remove unnecessary initializations + - [x86] platform/x86: wmi: Fix opening of char device + - [x86] hwmon: (coretemp) Fix potentially truncated sysfs attribute name + - [arm*] drm/rockchip: vop: Fix reset of state in duplicate state crtc + funcs + - drm/radeon: possible buffer overflow + - [arm64] drm/rockchip: cdn-dp: Fix some error handling paths in + cdn_dp_probe() + - [i386] hwrng: geode - fix accessing registers (regression in 4.19.270) + - sched/rt: Provide migrate_disable/enable() inlines + - nd_btt: Make BTT lanes preemptible + - HID: cp2112: Use irqchip template + - hid: cp2112: Fix duplicate workqueue initialization + - [armhf] 9321/1: memset: cast the constant byte to unsigned char + - ext4: move 'ix' sanity check to corrent position + - [amd64] RDMA/hfi1: Workaround truncation compilation error + - [x86] ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails + - [arm*] leds: pwm: simplify if condition + - [arm*] leds: pwm: convert to atomic PWM API + - [arm*] leds: pwm: Don't disable the PWM when the LED should be off + - ledtrig-cpu: Limit to 8 CPUs + - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for + 'cpu' + - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (regression in + 4.19.163) + - [arm*] usb: dwc2: fix possible NULL pointer dereference caused by driver + concurrency + - [armhf] dmaengine: ti: edma: handle irq_of_parse_and_map() errors + - [arm*] misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() + - USB: usbip: fix stub_dev hub disconnect + - f2fs: fix to initialize map.m_pblk in f2fs_precache_extents() + - [x86] pcmcia: cs: fix possible hung task and memory leak pccardd() + - [x86] pcmcia: ds: fix refcount leak in pcmcia_device_add() + - [x86] pcmcia: ds: fix possible name leak in error path in + pcmcia_device_add() + - media: bttv: fix use after free error due to btv->timeout timer + - media: dvb-usb-v2: af9035: fix missing unlock + - [x86] Input: synaptics-rmi4 - fix use after free in + rmi_unregister_function() + - llc: verify mac len before reading mac header + - tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING + - dccp: Call security_inet_conn_request() after setting IPv4 addresses. + - dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. + - r8169: improve rtl_set_rx_mode + - net/smc: postpone release of clcsock + - net/smc: wait for pending work before clcsock release_sock + - net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT + - tg3: power down device only on SYSTEM_POWER_OFF (regression in 4.19.259) + - r8169: respect userspace disabling IFF_MULTICAST + - netfilter: xt_recent: fix (increase) ipv6 literal buffer length + - btrfs: use u64 for buffer sizes in the tree search ioctls + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.300 + - perf/core: Bail out early if the request AUX area is out of bound + - [armhf] clocksource/drivers/timer-imx-gpt: Fix potential memory leak + - [x86] mm: Drop the 4 MB restriction on minimal NUMA node memory size + - wifi: mac80211: don't return unset power in ieee80211_get_tx_power() + - net: annotate data-races around sk->sk_tx_queue_mapping + - net: annotate data-races around sk->sk_dst_pending_confirm + - Bluetooth: Fix double free in hci_conn_cleanup + - [x86] platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e + - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL + - crypto: pcrypt - Fix hungtask for PADATA_RESET + - fs/jfs: Add check for negative db_l2nbperpage + - fs/jfs: Add validity check for db_maxag and db_agpref + - jfs: fix array-index-out-of-bounds in dbFindLeaf + - jfs: fix array-index-out-of-bounds in diAlloc + - ALSA: hda: Fix possible null-ptr-deref when assigning a stream + - atm: iphase: Do PCI error checks on own line + - scsi: libfc: Fix potential NULL pointer dereference in + fc_lport_ptp_setup() + - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W + - usb: gadget: f_ncm: Always set current gadget in ncm_bind() + - [armhf] i2c: sun6i-p2wi: Prevent potential division by zero + - media: gspca: cpia1: shift-out-of-bounds in set_flicker + - media: vivid: avoid integer overflow + - gfs2: ignore negated quota changes + - drm/amd/display: Avoid NULL dereference of timing generator + - NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO + - ipvlan: add ipvlan_route_v6_outbound() helper + - tty: Fix uninit-value access in ppp_sync_receive() + - tipc: Fix kernel-infoleak due to uninitialized TLV value + - ppp: limit MRU to 64K + - xen/events: fix delayed eoi list handling (regression in 4.19.155) + - ptp: annotate data-race around q->head and q->tail + - macvlan: Don't propagate promisc change to lower dev in passthru + - cifs: spnego: add ';' in HOST_KEY_LEN + - [arm64] media: venus: hfi: add checks to perform sanity on queue pointers + - [x86] KVM: x86: Ignore MSR_AMD64_TW_CFG access + - audit: don't take task_lock() in audit_exe_compare() code path + - audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() + - hvc/xen: fix error path in xen_hvc_init() to always register frontend + driver + - PCI/sysfs: Protect driver's D3cold preference from user space + - [arm64] mmc: meson-gx: Remove setting of CMD_CFG_ERROR (regression in + 4.19.88) + - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware + - mmc: vub300: fix an error code + - PM: hibernate: Use __get_safe_page() rather than touching the list + - PM: hibernate: Clean up sync_read handling in snapshot_write_next() + - jbd2: fix potential data lost in recovering journal raced with + synchronizing fs bdev + - quota: explicitly forbid quota files from being encrypted + - ALSA: info: Fix potential deadlock at disconnection + - [x86] ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC + - [arm*] tty: serial: meson: if no alias specified use an available id + - [arm*] serial: meson: remove redundant initialization of variable id + - [arm*] tty: serial: meson: retrieve port FIFO size from DT + - [arm*] serial: meson: Use platform_get_irq() to get the interrupt + - [arm*] tty: serial: meson: fix hard LOCKUP on crtscts mode + - [x86] i2c: i801: fix potential race in + i801_block_transaction_byte_by_byte + - media: lirc: drop trailing space from scancode transmit + - media: sharp: fix sharp encoding + - [arm64] media: venus: hfi_parser: Add check to keep the number of codecs + within range + - [arm64] media: venus: hfi: fix the check to handle session buffer + requirement + - [arm64] media: venus: hfi: add checks to handle capabilities from + firmware + - ext4: correct offset of gdb backup in non meta_bg group to update_backups + - ext4: correct return value of ext4_convert_meta_bg + - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks + - drm/amdgpu: fix error handling in amdgpu_bo_list_get() + - scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids + - iomap: Set all uptodate bits for an Uptodate page + - net: sched: fix race condition in qdisc_graft() (CVE-2023-0590) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.301 + - driver core: Release all resources during unbind before updating device + links + - RDMA/irdma: Prevent zero-length STAG registration (CVE-2023-25775) + - [arm*] drm/panel: simple: Fix Innolux G101ICE-L01 timings + - [i386] ata: pata_isapnp: Add missing error check for devm_ioport_map() + - [arm*] drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full + - HID: core: store the unique system identifier in hid_device + - HID: fix HID device resource race between HID core and debugging support + - net: usb: ax88179_178a: fix failed operations during ax88179_reset + - [arm*] xen: fix xen_vcpu_info allocation alignment + - amd-xgbe: handle corner-case during sfp hotplug + - amd-xgbe: handle the corner-case during tx completion + - amd-xgbe: propagate the correct speed and duplex status + - [arm64] cpufeature: Extract capped perfmon fields + - [arm64] KVM: arm64: limit PMU version to PMUv3 for ARMv8.1 + - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in + btree_gc_coalesce() + - USB: serial: option: add Luat Air72*U series products + - [x86] hv_netvsc: Fix race of register_netdevice_notifier and VF register + - [x86] hv_netvsc: Mark VF as slave before exposing it to user-mode + - dm-delay: fix a race between delay_presuspend and delay_bio + - bcache: check return value from btree_node_alloc_replacement() + - bcache: prevent potential division by zero error + - USB: serial: option: add Fibocom L7xx modules + - USB: serial: option: don't claim interface 4 for ZTE MF290 + - [arm*] USB: dwc2: write HCINT with INTMASK applied + - [arm*] usb: dwc3: set the dma max_seg_size + - [arm64] USB: dwc3: qcom: fix wakeup after probe deferral + - pinctrl: avoid reload of p state in list iteration + - firewire: core: fix possible memory leak in create_units() + - mmc: block: Do not lose cache flush during CQE error recovery + - [x86] ALSA: hda: Disable power-save on KONTRON SinglePC + - ALSA: hda/realtek: Headset Mic VREF to 100% + - dm-verity: align struct dm_verity_fec_io properly + - dm verity: don't perform FEC for failed readahead IO + - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR + - btrfs: fix off-by-one when checking chunk map includes logical address + - btrfs: send: ensure send_fd is writable + - [x86] Input: xpad - add HyperX Clutch Gladiate Support + - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet + (CVE-2023-6932) + - smb3: fix touch -h of symlink + - [x86] mtd: cfi_cmdset_0001: Support the absence of protection registers + - ima: annotate iint mutex to avoid lockdep false positive warnings + - ovl: skip overlayfs superblocks at global sync + - [armhf] cpufreq: imx6q: don't warn for disabling a non-existing + frequency + - [armhf] cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily + - mmc: cqhci: Increase recovery halt timeout + - mmc: cqhci: Warn of halt or task clear failure + - mmc: cqhci: Fix task clearing in CQE error recovery + - mmc: block: Retry commands in CQE error recovery + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.302 + - [armhf] spi: imx: add a device specific prepare_message callback + - [armhf] spi: imx: move wml setting to later than setup_transfer + - [armhf] spi: imx: correct wml as the last sg length + - [armhf] spi: imx: mx51-ecspi: Move some initialisation to + prepare_message hook. + - hrtimers: Push pending hrtimers away from outgoing CPU earlier + - netfilter: ipset: fix race condition between swap/destroy and kernel side + add/del/test + - tg3: Move the [rt]x_dropped counters to tg3_napi + - tg3: Increment tx_dropped in tg3_tso_bug() + - drm/amdgpu: correct chunk_ptr to a pointer to chunk. + - ipv6: fix potential NULL deref in fib6_add() + - [x86] net: arcnet: Fix RESET flag handling + - [x86] net: arcnet: com20020 fix error handling + - [x86] arcnet: restoring support for multiple Sohard Arcnet cards + - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() + - [arm64] net: hns: fix fake link up on xge port + - netfilter: xt_owner: Add supplementary groups option + - netfilter: xt_owner: Fix for unsafe access of sk->sk_socket + - tcp: do not accept ACK of bytes we never sent + - [x86] hwmon: (acpi_power_meter) Fix 4.29 MW bug + - tracing: Fix a warning when allocating buffered events fails + - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() + - [armhf] imx: Check return value of devm_kasprintf in imx_mmdc_perf_init + - [armhf] dts: imx: make gpt node name generic + - ALSA: pcm: fix out-of-bounds in snd_pcm_state_names + - packet: Move reference count in packet_sock to atomic_long_t + - nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() + - tracing: Always update snapshot buffer size + - tracing: Fix incomplete locking when disabling buffered events + - tracing: Fix a possible race when disabling buffered events + - perf/core: Add a new read format to get a number of lost samples + - perf: Fix perf_event_validate_size() (CVE-2023-6931) + - gpiolib: sysfs: Fix error handling on failed export + - usb: gadget: f_hid: fix report descriptor allocation (regression in + 4.19.270) + - parport: Add support for Brainboxes IX/UC/PX parallel cards + - [x86] usb: typec: class: fix typec_altmode_put_partner to put plugs + - [x86] CPU/AMD: Check vendor in the AMD microcode callback + - nilfs2: fix missing error check for sb_set_blocksize call + - netlink: don't call ->netlink_bind with table lock held + - genetlink: add CAP_NET_ADMIN test for multicast bind + - psample: Require 'CAP_NET_ADMIN' when joining "packets" group + - drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group + - IB/isert: Fix unaligned immediate-data handling + - devcoredump : Serialize devcd_del work + - devcoredump: Send uevent once devcd is ready + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.303 + - atm: solos-pci: Fix potential deadlock on &cli_queue_lock + - atm: solos-pci: Fix potential deadlock on &tx_queue_lock + - atm: Fix Use-After-Free in do_vcc_ioctl (CVE-2023-51780) + - [x86] net/rose: Fix Use-After-Free in rose_ioctl (CVE-2023-51782) + - qed: Fix a potential use-after-free in qed_cxt_tables_alloc + - net: Remove acked SYN flag from packet in the transmit queue correctly + - sign-file: Fix incorrect return values check + - vsock/virtio: Fix unsigned integer wrap around in + virtio_transport_has_space() + - [arm*] net: stmmac: Handle disabled MDIO busses from devicetree + - appletalk: Fix Use-After-Free in atalk_ioctl (CVE-2023-51781) + - cred: switch to using atomic_long_t + - blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock + required!" + - bcache: avoid oversize memory allocation by small stripe_size + - bcache: avoid NULL checking to c->root in run_cache_set() + - HID: add ALWAYS_POLL quirk for Apple kb + - [x86] HID: hid-asus: reset the backlight brightness level on resume + - [x86] HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad + - asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation + - net: usb: qmi_wwan: claim interface 4 for ZTE MF290 + - perf: Fix perf_event_validate_size() lockdep splat + - ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS + (regression in 4.19.284) + - [arm64] mm: Always make sw-dirty PTEs hw-dirty in pte_modify + - team: Fix use-after-free when an option instance allocation fails + - ring-buffer: Fix memory leak of free page + - mmc: block: Be sure to wait while busy in CQE error recovery + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.304 + - [x86] ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB + - [x86] ALSA: hda/realtek: Enable headset onLenovo M70/M90 + - [x86] ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 + - ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE + - reset: Fix crash when freeing non-existent optional resets + - wifi: mac80211: mesh_plink: fix matches_local logic + - net/mlx5: Fix fw tracer first block check + - net: sched: ife: fix potential use-after-free + - ethernet: atheros: fix a memleak in atl1e_setup_ring_resources + - [x86] net/rose: fix races in rose_kill_by_device() + - net: check vlan filter feature in vlan_vids_add_by_dev() and + vlan_vids_del_by_dev() + - afs: Fix the dynamic root's d_delete to always delete unused dentries + - net: warn if gso_type isn't set for a GSO SKB + - net: check dev->gso_max_size in gso_features_check() + - smb: client: fix NULL deref in asn1_ber_decoder() + - btrfs: do not allow non subvolume root targets for snapshot + - [x86] iio: imu: inv_mpu6050: fix an error code problem in + inv_mpu6050_read_raw + - scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() + - wifi: cfg80211: Add my certificate + - wifi: cfg80211: fix certs build to not depend on file order + - USB: serial: option: add Quectel
EG912Y module support + - USB: serial: option: add Foxconn T99W265 with new baseline + - USB: serial: option: add Quectel RM500Q R13 firmware support + - Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent + - net: 9p: avoid freeing uninit memory in p9pdu_vreadf + - net: rfkill: gpio: set GPIO direction + - [x86] alternatives: Sync core before enabling interrupts + - [arm*] usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (regression in + 4.19.185) + - smb: client: fix OOB in smbCalcSize() (CVE-2023-6606) + - dm-integrity: don't modify bio's immutable bio_vec in + integrity_metadata() + - block: Don't invalidate pagecache for invalid falloc modes + + [ Ben Hutchings ] + * Bump ABI to 26 + * [rt] Update to 4.19.302-rt131: + - Revert "sched/rt: Provide migrate_disable/enable() inlines" from + 4.19.299 + 4.19.289-2 [Tue, 08 Aug 2023 04:35:25 +0200] Ben Hutchings <benh@debian.org>: * [x86] Add mitigations for Gather Data Sampling (GDS) (CVE-2022-40982) <http://piuparts.knut.univention.de/5.0-6/#7377814568960865983>
OK: bug OK: yaml OK: announce_errata OK: patch ~OK: piuparts new kernel OK: apt-get install -t apt linux-image-amd64 OK: amd64 @ kvm + SeaBIOS OK: amd64 @ kvm + OVMF + SB OK: mokutil --sb-state OK: dmesg -H | grep -i secure OK: uname -a OK: dmesg -H OK ./linux-dmesg-norm -a OK: Rebuild latest ISO with new D-I: isotests/ucs_5.0-6-latest-amd64.iso [5.0-6] e060df2557 Bug #56972: linux-latest 105+deb10u21 doc/errata/staging/linux-latest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [5.0-6] 0c36d136eb Bug #56972: linux-latest 105+deb10u21 doc/errata/staging/linux-latest.yaml | 256 +++++++++++++++++++++++++++++++++++ 1 file changed, 256 insertions(+)
[5.0-6] 0f3afd4392 Bug #56972: linux-signed-amd64 4.19.304+1 doc/errata/staging/linux-signed-amd64.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [5.0-6] ea07a56b2a Bug #56972: linux-signed-amd64 4.19.304+1 doc/errata/staging/linux-signed-amd64.yaml | 1067 ++++++---------------------- 1 file changed, 208 insertions(+), 859 deletions(-) [5.0-6] 7b6e726f60 Bug #56987: linux-signed-amd64 4.19.304+1 doc/errata/staging/linux-signed-amd64.yaml | 907 +++++++++++++++++++++++++++++ 1 file changed, 907 insertions(+) [5.0-6] 9c0ef954b8 Bug #56972: linux 4.19.304-1 doc/errata/staging/linux.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [5.0-6] 789b572ef2 Bug #56972: linux 4.19.304-1 doc/errata/staging/linux.yaml | 1062 ++++++++--------------------------------- 1 file changed, 207 insertions(+), 855 deletions(-) [5.0-6] 6bfb0dba5f Bug #56972: linux 4.19.304-1 doc/errata/staging/linux.yaml | 904 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 904 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x917> <https://errata.software-univention.de/#/?erratum=5.0x918> <https://errata.software-univention.de/#/?erratum=5.0x919>