diff -u linux-xilinx-zynqmp-5.4.0/debian.master/changelog linux-xilinx-zynqmp-5.4.0/debian.master/changelog
--- linux-xilinx-zynqmp-5.4.0/debian.master/changelog
+++ linux-xilinx-zynqmp-5.4.0/debian.master/changelog
@@ -1,3 +1,22 @@
+linux (5.4.0-182.202) focal; urgency=medium
+
+  * focal/linux: 5.4.0-182.202 -proposed tracker (LP: #2063685)
+
+  * CVE-2023-52530
+    - wifi: mac80211: fix potential key use-after-free
+
+  * CVE-2024-26622
+    - tomoyo: fix UAF write bug in tomoyo_write_control()
+
+  * CVE-2024-26614
+    - tcp: make sure init the accept_queue's spinlocks once
+    - ipv6: init the accept_queue's spinlocks in inet6_create
+
+  * CVE-2023-47233
+    - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
+
+ -- Stefan Bader <stefan.bader@canonical.com>  Fri, 26 Apr 2024 13:36:15 +0200
+
 linux (5.4.0-181.201) focal; urgency=medium
 
   * focal/linux: 5.4.0-181.201 -proposed tracker (LP: #2059549)
diff -u linux-xilinx-zynqmp-5.4.0/debian.master/tracking-bug linux-xilinx-zynqmp-5.4.0/debian.master/tracking-bug
--- linux-xilinx-zynqmp-5.4.0/debian.master/tracking-bug
+++ linux-xilinx-zynqmp-5.4.0/debian.master/tracking-bug
@@ -1 +1 @@
-2059549 2024.04.01-1
+2063685 s2024.04.01-1
diff -u linux-xilinx-zynqmp-5.4.0/debian.zynqmp/changelog linux-xilinx-zynqmp-5.4.0/debian.zynqmp/changelog
--- linux-xilinx-zynqmp-5.4.0/debian.zynqmp/changelog
+++ linux-xilinx-zynqmp-5.4.0/debian.zynqmp/changelog
@@ -1,3 +1,22 @@
+linux-xilinx-zynqmp (5.4.0-1044.48) focal; urgency=medium
+
+  * focal/linux-xilinx-zynqmp: 5.4.0-1044.48 -proposed tracker (LP: #2063683)
+
+  [ Ubuntu: 5.4.0-182.202 ]
+
+  * focal/linux: 5.4.0-182.202 -proposed tracker (LP: #2063685)
+  * CVE-2023-52530
+    - wifi: mac80211: fix potential key use-after-free
+  * CVE-2024-26622
+    - tomoyo: fix UAF write bug in tomoyo_write_control()
+  * CVE-2024-26614
+    - tcp: make sure init the accept_queue's spinlocks once
+    - ipv6: init the accept_queue's spinlocks in inet6_create
+  * CVE-2023-47233
+    - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
+
+ -- Portia Stephens <portia.stephens@canonical.com>  Tue, 07 May 2024 10:22:39 +1000
+
 linux-xilinx-zynqmp (5.4.0-1043.47) focal; urgency=medium
 
   * focal/linux-xilinx-zynqmp: 5.4.0-1043.47 -proposed tracker (LP: #2059547)
diff -u linux-xilinx-zynqmp-5.4.0/debian.zynqmp/tracking-bug linux-xilinx-zynqmp-5.4.0/debian.zynqmp/tracking-bug
--- linux-xilinx-zynqmp-5.4.0/debian.zynqmp/tracking-bug
+++ linux-xilinx-zynqmp-5.4.0/debian.zynqmp/tracking-bug
@@ -1 +1 @@
-2059547 2024.04.01-1
+2063683 s2024.04.01-1
diff -u linux-xilinx-zynqmp-5.4.0/debian/changelog linux-xilinx-zynqmp-5.4.0/debian/changelog
--- linux-xilinx-zynqmp-5.4.0/debian/changelog
+++ linux-xilinx-zynqmp-5.4.0/debian/changelog
@@ -1,3 +1,22 @@
+linux-xilinx-zynqmp (5.4.0-1044.48) focal; urgency=medium
+
+  * focal/linux-xilinx-zynqmp: 5.4.0-1044.48 -proposed tracker (LP: #2063683)
+
+  [ Ubuntu: 5.4.0-182.202 ]
+
+  * focal/linux: 5.4.0-182.202 -proposed tracker (LP: #2063685)
+  * CVE-2023-52530
+    - wifi: mac80211: fix potential key use-after-free
+  * CVE-2024-26622
+    - tomoyo: fix UAF write bug in tomoyo_write_control()
+  * CVE-2024-26614
+    - tcp: make sure init the accept_queue's spinlocks once
+    - ipv6: init the accept_queue's spinlocks in inet6_create
+  * CVE-2023-47233
+    - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
+
+ -- Portia Stephens <portia.stephens@canonical.com>  Tue, 07 May 2024 10:22:39 +1000
+
 linux-xilinx-zynqmp (5.4.0-1043.47) focal; urgency=medium
 
   * focal/linux-xilinx-zynqmp: 5.4.0-1043.47 -proposed tracker (LP: #2059547)
diff -u linux-xilinx-zynqmp-5.4.0/debian/control linux-xilinx-zynqmp-5.4.0/debian/control
--- linux-xilinx-zynqmp-5.4.0/debian/control
+++ linux-xilinx-zynqmp-5.4.0/debian/control
@@ -55,7 +55,7 @@
 XS-Testsuite: autopkgtest
 #XS-Testsuite-Depends: gcc-4.7 binutils
 
-Package: linux-xilinx-zynqmp-headers-5.4.0-1043
+Package: linux-xilinx-zynqmp-headers-5.4.0-1044
 Build-Profiles: <!stage1>
 Architecture: all
 Multi-Arch: foreign
@@ -65,34 +65,34 @@
 Description: Header files related to Linux kernel version 5.4.0
  This package provides kernel header files for version 5.4.0, for sites
  that want the latest kernel headers. Please read
- /usr/share/doc/linux-xilinx-zynqmp-headers-5.4.0-1043/debian.README.gz for details
+ /usr/share/doc/linux-xilinx-zynqmp-headers-5.4.0-1044/debian.README.gz for details
 
-Package: linux-xilinx-zynqmp-tools-5.4.0-1043
+Package: linux-xilinx-zynqmp-tools-5.4.0-1044
 Build-Profiles: <!stage1>
 Architecture: arm64
 Section: devel
 Priority: optional
 Depends: ${misc:Depends}, ${shlibs:Depends}, linux-tools-common
-Description: Linux kernel version specific tools for version 5.4.0-1043
+Description: Linux kernel version specific tools for version 5.4.0-1044
  This package provides the architecture dependant parts for kernel
  version locked tools (such as perf and x86_energy_perf_policy) for
- version 5.4.0-1043 on
+ version 5.4.0-1044 on
  .
- You probably want to install linux-tools-5.4.0-1043-<flavour>.
+ You probably want to install linux-tools-5.4.0-1044-<flavour>.
 
 
 
-Package: linux-image-5.4.0-1043-xilinx-zynqmp
+Package: linux-image-5.4.0-1044-xilinx-zynqmp
 Build-Profiles: <!stage1>
 Architecture: arm64
 Section: kernel
 Priority: optional
 Provides: linux-image, fuse-module, aufs-dkms, kvm-api-4, redhat-cluster-modules, ivtv-modules, virtualbox-guest-modules [amd64], ${linux:rprovides}
-Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-5.4.0-1043-xilinx-zynqmp
+Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-5.4.0-1044-xilinx-zynqmp
 Recommends: initramfs-tools | linux-initramfs-tool
 Breaks: flash-kernel (<< 3.90ubuntu2) [arm64 armhf], s390-tools (<< 2.3.0-0ubuntu3) [s390x]
-Conflicts: linux-image-unsigned-5.4.0-1043-xilinx-zynqmp
-Suggests: fdutils, linux-doc | linux-xilinx-zynqmp-source-5.4.0, linux-xilinx-zynqmp-tools, linux-headers-5.4.0-1043-xilinx-zynqmp
+Conflicts: linux-image-unsigned-5.4.0-1044-xilinx-zynqmp
+Suggests: fdutils, linux-doc | linux-xilinx-zynqmp-source-5.4.0, linux-xilinx-zynqmp-tools, linux-headers-5.4.0-1044-xilinx-zynqmp
 Description: Linux kernel image for version 5.4.0 on  SMP
  This package contains the Linux kernel image for version 5.4.0 on
   SMP.
@@ -105,7 +105,7 @@
  the linux-xilinx-zynqmp meta-package, which will ensure that upgrades work
  correctly, and that supporting packages are also installed.
 
-Package: linux-modules-5.4.0-1043-xilinx-zynqmp
+Package: linux-modules-5.4.0-1044-xilinx-zynqmp
 Build-Profiles: <!stage1>
 Architecture: arm64
 Section: kernel
@@ -125,12 +125,12 @@
  the linux-xilinx-zynqmp meta-package, which will ensure that upgrades work
  correctly, and that supporting packages are also installed.
 
-Package: linux-modules-extra-5.4.0-1043-xilinx-zynqmp
+Package: linux-modules-extra-5.4.0-1044-xilinx-zynqmp
 Build-Profiles: <!stage1>
 Architecture: arm64
 Section: kernel
 Priority: optional
-Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.4.0-1043-xilinx-zynqmp | linux-image-unsigned-5.4.0-1043-xilinx-zynqmp, crda | wireless-crda
+Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.4.0-1044-xilinx-zynqmp | linux-image-unsigned-5.4.0-1044-xilinx-zynqmp, crda | wireless-crda
 Description: Linux kernel extra modules for version 5.4.0 on  SMP
  This package contains the Linux kernel extra modules for version 5.4.0 on
   SMP.
@@ -147,21 +147,21 @@
  the linux-xilinx-zynqmp meta-package, which will ensure that upgrades work
  correctly, and that supporting packages are also installed.
 
-Package: linux-headers-5.4.0-1043-xilinx-zynqmp
+Package: linux-headers-5.4.0-1044-xilinx-zynqmp
 Build-Profiles: <!stage1>
 Architecture: arm64
 Section: devel
 Priority: optional
-Depends: ${misc:Depends}, linux-xilinx-zynqmp-headers-5.4.0-1043, ${shlibs:Depends}
+Depends: ${misc:Depends}, linux-xilinx-zynqmp-headers-5.4.0-1044, ${shlibs:Depends}
 Provides: linux-headers, linux-headers-3.0
 Description: Linux kernel headers for version 5.4.0 on  SMP
  This package provides kernel header files for version 5.4.0 on
   SMP.
  .
  This is for sites that want the latest kernel headers.  Please read
- /usr/share/doc/linux-headers-5.4.0-1043/debian.README.gz for details.
+ /usr/share/doc/linux-headers-5.4.0-1044/debian.README.gz for details.
 
-Package: linux-image-5.4.0-1043-xilinx-zynqmp-dbgsym
+Package: linux-image-5.4.0-1044-xilinx-zynqmp-dbgsym
 Build-Profiles: <!stage1>
 Architecture: arm64
 Section: devel
@@ -178,20 +178,20 @@
  is uncompressed, and unstripped. This package also includes the
  unstripped modules.
 
-Package: linux-tools-5.4.0-1043-xilinx-zynqmp
+Package: linux-tools-5.4.0-1044-xilinx-zynqmp
 Build-Profiles: <!stage1>
 Architecture: arm64
 Section: devel
 Priority: optional
-Depends: ${misc:Depends}, linux-xilinx-zynqmp-tools-5.4.0-1043
-Description: Linux kernel version specific tools for version 5.4.0-1043
+Depends: ${misc:Depends}, linux-xilinx-zynqmp-tools-5.4.0-1044
+Description: Linux kernel version specific tools for version 5.4.0-1044
  This package provides the architecture dependant parts for kernel
  version locked tools (such as perf and x86_energy_perf_policy) for
- version 5.4.0-1043 on
+ version 5.4.0-1044 on
  .
 
 
-Package: linux-buildinfo-5.4.0-1043-xilinx-zynqmp
+Package: linux-buildinfo-5.4.0-1044-xilinx-zynqmp
 Build-Profiles: <!stage1>
 Architecture: arm64
 Section: kernel
diff -u linux-xilinx-zynqmp-5.4.0/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c linux-xilinx-zynqmp-5.4.0/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
--- linux-xilinx-zynqmp-5.4.0/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ linux-xilinx-zynqmp-5.4.0/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
@@ -710,8 +710,7 @@
 	scan_request = cfg->scan_request;
 	cfg->scan_request = NULL;
 
-	if (timer_pending(&cfg->escan_timeout))
-		del_timer_sync(&cfg->escan_timeout);
+	del_timer_sync(&cfg->escan_timeout);
 
 	if (fw_abort) {
 		/* Do a scan abort to stop the driver's scan engine */
@@ -7240,6 +7239,7 @@
 	brcmf_btcoex_detach(cfg);
 	wiphy_unregister(cfg->wiphy);
 	wl_deinit_priv(cfg);
+	cancel_work_sync(&cfg->escan_timeout_work);
 	brcmf_free_wiphy(cfg->wiphy);
 	kfree(cfg);
 }
diff -u linux-xilinx-zynqmp-5.4.0/include/net/inet_connection_sock.h linux-xilinx-zynqmp-5.4.0/include/net/inet_connection_sock.h
--- linux-xilinx-zynqmp-5.4.0/include/net/inet_connection_sock.h
+++ linux-xilinx-zynqmp-5.4.0/include/net/inet_connection_sock.h
@@ -344,2 +344,11 @@
 }
+
+static inline void inet_init_csk_locks(struct sock *sk)
+{
+	struct inet_connection_sock *icsk = inet_csk(sk);
+
+	spin_lock_init(&icsk->icsk_accept_queue.rskq_lock);
+	spin_lock_init(&icsk->icsk_accept_queue.fastopenq.lock);
+}
+
 #endif /* _INET_CONNECTION_SOCK_H */
diff -u linux-xilinx-zynqmp-5.4.0/net/ipv4/af_inet.c linux-xilinx-zynqmp-5.4.0/net/ipv4/af_inet.c
--- linux-xilinx-zynqmp-5.4.0/net/ipv4/af_inet.c
+++ linux-xilinx-zynqmp-5.4.0/net/ipv4/af_inet.c
@@ -326,6 +326,9 @@
 	if (INET_PROTOSW_REUSE & answer_flags)
 		sk->sk_reuse = SK_CAN_REUSE;
 
+	if (INET_PROTOSW_ICSK & answer_flags)
+		inet_init_csk_locks(sk);
+
 	inet = inet_sk(sk);
 	inet->is_icsk = (INET_PROTOSW_ICSK & answer_flags) != 0;
 
diff -u linux-xilinx-zynqmp-5.4.0/net/ipv4/inet_connection_sock.c linux-xilinx-zynqmp-5.4.0/net/ipv4/inet_connection_sock.c
--- linux-xilinx-zynqmp-5.4.0/net/ipv4/inet_connection_sock.c
+++ linux-xilinx-zynqmp-5.4.0/net/ipv4/inet_connection_sock.c
@@ -520,6 +520,10 @@
 	}
 	if (req)
 		reqsk_put(req);
+
+	if (newsk)
+		inet_init_csk_locks(newsk);
+
 	return newsk;
 out_err:
 	newsk = NULL;
diff -u linux-xilinx-zynqmp-5.4.0/net/ipv6/af_inet6.c linux-xilinx-zynqmp-5.4.0/net/ipv6/af_inet6.c
--- linux-xilinx-zynqmp-5.4.0/net/ipv6/af_inet6.c
+++ linux-xilinx-zynqmp-5.4.0/net/ipv6/af_inet6.c
@@ -194,6 +194,9 @@
 	if (INET_PROTOSW_REUSE & answer_flags)
 		sk->sk_reuse = SK_CAN_REUSE;
 
+	if (INET_PROTOSW_ICSK & answer_flags)
+		inet_init_csk_locks(sk);
+
 	inet = inet_sk(sk);
 	inet->is_icsk = (INET_PROTOSW_ICSK & answer_flags) != 0;
 
diff -u linux-xilinx-zynqmp-5.4.0/net/mac80211/cfg.c linux-xilinx-zynqmp-5.4.0/net/mac80211/cfg.c
--- linux-xilinx-zynqmp-5.4.0/net/mac80211/cfg.c
+++ linux-xilinx-zynqmp-5.4.0/net/mac80211/cfg.c
@@ -491,6 +491,9 @@
 		sta->cipher_scheme = cs;
 
 	err = ieee80211_key_link(key, sdata, sta);
+	/* KRACK protection, shouldn't happen but just silently accept key */
+	if (err == -EALREADY)
+		err = 0;
 
  out_unlock:
 	mutex_unlock(&local->sta_mtx);
diff -u linux-xilinx-zynqmp-5.4.0/net/mac80211/key.c linux-xilinx-zynqmp-5.4.0/net/mac80211/key.c
--- linux-xilinx-zynqmp-5.4.0/net/mac80211/key.c
+++ linux-xilinx-zynqmp-5.4.0/net/mac80211/key.c
@@ -808,7 +808,7 @@
 	 */
 	if (ieee80211_key_identical(sdata, old_key, key)) {
 		ieee80211_key_free_unused(key);
-		ret = 0;
+		ret = -EALREADY;
 		goto out;
 	}
 
diff -u linux-xilinx-zynqmp-5.4.0/security/tomoyo/common.c linux-xilinx-zynqmp-5.4.0/security/tomoyo/common.c
--- linux-xilinx-zynqmp-5.4.0/security/tomoyo/common.c
+++ linux-xilinx-zynqmp-5.4.0/security/tomoyo/common.c
@@ -2657,7 +2657,7 @@
 {
 	int error = buffer_len;
 	size_t avail_len = buffer_len;
-	char *cp0 = head->write_buf;
+	char *cp0;
 	int idx;
 
 	if (!head->write)
@@ -2666,6 +2666,7 @@
 		return -EFAULT;
 	if (mutex_lock_interruptible(&head->io_sem))
 		return -EINTR;
+	cp0 = head->write_buf;
 	head->read_user_buf_avail = 0;
 	idx = tomoyo_read_lock();
 	/* Read a line and dispatch it to the policy handler. */
only in patch2:
unchanged:
--- linux-xilinx-zynqmp-5.4.0.orig/net/core/request_sock.c
+++ linux-xilinx-zynqmp-5.4.0/net/core/request_sock.c
@@ -33,9 +33,6 @@
 
 void reqsk_queue_alloc(struct request_sock_queue *queue)
 {
-	spin_lock_init(&queue->rskq_lock);
-
-	spin_lock_init(&queue->fastopenq.lock);
 	queue->fastopenq.rskq_rst_head = NULL;
 	queue->fastopenq.rskq_rst_tail = NULL;
 	queue->fastopenq.qlen = 0;