Bug #1980399 “Focal update: v5.4.194 upstream stable release” : Bugs : linux package : Ubuntu

Kamal Mostafa (kamalmostafa) on 2022-06-30

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status:	Confirmed → Invalid
Changed in linux (Ubuntu Focal):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Kamal Mostafa (kamalmostafa)
description:	updated

Stefan Bader (smb) on 2022-07-08

Changed in linux (Ubuntu Focal):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-08-09:

#1

Download full text (8.9 KiB)

This bug was fixed in the package linux - 5.4.0-124.140

---------------
linux (5.4.0-124.140) focal; urgency=medium

  * CVE-2022-2586
    - SAUCE: netfilter: nf_tables: do not allow SET_ID to refer to another table
    - SAUCE: netfilter: nf_tables: do not allow RULE_ID to refer to another chain

* CVE-2022-2588
- SAUCE: net_sched: cls_route: remove from list when handle is 0

* CVE-2022-34918
- netfilter: nf_tables: stricter validation of element data

linux (5.4.0-123.139) focal; urgency=medium

* focal/linux: 5.4.0-123.139 -proposed tracker (LP: #1981284)

* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2022.07.11)

* Hairpin traffic does not work with centralized NAT gw (LP: #1967856)
- net: openvswitch: fix misuse of the cached connection on tuple changes

  * [UBUNTU 20.04] Include patches to avoid self-detected stall with Secure
    Execution (LP: #1979296)
    - KVM: s390: pv: add macros for UVC CC values
    - KVM: s390: pv: avoid stalls when making pages secure
    - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm

  * Focal update: v5.4.195 upstream stable release (LP: #1980407)
    - batman-adv: Don't skb_split skbuffs with frag_list
    - hwmon: (tmp401) Add OF device ID table
    - mac80211: Reset MBSSID parameters upon connection
    - net: Fix features skip in for_each_netdev_feature()
    - ipv4: drop dst in multicast routing path
    - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name()
    - netlink: do not reset transport header in netlink_recvmsg()
    - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
    - dim: initialize all struct fields
    - hwmon: (ltq-cputemp) restrict it to SOC_XWAY
    - s390/ctcm: fix variable dereferenced before check
    - s390/ctcm: fix potential memory leak
    - s390/lcs: fix variable dereferenced before check
    - net/sched: act_pedit: really ensure the skb is writable
    - net/smc: non blocking recvmsg() return -EAGAIN when no data and
      signal_pending
    - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
    - gfs2: Fix filesystem block deallocation for short writes
    - hwmon: (f71882fg) Fix negative temperature
    - ASoC: max98090: Reject invalid values in custom control put()
    - ASoC: max98090: Generate notifications on changes for custom control
    - ASoC: ops: Validate input values in snd_soc_put_volsw_range()
    - s390: disable -Warray-bounds
    - net: emaclite: Don't advertise 1000BASE-T and do auto negotiation
    - tcp: resalt the secret every 10 seconds
    - tty: n_gsm: fix mux activation issues in gsm_config()
    - usb: cdc-wdm: fix reading stuck on device close
    - usb: typec: tcpci: Don't skip cleanup in .remove() on error
    - USB: serial: pl2303: add device id for HP LM930 Display
    - USB: serial: qcserial: add support for Sierra Wireless EM7590
    - USB: serial: option: add Fibocom L610 modem
    - USB: serial: option: add Fibocom MA510 modem
    - slimbus: qcom: Fix IRQ check in qcom_slim_probe
    - serial: 8250_mtk: Fix UART_EFR register address
    - serial: 8250_mtk: Fix register address for XON/XOFF character
    - dr...

This bug was fixed in the package linux - 5.4.0-124.140

---------------
linux (5.4.0-124.140) focal; urgency=medium

* CVE-2022-2586
    - SAUCE: netfilter: nf_tables: do not allow SET_ID to refer to another table
    - SAUCE: netfilter: nf_tables: do not allow RULE_ID to refer to another chain

* CVE-2022-2588
    - SAUCE: net_sched: cls_route: remove from list when handle is 0

* CVE-2022-34918
    - netfilter: nf_tables: stricter validation of element data

linux (5.4.0-123.139) focal; urgency=medium

* focal/linux: 5.4.0-123.139 -proposed tracker (LP: #1981284)

* Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2022.07.11)

* Hairpin traffic does not work with centralized NAT gw (LP: #1967856)
    - net: openvswitch: fix misuse of the cached connection on tuple changes

* [UBUNTU 20.04] Include patches to avoid self-detected stall with Secure
    Execution (LP: #1979296)
    - KVM: s390: pv: add macros for UVC CC values
    - KVM: s390: pv: avoid stalls when making pages secure
    - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm

* Focal update: v5.4.195 upstream stable release (LP: #1980407)
    - batman-adv: Don't skb_split skbuffs with frag_list
    - hwmon: (tmp401) Add OF device ID table
    - mac80211: Reset MBSSID parameters upon connection
    - net: Fix features skip in for_each_netdev_feature()
    - ipv4: drop dst in multicast routing path
    - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name()
    - netlink: do not reset transport header in netlink_recvmsg()
    - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
    - dim: initialize all struct fields
    - hwmon: (ltq-cputemp) restrict it to SOC_XWAY
    - s390/ctcm: fix variable dereferenced before check
    - s390/ctcm: fix potential memory leak
    - s390/lcs: fix variable dereferenced before check
    - net/sched: act_pedit: really ensure the skb is writable
    - net/smc: non blocking recvmsg() return -EAGAIN when no data and
      signal_pending
    - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
    - gfs2: Fix filesystem block deallocation for short writes
    - hwmon: (f71882fg) Fix negative temperature
    - ASoC: max98090: Reject invalid values in custom control put()
    - ASoC: max98090: Generate notifications on changes for custom control
    - ASoC: ops: Validate input values in snd_soc_put_volsw_range()
    - s390: disable -Warray-bounds
    - net: emaclite: Don't advertise 1000BASE-T and do auto negotiation
    - tcp: resalt the secret every 10 seconds
    - tty: n_gsm: fix mux activation issues in gsm_config()
    - usb: cdc-wdm: fix reading stuck on device close
    - usb: typec: tcpci: Don't skip cleanup in .remove() on error
    - USB: serial: pl2303: add device id for HP LM930 Display
    - USB: serial: qcserial: add support for Sierra Wireless EM7590
    - USB: serial: option: add Fibocom L610 modem
    - USB: serial: option: add Fibocom MA510 modem
    - slimbus: qcom: Fix IRQ check in qcom_slim_probe
    - serial: 8250_mtk: Fix UART_EFR register address
    - serial: 8250_mtk: Fix register address for XON/XOFF character
    - drm/nouveau/tegra: Stop using iommu_present()
    - i40e: i40e_main: fix a missing check on list iterator
    - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
    - drm/vmwgfx: Initialize drm_mode_fb_cmd2
    - MIPS: fix build with gcc-12
    - net: phy: Fix race condition on link status change
    - arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map
    - ping: fix address binding wrt vrf
    - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe()
    - Linux 5.4.195

* Focal update: v5.4.194 upstream stable release (LP: #1980399)
    - MIPS: Use address-of operator on section symbols
    - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
    - drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version,
      environment} types
    - drm/i915: Cast remain to unsigned long in eb_relocate_vma
    - nfp: bpf: silence bitwise vs. logical OR warning
    - can: grcan: grcan_probe(): fix broken system id check for errata workaround
      needs
    - can: grcan: only use the NAPI poll budget for RX
    - arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL
    - [Config] updateconfigs for ARCH_HAS_HOLES_MEMORYMODEL
    - KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
    - x86/asm: Allow to pass macros to __ASM_FORM()
    - x86: xen: kvm: Gather the definition of emulate prefixes
    - x86: xen: insn: Decode Xen and KVM emulate-prefix signature
    - x86: kprobes: Prohibit probing on instruction which has emulate prefix
    - KVM: x86/svm: Account for family 17h event renumberings in
      amd_pmc_perf_hw_id
    - Bluetooth: Fix the creation of hdev->name
    - mm: fix missing cache flush for all tail pages of compound page
    - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
    - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and
      __mcopy_atomic()
    - Linux 5.4.194

* Focal update: v5.4.193 upstream stable release (LP: #1979566)
    - MIPS: Fix CP0 counter erratum detection for R4k CPUs
    - parisc: Merge model and model name into one line in /proc/cpuinfo
    - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
    - gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
    - Revert "SUNRPC: attempt AF_LOCAL connect on setup"
    - firewire: fix potential uaf in outbound_phy_packet_callback()
    - firewire: remove check of list iterator against head past the loop body
    - firewire: core: extend card->lock in fw_core_handle_bus_reset
    - ACPICA: Always create namespace nodes using acpi_ns_create_node()
    - genirq: Synchronize interrupt thread startup
    - ASoC: da7219: Fix change notifications for tone generator frequency
    - ASoC: wm8958: Fix change notifications for DSP controls
    - ASoC: meson: Fix event generation for G12A tohdmi mux
    - s390/dasd: fix data corruption for ESE devices
    - s390/dasd: prevent double format of tracks for ESE devices
    - s390/dasd: Fix read for ESE with blksize < 4k
    - s390/dasd: Fix read inconsistency for ESE DASD devices
    - can: grcan: grcan_close(): fix deadlock
    - can: grcan: use ofdev->dev when allocating DMA memory
    - nfc: replace improper check device_is_registered() in netlink related
      functions
    - NFC: netlink: fix sleep in atomic bug when firmware download timeout
    - hwmon: (adt7470) Fix warning on module removal
    - ASoC: dmaengine: Restore NULL prepare_slave_config() callback
    - RDMA/siw: Fix a condition race issue in MPA request processing
    - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init()
    - net: stmmac: dwmac-sun8i: add missing of_node_put() in
      sun8i_dwmac_register_mdio_mux()
    - net: emaclite: Add error handling for of_address_to_resource()
    - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is
      operational
    - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
    - smsc911x: allow using IRQ0
    - btrfs: always log symlinks in full mode
    - net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
    - drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu
    - NFSv4: Don't invalidate inode attributes on delegation return
    - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU
    - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
    - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised
    - net: ipv6: ensure we call ipv6_mc_down() at most once
    - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
    - mm: fix unexpected zeroed page mapping with zram swap
    - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
    - ALSA: pcm: Fix races among concurrent read/write and buffer changes
    - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
    - ALSA: pcm: Fix races among concurrent prealloc proc writes
    - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
    - tcp: make sure treq->af_specific is initialized
    - dm: fix mempool NULL pointer race when completing IO
    - dm: interlock pending dm_io and dm_wait_for_bios_completion
    - PCI: aardvark: Clear all MSIs at setup
    - PCI: aardvark: Fix reading MSI interrupt number
    - mmc: rtsx: add 74 Clocks in power on flow
    - Linux 5.4.193

* CVE-2022-1679
    - SAUCE: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb

* CVE-2022-28893
    - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
    - SUNRPC: Don't leak sockets in xs_local_connect()

* CVE-2022-1734
    - nfc: nfcmrvl: main: reorder destructive operations in
      nfcmrvl_nci_unregister_dev to avoid bugs

* CVE-2022-1652
    - floppy: use a statically allocated error counter

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Wed, 03 Aug 2022 22:48:34 -0300

Changed in linux (Ubuntu Focal):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-11-18:

#2

This bug is awaiting verification that the linux-xilinx-zynqmp/5.4.0-1019.22 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Ubuntu
linux package

Focal update: v5.4.194 upstream stable release

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Focal	Fix Released	Medium	Kamal Mostafa

Ubuntulinux package