Ubuntu
linux package

Lunar update: upstream stable patchset 2023-10-10

Bug #2038969 reported by Kamal Mostafa on 2023-10-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Lunar	Fix Released	Medium	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2023-10-10

Ported from the following upstream stable releases:
v6.1.46, v6.4.11

from git://git.kernel.org/

tpm: Disable RNG for all AMD fTPMs
tpm: Add a helper for checking hwrng enabled
ksmbd: validate command request size
ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea()
wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems()
wifi: rtw89: fix 8852AE disconnection caused by RX full flags
selftests: forwarding: Set default IPv6 traceroute utility
wireguard: allowedips: expand maximum node depth
mmc: moxart: read scr register without changing byte order
ipv6: adjust ndisc_is_useropt() to also return true for PIO
selftests: mptcp: join: fix 'delete and re-add' test
selftests: mptcp: join: fix 'implicit EP' test
mptcp: avoid bogus reset on fallback close
mptcp: fix disconnect vs accept race
dmaengine: pl330: Return DMA_PAUSED when transaction is paused
net: mana: Fix MANA VF unload when hardware is unresponsive
riscv/kexec: load initrd high in available memory
riscv,mmio: Fix readX()-to-delay() ordering
riscv/kexec: handle R_RISCV_CALL_PLT relocation type
nvme-pci: add NVME_QUIRK_BOGUS_NID for Samsung PM9B1 256G and 512G
drm/nouveau/gr: enable memory loads on helper invocation on all channels
drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues
drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap()
drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()
drm/amd/display: check attr flag before set cursor degamma on DCN3+
drm/amd/display: limit DPIA link rate to HBR3
cpuidle: dt_idle_genpd: Add helper function to remove genpd topology
hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100
radix tree test suite: fix incorrect allocation size for pthreads
nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput
drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings
drm/amd/pm: expose swctf threshold setting for legacy powerplay
drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings
drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation
io_uring: correct check for O_TMPFILE
iio: cros_ec: Fix the allocation size for cros_ec_command
iio: frequency: admv1013: propagate errors from regulator_get_voltage()
iio: adc: ad7192: Fix ac excitation feature
iio: adc: ina2xx: avoid NULL pointer dereference on OF device match
binder: fix memory leak in binder_init()
misc: rtsx: judge ASPM Mode to set PETXCFG Reg
usb-storage: alauda: Fix uninit-value in alauda_check_media()
usb: dwc3: Properly handle processing of pending events
USB: Gadget: core: Help prevent panic during UVC unconfigure
usb: common: usb-conn-gpio: Prevent bailing out if initial role is none
usb: typec: tcpm: Fix response to vsafe0V event
usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment
x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405
x86/mm: Fix VDSO and VVAR placement on 5-level paging machines
x86/sev: Do not try to parse for the CC blob on non-AMD hardware
x86/speculation: Add cpu_show_gds() prototype
drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes
iio: core: Prevent invalid memory access when there is no parent
interconnect: qcom: Add support for mask-based BCMs
interconnect: qcom: sm8450: add enable_mask for bcm nodes
selftests/rseq: Fix build with undefined __weak
selftests: forwarding: Add a helper to skip test when using veth pairs
selftests: forwarding: ethtool: Skip when using veth pairs
selftests: forwarding: ethtool_extended_state: Skip when using veth pairs
selftests: forwarding: hw_stats_l3_gre: Skip when using veth pairs
selftests: forwarding: Skip test when no interfaces are specified
selftests: forwarding: Switch off timeout
selftests: forwarding: tc_flower: Relax success criterion
net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail()
bpf, sockmap: Fix map type error in sock_map_del_link
bpf, sockmap: Fix bug that strp_done cannot be called
mISDN: Update parameter type of dsp_cmx_send()
macsec: use DEV_STATS_INC()
mptcp: fix the incorrect judgment for msk->cb_flags
net/packet: annotate data-races around tp->status
tcp: add missing family to tcp_set_ca_state() tracepoint
tunnels: fix kasan splat when generating ipv4 pmtu error
xsk: fix refcount underflow in error path
bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
dccp: fix data-race around dp->dccps_mss_cache
drivers: net: prevent tun_build_skb() to exceed the packet size limit
drivers: vxlan: vnifilter: free percpu vni stats on error path
iavf: fix potential races for FDIR filters
IB/hfi1: Fix possible panic during hotplug remove
drm/rockchip: Don't spam logs in atomic check
wifi: cfg80211: fix sband iftype data lookup for AP_VLAN
RDMA/umem: Set iova in ODP flow
net: tls: avoid discarding data on record close
net: marvell: prestera: fix handling IPv4 routes with nhid
net: phy: at803x: remove set/get wol callbacks for AR8032
net: dsa: ocelot: call dsa_tag_8021q_unregister() under rtnl_lock() on driver remove
net: hns3: refactor hclge_mac_link_status_wait for interface reuse
net: hns3: add wait until mac link down
net: hns3: fix deadlock issue when externel_lb and reset are executed together
nexthop: Fix infinite nexthop dump when using maximum nexthop ID
nexthop: Make nexthop bucket dump more efficient
nexthop: Fix infinite nexthop bucket dump when using maximum nexthop ID
net: hns3: fix strscpy causing content truncation issue
dmaengine: mcf-edma: Fix a potential un-allocated memory access
dmaengine: owl-dma: Modify mismatched function name
net/mlx5: Allow 0 for total host VFs
net/mlx5: LAG, Check correct bucket when modifying LAG
net/mlx5: Skip clock update work when device is in error state
net/mlx5: Reload auxiliary devices in pci error handlers
ibmvnic: Enforce stronger sanity checks on login response
ibmvnic: Unmap DMA login rsp buffer on send login fail
ibmvnic: Handle DMA unmapping of login buffs in release functions
ibmvnic: Do partial reset on login failure
ibmvnic: Ensure login failure recovery is safe from other resets
gpio: ws16c48: Fix off-by-one error in WS16C48 resource region extent
gpio: sim: mark the GPIO chip as a one that can sleep
btrfs: wait for actual caching progress during allocation
btrfs: don't stop integrity writeback too early
btrfs: properly clear end of the unreserved range in cow_file_range
btrfs: exit gracefully if reloc roots don't match
btrfs: reject invalid reloc tree root keys with stack dump
btrfs: set cache_block_group_error if we find an error
nvme-tcp: fix potential unbalanced freeze & unfreeze
nvme-rdma: fix potential unbalanced freeze & unfreeze
netfilter: nf_tables: report use refcount overflow
scsi: core: Fix legacy /proc parsing buffer overflow
scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
scsi: ufs: renesas: Fix private allocation
scsi: 53c700: Check that command slot is not NULL
scsi: snic: Fix possible memory leak if device_add() fails
scsi: core: Fix possible memory leak if device_add() fails
scsi: fnic: Replace return codes in fnic_clean_pending_aborts()
scsi: qedi: Fix firmware halt over suspend and resume
scsi: qedf: Fix firmware halt over suspend and resume
platform/x86: serial-multi-instantiate: Auto detect IRQ resource for CSC3551
ACPI: scan: Create platform device for CS35L56
alpha: remove __init annotation from exported page_is_ram()
drm/amd/pm/smu7: move variables to where they are used
mmc: sdhci-f-sdh30: Replace with sdhci_pltfm
cpuidle: psci: Move enabling OSI mode after power domains creation
zsmalloc: fix races between modifications of fullness and isolated
hugetlb: do not clear hugetlb dtor until allocating vmemmap
mm: memory-failure: fix potential unexpected return value from unpoison_memory()
mm: memory-failure: avoid false hwpoison page mapped error info
x86/linkage: Fix typo of BUILD_VDSO in asm/linkage.h
selftests: forwarding: bridge_mdb: Check iproute2 version
selftests: forwarding: tc_actions: Use ncat instead of nc
selftests: forwarding: bridge_mdb: Make test more robust
drm/bridge: it6505: Check power state with it6505->powered in IRQ handler
drm/nouveau: remove unused tu102_gr_load() function
UBUNTU: Upstream stable to v6.1.46, v6.4.11

See original description

Tags:

CVE References

Kamal Mostafa (kamalmostafa) on 2023-10-10

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
description:	updated
Changed in linux (Ubuntu):
status:	Confirmed → Invalid
Changed in linux (Ubuntu Lunar):
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Kamal Mostafa (kamalmostafa)

Kamal Mostafa (kamalmostafa) on 2023-10-10

description:

updated

Stefan Bader (smb) on 2023-10-16

Changed in linux (Ubuntu Lunar):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-12-04:

Download full text (39.0 KiB)

This bug was fixed in the package linux - 6.2.0-39.40

---------------
linux (6.2.0-39.40) lunar; urgency=medium

* lunar/linux: 6.2.0-39.40 -proposed tracker (LP: #2043451)

  * USB bus error after upgrading to proposed kernel on lunar and jammy
    (LP: #2043197)
    - USB: core: Fix oversight in SuperSpeed initialization

* Include cifs.ko in linux-modules package (LP: #2042546)
- [Packaging] Replace fs/cifs with fs/smb/client in inclusion list

linux (6.2.0-38.39) lunar; urgency=medium

* lunar/linux: 6.2.0-38.39 -proposed tracker (LP: #2041557)

* CVE-2023-25775
- RDMA/irdma: Prevent zero-length STAG registration

* CVE-2023-5345
- fs/smb/client: Reset password pointer to NULL

* CVE-2023-39189
- netfilter: nfnetlink_osf: avoid OOB read

  * SMC stats: Wrong bucket calculation for payload of exactly 4096 bytes
    (LP: #2039575)
    - net/smc: Fix pos miscalculation in statistics

  * [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
    (LP: #2033406)
    - [Packaging] Make WWAN driver loadable modules

* CVE-2023-45871
- igb: set max size RX buffer when store bad packet is enabled

* CVE-2023-39193
- netfilter: xt_sctp: validate the flag_info count

* CVE-2023-39192
- netfilter: xt_u32: validate user space input

* CVE-2023-31085
- ubi: Refuse attaching if mtd's erasesize is 0

* CVE-2023-5717
- perf: Disallow mis-matched inherited group reads

* CVE-2023-5178
- nvmet-tcp: Fix a possible UAF in queue intialization setup

* CVE-2023-5158
- vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()

* CVE-2023-5090
- x86: KVM: SVM: always update the x2avic msr interception

* usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439)
- [Packaging] Make linux-tools-common depend on hwdata

  * Unable to use nvme drive to install Ubuntu 23.10 (LP: #2040157)
    - misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to
      probe

This bug was fixed in the package linux - 6.2.0-39.40

---------------
linux (6.2.0-39.40) lunar; urgency=medium

* lunar/linux: 6.2.0-39.40 -proposed tracker (LP: #2043451)

* USB bus error after upgrading to proposed kernel on lunar and jammy
    (LP: #2043197)
    - USB: core: Fix oversight in SuperSpeed initialization

* Include cifs.ko in linux-modules package (LP: #2042546)
    - [Packaging] Replace fs/cifs with fs/smb/client in inclusion list

linux (6.2.0-38.39) lunar; urgency=medium

* lunar/linux: 6.2.0-38.39 -proposed tracker (LP: #2041557)

* CVE-2023-25775
    - RDMA/irdma: Prevent zero-length STAG registration

* CVE-2023-5345
    - fs/smb/client: Reset password pointer to NULL

* CVE-2023-39189
    - netfilter: nfnetlink_osf: avoid OOB read

* SMC stats: Wrong bucket calculation for payload of exactly 4096 bytes
    (LP: #2039575)
    - net/smc: Fix pos miscalculation in statistics

* [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
    (LP: #2033406)
    - [Packaging] Make WWAN driver loadable modules

* CVE-2023-45871
    - igb: set max size RX buffer when store bad packet is enabled

* CVE-2023-39193
    - netfilter: xt_sctp: validate the flag_info count

* CVE-2023-39192
    - netfilter: xt_u32: validate user space input

* CVE-2023-31085
    - ubi: Refuse attaching if mtd's erasesize is 0

* CVE-2023-5717
    - perf: Disallow mis-matched inherited group reads

* CVE-2023-5178
    - nvmet-tcp: Fix a possible UAF in queue intialization setup

* CVE-2023-5158
    - vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()

* CVE-2023-5090
    - x86: KVM: SVM: always update the x2avic msr interception

* usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439)
    - [Packaging] Make linux-tools-common depend on hwdata

* Unable to use nvme drive to install Ubuntu 23.10 (LP: #2040157)
    - misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to
      probe

* Lunar update: upstream stable patchset 2023-10-19 (LP: #2039884)
    - ACPI: thermal: Drop nocrt parameter
    - module: Expose module_init_layout_section()
    - arm64: module-plts: inline linux/moduleloader.h
    - arm64: module: Use module_init_layout_section() to spot init sections
    - ARM: module: Use module_init_layout_section() to spot init sections
    - lockdep: fix static memory detection even more
    - parisc: Cleanup mmap implementation regarding color alignment
    - parisc: sys_parisc: parisc_personality() is called from asm code
    - io_uring/parisc: Adjust pgoff in io_uring mmap() for parisc
    - kallsyms: Fix kallsyms_selftest failure
    - module/decompress: use vmalloc() for zstd decompression workspace
    - Upstream stable to v6.1.51, v6.4.14
    - erofs: ensure that the post-EOF tails are all zeroed
    - ksmbd: fix wrong DataOffset validation of create context
    - ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
    - ksmbd: replace one-element array with flex-array member in struct
      smb2_ea_info
    - ksmbd: reduce descriptor size if remaining bytes is less than request size
    - ARM: pxa: remove use of symbol_get()
    - mmc: au1xmmc: force non-modular build and remove symbol_get usage
    - net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index
    - rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff
    - modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
    - USB: serial: option: add Quectel EM05G variant (0x030e)
    - USB: serial: option: add FOXCONN T99W368/T99W373 product
    - ALSA: usb-audio: Fix init call orders for UAC1
    - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption
    - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0
    - HID: wacom: remove the battery when the EKR is off
    - staging: rtl8712: fix race condition
    - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race
      condition
    - wifi: mt76: mt7921: do not support one stream on secondary antenna only
    - wifi: mt76: mt7921: fix skb leak by txs missing in AMSDU
    - serial: qcom-geni: fix opp vote on shutdown
    - serial: sc16is7xx: fix broken port 0 uart init
    - serial: sc16is7xx: fix bug when first setting GPIO direction
    - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
    - fsi: master-ast-cf: Add MODULE_FIRMWARE macro
    - tcpm: Avoid soft reset when partner does not support get_status
    - dt-bindings: sc16is7xx: Add property to change GPIO function
    - nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
    - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
    - usb: typec: tcpci: clear the fault status bit
    - pinctrl: amd: Don't show `Invalid config param` errors
    - wifi: rtw88: usb: kill and free rx urbs on probe failure
    - Upstream stable to v6.1.52, v6.4.15

* Lunar update: upstream stable patchset 2023-10-18 (LP: #2039742)
    - NFSv4.2: fix error handling in nfs42_proc_getxattr
    - NFSv4: fix out path in __nfs4_get_acl_uncached
    - xprtrdma: Remap Receive buffers after a reconnect
    - drm/ast: Use drm_aperture_remove_conflicting_pci_framebuffers
    - fbdev/radeon: use pci aperture helpers
    - PCI: acpiphp: Reassign resources on bridge if necessary
    - MIPS: cpu-features: Enable octeon_cache by cpu_type
    - MIPS: cpu-features: Use boot_cpu_type for CPU type based features
    - jbd2: remove t_checkpoint_io_list
    - jbd2: remove journal_clean_one_cp_list()
    - jbd2: fix a race when checking checkpoint buffer busy
    - can: raw: fix receiver memory leak
    - can: raw: fix lockdep issue in raw_release()
    - s390/zcrypt: remove unnecessary (void *) conversions
    - s390/zcrypt: fix reply buffer calculations for CCA replies
    - drm/i915: Add the gen12_needs_ccs_aux_inv helper
    - drm/i915/gt: Ensure memory quiesced before invalidation
    - drm/i915/gt: Poll aux invalidation register bit on invalidation
    - drm/i915/gt: Support aux invalidation on all engines
    - tracing: Fix cpu buffers unavailable due to 'record_disabled' missed
    - tracing: Fix memleak due to race between current_tracer and trace
    - octeontx2-af: SDP: fix receive link config
    - devlink: move code to a dedicated directory
    - devlink: add missing unregister linecard notification
    - net: dsa: felix: fix oversize frame dropping for always closed tc-taprio
      gates
    - sock: annotate data-races around prot->memory_pressure
    - dccp: annotate data-races in dccp_poll()
    - ipvlan: Fix a reference count leak warning in ipvlan_ns_exit()
    - mlxsw: pci: Set time stamp fields also when its type is MIRROR_UTC
    - mlxsw: reg: Fix SSPR register layout
    - mlxsw: Fix the size of 'VIRT_ROUTER_MSB'
    - selftests: mlxsw: Fix test failure on Spectrum-4
    - net: dsa: mt7530: fix handling of 802.1X PAE frames
    - net: bgmac: Fix return value check for fixed_phy_register()
    - net: bcmgenet: Fix return value check for fixed_phy_register()
    - net: validate veth and vxcan peer ifindexes
    - ipv4: fix data-races around inet->inet_id
    - ice: fix receive buffer size miscalculation
    - Revert "ice: Fix ice VF reset during iavf initialization"
    - ice: Fix NULL pointer deref during VF reset
    - selftests: bonding: do not set port down before adding to bond
    - can: isotp: fix support for transmission of SF without flow control
    - igb: Avoid starting unnecessary workqueues
    - igc: Fix the typo in the PTM Control macro
    - net/sched: fix a qdisc modification with ambiguous command request
    - i40e: fix potential NULL pointer dereferencing of pf->vf
      i40e_sync_vsi_filters()
    - netfilter: nf_tables: flush pending destroy work before netlink notifier
    - netfilter: nf_tables: fix out of memory error handling
    - rtnetlink: Reject negative ifindexes in RTM_NEWLINK
    - bonding: fix macvlan over alb bond support
    - KVM: x86/mmu: Fix an sign-extension bug with mmu_seq that hangs vCPUs
    - ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x
    - ASoC: cs35l41: Correct amp_gain_tlv values
    - ibmveth: Use dcbf rather than dcbfl
    - wifi: mac80211: limit reorder_buf_filtered to avoid UBSAN warning
    - platform/x86: ideapad-laptop: Add support for new hotkeys found on ThinkBook
      14s Yoga ITL
    - NFSv4: Fix dropped lock for racing OPEN and delegation return
    - clk: Fix slab-out-of-bounds error in devm_clk_release()
    - mm,ima,kexec,of: use memblock_free_late from ima_free_kexec_buffer
    - shmem: fix smaps BUG sleeping while atomic
    - ALSA: ymfpci: Fix the missing snd_card_free() call at probe error
    - mm/gup: handle cont-PTE hugetlb pages correctly in gup_must_unshare() via
      GUP-fast
    - mm: add a call to flush_cache_vmap() in vmap_pfn()
    - mm: memory-failure: fix unexpected return value in soft_offline_page()
    - NFS: Fix a use after free in nfs_direct_join_group()
    - nfsd: Fix race to FREE_STATEID and cl_revoked
    - selinux: set next pointer before attaching to list
    - batman-adv: Trigger events for auto adjusted MTU
    - batman-adv: Don't increase MTU when set by user
    - batman-adv: Do not get eth header before batadv_check_management_packet
    - batman-adv: Fix TT global entry leak when client roamed back
    - batman-adv: Fix batadv_v_ogm_aggr_send memory leak
    - batman-adv: Hold rtnl lock during MTU update via netlink
    - lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels
    - riscv: Handle zicsr/zifencei issue between gcc and binutils
    - riscv: Fix build errors using binutils2.37 toolchains
    - radix tree: remove unused variable
    - of: unittest: Fix EXPECT for parse_phandle_with_args_map() test
    - of: dynamic: Refactor action prints to not use "%pOF" inside devtree_lock
    - pinctrl: amd: Mask wake bits on probe again
    - media: vcodec: Fix potential array out-of-bounds in encoder queue_setup
    - PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root
      bus
    - drm/vmwgfx: Fix shader stage validation
    - drm/display/dp: Fix the DP DSC Receiver cap size
    - x86/fpu: Invalidate FPU state correctly on exec()
    - hwmon: (aquacomputer_d5next) Add selective 200ms delay after sending ctrl
      report
    - nfs: use vfs setgid helper
    - nfsd: use vfs setgid helper
    - cgroup/cpuset: Rename functions dealing with DEADLINE accounting
    - sched/cpuset: Bring back cpuset_mutex
    - sched/cpuset: Keep track of SCHED_DEADLINE task in cpusets
    - cgroup/cpuset: Iterate only if DEADLINE tasks are present
    - sched/deadline: Create DL BW alloc, free & check overflow interface
    - cgroup/cpuset: Free DL BW in case can_attach() fails
    - ublk: remove check IO_URING_F_SQE128 in ublk_ch_uring_cmd
    - can: raw: add missing refcount for memory leak fix
    - madvise:madvise_free_pte_range(): don't use mapcount() against large folio
      for sharing check
    - scsi: snic: Fix double free in snic_tgt_create()
    - scsi: core: raid_class: Remove raid_component_add()
    - clk: Fix undefined reference to `clk_rate_exclusive_{get,put}'
    - pinctrl: renesas: rzg2l: Fix NULL pointer dereference in
      rzg2l_dt_subnode_to_map()
    - pinctrl: renesas: rzv2m: Fix NULL pointer dereference in
      rzv2m_dt_subnode_to_map()
    - pinctrl: renesas: rza2: Add lock around
      pinctrl_generic{{add,remove}_group,{add,remove}_function}
    - dma-buf/sw_sync: Avoid recursive lock during fence signal
    - gpio: sim: dispose of irq mappings before destroying the irq_sim domain
    - gpio: sim: pass the GPIO device's software node to irq domain
    - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ
    - maple_tree: disable mas_wr_append() when other readers are possible
    - ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG
    - tg3: Use slab_build_skb() when needed
    - Upstream stable to v6.1.50, v6.4.13

* CVE-2023-42754
    - ipv4: fix null-deref in ipv4_link_failure

* Remove duplication of devm_pwmchip_add function definition (LP: #2039542)
    - Revert "pwm: Add a stub for devm_pwmchip_add()"

* Lunar update: upstream stable patchset 2023-10-11 (LP: #2039110)
    - selftests: forwarding: tc_actions: cleanup temporary files when test is
      aborted
    - net/smc: replace mutex rmbs_lock and sndbufs_lock with rw_semaphore
    - net: phy: at803x: Use devm_regulator_get_enable_optional()
    - net: phy: at803x: fix the wol setting functions
    - drm/amdgpu: fix calltrace warning in amddrm_buddy_fini
    - drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1
    - drm/amdgpu: fix memory leak in mes self test
    - ASoC: Intel: sof_sdw: add quirk for MTL RVP
    - ASoC: Intel: sof_sdw: add quirk for LNL RVP
    - PCI: tegra194: Fix possible array out of bounds access
    - ASoC: SOF: amd: Add pci revision id check
    - drm/stm: ltdc: fix late dereference check
    - drm: rcar-du: remove R-Car H3 ES1.* workarounds
    - ASoC: amd: vangogh: Add check for acp config flags in vangogh platform
    - ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings
    - ASoC: Intel: sof_sdw_rt_sdca_jack_common: test SOF_JACK_JDSRC in _exit
    - ASoC: Intel: sof_sdw: Add support for Rex soundwire
    - iopoll: Call cpu_relax() in busy loops
    - ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion
    - dma-remap: use kvmalloc_array/kvfree for larger dma memory remap
    - accel/habanalabs: add pci health check during heartbeat
    - HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL
      Keyboard
    - iommu/amd: Introduce Disable IRTE Caching Support
    - drm/amdgpu: install stub fence into potential unused fence pointers
    - drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz
    - RDMA/mlx5: Return the firmware result upon destroying QP/RQ
    - drm/amd/display: Skip DPP DTO update if root clock is gated
    - drm/amd/display: Enable dcn314 DPP RCO
    - ASoC: SOF: core: Free the firmware trace before calling snd_sof_shutdown()
    - HID: intel-ish-hid: ipc: Add Arrow Lake PCI device ID
    - ALSA: hda/realtek: Add quirks for ROG ALLY CS35l41 audio
    - smb: client: fix warning in cifs_smb3_do_mount()
    - cifs: fix session state check in reconnect to avoid use-after-free issue
    - serial: stm32: Ignore return value of uart_remove_one_port() in .remove()
    - led: qcom-lpg: Fix resource leaks in for_each_available_child_of_node()
      loops
    - media: v4l2-mem2mem: add lock to protect parameter num_rdy
    - media: camss: set VFE bpl_alignment to 16 for sdm845 and sm8250
    - usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push
    - usb: gadget: uvc: queue empty isoc requests if no video buffer is available
    - media: platform: mediatek: vpu: fix NULL ptr dereference
    - thunderbolt: Read retimer NVM authentication status prior
      tb_retimer_set_inbound_sbtx()
    - usb: chipidea: imx: don't request QoS for imx8ulp
    - usb: chipidea: imx: add missing USB PHY DPDM wakeup setting
    - gfs2: Fix possible data races in gfs2_show_options()
    - pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db()
    - thunderbolt: Add Intel Barlow Ridge PCI ID
    - thunderbolt: Limit Intel Barlow Ridge USB3 bandwidth
    - firewire: net: fix use after free in fwnet_finish_incoming_packet()
    - watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub)
    - Bluetooth: L2CAP: Fix use-after-free
    - Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally
    - ceph: try to dump the msgs when decoding fails
    - drm/amdgpu: Fix potential fence use-after-free v2
    - fs/ntfs3: Enhance sanity check while generating attr_list
    - fs: ntfs3: Fix possible null-pointer dereferences in mi_read()
    - fs/ntfs3: Mark ntfs dirty when on-disk struct is corrupted
    - ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760
    - ALSA: hda: fix a possible null-pointer dereference due to data race in
      snd_hdac_regmap_sync()
    - ALSA: hda/realtek: Add quirk for ASUS ROG GX650P
    - ALSA: hda/realtek: Add quirk for ASUS ROG GA402X
    - ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V
    - powerpc/kasan: Disable KCOV in KASAN code
    - Bluetooth: MGMT: Use correct address for memcpy()
    - ring-buffer: Do not swap cpu_buffer during resize process
    - igc: read before write to SRRCTL register
    - drm/amd/display: save restore hdcp state when display is unplugged from mst
      hub
    - drm/amd/display: phase3 mst hdcp for multiple displays
    - drm/amd/display: fix access hdcp_workqueue assert
    - fbdev/hyperv-fb: Do not set struct fb_info.apertures
    - btrfs: move out now unused BG from the reclaim list
    - btrfs: fix use-after-free of new block group that became unused
    - virtio-mmio: don't break lifecycle of vm_dev
    - vduse: Use proper spinlock for IRQ injection
    - vdpa/mlx5: Fix mr->initialized semantics
    - vdpa/mlx5: Delete control vq iotlb in destroy_mr only when necessary
    - cifs: fix potential oops in cifs_oplock_break
    - i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue
    - i2c: hisi: Only handle the interrupt of the driver's transfer
    - i2c: tegra: Fix i2c-tegra DMA config option processing
    - fbdev: mmp: fix value check in mmphw_probe()
    - powerpc/rtas_flash: allow user copy to flash block cache objects
    - vdpa: Add features attr to vdpa_nl_policy for nlattr length check
    - vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check
    - vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check
    - vdpa: Enable strict validation for netlinks ops
    - tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux
    - tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32
      platforms
    - btrfs: fix incorrect splitting in btrfs_drop_extent_map_range
    - btrfs: fix BUG_ON condition in btrfs_cancel_balance
    - i2c: designware: Correct length byte validation logic
    - i2c: designware: Handle invalid SMBus block data response length value
    - net: xfrm: Fix xfrm_address_filter OOB read
    - net: af_key: fix sadb_x_filter validation
    - net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure
    - xfrm: fix slab-use-after-free in decode_session6
    - ip6_vti: fix slab-use-after-free in decode_session6
    - ip_vti: fix potential slab-use-after-free in decode_session6
    - xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH
    - virtio_net: notify MAC address change on device initialization
    - virtio-net: set queues after driver_ok
    - net: pcs: Add missing put_device call in miic_create
    - net: phy: fix IRQ-based wake-on-lan over hibernate / power off
    - selftests: mirror_gre_changes: Tighten up the TTL test match
    - drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs
    - net: macb: In ZynqMP resume always configure PS GTR for non-wakeup source
    - octeon_ep: cancel tx_timeout_task later in remove sequence
    - netfilter: nf_tables: fix false-positive lockdep splat
    - ipvs: fix racy memcpy in proc_do_sync_threshold
    - net: phy: broadcom: stub c45 read/write for 54810
    - team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
    - net: openvswitch: reject negative ifindex
    - iavf: fix FDIR rule fields masks validation
    - i40e: fix misleading debug logs
    - net: dsa: mv88e6xxx: Wait for EEPROM done before HW reset
    - sfc: don't unregister flow_indr if it was never registered
    - sock: Fix misuse of sk_under_memory_pressure()
    - net: do not allow gso_size to be set to GSO_BY_FRAGS
    - qede: fix firmware halt over suspend and resume
    - ice: Block switchdev mode when ADQ is active and vice versa
    - bus: ti-sysc: Flush posted write on enable before reset
    - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict
    - arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4
    - arm64: dts: rockchip: Disable HS400 for eMMC on ROCK 4C+
    - ARM: dts: imx: align LED node names with dtschema
    - ARM: dts: imx6: phytec: fix RTC interrupt level
    - arm64: dts: imx8mm: Drop CSI1 PHY reference clock configuration
    - ARM: dts: imx: Set default tuning step for imx6sx usdhc
    - arm64: dts: imx93: Fix anatop node size
    - ASoC: rt5665: add missed regulator_bulk_disable
    - ASoC: meson: axg-tdm-formatter: fix channel slot allocation
    - ALSA: hda/realtek: Add quirks for HP G11 Laptops
    - soc: aspeed: uart-routing: Use __sysfs_match_string
    - soc: aspeed: socinfo: Add kfree for kstrdup
    - ALSA: hda/realtek - Remodified 3k pull low procedure
    - riscv: uaccess: Return the number of bytes effectively not copied
    - serial: 8250: Fix oops for port->pm on uart_change_pm()
    - ALSA: usb-audio: Add support for Mythware XA001AU capture and playback
      interfaces.
    - cifs: Release folio lock on fscache read hit.
    - virtio-net: Zero max_tx_vq field for VIRTIO_NET_CTRL_MQ_HASH_CONFIG case
    - arm64: dts: rockchip: Fix Wifi/Bluetooth on ROCK Pi 4 boards
    - blk-crypto: dynamically allocate fallback profile
    - mmc: wbsd: fix double mmc_free_host() in wbsd_init()
    - mmc: block: Fix in_flight[issue_type] value error
    - drm/qxl: fix UAF on handle creation
    - drm/i915/sdvo: fix panel_type initialization
    - drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7
    - ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG
    - drm/amd/display: disable RCO for DCN314
    - zsmalloc: allow only one active pool compaction context
    - sched/fair: unlink misfit task from cpu overutilized
    - sched/fair: Remove capacity inversion detection
    - drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV
      register
    - netfilter: set default timeout to 3 secs for sctp shutdown send and recv
      state
    - arm64/ptrace: Ensure that SME is set up for target when writing SSVE state
    - drm/amdgpu: keep irq count in amdgpu_irq_disable_all
    - drm/nouveau/disp: fix use-after-free in error handling of
      nouveau_connector_create
    - net: fix the RTO timer retransmitting skb every 1ms if linear option is
      enabled
    - mmc: f-sdh30: fix order of function calls in sdhci_f_sdh30_remove
    - rust: macros: vtable: fix `HAS_*` redefinition (`gen_const_name`)
    - media: mtk-jpeg: Set platform driver data earlier
    - xfrm: delete offloaded policy
    - xfrm: don't skip free of empty state in acquire policy
    - ARM: dts: imx: Set default tuning step for imx7d usdhc
    - smb: client: fix null auth
    - mmc: sunplus: fix return value check of mmc_add_host()
    - Upstream stable to v6.1.47, v6.4.12

* Lunar update: upstream stable patchset 2023-10-10 (LP: #2038969)
    - tpm: Disable RNG for all AMD fTPMs
    - tpm: Add a helper for checking hwrng enabled
    - ksmbd: validate command request size
    - ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea()
    - wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems()
    - wifi: rtw89: fix 8852AE disconnection caused by RX full flags
    - selftests: forwarding: Set default IPv6 traceroute utility
    - wireguard: allowedips: expand maximum node depth
    - mmc: moxart: read scr register without changing byte order
    - ipv6: adjust ndisc_is_useropt() to also return true for PIO
    - selftests: mptcp: join: fix 'delete and re-add' test
    - selftests: mptcp: join: fix 'implicit EP' test
    - mptcp: avoid bogus reset on fallback close
    - mptcp: fix disconnect vs accept race
    - dmaengine: pl330: Return DMA_PAUSED when transaction is paused
    - net: mana: Fix MANA VF unload when hardware is unresponsive
    - riscv/kexec: load initrd high in available memory
    - riscv,mmio: Fix readX()-to-delay() ordering
    - riscv/kexec: handle R_RISCV_CALL_PLT relocation type
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for Samsung PM9B1 256G and 512G
    - drm/nouveau/gr: enable memory loads on helper invocation on all channels
    - drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues
    - drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap()
    - drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()
    - drm/amd/display: check attr flag before set cursor degamma on DCN3+
    - drm/amd/display: limit DPIA link rate to HBR3
    - cpuidle: dt_idle_genpd: Add helper function to remove genpd topology
    - hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100
    - radix tree test suite: fix incorrect allocation size for pthreads
    - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput
    - drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings
    - drm/amd/pm: expose swctf threshold setting for legacy powerplay
    - drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock
      settings
    - drm/amd/pm: avoid unintentional shutdown due to temperature momentary
      fluctuation
    - io_uring: correct check for O_TMPFILE
    - iio: cros_ec: Fix the allocation size for cros_ec_command
    - iio: frequency: admv1013: propagate errors from regulator_get_voltage()
    - iio: adc: ad7192: Fix ac excitation feature
    - iio: adc: ina2xx: avoid NULL pointer dereference on OF device match
    - binder: fix memory leak in binder_init()
    - misc: rtsx: judge ASPM Mode to set PETXCFG Reg
    - usb-storage: alauda: Fix uninit-value in alauda_check_media()
    - usb: dwc3: Properly handle processing of pending events
    - USB: Gadget: core: Help prevent panic during UVC unconfigure
    - usb: common: usb-conn-gpio: Prevent bailing out if initial role is none
    - usb: typec: tcpm: Fix response to vsafe0V event
    - usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment
    - x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405
    - x86/mm: Fix VDSO and VVAR placement on 5-level paging machines
    - x86/sev: Do not try to parse for the CC blob on non-AMD hardware
    - x86/speculation: Add cpu_show_gds() prototype
    - drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes
    - iio: core: Prevent invalid memory access when there is no parent
    - interconnect: qcom: Add support for mask-based BCMs
    - interconnect: qcom: sm8450: add enable_mask for bcm nodes
    - selftests/rseq: Fix build with undefined __weak
    - selftests: forwarding: Add a helper to skip test when using veth pairs
    - selftests: forwarding: ethtool: Skip when using veth pairs
    - selftests: forwarding: ethtool_extended_state: Skip when using veth pairs
    - selftests: forwarding: hw_stats_l3_gre: Skip when using veth pairs
    - selftests: forwarding: Skip test when no interfaces are specified
    - selftests: forwarding: Switch off timeout
    - selftests: forwarding: tc_flower: Relax success criterion
    - net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail()
    - bpf, sockmap: Fix map type error in sock_map_del_link
    - bpf, sockmap: Fix bug that strp_done cannot be called
    - mISDN: Update parameter type of dsp_cmx_send()
    - macsec: use DEV_STATS_INC()
    - mptcp: fix the incorrect judgment for msk->cb_flags
    - net/packet: annotate data-races around tp->status
    - tcp: add missing family to tcp_set_ca_state() tracepoint
    - tunnels: fix kasan splat when generating ipv4 pmtu error
    - xsk: fix refcount underflow in error path
    - bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
    - dccp: fix data-race around dp->dccps_mss_cache
    - drivers: net: prevent tun_build_skb() to exceed the packet size limit
    - drivers: vxlan: vnifilter: free percpu vni stats on error path
    - iavf: fix potential races for FDIR filters
    - IB/hfi1: Fix possible panic during hotplug remove
    - drm/rockchip: Don't spam logs in atomic check
    - wifi: cfg80211: fix sband iftype data lookup for AP_VLAN
    - RDMA/umem: Set iova in ODP flow
    - net: tls: avoid discarding data on record close
    - net: marvell: prestera: fix handling IPv4 routes with nhid
    - net: phy: at803x: remove set/get wol callbacks for AR8032
    - net: dsa: ocelot: call dsa_tag_8021q_unregister() under rtnl_lock() on
      driver remove
    - net: hns3: refactor hclge_mac_link_status_wait for interface reuse
    - net: hns3: add wait until mac link down
    - net: hns3: fix deadlock issue when externel_lb and reset are executed
      together
    - nexthop: Fix infinite nexthop dump when using maximum nexthop ID
    - nexthop: Make nexthop bucket dump more efficient
    - nexthop: Fix infinite nexthop bucket dump when using maximum nexthop ID
    - net: hns3: fix strscpy causing content truncation issue
    - dmaengine: mcf-edma: Fix a potential un-allocated memory access
    - dmaengine: owl-dma: Modify mismatched function name
    - net/mlx5: Allow 0 for total host VFs
    - net/mlx5: LAG, Check correct bucket when modifying LAG
    - net/mlx5: Skip clock update work when device is in error state
    - net/mlx5: Reload auxiliary devices in pci error handlers
    - ibmvnic: Enforce stronger sanity checks on login response
    - ibmvnic: Unmap DMA login rsp buffer on send login fail
    - ibmvnic: Handle DMA unmapping of login buffs in release functions
    - ibmvnic: Do partial reset on login failure
    - ibmvnic: Ensure login failure recovery is safe from other resets
    - gpio: ws16c48: Fix off-by-one error in WS16C48 resource region extent
    - gpio: sim: mark the GPIO chip as a one that can sleep
    - btrfs: wait for actual caching progress during allocation
    - btrfs: don't stop integrity writeback too early
    - btrfs: properly clear end of the unreserved range in cow_file_range
    - btrfs: exit gracefully if reloc roots don't match
    - btrfs: reject invalid reloc tree root keys with stack dump
    - btrfs: set cache_block_group_error if we find an error
    - nvme-tcp: fix potential unbalanced freeze & unfreeze
    - nvme-rdma: fix potential unbalanced freeze & unfreeze
    - netfilter: nf_tables: report use refcount overflow
    - scsi: core: Fix legacy /proc parsing buffer overflow
    - scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
    - scsi: ufs: renesas: Fix private allocation
    - scsi: 53c700: Check that command slot is not NULL
    - scsi: snic: Fix possible memory leak if device_add() fails
    - scsi: core: Fix possible memory leak if device_add() fails
    - scsi: fnic: Replace return codes in fnic_clean_pending_aborts()
    - scsi: qedi: Fix firmware halt over suspend and resume
    - scsi: qedf: Fix firmware halt over suspend and resume
    - platform/x86: serial-multi-instantiate: Auto detect IRQ resource for CSC3551
    - ACPI: scan: Create platform device for CS35L56
    - alpha: remove __init annotation from exported page_is_ram()
    - drm/amd/pm/smu7: move variables to where they are used
    - mmc: sdhci-f-sdh30: Replace with sdhci_pltfm
    - cpuidle: psci: Move enabling OSI mode after power domains creation
    - zsmalloc: fix races between modifications of fullness and isolated
    - hugetlb: do not clear hugetlb dtor until allocating vmemmap
    - mm: memory-failure: fix potential unexpected return value from
      unpoison_memory()
    - mm: memory-failure: avoid false hwpoison page mapped error info
    - x86/linkage: Fix typo of BUILD_VDSO in asm/linkage.h
    - selftests: forwarding: bridge_mdb: Check iproute2 version
    - selftests: forwarding: tc_actions: Use ncat instead of nc
    - selftests: forwarding: bridge_mdb: Make test more robust
    - drm/bridge: it6505: Check power state with it6505->powered in IRQ handler
    - drm/nouveau: remove unused tu102_gr_load() function
    - Upstream stable to v6.1.46, v6.4.11

* Lunar update: upstream stable patchset 2023-10-02 (LP: #2038236)
    - Upstream stable to v6.1.44, v6.4.9
    - net/mlx5: Free irqs only on shutdown callback
    - iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
    - iommu/arm-smmu-v3: Document MMU-700 erratum 2812531
    - iommu/arm-smmu-v3: Add explicit feature for nesting
    - iommu/arm-smmu-v3: Document nesting-related errata
    - arm64: dts: imx8mm-venice-gw7903: disable disp_blk_ctrl
    - arm64: dts: imx8mm-venice-gw7904: disable disp_blk_ctrl
    - arm64: dts: phycore-imx8mm: Label typo-fix of VPU
    - arm64: dts: phycore-imx8mm: Correction in gpio-line-names
    - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux
    - arm64: dts: freescale: Fix VPU G2 clock
    - firmware: smccc: Fix use of uninitialised results structure
    - lib/bitmap: workaround const_eval test build failure
    - firmware: arm_scmi: Fix chan_free cleanup on SMC
    - word-at-a-time: use the same return type for has_zero regardless of
      endianness
    - KVM: s390: fix sthyi error handling
    - erofs: fix wrong primary bvec selection on deduplicated extents
    - wifi: cfg80211: Fix return value in scan logic
    - net/mlx5e: fix double free in macsec_fs_tx_create_crypto_table_groups
    - net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
    - net/mlx5: fix potential memory leak in mlx5e_init_rep_rx
    - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
    - net/mlx5e: Fix crash moving to switchdev mode when ntuple offload is set
    - net/mlx5e: Move representor neigh cleanup to profile cleanup_tx
    - bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing
    - rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length
    - net: dsa: fix value check in bcm_sf2_sw_probe()
    - perf test uprobe_from_different_cu: Skip if there is no gcc
    - net: sched: cls_u32: Fix match key mis-addressing
    - mISDN: hfcpci: Fix potential deadlock on &hc->lock
    - qed: Fix scheduling in a tasklet while getting stats
    - net: annotate data-races around sk->sk_reserved_mem
    - net: annotate data-race around sk->sk_txrehash
    - net: annotate data-races around sk->sk_max_pacing_rate
    - net: add missing READ_ONCE(sk->sk_rcvlowat) annotation
    - net: add missing READ_ONCE(sk->sk_sndbuf) annotation
    - net: add missing READ_ONCE(sk->sk_rcvbuf) annotation
    - net: annotate data-races around sk->sk_mark
    - net: add missing data-race annotations around sk->sk_peek_off
    - net: add missing data-race annotation for sk_ll_usec
    - net: annotate data-races around sk->sk_priority
    - net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX.
    - ice: Fix RDMA VSI removal during queue rebuild
    - bpf, cpumap: Handle skb as well when clean up ptr_ring
    - bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire
    - net: ll_temac: fix error checking of irq_of_parse_and_map()
    - net: korina: handle clk prepare error in korina_probe()
    - net: netsec: Ignore 'phy-mode' on SynQuacer in DT mode
    - bnxt_en: Fix page pool logic for page size >= 64K
    - bnxt_en: Fix max_mtu setting for multi-buf XDP
    - net: dcb: choose correct policy to parse DCB_ATTR_BCN
    - s390/qeth: Don't call dev_close/dev_open (DOWN/UP)
    - ip6mr: Fix skb_under_panic in ip6mr_cache_report()
    - vxlan: Fix nexthop hash size
    - net/mlx5: fs_core: Make find_closest_ft more generic
    - net/mlx5: fs_core: Skip the FTs in the same FS_TYPE_PRIO_CHAINS fs_prio
    - prestera: fix fallback to previous version on same major version
    - tcp_metrics: fix addr_same() helper
    - tcp_metrics: annotate data-races around tm->tcpm_stamp
    - tcp_metrics: annotate data-races around tm->tcpm_lock
    - tcp_metrics: annotate data-races around tm->tcpm_vals[]
    - tcp_metrics: annotate data-races around tm->tcpm_net
    - tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
    - rust: allocator: Prevent mis-aligned allocation
    - scsi: zfcp: Defer fc_rport blocking until after ADISC response
    - scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices
    - libceph: fix potential hang in ceph_osdc_notify()
    - USB: zaurus: Add ID for A-300/B-500/C-700
    - ceph: defer stopping mdsc delayed_work
    - firmware: arm_scmi: Drop OF node reference in the transport channel setup
    - exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree
    - exfat: release s_lock before calling dir_emit()
    - mtd: spinand: toshiba: Fix ecc_get_status
    - mtd: rawnand: meson: fix OOB available bytes for ECC
    - bpf: Disable preemption in bpf_perf_event_output
    - arm64: dts: stratix10: fix incorrect I2C property for SCL signal
    - wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC)
    - x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction
    - rbd: prevent busy loop when requesting exclusive lock
    - bpf: Disable preemption in bpf_event_output
    - powerpc/ftrace: Create a dummy stackframe to fix stack unwind
    - arm64/fpsimd: Sync and zero pad FPSIMD state for streaming SVE
    - arm64/fpsimd: Clear SME state in the target task when setting the VL
    - arm64/fpsimd: Sync FPSIMD state with SVE for SME only systems
    - open: make RESOLVE_CACHED correctly test for O_TMPFILE
    - drm/ttm: check null pointer before accessing when swapping
    - drm/i915: Fix premature release of request's reusable memory
    - drm/i915/gt: Cleanup aux invalidation registers
    - clk: imx93: Propagate correct error in imx93_clocks_probe()
    - bpf, cpumap: Make sure kthread is running before map update returns
    - file: reinstate f_pos locking optimization for regular files
    - mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required()
    - fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_load_attr_list()
    - fs/sysv: Null check to prevent null-ptr-deref bug
    - debugobjects: Recheck debug_objects_enabled before reporting
    - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
    - fs: Protect reconfiguration of sb read-write from racing writes
    - ext2: Drop fragment support
    - btrfs: remove BUG_ON()'s in add_new_free_space()
    - io_uring: annotate offset timeout races
    - mtd: rawnand: omap_elm: Fix incorrect type in assignment
    - mtd: rawnand: rockchip: fix oobfree offset and description
    - mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts
    - mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op()
    - powerpc/mm/altmap: Fix altmap boundary check
    - drm/imx/ipuv3: Fix front porch adjustment upon hactive aligning
    - drm/amd/display: Ensure that planes are in the same order
    - drm/amd/display: skip CLEAR_PAYLOAD_ID_TABLE if device mst_en is 0
    - selftests/rseq: Play nice with binaries statically linked against glibc
      2.35+
    - arm64/ptrace: Don't enable SVE when setting streaming SVE
    - drm/amdgpu: Use apt name for FW reserved region
    - Revert "drm/i915: Disable DC states for all commits"
    - net/mlx5: Honor user input for migratable port fn attr
    - net/mlx5e: xsk: Fix crash on regular rq reactivation
    - net: stmmac: tegra: Properly allocate clock bulk data
    - net: gro: fix misuse of CB in udp socket lookup
    - net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs
    - bnxt: don't handle XDP in netpoll
    - selftest: net: Assert on a proper value in so_incoming_cpu.c.
    - mtd: spinand: winbond: Fix ecc_get_status
    - smb: client: fix dfs link mount against w2k8
    - ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node
    - Upstream stable to v6.1.45, v6.4.10

* CVE-2023-37453
    - USB: core: Unite old scheme and new scheme descriptor reads
    - USB: core: Change usb_get_device_descriptor() API
    - USB: core: Fix race by not overwriting udev->descriptor in hub_port_init()

* Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

-- Stefan Bader <stefan.bader@canonical.com>  Tue, 14 Nov 2023 11:06:02 +0100

Changed in linux (Ubuntu Lunar):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package