Ubuntu
linux package

Lunar update: upstream stable patchset 2023-10-11

Bug #2039110 reported by Kamal Mostafa on 2023-10-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Invalid	Undecided	Unassigned
	Lunar	Fix Released	Medium	Kamal Mostafa

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

upstream stable patchset 2023-10-11

Ported from the following upstream stable releases:
v6.1.47, v6.4.12

from git://git.kernel.org/

selftests: forwarding: tc_actions: cleanup temporary files when test is aborted
net/smc: replace mutex rmbs_lock and sndbufs_lock with rw_semaphore
net: phy: at803x: Use devm_regulator_get_enable_optional()
net: phy: at803x: fix the wol setting functions
drm/amdgpu: fix calltrace warning in amddrm_buddy_fini
drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1
drm/amdgpu: fix memory leak in mes self test
ASoC: Intel: sof_sdw: add quirk for MTL RVP
ASoC: Intel: sof_sdw: add quirk for LNL RVP
PCI: tegra194: Fix possible array out of bounds access
ASoC: SOF: amd: Add pci revision id check
drm/stm: ltdc: fix late dereference check
drm: rcar-du: remove R-Car H3 ES1.* workarounds
ASoC: amd: vangogh: Add check for acp config flags in vangogh platform
ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings
ASoC: Intel: sof_sdw_rt_sdca_jack_common: test SOF_JACK_JDSRC in _exit
ASoC: Intel: sof_sdw: Add support for Rex soundwire
iopoll: Call cpu_relax() in busy loops
ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion
dma-remap: use kvmalloc_array/kvfree for larger dma memory remap
accel/habanalabs: add pci health check during heartbeat
HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard
iommu/amd: Introduce Disable IRTE Caching Support
drm/amdgpu: install stub fence into potential unused fence pointers
drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz
RDMA/mlx5: Return the firmware result upon destroying QP/RQ
drm/amd/display: Skip DPP DTO update if root clock is gated
drm/amd/display: Enable dcn314 DPP RCO
ASoC: SOF: core: Free the firmware trace before calling snd_sof_shutdown()
HID: intel-ish-hid: ipc: Add Arrow Lake PCI device ID
ALSA: hda/realtek: Add quirks for ROG ALLY CS35l41 audio
smb: client: fix warning in cifs_smb3_do_mount()
cifs: fix session state check in reconnect to avoid use-after-free issue
serial: stm32: Ignore return value of uart_remove_one_port() in .remove()
led: qcom-lpg: Fix resource leaks in for_each_available_child_of_node() loops
media: v4l2-mem2mem: add lock to protect parameter num_rdy
media: camss: set VFE bpl_alignment to 16 for sdm845 and sm8250
usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push
usb: gadget: uvc: queue empty isoc requests if no video buffer is available
media: platform: mediatek: vpu: fix NULL ptr dereference
thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx()
usb: chipidea: imx: don't request QoS for imx8ulp
usb: chipidea: imx: add missing USB PHY DPDM wakeup setting
gfs2: Fix possible data races in gfs2_show_options()
pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db()
thunderbolt: Add Intel Barlow Ridge PCI ID
thunderbolt: Limit Intel Barlow Ridge USB3 bandwidth
firewire: net: fix use after free in fwnet_finish_incoming_packet()
watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub)
Bluetooth: L2CAP: Fix use-after-free
Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally
ceph: try to dump the msgs when decoding fails
drm/amdgpu: Fix potential fence use-after-free v2
fs/ntfs3: Enhance sanity check while generating attr_list
fs: ntfs3: Fix possible null-pointer dereferences in mi_read()
fs/ntfs3: Mark ntfs dirty when on-disk struct is corrupted
ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760
ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync()
ALSA: hda/realtek: Add quirk for ASUS ROG GX650P
ALSA: hda/realtek: Add quirk for ASUS ROG GA402X
ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V
powerpc/kasan: Disable KCOV in KASAN code
Bluetooth: MGMT: Use correct address for memcpy()
ring-buffer: Do not swap cpu_buffer during resize process
igc: read before write to SRRCTL register
drm/amd/display: save restore hdcp state when display is unplugged from mst hub
drm/amd/display: phase3 mst hdcp for multiple displays
drm/amd/display: fix access hdcp_workqueue assert
fbdev/hyperv-fb: Do not set struct fb_info.apertures
btrfs: move out now unused BG from the reclaim list
btrfs: fix use-after-free of new block group that became unused
virtio-mmio: don't break lifecycle of vm_dev
vduse: Use proper spinlock for IRQ injection
vdpa/mlx5: Fix mr->initialized semantics
vdpa/mlx5: Delete control vq iotlb in destroy_mr only when necessary
cifs: fix potential oops in cifs_oplock_break
i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue
i2c: hisi: Only handle the interrupt of the driver's transfer
i2c: tegra: Fix i2c-tegra DMA config option processing
fbdev: mmp: fix value check in mmphw_probe()
powerpc/rtas_flash: allow user copy to flash block cache objects
vdpa: Add features attr to vdpa_nl_policy for nlattr length check
vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check
vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check
vdpa: Enable strict validation for netlinks ops
tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux
tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms
btrfs: fix incorrect splitting in btrfs_drop_extent_map_range
btrfs: fix BUG_ON condition in btrfs_cancel_balance
i2c: designware: Correct length byte validation logic
i2c: designware: Handle invalid SMBus block data response length value
net: xfrm: Fix xfrm_address_filter OOB read
net: af_key: fix sadb_x_filter validation
net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure
xfrm: fix slab-use-after-free in decode_session6
ip6_vti: fix slab-use-after-free in decode_session6
ip_vti: fix potential slab-use-after-free in decode_session6
xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH
virtio_net: notify MAC address change on device initialization
virtio-net: set queues after driver_ok
net: pcs: Add missing put_device call in miic_create
net: phy: fix IRQ-based wake-on-lan over hibernate / power off
selftests: mirror_gre_changes: Tighten up the TTL test match
drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs
net: macb: In ZynqMP resume always configure PS GTR for non-wakeup source
octeon_ep: cancel tx_timeout_task later in remove sequence
netfilter: nf_tables: fix false-positive lockdep splat
ipvs: fix racy memcpy in proc_do_sync_threshold
net: phy: broadcom: stub c45 read/write for 54810
team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
net: openvswitch: reject negative ifindex
iavf: fix FDIR rule fields masks validation
i40e: fix misleading debug logs
net: dsa: mv88e6xxx: Wait for EEPROM done before HW reset
sfc: don't unregister flow_indr if it was never registered
sock: Fix misuse of sk_under_memory_pressure()
net: do not allow gso_size to be set to GSO_BY_FRAGS
qede: fix firmware halt over suspend and resume
ice: Block switchdev mode when ADQ is active and vice versa
bus: ti-sysc: Flush posted write on enable before reset
arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict
arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4
arm64: dts: rockchip: Disable HS400 for eMMC on ROCK 4C+
ARM: dts: imx: align LED node names with dtschema
ARM: dts: imx6: phytec: fix RTC interrupt level
arm64: dts: imx8mm: Drop CSI1 PHY reference clock configuration
ARM: dts: imx: Set default tuning step for imx6sx usdhc
arm64: dts: imx93: Fix anatop node size
ASoC: rt5665: add missed regulator_bulk_disable
ASoC: meson: axg-tdm-formatter: fix channel slot allocation
ALSA: hda/realtek: Add quirks for HP G11 Laptops
soc: aspeed: uart-routing: Use __sysfs_match_string
soc: aspeed: socinfo: Add kfree for kstrdup
ALSA: hda/realtek - Remodified 3k pull low procedure
riscv: uaccess: Return the number of bytes effectively not copied
serial: 8250: Fix oops for port->pm on uart_change_pm()
ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces.
cifs: Release folio lock on fscache read hit.
virtio-net: Zero max_tx_vq field for VIRTIO_NET_CTRL_MQ_HASH_CONFIG case
arm64: dts: rockchip: Fix Wifi/Bluetooth on ROCK Pi 4 boards
blk-crypto: dynamically allocate fallback profile
mmc: wbsd: fix double mmc_free_host() in wbsd_init()
mmc: block: Fix in_flight[issue_type] value error
drm/qxl: fix UAF on handle creation
drm/i915/sdvo: fix panel_type initialization
drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7
ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG
drm/amd/display: disable RCO for DCN314
zsmalloc: allow only one active pool compaction context
sched/fair: unlink misfit task from cpu overutilized
sched/fair: Remove capacity inversion detection
drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register
netfilter: set default timeout to 3 secs for sctp shutdown send and recv state
arm64/ptrace: Ensure that SME is set up for target when writing SSVE state
drm/amdgpu: keep irq count in amdgpu_irq_disable_all
drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create
net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled
mmc: f-sdh30: fix order of function calls in sdhci_f_sdh30_remove
rust: macros: vtable: fix `HAS_*` redefinition (`gen_const_name`)
media: mtk-jpeg: Set platform driver data earlier
xfrm: delete offloaded policy
xfrm: don't skip free of empty state in acquire policy
ARM: dts: imx: Set default tuning step for imx7d usdhc
smb: client: fix null auth
mmc: sunplus: fix return value check of mmc_add_host()
UBUNTU: Upstream stable to v6.1.47, v6.4.12

See original description

Tags:

CVE References

Kamal Mostafa (kamalmostafa) on 2023-10-11

Changed in linux (Ubuntu):
status:	New → Confirmed
tags:	added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status:	Confirmed → Invalid
Changed in linux (Ubuntu Lunar):
status:	New → Invalid
status:	Invalid → In Progress
importance:	Undecided → Medium
assignee:	nobody → Kamal Mostafa (kamalmostafa)
description:	updated

Stefan Bader (smb) on 2023-10-16

Changed in linux (Ubuntu Lunar):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-12-04:

Download full text (39.0 KiB)

This bug was fixed in the package linux - 6.2.0-39.40

---------------
linux (6.2.0-39.40) lunar; urgency=medium

* lunar/linux: 6.2.0-39.40 -proposed tracker (LP: #2043451)

  * USB bus error after upgrading to proposed kernel on lunar and jammy
    (LP: #2043197)
    - USB: core: Fix oversight in SuperSpeed initialization

* Include cifs.ko in linux-modules package (LP: #2042546)
- [Packaging] Replace fs/cifs with fs/smb/client in inclusion list

linux (6.2.0-38.39) lunar; urgency=medium

* lunar/linux: 6.2.0-38.39 -proposed tracker (LP: #2041557)

* CVE-2023-25775
- RDMA/irdma: Prevent zero-length STAG registration

* CVE-2023-5345
- fs/smb/client: Reset password pointer to NULL

* CVE-2023-39189
- netfilter: nfnetlink_osf: avoid OOB read

  * SMC stats: Wrong bucket calculation for payload of exactly 4096 bytes
    (LP: #2039575)
    - net/smc: Fix pos miscalculation in statistics

  * [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
    (LP: #2033406)
    - [Packaging] Make WWAN driver loadable modules

* CVE-2023-45871
- igb: set max size RX buffer when store bad packet is enabled

* CVE-2023-39193
- netfilter: xt_sctp: validate the flag_info count

* CVE-2023-39192
- netfilter: xt_u32: validate user space input

* CVE-2023-31085
- ubi: Refuse attaching if mtd's erasesize is 0

* CVE-2023-5717
- perf: Disallow mis-matched inherited group reads

* CVE-2023-5178
- nvmet-tcp: Fix a possible UAF in queue intialization setup

* CVE-2023-5158
- vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()

* CVE-2023-5090
- x86: KVM: SVM: always update the x2avic msr interception

* usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439)
- [Packaging] Make linux-tools-common depend on hwdata

  * Unable to use nvme drive to install Ubuntu 23.10 (LP: #2040157)
    - misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to
      probe

This bug was fixed in the package linux - 6.2.0-39.40

---------------
linux (6.2.0-39.40) lunar; urgency=medium

* lunar/linux: 6.2.0-39.40 -proposed tracker (LP: #2043451)

* USB bus error after upgrading to proposed kernel on lunar and jammy
    (LP: #2043197)
    - USB: core: Fix oversight in SuperSpeed initialization

* Include cifs.ko in linux-modules package (LP: #2042546)
    - [Packaging] Replace fs/cifs with fs/smb/client in inclusion list

linux (6.2.0-38.39) lunar; urgency=medium

* lunar/linux: 6.2.0-38.39 -proposed tracker (LP: #2041557)

* CVE-2023-25775
    - RDMA/irdma: Prevent zero-length STAG registration

* CVE-2023-5345
    - fs/smb/client: Reset password pointer to NULL

* CVE-2023-39189
    - netfilter: nfnetlink_osf: avoid OOB read

* SMC stats: Wrong bucket calculation for payload of exactly 4096 bytes
    (LP: #2039575)
    - net/smc: Fix pos miscalculation in statistics

* [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
    (LP: #2033406)
    - [Packaging] Make WWAN driver loadable modules

* CVE-2023-45871
    - igb: set max size RX buffer when store bad packet is enabled

* CVE-2023-39193
    - netfilter: xt_sctp: validate the flag_info count

* CVE-2023-39192
    - netfilter: xt_u32: validate user space input

* CVE-2023-31085
    - ubi: Refuse attaching if mtd's erasesize is 0

* CVE-2023-5717
    - perf: Disallow mis-matched inherited group reads

* CVE-2023-5178
    - nvmet-tcp: Fix a possible UAF in queue intialization setup

* CVE-2023-5158
    - vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()

* CVE-2023-5090
    - x86: KVM: SVM: always update the x2avic msr interception

* usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439)
    - [Packaging] Make linux-tools-common depend on hwdata

* Unable to use nvme drive to install Ubuntu 23.10 (LP: #2040157)
    - misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to
      probe

* Lunar update: upstream stable patchset 2023-10-19 (LP: #2039884)
    - ACPI: thermal: Drop nocrt parameter
    - module: Expose module_init_layout_section()
    - arm64: module-plts: inline linux/moduleloader.h
    - arm64: module: Use module_init_layout_section() to spot init sections
    - ARM: module: Use module_init_layout_section() to spot init sections
    - lockdep: fix static memory detection even more
    - parisc: Cleanup mmap implementation regarding color alignment
    - parisc: sys_parisc: parisc_personality() is called from asm code
    - io_uring/parisc: Adjust pgoff in io_uring mmap() for parisc
    - kallsyms: Fix kallsyms_selftest failure
    - module/decompress: use vmalloc() for zstd decompression workspace
    - Upstream stable to v6.1.51, v6.4.14
    - erofs: ensure that the post-EOF tails are all zeroed
    - ksmbd: fix wrong DataOffset validation of create context
    - ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
    - ksmbd: replace one-element array with flex-array member in struct
      smb2_ea_info
    - ksmbd: reduce descriptor size if remaining bytes is less than request size
    - ARM: pxa: remove use of symbol_get()
    - mmc: au1xmmc: force non-modular build and remove symbol_get usage
    - net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index
    - rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff
    - modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
    - USB: serial: option: add Quectel EM05G variant (0x030e)
    - USB: serial: option: add FOXCONN T99W368/T99W373 product
    - ALSA: usb-audio: Fix init call orders for UAC1
    - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption
    - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0
    - HID: wacom: remove the battery when the EKR is off
    - staging: rtl8712: fix race condition
    - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race
      condition
    - wifi: mt76: mt7921: do not support one stream on secondary antenna only
    - wifi: mt76: mt7921: fix skb leak by txs missing in AMSDU
    - serial: qcom-geni: fix opp vote on shutdown
    - serial: sc16is7xx: fix broken port 0 uart init
    - serial: sc16is7xx: fix bug when first setting GPIO direction
    - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
    - fsi: master-ast-cf: Add MODULE_FIRMWARE macro
    - tcpm: Avoid soft reset when partner does not support get_status
    - dt-bindings: sc16is7xx: Add property to change GPIO function
    - nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
    - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
    - usb: typec: tcpci: clear the fault status bit
    - pinctrl: amd: Don't show `Invalid config param` errors
    - wifi: rtw88: usb: kill and free rx urbs on probe failure
    - Upstream stable to v6.1.52, v6.4.15

* Lunar update: upstream stable patchset 2023-10-18 (LP: #2039742)
    - NFSv4.2: fix error handling in nfs42_proc_getxattr
    - NFSv4: fix out path in __nfs4_get_acl_uncached
    - xprtrdma: Remap Receive buffers after a reconnect
    - drm/ast: Use drm_aperture_remove_conflicting_pci_framebuffers
    - fbdev/radeon: use pci aperture helpers
    - PCI: acpiphp: Reassign resources on bridge if necessary
    - MIPS: cpu-features: Enable octeon_cache by cpu_type
    - MIPS: cpu-features: Use boot_cpu_type for CPU type based features
    - jbd2: remove t_checkpoint_io_list
    - jbd2: remove journal_clean_one_cp_list()
    - jbd2: fix a race when checking checkpoint buffer busy
    - can: raw: fix receiver memory leak
    - can: raw: fix lockdep issue in raw_release()
    - s390/zcrypt: remove unnecessary (void *) conversions
    - s390/zcrypt: fix reply buffer calculations for CCA replies
    - drm/i915: Add the gen12_needs_ccs_aux_inv helper
    - drm/i915/gt: Ensure memory quiesced before invalidation
    - drm/i915/gt: Poll aux invalidation register bit on invalidation
    - drm/i915/gt: Support aux invalidation on all engines
    - tracing: Fix cpu buffers unavailable due to 'record_disabled' missed
    - tracing: Fix memleak due to race between current_tracer and trace
    - octeontx2-af: SDP: fix receive link config
    - devlink: move code to a dedicated directory
    - devlink: add missing unregister linecard notification
    - net: dsa: felix: fix oversize frame dropping for always closed tc-taprio
      gates
    - sock: annotate data-races around prot->memory_pressure
    - dccp: annotate data-races in dccp_poll()
    - ipvlan: Fix a reference count leak warning in ipvlan_ns_exit()
    - mlxsw: pci: Set time stamp fields also when its type is MIRROR_UTC
    - mlxsw: reg: Fix SSPR register layout
    - mlxsw: Fix the size of 'VIRT_ROUTER_MSB'
    - selftests: mlxsw: Fix test failure on Spectrum-4
    - net: dsa: mt7530: fix handling of 802.1X PAE frames
    - net: bgmac: Fix return value check for fixed_phy_register()
    - net: bcmgenet: Fix return value check for fixed_phy_register()
    - net: validate veth and vxcan peer ifindexes
    - ipv4: fix data-races around inet->inet_id
    - ice: fix receive buffer size miscalculation
    - Revert "ice: Fix ice VF reset during iavf initialization"
    - ice: Fix NULL pointer deref during VF reset
    - selftests: bonding: do not set port down before adding to bond
    - can: isotp: fix support for transmission of SF without flow control
    - igb: Avoid starting unnecessary workqueues
    - igc: Fix the typo in the PTM Control macro
    - net/sched: fix a qdisc modification with ambiguous command request
    - i40e: fix potential NULL pointer dereferencing of pf->vf
      i40e_sync_vsi_filters()
    - netfilter: nf_tables: flush pending destroy work before netlink notifier
    - netfilter: nf_tables: fix out of memory error handling
    - rtnetlink: Reject negative ifindexes in RTM_NEWLINK
    - bonding: fix macvlan over alb bond support
    - KVM: x86/mmu: Fix an sign-extension bug with mmu_seq that hangs vCPUs
    - ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x
    - ASoC: cs35l41: Correct amp_gain_tlv values
    - ibmveth: Use dcbf rather than dcbfl
    - wifi: mac80211: limit reorder_buf_filtered to avoid UBSAN warning
    - platform/x86: ideapad-laptop: Add support for new hotkeys found on ThinkBook
      14s Yoga ITL
    - NFSv4: Fix dropped lock for racing OPEN and delegation return
    - clk: Fix slab-out-of-bounds error in devm_clk_release()
    - mm,ima,kexec,of: use memblock_free_late from ima_free_kexec_buffer
    - shmem: fix smaps BUG sleeping while atomic
    - ALSA: ymfpci: Fix the missing snd_card_free() call at probe error
    - mm/gup: handle cont-PTE hugetlb pages correctly in gup_must_unshare() via
      GUP-fast
    - mm: add a call to flush_cache_vmap() in vmap_pfn()
    - mm: memory-failure: fix unexpected return value in soft_offline_page()
    - NFS: Fix a use after free in nfs_direct_join_group()
    - nfsd: Fix race to FREE_STATEID and cl_revoked
    - selinux: set next pointer before attaching to list
    - batman-adv: Trigger events for auto adjusted MTU
    - batman-adv: Don't increase MTU when set by user
    - batman-adv: Do not get eth header before batadv_check_management_packet
    - batman-adv: Fix TT global entry leak when client roamed back
    - batman-adv: Fix batadv_v_ogm_aggr_send memory leak
    - batman-adv: Hold rtnl lock during MTU update via netlink
    - lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels
    - riscv: Handle zicsr/zifencei issue between gcc and binutils
    - riscv: Fix build errors using binutils2.37 toolchains
    - radix tree: remove unused variable
    - of: unittest: Fix EXPECT for parse_phandle_with_args_map() test
    - of: dynamic: Refactor action prints to not use "%pOF" inside devtree_lock
    - pinctrl: amd: Mask wake bits on probe again
    - media: vcodec: Fix potential array out-of-bounds in encoder queue_setup
    - PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root
      bus
    - drm/vmwgfx: Fix shader stage validation
    - drm/display/dp: Fix the DP DSC Receiver cap size
    - x86/fpu: Invalidate FPU state correctly on exec()
    - hwmon: (aquacomputer_d5next) Add selective 200ms delay after sending ctrl
      report
    - nfs: use vfs setgid helper
    - nfsd: use vfs setgid helper
    - cgroup/cpuset: Rename functions dealing with DEADLINE accounting
    - sched/cpuset: Bring back cpuset_mutex
    - sched/cpuset: Keep track of SCHED_DEADLINE task in cpusets
    - cgroup/cpuset: Iterate only if DEADLINE tasks are present
    - sched/deadline: Create DL BW alloc, free & check overflow interface
    - cgroup/cpuset: Free DL BW in case can_attach() fails
    - ublk: remove check IO_URING_F_SQE128 in ublk_ch_uring_cmd
    - can: raw: add missing refcount for memory leak fix
    - madvise:madvise_free_pte_range(): don't use mapcount() against large folio
      for sharing check
    - scsi: snic: Fix double free in snic_tgt_create()
    - scsi: core: raid_class: Remove raid_component_add()
    - clk: Fix undefined reference to `clk_rate_exclusive_{get,put}'
    - pinctrl: renesas: rzg2l: Fix NULL pointer dereference in
      rzg2l_dt_subnode_to_map()
    - pinctrl: renesas: rzv2m: Fix NULL pointer dereference in
      rzv2m_dt_subnode_to_map()
    - pinctrl: renesas: rza2: Add lock around
      pinctrl_generic{{add,remove}_group,{add,remove}_function}
    - dma-buf/sw_sync: Avoid recursive lock during fence signal
    - gpio: sim: dispose of irq mappings before destroying the irq_sim domain
    - gpio: sim: pass the GPIO device's software node to irq domain
    - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ
    - maple_tree: disable mas_wr_append() when other readers are possible
    - ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG
    - tg3: Use slab_build_skb() when needed
    - Upstream stable to v6.1.50, v6.4.13

* CVE-2023-42754
    - ipv4: fix null-deref in ipv4_link_failure

* Remove duplication of devm_pwmchip_add function definition (LP: #2039542)
    - Revert "pwm: Add a stub for devm_pwmchip_add()"

* Lunar update: upstream stable patchset 2023-10-11 (LP: #2039110)
    - selftests: forwarding: tc_actions: cleanup temporary files when test is
      aborted
    - net/smc: replace mutex rmbs_lock and sndbufs_lock with rw_semaphore
    - net: phy: at803x: Use devm_regulator_get_enable_optional()
    - net: phy: at803x: fix the wol setting functions
    - drm/amdgpu: fix calltrace warning in amddrm_buddy_fini
    - drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1
    - drm/amdgpu: fix memory leak in mes self test
    - ASoC: Intel: sof_sdw: add quirk for MTL RVP
    - ASoC: Intel: sof_sdw: add quirk for LNL RVP
    - PCI: tegra194: Fix possible array out of bounds access
    - ASoC: SOF: amd: Add pci revision id check
    - drm/stm: ltdc: fix late dereference check
    - drm: rcar-du: remove R-Car H3 ES1.* workarounds
    - ASoC: amd: vangogh: Add check for acp config flags in vangogh platform
    - ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings
    - ASoC: Intel: sof_sdw_rt_sdca_jack_common: test SOF_JACK_JDSRC in _exit
    - ASoC: Intel: sof_sdw: Add support for Rex soundwire
    - iopoll: Call cpu_relax() in busy loops
    - ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion
    - dma-remap: use kvmalloc_array/kvfree for larger dma memory remap
    - accel/habanalabs: add pci health check during heartbeat
    - HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL
      Keyboard
    - iommu/amd: Introduce Disable IRTE Caching Support
    - drm/amdgpu: install stub fence into potential unused fence pointers
    - drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz
    - RDMA/mlx5: Return the firmware result upon destroying QP/RQ
    - drm/amd/display: Skip DPP DTO update if root clock is gated
    - drm/amd/display: Enable dcn314 DPP RCO
    - ASoC: SOF: core: Free the firmware trace before calling snd_sof_shutdown()
    - HID: intel-ish-hid: ipc: Add Arrow Lake PCI device ID
    - ALSA: hda/realtek: Add quirks for ROG ALLY CS35l41 audio
    - smb: client: fix warning in cifs_smb3_do_mount()
    - cifs: fix session state check in reconnect to avoid use-after-free issue
    - serial: stm32: Ignore return value of uart_remove_one_port() in .remove()
    - led: qcom-lpg: Fix resource leaks in for_each_available_child_of_node()
      loops
    - media: v4l2-mem2mem: add lock to protect parameter num_rdy
    - media: camss: set VFE bpl_alignment to 16 for sdm845 and sm8250
    - usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push
    - usb: gadget: uvc: queue empty isoc requests if no video buffer is available
    - media: platform: mediatek: vpu: fix NULL ptr dereference
    - thunderbolt: Read retimer NVM authentication status prior
      tb_retimer_set_inbound_sbtx()
    - usb: chipidea: imx: don't request QoS for imx8ulp
    - usb: chipidea: imx: add missing USB PHY DPDM wakeup setting
    - gfs2: Fix possible data races in gfs2_show_options()
    - pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db()
    - thunderbolt: Add Intel Barlow Ridge PCI ID
    - thunderbolt: Limit Intel Barlow Ridge USB3 bandwidth
    - firewire: net: fix use after free in fwnet_finish_incoming_packet()
    - watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub)
    - Bluetooth: L2CAP: Fix use-after-free
    - Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally
    - ceph: try to dump the msgs when decoding fails
    - drm/amdgpu: Fix potential fence use-after-free v2
    - fs/ntfs3: Enhance sanity check while generating attr_list
    - fs: ntfs3: Fix possible null-pointer dereferences in mi_read()
    - fs/ntfs3: Mark ntfs dirty when on-disk struct is corrupted
    - ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760
    - ALSA: hda: fix a possible null-pointer dereference due to data race in
      snd_hdac_regmap_sync()
    - ALSA: hda/realtek: Add quirk for ASUS ROG GX650P
    - ALSA: hda/realtek: Add quirk for ASUS ROG GA402X
    - ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V
    - powerpc/kasan: Disable KCOV in KASAN code
    - Bluetooth: MGMT: Use correct address for memcpy()
    - ring-buffer: Do not swap cpu_buffer during resize process
    - igc: read before write to SRRCTL register
    - drm/amd/display: save restore hdcp state when display is unplugged from mst
      hub
    - drm/amd/display: phase3 mst hdcp for multiple displays
    - drm/amd/display: fix access hdcp_workqueue assert
    - fbdev/hyperv-fb: Do not set struct fb_info.apertures
    - btrfs: move out now unused BG from the reclaim list
    - btrfs: fix use-after-free of new block group that became unused
    - virtio-mmio: don't break lifecycle of vm_dev
    - vduse: Use proper spinlock for IRQ injection
    - vdpa/mlx5: Fix mr->initialized semantics
    - vdpa/mlx5: Delete control vq iotlb in destroy_mr only when necessary
    - cifs: fix potential oops in cifs_oplock_break
    - i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue
    - i2c: hisi: Only handle the interrupt of the driver's transfer
    - i2c: tegra: Fix i2c-tegra DMA config option processing
    - fbdev: mmp: fix value check in mmphw_probe()
    - powerpc/rtas_flash: allow user copy to flash block cache objects
    - vdpa: Add features attr to vdpa_nl_policy for nlattr length check
    - vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check
    - vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check
    - vdpa: Enable strict validation for netlinks ops
    - tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux
    - tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32
      platforms
    - btrfs: fix incorrect splitting in btrfs_drop_extent_map_range
    - btrfs: fix BUG_ON condition in btrfs_cancel_balance
    - i2c: designware: Correct length byte validation logic
    - i2c: designware: Handle invalid SMBus block data response length value
    - net: xfrm: Fix xfrm_address_filter OOB read
    - net: af_key: fix sadb_x_filter validation
    - net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure
    - xfrm: fix slab-use-after-free in decode_session6
    - ip6_vti: fix slab-use-after-free in decode_session6
    - ip_vti: fix potential slab-use-after-free in decode_session6
    - xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH
    - virtio_net: notify MAC address change on device initialization
    - virtio-net: set queues after driver_ok
    - net: pcs: Add missing put_device call in miic_create
    - net: phy: fix IRQ-based wake-on-lan over hibernate / power off
    - selftests: mirror_gre_changes: Tighten up the TTL test match
    - drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs
    - net: macb: In ZynqMP resume always configure PS GTR for non-wakeup source
    - octeon_ep: cancel tx_timeout_task later in remove sequence
    - netfilter: nf_tables: fix false-positive lockdep splat
    - ipvs: fix racy memcpy in proc_do_sync_threshold
    - net: phy: broadcom: stub c45 read/write for 54810
    - team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
    - net: openvswitch: reject negative ifindex
    - iavf: fix FDIR rule fields masks validation
    - i40e: fix misleading debug logs
    - net: dsa: mv88e6xxx: Wait for EEPROM done before HW reset
    - sfc: don't unregister flow_indr if it was never registered
    - sock: Fix misuse of sk_under_memory_pressure()
    - net: do not allow gso_size to be set to GSO_BY_FRAGS
    - qede: fix firmware halt over suspend and resume
    - ice: Block switchdev mode when ADQ is active and vice versa
    - bus: ti-sysc: Flush posted write on enable before reset
    - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict
    - arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4
    - arm64: dts: rockchip: Disable HS400 for eMMC on ROCK 4C+
    - ARM: dts: imx: align LED node names with dtschema
    - ARM: dts: imx6: phytec: fix RTC interrupt level
    - arm64: dts: imx8mm: Drop CSI1 PHY reference clock configuration
    - ARM: dts: imx: Set default tuning step for imx6sx usdhc
    - arm64: dts: imx93: Fix anatop node size
    - ASoC: rt5665: add missed regulator_bulk_disable
    - ASoC: meson: axg-tdm-formatter: fix channel slot allocation
    - ALSA: hda/realtek: Add quirks for HP G11 Laptops
    - soc: aspeed: uart-routing: Use __sysfs_match_string
    - soc: aspeed: socinfo: Add kfree for kstrdup
    - ALSA: hda/realtek - Remodified 3k pull low procedure
    - riscv: uaccess: Return the number of bytes effectively not copied
    - serial: 8250: Fix oops for port->pm on uart_change_pm()
    - ALSA: usb-audio: Add support for Mythware XA001AU capture and playback
      interfaces.
    - cifs: Release folio lock on fscache read hit.
    - virtio-net: Zero max_tx_vq field for VIRTIO_NET_CTRL_MQ_HASH_CONFIG case
    - arm64: dts: rockchip: Fix Wifi/Bluetooth on ROCK Pi 4 boards
    - blk-crypto: dynamically allocate fallback profile
    - mmc: wbsd: fix double mmc_free_host() in wbsd_init()
    - mmc: block: Fix in_flight[issue_type] value error
    - drm/qxl: fix UAF on handle creation
    - drm/i915/sdvo: fix panel_type initialization
    - drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7
    - ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG
    - drm/amd/display: disable RCO for DCN314
    - zsmalloc: allow only one active pool compaction context
    - sched/fair: unlink misfit task from cpu overutilized
    - sched/fair: Remove capacity inversion detection
    - drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV
      register
    - netfilter: set default timeout to 3 secs for sctp shutdown send and recv
      state
    - arm64/ptrace: Ensure that SME is set up for target when writing SSVE state
    - drm/amdgpu: keep irq count in amdgpu_irq_disable_all
    - drm/nouveau/disp: fix use-after-free in error handling of
      nouveau_connector_create
    - net: fix the RTO timer retransmitting skb every 1ms if linear option is
      enabled
    - mmc: f-sdh30: fix order of function calls in sdhci_f_sdh30_remove
    - rust: macros: vtable: fix `HAS_*` redefinition (`gen_const_name`)
    - media: mtk-jpeg: Set platform driver data earlier
    - xfrm: delete offloaded policy
    - xfrm: don't skip free of empty state in acquire policy
    - ARM: dts: imx: Set default tuning step for imx7d usdhc
    - smb: client: fix null auth
    - mmc: sunplus: fix return value check of mmc_add_host()
    - Upstream stable to v6.1.47, v6.4.12

* Lunar update: upstream stable patchset 2023-10-10 (LP: #2038969)
    - tpm: Disable RNG for all AMD fTPMs
    - tpm: Add a helper for checking hwrng enabled
    - ksmbd: validate command request size
    - ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea()
    - wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems()
    - wifi: rtw89: fix 8852AE disconnection caused by RX full flags
    - selftests: forwarding: Set default IPv6 traceroute utility
    - wireguard: allowedips: expand maximum node depth
    - mmc: moxart: read scr register without changing byte order
    - ipv6: adjust ndisc_is_useropt() to also return true for PIO
    - selftests: mptcp: join: fix 'delete and re-add' test
    - selftests: mptcp: join: fix 'implicit EP' test
    - mptcp: avoid bogus reset on fallback close
    - mptcp: fix disconnect vs accept race
    - dmaengine: pl330: Return DMA_PAUSED when transaction is paused
    - net: mana: Fix MANA VF unload when hardware is unresponsive
    - riscv/kexec: load initrd high in available memory
    - riscv,mmio: Fix readX()-to-delay() ordering
    - riscv/kexec: handle R_RISCV_CALL_PLT relocation type
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for Samsung PM9B1 256G and 512G
    - drm/nouveau/gr: enable memory loads on helper invocation on all channels
    - drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues
    - drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap()
    - drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()
    - drm/amd/display: check attr flag before set cursor degamma on DCN3+
    - drm/amd/display: limit DPIA link rate to HBR3
    - cpuidle: dt_idle_genpd: Add helper function to remove genpd topology
    - hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100
    - radix tree test suite: fix incorrect allocation size for pthreads
    - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput
    - drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings
    - drm/amd/pm: expose swctf threshold setting for legacy powerplay
    - drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock
      settings
    - drm/amd/pm: avoid unintentional shutdown due to temperature momentary
      fluctuation
    - io_uring: correct check for O_TMPFILE
    - iio: cros_ec: Fix the allocation size for cros_ec_command
    - iio: frequency: admv1013: propagate errors from regulator_get_voltage()
    - iio: adc: ad7192: Fix ac excitation feature
    - iio: adc: ina2xx: avoid NULL pointer dereference on OF device match
    - binder: fix memory leak in binder_init()
    - misc: rtsx: judge ASPM Mode to set PETXCFG Reg
    - usb-storage: alauda: Fix uninit-value in alauda_check_media()
    - usb: dwc3: Properly handle processing of pending events
    - USB: Gadget: core: Help prevent panic during UVC unconfigure
    - usb: common: usb-conn-gpio: Prevent bailing out if initial role is none
    - usb: typec: tcpm: Fix response to vsafe0V event
    - usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment
    - x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405
    - x86/mm: Fix VDSO and VVAR placement on 5-level paging machines
    - x86/sev: Do not try to parse for the CC blob on non-AMD hardware
    - x86/speculation: Add cpu_show_gds() prototype
    - drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes
    - iio: core: Prevent invalid memory access when there is no parent
    - interconnect: qcom: Add support for mask-based BCMs
    - interconnect: qcom: sm8450: add enable_mask for bcm nodes
    - selftests/rseq: Fix build with undefined __weak
    - selftests: forwarding: Add a helper to skip test when using veth pairs
    - selftests: forwarding: ethtool: Skip when using veth pairs
    - selftests: forwarding: ethtool_extended_state: Skip when using veth pairs
    - selftests: forwarding: hw_stats_l3_gre: Skip when using veth pairs
    - selftests: forwarding: Skip test when no interfaces are specified
    - selftests: forwarding: Switch off timeout
    - selftests: forwarding: tc_flower: Relax success criterion
    - net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail()
    - bpf, sockmap: Fix map type error in sock_map_del_link
    - bpf, sockmap: Fix bug that strp_done cannot be called
    - mISDN: Update parameter type of dsp_cmx_send()
    - macsec: use DEV_STATS_INC()
    - mptcp: fix the incorrect judgment for msk->cb_flags
    - net/packet: annotate data-races around tp->status
    - tcp: add missing family to tcp_set_ca_state() tracepoint
    - tunnels: fix kasan splat when generating ipv4 pmtu error
    - xsk: fix refcount underflow in error path
    - bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
    - dccp: fix data-race around dp->dccps_mss_cache
    - drivers: net: prevent tun_build_skb() to exceed the packet size limit
    - drivers: vxlan: vnifilter: free percpu vni stats on error path
    - iavf: fix potential races for FDIR filters
    - IB/hfi1: Fix possible panic during hotplug remove
    - drm/rockchip: Don't spam logs in atomic check
    - wifi: cfg80211: fix sband iftype data lookup for AP_VLAN
    - RDMA/umem: Set iova in ODP flow
    - net: tls: avoid discarding data on record close
    - net: marvell: prestera: fix handling IPv4 routes with nhid
    - net: phy: at803x: remove set/get wol callbacks for AR8032
    - net: dsa: ocelot: call dsa_tag_8021q_unregister() under rtnl_lock() on
      driver remove
    - net: hns3: refactor hclge_mac_link_status_wait for interface reuse
    - net: hns3: add wait until mac link down
    - net: hns3: fix deadlock issue when externel_lb and reset are executed
      together
    - nexthop: Fix infinite nexthop dump when using maximum nexthop ID
    - nexthop: Make nexthop bucket dump more efficient
    - nexthop: Fix infinite nexthop bucket dump when using maximum nexthop ID
    - net: hns3: fix strscpy causing content truncation issue
    - dmaengine: mcf-edma: Fix a potential un-allocated memory access
    - dmaengine: owl-dma: Modify mismatched function name
    - net/mlx5: Allow 0 for total host VFs
    - net/mlx5: LAG, Check correct bucket when modifying LAG
    - net/mlx5: Skip clock update work when device is in error state
    - net/mlx5: Reload auxiliary devices in pci error handlers
    - ibmvnic: Enforce stronger sanity checks on login response
    - ibmvnic: Unmap DMA login rsp buffer on send login fail
    - ibmvnic: Handle DMA unmapping of login buffs in release functions
    - ibmvnic: Do partial reset on login failure
    - ibmvnic: Ensure login failure recovery is safe from other resets
    - gpio: ws16c48: Fix off-by-one error in WS16C48 resource region extent
    - gpio: sim: mark the GPIO chip as a one that can sleep
    - btrfs: wait for actual caching progress during allocation
    - btrfs: don't stop integrity writeback too early
    - btrfs: properly clear end of the unreserved range in cow_file_range
    - btrfs: exit gracefully if reloc roots don't match
    - btrfs: reject invalid reloc tree root keys with stack dump
    - btrfs: set cache_block_group_error if we find an error
    - nvme-tcp: fix potential unbalanced freeze & unfreeze
    - nvme-rdma: fix potential unbalanced freeze & unfreeze
    - netfilter: nf_tables: report use refcount overflow
    - scsi: core: Fix legacy /proc parsing buffer overflow
    - scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
    - scsi: ufs: renesas: Fix private allocation
    - scsi: 53c700: Check that command slot is not NULL
    - scsi: snic: Fix possible memory leak if device_add() fails
    - scsi: core: Fix possible memory leak if device_add() fails
    - scsi: fnic: Replace return codes in fnic_clean_pending_aborts()
    - scsi: qedi: Fix firmware halt over suspend and resume
    - scsi: qedf: Fix firmware halt over suspend and resume
    - platform/x86: serial-multi-instantiate: Auto detect IRQ resource for CSC3551
    - ACPI: scan: Create platform device for CS35L56
    - alpha: remove __init annotation from exported page_is_ram()
    - drm/amd/pm/smu7: move variables to where they are used
    - mmc: sdhci-f-sdh30: Replace with sdhci_pltfm
    - cpuidle: psci: Move enabling OSI mode after power domains creation
    - zsmalloc: fix races between modifications of fullness and isolated
    - hugetlb: do not clear hugetlb dtor until allocating vmemmap
    - mm: memory-failure: fix potential unexpected return value from
      unpoison_memory()
    - mm: memory-failure: avoid false hwpoison page mapped error info
    - x86/linkage: Fix typo of BUILD_VDSO in asm/linkage.h
    - selftests: forwarding: bridge_mdb: Check iproute2 version
    - selftests: forwarding: tc_actions: Use ncat instead of nc
    - selftests: forwarding: bridge_mdb: Make test more robust
    - drm/bridge: it6505: Check power state with it6505->powered in IRQ handler
    - drm/nouveau: remove unused tu102_gr_load() function
    - Upstream stable to v6.1.46, v6.4.11

* Lunar update: upstream stable patchset 2023-10-02 (LP: #2038236)
    - Upstream stable to v6.1.44, v6.4.9
    - net/mlx5: Free irqs only on shutdown callback
    - iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
    - iommu/arm-smmu-v3: Document MMU-700 erratum 2812531
    - iommu/arm-smmu-v3: Add explicit feature for nesting
    - iommu/arm-smmu-v3: Document nesting-related errata
    - arm64: dts: imx8mm-venice-gw7903: disable disp_blk_ctrl
    - arm64: dts: imx8mm-venice-gw7904: disable disp_blk_ctrl
    - arm64: dts: phycore-imx8mm: Label typo-fix of VPU
    - arm64: dts: phycore-imx8mm: Correction in gpio-line-names
    - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux
    - arm64: dts: freescale: Fix VPU G2 clock
    - firmware: smccc: Fix use of uninitialised results structure
    - lib/bitmap: workaround const_eval test build failure
    - firmware: arm_scmi: Fix chan_free cleanup on SMC
    - word-at-a-time: use the same return type for has_zero regardless of
      endianness
    - KVM: s390: fix sthyi error handling
    - erofs: fix wrong primary bvec selection on deduplicated extents
    - wifi: cfg80211: Fix return value in scan logic
    - net/mlx5e: fix double free in macsec_fs_tx_create_crypto_table_groups
    - net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
    - net/mlx5: fix potential memory leak in mlx5e_init_rep_rx
    - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
    - net/mlx5e: Fix crash moving to switchdev mode when ntuple offload is set
    - net/mlx5e: Move representor neigh cleanup to profile cleanup_tx
    - bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing
    - rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length
    - net: dsa: fix value check in bcm_sf2_sw_probe()
    - perf test uprobe_from_different_cu: Skip if there is no gcc
    - net: sched: cls_u32: Fix match key mis-addressing
    - mISDN: hfcpci: Fix potential deadlock on &hc->lock
    - qed: Fix scheduling in a tasklet while getting stats
    - net: annotate data-races around sk->sk_reserved_mem
    - net: annotate data-race around sk->sk_txrehash
    - net: annotate data-races around sk->sk_max_pacing_rate
    - net: add missing READ_ONCE(sk->sk_rcvlowat) annotation
    - net: add missing READ_ONCE(sk->sk_sndbuf) annotation
    - net: add missing READ_ONCE(sk->sk_rcvbuf) annotation
    - net: annotate data-races around sk->sk_mark
    - net: add missing data-race annotations around sk->sk_peek_off
    - net: add missing data-race annotation for sk_ll_usec
    - net: annotate data-races around sk->sk_priority
    - net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX.
    - ice: Fix RDMA VSI removal during queue rebuild
    - bpf, cpumap: Handle skb as well when clean up ptr_ring
    - bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire
    - net: ll_temac: fix error checking of irq_of_parse_and_map()
    - net: korina: handle clk prepare error in korina_probe()
    - net: netsec: Ignore 'phy-mode' on SynQuacer in DT mode
    - bnxt_en: Fix page pool logic for page size >= 64K
    - bnxt_en: Fix max_mtu setting for multi-buf XDP
    - net: dcb: choose correct policy to parse DCB_ATTR_BCN
    - s390/qeth: Don't call dev_close/dev_open (DOWN/UP)
    - ip6mr: Fix skb_under_panic in ip6mr_cache_report()
    - vxlan: Fix nexthop hash size
    - net/mlx5: fs_core: Make find_closest_ft more generic
    - net/mlx5: fs_core: Skip the FTs in the same FS_TYPE_PRIO_CHAINS fs_prio
    - prestera: fix fallback to previous version on same major version
    - tcp_metrics: fix addr_same() helper
    - tcp_metrics: annotate data-races around tm->tcpm_stamp
    - tcp_metrics: annotate data-races around tm->tcpm_lock
    - tcp_metrics: annotate data-races around tm->tcpm_vals[]
    - tcp_metrics: annotate data-races around tm->tcpm_net
    - tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
    - rust: allocator: Prevent mis-aligned allocation
    - scsi: zfcp: Defer fc_rport blocking until after ADISC response
    - scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices
    - libceph: fix potential hang in ceph_osdc_notify()
    - USB: zaurus: Add ID for A-300/B-500/C-700
    - ceph: defer stopping mdsc delayed_work
    - firmware: arm_scmi: Drop OF node reference in the transport channel setup
    - exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree
    - exfat: release s_lock before calling dir_emit()
    - mtd: spinand: toshiba: Fix ecc_get_status
    - mtd: rawnand: meson: fix OOB available bytes for ECC
    - bpf: Disable preemption in bpf_perf_event_output
    - arm64: dts: stratix10: fix incorrect I2C property for SCL signal
    - wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC)
    - x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction
    - rbd: prevent busy loop when requesting exclusive lock
    - bpf: Disable preemption in bpf_event_output
    - powerpc/ftrace: Create a dummy stackframe to fix stack unwind
    - arm64/fpsimd: Sync and zero pad FPSIMD state for streaming SVE
    - arm64/fpsimd: Clear SME state in the target task when setting the VL
    - arm64/fpsimd: Sync FPSIMD state with SVE for SME only systems
    - open: make RESOLVE_CACHED correctly test for O_TMPFILE
    - drm/ttm: check null pointer before accessing when swapping
    - drm/i915: Fix premature release of request's reusable memory
    - drm/i915/gt: Cleanup aux invalidation registers
    - clk: imx93: Propagate correct error in imx93_clocks_probe()
    - bpf, cpumap: Make sure kthread is running before map update returns
    - file: reinstate f_pos locking optimization for regular files
    - mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required()
    - fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_load_attr_list()
    - fs/sysv: Null check to prevent null-ptr-deref bug
    - debugobjects: Recheck debug_objects_enabled before reporting
    - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
    - fs: Protect reconfiguration of sb read-write from racing writes
    - ext2: Drop fragment support
    - btrfs: remove BUG_ON()'s in add_new_free_space()
    - io_uring: annotate offset timeout races
    - mtd: rawnand: omap_elm: Fix incorrect type in assignment
    - mtd: rawnand: rockchip: fix oobfree offset and description
    - mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts
    - mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op()
    - powerpc/mm/altmap: Fix altmap boundary check
    - drm/imx/ipuv3: Fix front porch adjustment upon hactive aligning
    - drm/amd/display: Ensure that planes are in the same order
    - drm/amd/display: skip CLEAR_PAYLOAD_ID_TABLE if device mst_en is 0
    - selftests/rseq: Play nice with binaries statically linked against glibc
      2.35+
    - arm64/ptrace: Don't enable SVE when setting streaming SVE
    - drm/amdgpu: Use apt name for FW reserved region
    - Revert "drm/i915: Disable DC states for all commits"
    - net/mlx5: Honor user input for migratable port fn attr
    - net/mlx5e: xsk: Fix crash on regular rq reactivation
    - net: stmmac: tegra: Properly allocate clock bulk data
    - net: gro: fix misuse of CB in udp socket lookup
    - net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs
    - bnxt: don't handle XDP in netpoll
    - selftest: net: Assert on a proper value in so_incoming_cpu.c.
    - mtd: spinand: winbond: Fix ecc_get_status
    - smb: client: fix dfs link mount against w2k8
    - ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node
    - Upstream stable to v6.1.45, v6.4.10

* CVE-2023-37453
    - USB: core: Unite old scheme and new scheme descriptor reads
    - USB: core: Change usb_get_device_descriptor() API
    - USB: core: Fix race by not overwriting udev->descriptor in hub_port_init()

* Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

-- Stefan Bader <stefan.bader@canonical.com>  Tue, 14 Nov 2023 11:06:02 +0100

Changed in linux (Ubuntu Lunar):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package