Mantic update: v6.5.9 upstream stable release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Mantic |
Fix Released
|
Medium
|
Manuel Diewald |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
v6.5.9 upstream stable release
from git://git.
Bluetooth: hci_event: Ignore NULL link key
Bluetooth: Reject connection with the device which has same BD_ADDR
Bluetooth: Fix a refcnt underflow problem for hci_conn
Bluetooth: vhci: Fix race when opening vhci device
Bluetooth: hci_event: Fix coding style
Bluetooth: avoid memcmp() out of bounds warning
Bluetooth: hci_conn: Fix modifying handle while aborting
ice: fix over-shifted variable
ice: Fix safe mode when DDP is missing
ice: reset first in crash dump kernels
net/smc: return the right falback reason when prefix checks fail
btrfs: fix stripe length calculation for non-zoned data chunk allocation
nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
regmap: fix NULL deref on lookup
KVM: x86: Mask LVTPC when handling a PMI
x86/fpu: Allow caller to constrain xfeatures when copying to uabi buffer
KVM: x86/pmu: Truncate counter value to allowed width on write
KVM: x86: Constrain guest-supported xfeatures only at KVM_GET_XSAVE{2}
x86: KVM: SVM: add support for Invalid IPI Vector interception
x86: KVM: SVM: refresh AVIC inhibition in svm_leave_nested()
tcp: check mptcp-level constraints for backlog coalescing
mptcp: more conservative check for zero probes
selftests: mptcp: join: no RST when rm subflow/addr
mm: slab: Do not create kmalloc caches smaller than arch_slab_
fs/ntfs3: Fix OOB read in ntfs_init_from_boot
fs/ntfs3: Fix possible null-pointer dereference in hdr_find_e()
fs/ntfs3: fix panic about slab-out-of-bounds caused by ntfs_list_ea()
fs/ntfs3: Fix shift-out-of-bounds in ntfs_fill_super
fs/ntfs3: fix deadlock in mark_as_free_ex
Revert "net: wwan: iosm: enable runtime pm support for 7560"
netfilter: nft_payload: fix wrong mac header matching
drm/i915: Retry gtt fault when out of fence registers
drm/mediatek: Correctly free sg_table in gem prime vmap
drm/nouveau/disp: fix DP capable DSM connectors
drm/edid: add 8 bpc quirk to the BenQ GW2765
ALSA: hda/realtek - Fixed ASUS platform headset Mic issue
ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV
ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx
ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind
ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors
ASoC: codecs: wcd938x: drop bogus bind error handling
ASoC: codecs: wcd938x: fix unbind tear down order
ASoC: codecs: wcd938x: fix resource leaks on bind errors
ASoC: codecs: wcd938x: fix regulator leaks on probe errors
ASoC: codecs: wcd938x: fix runtime PM imbalance on remove
qed: fix LL2 RX buffer allocation
xfrm: fix a data-race in xfrm_lookup_
xfrm6: fix inet6_dev refcount underflow problem
xfrm: fix a data-race in xfrm_gen_index()
xfrm: interface: use DEV_STATS_INC()
net: xfrm: skip policies marked as dead while reinserting policies
fprobe: Fix to ensure the number of active retprobes is not zero
wifi: cfg80211: use system_unbound_wq for wiphy work
net: ipv4: fix return value check in esp_remove_trailer
net: ipv6: fix return value check in esp_remove_trailer
net: rfkill: gpio: prevent value glitch during probe
tcp: fix excessive TLP and RACK timeouts from HZ rounding
tcp: tsq: relax tcp_small_
tcp: Fix listen() warning with v4-mapped-v6 address.
docs: fix info about representor identification
tun: prevent negative ifindex
gve: Do not fully free QPL pages on prefill errors
ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr
net: usb: smsc95xx: Fix an error code in smsc95xx_reset()
octeon_ep: update BQL sent bytes before ringing doorbell
i40e: prevent crash on probe if hw registers have invalid values
net: dsa: bcm_sf2: Fix possible memory leak in bcm_sf2_
bonding: Return pointer to data after pull on skb
net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve
neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section
selftests: openvswitch: Catch cases where the tests are killed
selftests: openvswitch: Fix the ct_tuple for v4
selftests: netfilter: Run nft_audit.sh in its own netns
netfilter: nft_set_rbtree: .deactivate fails if element has expired
netlink: Correct offload_xstats size
netfilter: nf_tables: do not refresh timeout when resetting element
netfilter: nf_tables: do not remove elements if set backend implements .abort
netfilter: nf_tables: revert do not remove elements if set backend implements .abort
selftests: openvswitch: Add version check for pyroute2
net: phy: bcm7xxx: Add missing 16nm EPHY statistics
net: pktgen: Fix interface flags printing
net: more strict VIRTIO_
net: mdio-mux: fix C45 access returning -EIO after API change
net: avoid UAF on deleted altname
net: fix ifname in netlink ntf during netns move
net: check for altname conflicts when changing netdev's netns
iio: light: vcnl4000: Don't power on/off chip in config
pwr-mlxbf: extend Kconfig to include gpio-mlxbf3 dependency
ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone
arm64: dts: mediatek: Fix "mediatek,
fs-writeback: do not requeue a clean inode having skipped pages
btrfs: fix race when refilling delayed refs block reserve
btrfs: prevent transaction block reserve underflow when starting transaction
btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1
btrfs: initialize start_slot in btrfs_log_
i2c: mux: Avoid potential false error message in i2c_mux_add_adapter
overlayfs: set ctime when setting mtime and atime
accel/ivpu: Don't flood dmesg with VPU ready message
gpio: timberdale: Fix potential deadlock on &tgpio->lock
ata: libata-core: Fix compilation warning in ata_dev_
ata: libata-eh: Fix compilation warning in ata_eh_
tracing: relax trace_event_
wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len
wifi: cfg80211: validate AP phy operation before starting it
wifi: iwlwifi: Ensure ack flag is properly cleared.
rfkill: sync before userspace visibility/changes
HID: logitech-hidpp: Add Bluetooth ID for the Logitech M720 Triathlon mouse
HID: holtek: fix slab-out-of-bounds Write in holtek_
Bluetooth: btusb: add shutdown function for QCA6174
Bluetooth: Avoid redundant authentication
Bluetooth: hci_core: Fix build warnings
wifi: cfg80211: Fix 6GHz scan configuration
wifi: mac80211: work around Cisco AP 9115 VHT MPDU length
wifi: mac80211: allow transmitting EAPOL frames with tainted key
wifi: cfg80211: avoid leaking stack data into trace
regulator/core: Revert "fix kobject release warning and memory leak in regulator_
SUNRPC: Fail quickly when server does not recognize TLS
SUNRPC/TLS: Lock the lower_xprt during the tls handshake
nfs: decrement nrequests counter before releasing the req
sky2: Make sure there is at least one frag_addr available
ipv4/fib: send notify when delete source address routes
drm: panel-orientati
btrfs: fix some -Wmaybe-
btrfs: error out when COWing block using a stale transaction
btrfs: error when COWing block from a root that is being deleted
btrfs: error out when reallocating block for defrag using a stale transaction
platform/x86: touchscreen_dmi: Add info for the BUSH Bush Windows tablet
drm/amd/pm: add unique_id for gc 11.0.3
HID: multitouch: Add required quirk for Synaptics 0xcd7e device
HID: nintendo: reinitialize USB Pro Controller after resuming from suspend
HID: Add quirk to ignore the touchscreen battery on HP ENVY 15-eu0556ng
platform/x86: touchscreen_dmi: Add info for the Positivo C4128B
cpufreq: schedutil: Update next_freq when cpufreq_limits change
Bluetooth: hci_sync: Fix not handling ISO_LINK in hci_abort_conn_sync
Bluetooth: hci_sync: Introduce PTR_UINT/UINT_PTR macros
Bluetooth: ISO: Fix invalid context error
Bluetooth: hci_sync: delete CIS in BT_OPEN/
Bluetooth: hci_sync: always check if connection is alive before deleting
net/mlx5: E-switch, register event handler before arming the event
net/mlx5: Handle fw tracer change ownership event based on MTRC
net/mlx5e: RX, Fix page_pool allocation failure recovery for striding rq
net/mlx5e: RX, Fix page_pool allocation failure recovery for legacy rq
net/mlx5e: XDP, Fix XDP_REDIRECT mpwqe page fragment leaks on shutdown
net/mlx5e: Take RTNL lock before triggering netdev notifiers
net/mlx5e: Don't offload internal port if filter device is out device
net/mlx5e: Fix VF representors reporting zero counters to "ip -s" command
net/tls: split tls_rx_reader_lock
tcp: allow again tcp_disconnect() when threads are waiting
Bluetooth: hci_event: Fix using memcmp when comparing keys
tcp_bpf: properly release resources on error paths
mtd: rawnand: qcom: Unmap the right resource upon probe failure
mtd: rawnand: pl353: Ensure program page operations are successful
mtd: rawnand: marvell: Ensure program page operations are successful
mtd: rawnand: arasan: Ensure program page operations are successful
mtd: rawnand: Ensure the nand chip supports cached reads
mtd: spinand: micron: correct bitmask for ecc status
mtd: physmap-core: Restore map_rom fallback
dt-bindings: mmc: sdhci-msm: correct minimum number of clocks
mmc: sdhci-pci-gli: fix LPM negotiation so x86/S0ix SoCs can suspend
mmc: mtk-sd: Use readl_poll_
mmc: core: Fix error propagation for some ioctl commands
mmc: core: sdio: hold retuning if sdio in 1-bit mode
pinctrl: qcom: lpass-lpi: fix concurrent register updates
pNFS: Fix a hang in nfs4_evict_inode()
pNFS/flexfiles: Check the layout validity in ff_layout_
NFSv4.1: fixup use EXCHGID4_
ACPI: irq: Fix incorrect return value in acpi_register_gsi()
ACPI: bus: Move acpi_arm_init() to the place of after acpi_ghes_init()
perf dlfilter: Fix use of addr_location_
fanotify: limit reporting of event with non-decodeable file handles
NFS: Fix potential oops in nfs_inode_
nfs42: client needs to strip file mode's suid/sgid bit after ALLOCATE op
nvme: sanitize metadata bounce buffer for reads
nvme-pci: add BOGUS_NID for Intel 0a54 device
nvme-auth: use chap->s2 to indicate bidirectional authentication
nvmet-auth: complete a request only after freeing the dhchap pointers
nvme-rdma: do not try to stop unallocated queues
USB: serial: option: add Telit LE910C4-WWX 0x1035 composition
USB: serial: option: add entry for Sierra EM9191 with new firmware
USB: serial: option: add Fibocom to DELL custom modem FM101R-GL
thunderbolt: Call tb_switch_put() once DisplayPort bandwidth request is finished
s390/pci: fix iommu bitmap allocation
tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols
selftests/ftrace: Add new test case which checks non unique symbol
KEYS: asymmetric: Fix sign/verify on pkcs1pad without a hash
apple-gmux: Hard Code max brightness for MMIO gmux
s390/cio: fix a memleak in css_alloc_
platform/surface: platform_profile: Propagate error if profile registration fails
platform/x86: intel-uncore-freq: Conditionally create attribute for read frequency
platform/x86: msi-ec: Fix the 3rd config
platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
platform/x86: asus-wmi: Only map brightness codes when using asus-wmi backlight control
platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events
rust: error: fix the description for `ECHILD`
gpiolib: acpi: Add missing memset(0) to acpi_get_
gpio: vf610: set value before the direction to avoid a glitch
gpio: vf610: mask the gpio irq in system suspend and support wakeup
ASoC: cs35l56: Fix illegal use of init_completion()
ASoC: pxa: fix a memory leak in probe()
ASoC: cs42l42: Fix missing include of gpio/consumer.h
drm/bridge: ti-sn65dsi86: Associate DSI device lifetime with auxiliary device
drm/i915/cx0: Only clear/set the Pipe Reset bit of the PHY Lanes Owned
drm/amdgpu: Fix possible null pointer dereference
powerpc/mm: Allow ARCH_FORCE_
powerpc/qspinlock: Fix stale propagated yield_cpu
docs: Move rustdoc output, cross-reference it
rust: docs: fix logo replacement
phy: mapphone-mdm6600: Fix runtime disable on probe
phy: mapphone-mdm6600: Fix runtime PM for remove
phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins
phy: qcom-qmp-usb: initialize PCS_USB registers
phy: qcom-qmp-usb: split PCS_USB init table for sc8280xp and sa8775p
phy: qcom-qmp-combo: Square out 8550 POWER_STATE_CONFIG1
phy: qcom-qmp-combo: initialize PCS_USB registers
efi/unaccepted: Fix soft lockups caused by parallel memory acceptance
net: move altnames together with the netdevice
Bluetooth: hci_sock: fix slab oob read in create_
net: rfkill: reduce data->mtx scope in rfkill_fop_open
docs: rust: update Rust docs output path
kbuild: remove old Rust docs output path
Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
mptcp: avoid sending RST when closing the initial subflow
selftests: mptcp: join: correctly check for no RST
Linux 6.5.9
UBUNTU: Upstream stable to v6.5.9
CVE References
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
tags: | added: kernel-stable-tracking-bug |
Changed in linux (Ubuntu): | |
status: | Confirmed → Invalid |
Changed in linux (Ubuntu Mantic): | |
assignee: | nobody → Manuel Diewald (diewald) |
importance: | Undecided → Medium |
status: | New → In Progress |
description: | updated |
Changed in linux (Ubuntu Mantic): | |
status: | In Progress → Fix Committed |
This bug was fixed in the package linux - 6.5.0-25.25
---------------
linux (6.5.0-25.25) mantic; urgency=medium
* mantic/linux: 6.5.0-25.25 -proposed tracker (LP: #2052615)
* Packaging resync (LP: #1786013) dkms-versions -- update from kernel-versions (main/2024.02.05)
- debian/
* [SRU][22.04.04]: mpi3mr driver update (LP: #2045233)
- scsi: mpi3mr: Invoke soft reset upon TSU or event ack time out
- scsi: mpi3mr: Update MPI Headers to version 3.00.28
- scsi: mpi3mr: Add support for more than 1MB I/O
- scsi: mpi3mr: WRITE SAME implementation
- scsi: mpi3mr: Enhance handling of devices removed after controller reset
- scsi: mpi3mr: Update driver version to 8.5.0.0.0
- scsi: mpi3mr: Split off bus_reset function from host_reset
- scsi: mpi3mr: Add support for SAS5116 PCI IDs
- scsi: mpi3mr: Add PCI checks where SAS5116 diverges from SAS4116
- scsi: mpi3mr: Increase maximum number of PHYs to 64 from 32
- scsi: mpi3mr: Add support for status reply descriptor
- scsi: mpi3mr: driver version upgrade to 8.5.0.0.50
- scsi: mpi3mr: Refresh sdev queue depth after controller reset
- scsi: mpi3mr: Clean up block devices post controller reset
- scsi: mpi3mr: Block PEL Enable Command on Controller Reset and Unrecoverable
State
- scsi: mpi3mr: Fetch correct device dev handle for status reply descriptor
- scsi: mpi3mr: Support for preallocation of SGL BSG data buffers part-1
- scsi: mpi3mr: Support for preallocation of SGL BSG data buffers part-2
- scsi: mpi3mr: Support for preallocation of SGL BSG data buffers part-3
- scsi: mpi3mr: Update driver version to 8.5.1.0.0
* The display becomes frozen after some time when a HDMI device is connected.
(LP: #2049027)
- drm/i915/dmc: Don't enable any pipe DMC events
* Audio balancing setting doesn't work with the cirrus codec (LP: #2051050)
- ALSA: hda/cs8409: Suppress vmaster control for Dolphin models
* partproke is broken on empty loopback device (LP: #2049689) partition( )
- block: Move checking GENHD_FL_NO_PART to bdev_add_
* CVE-2023-51780
- atm: Fix Use-After-Free in do_vcc_ioctl
* CVE-2023-6915
- ida: Fix crash in ida_free when the bitmap is empty
* Update Ubuntu.md (LP: #2051176)
- [Packaging] update Ubuntu.md
* test_021_ aslr_dapper_ libs from ubuntu_ qrt_kernel_ security failed on K-5.19 / RND_{COMPAT_ , }BITS to the maximum
J-OEM-6.1 / J-6.2 AMD64 (LP: #1983357)
- [Config]: set ARCH_MMAP_
* Intel E810-XXV - NETDEV WATCHDOG: (ice): transmit queue timed out
(LP: #2036239)
- ice: Add driver support for firmware changes for LAG
- ice: alter feature support check for SRIOV and LAG
* Mantic update: upstream stable patchset 2024-01-29 (LP: #2051584) out-of- bounds UBSAN warning
- Upstream stable to v6.1.67, v6.6.6
- vdpa/mlx5: preserve CVQ vringh index
- hrtimers: Push pending hrtimers away from outgoing CPU earlier
- i2c: designware: Fix corrupted memory seen in the ISR
- netfilter: ipset: fix race condition between swap/destroy and kernel side
add/del/test
- zstd: Fix array-index-
- tg3: Move the [rt]x_dropped counters...