This bug was fixed in the package linux-hwe-5.4 - 5.4.0-133.149~18.04.1 --------------- linux-hwe-5.4 (5.4.0-133.149~18.04.1) bionic; urgency=medium * bionic/linux-hwe-5.4: 5.4.0-133.149~18.04.1 -proposed tracker (LP: #1996384) [ Ubuntu: 5.4.0-133.149 ] * focal/linux: 5.4.0-133.149 -proposed tracker (LP: #1996385) * CVE-2022-42703 - mm/rmap.c: don't reuse anon_vma if we just want a copy * [UBUNTU 20.04] KVM: PV: ext call delivered twice when receiver in PSW wait (LP: #1995941) - KVM: s390: pv: don't present the ecall interrupt twice * [UBUNTU 20.04] boot: Add s390x secure boot trailer (LP: #1996071) - s390/boot: add secure boot trailer * Fix rfkill causing soft blocked wifi (LP: #1996198) - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi * md: Replace snprintf with scnprintf (LP: #1993315) - md: Replace snprintf with scnprintf * input/keyboard: the keyboard on some Asus laptops can't work (LP: #1992266) - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA - ACPI: resource: Add ASUS model S5402ZA to quirks * Focal update: v5.4.218 upstream stable release (LP: #1995530) - mm: pagewalk: Fix race between unmap and page walker - perf tools: Fixup get_current_dir_name() compilation - firmware: arm_scmi: Add SCMI PM driver remove routine - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure - ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer - scsi: qedf: Fix a UAF bug in __qedf_probe() - net/ieee802154: fix uninit value bug in dgram_sendmsg - um: Cleanup syscall_handler_t cast in syscalls_32.h - um: Cleanup compiler warning in arch/x86/um/tls_32.c - arch: um: Mark the stack non-executable to fix a binutils warning - usb: mon: make mmapped memory read only - USB: serial: ftdi_sio: fix 300 bps rate for SIO - mmc: core: Replace with already defined values for readability - mmc: core: Terminate infinite loop in SD-UHS voltage switch - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() - nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() - nilfs2: fix leak of nilfs_root in case of writer thread creation failure - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure - ceph: don't truncate file in atomic_open - random: clamp credited irq bits to maximum mixed - ALSA: hda: Fix position reporting on Poulsbo - efi: Correct Macmini DMI match in uefi cert quirk - USB: serial: qcserial: add new usb-id for Dell branded EM7455 - random: restore O_NONBLOCK support - random: avoid reading two cache lines on irq randomness - random: use expired timer rather than wq for mixing fast pool - Input: xpad - add supported devices as contributed on github - Input: xpad - fix wireless 360 controller breaking after suspend - Linux 5.4.218 * Focal update: v5.4.217 upstream stable release (LP: #1995528) - xfs: fix misuse of the XFS_ATTR_INCOMPLETE flag - xfs: introduce XFS_MAX_FILEOFF - xfs: truncate should remove all blocks, not just to the end of the page cache - xfs: fix s_maxbytes computation on 32-bit kernels - xfs: fix IOCB_NOWAIT handling in xfs_file_dio_aio_read - xfs: refactor remote attr value buffer invalidation - xfs: fix memory corruption during remote attr value buffer invalidation - xfs: move incore structures out of xfs_da_format.h - xfs: streamline xfs_attr3_leaf_inactive - xfs: fix uninitialized variable in xfs_attr3_leaf_inactive - xfs: remove unused variable 'done' - Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 - docs: update mediator information in CoC docs - Linux 5.4.217 * Focal update: v5.4.216 upstream stable release (LP: #1995526) - uas: add no-uas quirk for Hiksemi usb_disk - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS - uas: ignore UAS for Thinkplus chips - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 - clk: ingenic-tcu: Properly enable registers before accessing timers - ARM: dts: integrator: Tag PCI host with device_type - ntfs: fix BUG_ON in ntfs_lookup_inode_by_name() - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width - mm/page_alloc: fix race condition between build_all_zonelists and page allocation - mm: prevent page_frag_alloc() from corrupting the memory - mm/migrate_device.c: flush TLB while holding PTL - mm: fix madivse_pageout mishandling on non-LRU page - media: dvb_vb2: fix possible out of bound access - ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver - ARM: dts: am33xx: Fix MMCHS0 dma properties - soc: sunxi: sram: Actually claim SRAM regions - soc: sunxi: sram: Prevent the driver from being unbound - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() - soc: sunxi: sram: Fix probe function ordering issues - soc: sunxi: sram: Fix debugfs info for A64 SRAM C - Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time" - Input: melfas_mip4 - fix return value check in mip4_probe() - usbnet: Fix memory leak in usbnet_disconnect() - nvme: add new line after variable declatation - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices - selftests: Fix the if conditions of in test_extra_filter() - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks - clk: iproc: Do not rely on node name for correct PLL setup - Linux 5.4.216 * Focal update: v5.4.215 upstream stable release (LP: #1993203) - of: fdt: fix off-by-one error in unflatten_dt_nodes() - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx - drm/meson: Correct OSD1 global alpha value - drm/meson: Fix OSD1 RGB to YCbCr coefficient - parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC - task_stack, x86/cea: Force-inline stack helpers - tracing: hold caller_addr to hardirq_{enable,disable}_ip - cifs: revalidate mapping when doing direct writes - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM - MAINTAINERS: add Chandan as xfs maintainer for 5.4.y - iomap: iomap that extends beyond EOF should be marked dirty - ASoC: nau8824: Fix semaphore unbalance at error paths - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() - rxrpc: Fix local destruction being repeated - rxrpc: Fix calc of resend age - ALSA: hda/sigmatel: Keep power up while beep is enabled - ALSA: hda/tegra: Align BDL entry to 4KB boundary - net: usb: qmi_wwan: add Quectel RM520N - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked - MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping() - mksysmap: Fix the mismatch of 'L0' symbols in System.map - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() - ALSA: hda/sigmatel: Fix unused variable warning for beep power change - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind - usb: dwc3: Issue core soft reset before enabling run/stop - usb: dwc3: gadget: Prevent repeat pullup() - usb: dwc3: gadget: Refactor pullup() - usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup() - usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop - usb: xhci-mtk: get the microframe boundary for ESIT - usb: xhci-mtk: add only one extra CS for FS/LS INTR - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule - usb: xhci-mtk: add a function to (un)load bandwidth info - usb: xhci-mtk: add some schedule error number - usb: xhci-mtk: allow multiple Start-Split in a microframe - usb: xhci-mtk: relax TT periodic bandwidth allocation - wifi: mac80211: Fix UAF in ieee80211_scan_rx() - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data - serial: atmel: remove redundant assignment in rs485_config - tty: serial: atmel: Preserve previous USART mode if RS485 disabled - usb: add quirks for Lenovo OneLink+ Dock - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio - usb: cdns3: fix issue with rearming ISO OUT endpoint - Revert "usb: add quirks for Lenovo OneLink+ Dock" - Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio" - USB: core: Fix RST error in hub.c - USB: serial: option: add Quectel BG95 0x0203 composition - USB: serial: option: add Quectel RM520N - ALSA: hda/tegra: set depop delay for tegra - ALSA: hda: add Intel 5 Series / 3400 PCI DID - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 - ALSA: hda/realtek: Re-arrange quirk table entries - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop - efi: libstub: check Shim mode using MokSBStateRT - mm/slub: fix to return errno if kmalloc() fails - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma - netfilter: nf_conntrack_sip: fix ct_sip_walk_headers - netfilter: nf_conntrack_irc: Tighten matching on DCC message - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() - iavf: Fix cached head and tail value for iavf_get_tx_pending - ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header - net: team: Unsync device addresses on ndo_stop - MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko - MIPS: Loongson32: Fix PHY-mode being left unspecified - iavf: Fix bad page state - i40e: Fix set max_tx_rate when it is lower than 1 Mbps - of: mdio: Add of_node_put() when breaking out of for_each_xx - net/sched: taprio: avoid disabling offload when it was never enabled - net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs - netfilter: ebtables: fix memory leak when blob is malformed - can: gs_usb: gs_can_open(): fix race dev->can.state condition - perf jit: Include program header in ELF files - perf kcore_copy: Do not check /proc/modules is unchanged - net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD - net: sched: fix possible refcount leak in tc_new_tfilter() - serial: Create uart_xmit_advance() - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup - usb: xhci-mtk: fix issue of out-of-bounds array access - cifs: always initialize struct msghdr smb_msg completely - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region - drm/amd/display: Limit user regamma to a valid value - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid - workqueue: don't skip lockdep work dependency in cancel_work_sync() - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 - xfs: replace -EIO with -EFSCORRUPTED for corrupt metadata - xfs: slightly tweak an assert in xfs_fs_map_blocks - xfs: add missing assert in xfs_fsmap_owner_from_rmap - xfs: range check ri_cnt when recovering log items - xfs: attach dquots and reserve quota blocks during unwritten conversion - xfs: convert EIO to EFSCORRUPTED when log contents are invalid - xfs: constify the buffer pointer arguments to error functions - xfs: always log corruption errors - xfs: fix some memory leaks in log recovery - xfs: stabilize insert range start boundary to avoid COW writeback race - xfs: use bitops interface for buf log item AIL flag check - xfs: refactor agfl length computation function - xfs: split the sunit parameter update into two parts - xfs: don't commit sunit/swidth updates to disk if that would cause repair failures - xfs: fix an ABBA deadlock in xfs_rename - xfs: fix use-after-free when aborting corrupt attr inactivation - ext4: make directory inode spreading reflect flexbg size - Linux 5.4.215 * Focal update: v5.4.214 upstream stable release (LP: #1993196) - drm/msm/rd: Fix FIFO-full deadlock - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message - tg3: Disable tg3 device on system reboot to avoid triggering AER - ieee802154: cc2520: add rc code in cc2520_tx() - Input: iforce - add support for Boeder Force Feedback Wheel - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() - perf/arm_pmu_platform: fix tests for platform_get_irq() failure - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes - usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() - net: dp83822: disable rx error interrupt - soc: fsl: select FSL_GUTS driver for DPIO - tracefs: Only clobber mode/uid/gid on remount if asked - Linux 5.4.214 * Focal update: v5.4.213 upstream stable release (LP: #1992211) - efi: capsule-loader: Fix use-after-free in efi_capsule_write - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() - fs: only do a memory barrier for the first set_buffer_uptodate() - Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()" - net: dp83822: disable false carrier interrupt - drm/msm/dsi: fix the inconsistent indenting - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask - iio: adc: mcp3911: make use of the sign bit - ieee802154/adf7242: defer destroy_workqueue call - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() - Revert "xhci: turn off port power in shutdown" - net: sched: tbf: don't call qdisc_put() while holding tree lock - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler - kcm: fix strp_init() order and cleanup - sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb - tcp: annotate data-race around challenge_timestamp - Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb" - net/smc: Remove redundant refcount increase - serial: fsl_lpuart: RS485 RTS polariy is inverse - staging: rtl8712: fix use after free bugs - powerpc: align syscall table for ppc32 - vt: Clear selection before changing the font - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag - iio: adc: mcp3911: use correct formula for AD conversion - misc: fastrpc: fix memory corruption on probe - misc: fastrpc: fix memory corruption on open - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id - binder: fix UAF of ref->proc caused by race condition - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup - drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops - Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops" - clk: core: Fix runtime PM sequence in clk_core_unprepare() - Input: rk805-pwrkey - fix module autoloading - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate - hwmon: (gpio-fan) Fix array out of bounds access - gpio: pca953x: Add mutex_lock for regcache sync in PM - thunderbolt: Use the actual buffer in tb_async_error() - xhci: Add grace period after xHC start to prevent premature runtime suspend. - USB: serial: cp210x: add Decagon UCA device id - USB: serial: option: add support for OPPO R11 diag port - USB: serial: option: add Quectel EM060K modem - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles - usb: dwc2: fix wrong order of phy_power_on and phy_init - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) - usb-storage: Add ignore-residue quirk for NXP PN7462AU - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages - s390: fix nospec table alignments - USB: core: Prevent nested device-reset calls - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS - driver core: Don't probe devices after bus_type.match() probe deferral - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected - net: mac802154: Fix a condition in the receive path - ALSA: seq: oss: Fix data-race for max_midi_devs access - ALSA: seq: Fix data-race at module auto-loading - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk - btrfs: harden identification of a stale device - usb: dwc3: fix PHY disable sequence - usb: dwc3: disable USB core PHY management - USB: serial: ch341: fix lost character on LCR updates - USB: serial: ch341: fix disabled rx timer on older devices - scsi: megaraid_sas: Fix double kfree() - drm/gem: Fix GEM handle release errors - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. - drm/radeon: add a force flush to delay work when radeon - parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() - parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines - arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() - ALSA: aloop: Fix random zeros in capture data when using jiffies timer - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() - kprobes: Prohibit probes in gate area - debugfs: add debugfs_lookup_and_remove() - nvmet: fix a use-after-free - scsi: mpt3sas: Fix use-after-free warning - scsi: lpfc: Add missing destroy_workqueue() in error path - cgroup: Optimize single thread migration - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree - cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock - smb3: missing inode locks in punch hole - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node - regulator: core: Clean up on enable failure - RDMA/cma: Fix arguments order in net device validation - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs - RDMA/hns: Fix supported page size - netfilter: br_netfilter: Drop dst references before setting. - rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2() - afs: Use the operation issue time instead of the reply time for callbacks - sch_sfb: Don't assume the skb is still around after enqueueing to child - tipc: fix shift wrapping bug in map_get() - i40e: Fix kernel crash during module removal - RDMA/siw: Pass a pointer to virt_to_page() - ipv6: sr: fix out-of-bounds read when setting HMAC data. - RDMA/mlx5: Set local port to one when accessing counters - nvme-tcp: fix UAF when detecting digest errors - tcp: fix early ETIMEDOUT after spurious non-SACK RTO - sch_sfb: Also store skb len before calling child enqueue - x86/nospec: Fix i386 RSB stuffing - MIPS: loongson32: ls1c: Fix hang during startup - Linux 5.4.213 * CVE-2022-2663 - netfilter: nf_conntrack_irc: Fix forged IP logic * CVE-2022-3061 - video: fbdev: i740fb: Error out if 'pixclock' equals zero -- Kleber Sacilotto de Souza