Impish update: upstream stable patchset 2021-11-09

Bug #1950388 reported by Kamal Mostafa
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Kamal Mostafa

Bug Description

SRU Justification

       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       upstream stable patchset 2021-11-09

                Ported from the following upstream stable releases:
                        v5.10.71, v5.14.10

       from git://

tty: Fix out-of-bound vmalloc access in imageblit
cpufreq: schedutil: Use kobject release() method to free sugov_tunables
scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory
ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect
fs-verity: fix signed integer overflow with i_size near S64_MAX
hwmon: (tmp421) handle I2C errors
hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field
hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field
hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field
gpio: pca953x: do not ignore i2c errors
scsi: ufs: Fix illegal offset in UPIU event trace
mac80211: fix use-after-free in CCMP/GCMP RX
x86/kvmclock: Move this_cpu_pvti into kvmclock.h
KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect()
KVM: x86: nSVM: don't copy virt_ext from vmcb12
KVM: nVMX: Filter out all unsupported controls when eVMCS was activated
media: ir_toy: prevent device from hanging during transmit
RDMA/cma: Do not change route.addr.src_addr.ss_family
drm/amd/display: Pass PCI deviceid into DC
drm/amdgpu: correct initial cp_hqd_quantum for gfx9
ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
bpf: Handle return value of BPF_PROG_TYPE_STRUCT_OPS prog
IB/cma: Do not send IGMP leaves for sendonly Multicast groups
RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
bpf, mips: Validate conditional branch offsets
hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs
mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
mac80211: mesh: fix potentially unaligned access
mac80211-hwsim: fix late beacon hrtimer handling
sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb
mptcp: don't return sockets in foreign netns
hwmon: (tmp421) report /PVLD condition as fault
hwmon: (tmp421) fix rounding for negative values
net: enetc: fix the incorrect clearing of IF_MODE bits
net: ipv4: Fix rtnexthop len when RTA_FLOW is present
smsc95xx: fix stalled rx after link change
drm/i915/request: fix early tracepoints
dsa: mv88e6xxx: 6161: Use chip wide MAX MTU
dsa: mv88e6xxx: Fix MTU definition
dsa: mv88e6xxx: Include tagger overhead when setting MTU for DSA and CPU ports
e100: fix length calculation in e100_get_regs_len
e100: fix buffer overrun in e100_get_regs
bpf: Exempt CAP_BPF from checks against bpf_jit_limit
selftests, bpf: Fix makefile dependencies on libbpf
selftests, bpf: test_lwt_ip_encap: Really disable rp_filter
UBUNTU: [Config] updateconfigs for ks8851 modules
net: ks8851: fix link error
scsi: csiostor: Add module softdep on cxgb4
ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup
net: hns3: do not allow call hns3_nic_net_open repeatedly
net: hns3: fix show wrong state when add existing uc mac address
net: hns3: reconstruct function hns3_self_test
net: hns3: fix always enable rx vlan filter problem after selftest
net: phy: bcm7xxx: Fixed indirect MMD operations
net: sched: flower: protect fl_walk() with rcu
af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
perf/x86/intel: Update event constraints for ICX
hwmon: (pmbus/mp2975) Add missed POUT attribute for page 1 mp2975 controller
nvme: add command id quirk for apple controllers
elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings
debugfs: debugfs_create_file_size(): use IS_ERR to check for error
ipack: ipoctal: fix stack information leak
ipack: ipoctal: fix tty registration race
ipack: ipoctal: fix tty-registration error handling
ipack: ipoctal: fix missing allocation-failure check
ipack: ipoctal: fix module reference leak
ext4: fix loff_t overflow in ext4_max_bitmap_size()
ext4: limit the number of blocks in one ADD_RANGE TLV
ext4: fix reserved space counter leakage
ext4: add error checking to ext4_ext_replay_set_iblocks()
ext4: fix potential infinite loop in ext4_dx_readdir()
HID: u2fzero: ignore incomplete packets without data
net: udp: annotate data race around udp_sk(sk)->corkflag
usb: hso: remove the bailout parameter
HID: betop: fix slab-out-of-bounds Write in betop_probe
netfilter: ipset: Fix oversized kvmalloc() calls
mm: don't allow oversized kvmalloc() calls
HID: usbhid: free raw_report buffers in usbhid_stop
KVM: x86: Handle SRCU initialization failure during page track init
netfilter: conntrack: serialize hash resizes and cleanups
netfilter: nf_tables: Fix oversized kvmalloc() calls
media: cedrus: Fix SUNXI tile size calculation
media: s5p-jpeg: rename JPEG marker constants to prevent build warnings
ASoC: fsl_sai: register platform component before registering cpu dai
ASoC: fsl_esai: register platform component before registering cpu dai
ASoC: fsl_micfil: register platform component before registering cpu dai
ASoC: fsl_spdif: register platform component before registering cpu dai
ASoC: fsl_xcvr: register platform component before registering cpu dai
ASoC: mediatek: common: handle NULL case in suspend/resume function
ASoC: SOF: Fix DSP oops stack dump output contents
ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types
ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types
pinctrl: qcom: spmi-gpio: correct parent irqspec translation
s390/qeth: Fix deadlock in remove_discipline
s390/qeth: fix deadlock during failing recovery
m68k: Update ->thread.esp0 before calling syscall_trace() in ret_from_signal
NIOS2: fix kconfig unmet dependency warning for SERIAL_CORE_CONSOLE
kasan: fix Kconfig check of CC_HAS_WORKING_NOSANITIZE_ADDRESS
HID: amd_sfh: Fix potential NULL pointer dereference
perf test: Fix DWARF unwind for optimized builds.
perf iostat: Use system-wide mode if the target cpu_list is unspecified
perf iostat: Fix Segmentation fault from NULL 'struct perf_counts_values *'
watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST
scsi: ufs: ufs-pci: Fix Intel LKF link stability
ALSA: firewire-motu: fix truncated bytes in message tracepoints
platform/x86/intel: hid: Add DMI switches allow list
ptp: Fix ptp_kvm_getcrosststamp issue for x86 ptp_kvm
KVM: x86: Clear KVM's cached guest CR3 at RESET/INIT
KVM: SEV: Update svm_vm_copy_asid_from for SEV-ES
KVM: SEV: Pin guest memory for write for RECEIVE_UPDATE_DATA
KVM: SEV: Acquire vcpu mutex when updating VMSA
KVM: SEV: Allow some commands for mirror VM
KVM: SVM: fix missing sev_decommission in sev_receive_start
KVM: nVMX: Fix nested bus lock VM exit
KVM: VMX: Fix a TSX_CTRL_CPUID_CLEAR field mask issue
mmc: renesas_sdhi: fix regression with hard reset on old SDHIs
RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests
nbd: use shifts rather than multiplies
drm/amd/display: initialize backlight_ramping_override to false
drm/amdgpu: force exit gfxoff on sdma resume for rmb s0ix
drm/amdgpu: check tiling flags when creating FB on GFX8-
interconnect: qcom: sdm660: Fix id of slv_cnoc_mnoc_cfg
interconnect: qcom: sdm660: Correct NOC_QOS_PRIORITY shift and mask
drm/i915/gvt: fix the usage of ww lock in gvt scheduler.
netfilter: nf_tables: unlink table before deleting it
netfilter: log: work around missing softdep backend module
driver core: fw_devlink: Add support for FWNODE_FLAG_NEEDS_CHILD_BOUND_ON_ADD
net: mdiobus: Set FWNODE_FLAG_NEEDS_CHILD_BOUND_ON_ADD for mdiobus parents
mptcp: allow changing the 'backup' bit when no sockets are open
drm/i915: Remove warning from the rps worker
RDMA/hfi1: Fix kernel pointer leak
RDMA/hns: Fix the size setting error when copying CQE in clean_cq()
RDMA/hns: Add the check of the CQE size of the user space
libbpf: Fix segfault in static linker for objects without BTF
bpf, x86: Fix bpf mapping of atomic fetch implementation
ionic: fix gathering of debug stats
net: hns3: remove tc enable checking
net: hns3: don't rollback when destroy mqprio fail
net: hns3: disable firmware compatible features when uninstall PF
objtool: Teach get_alt_entry() about more relocation types
sched/fair: Add ancestors of unthrottled undecayed cfs_rq
sched/fair: Null terminate buffer when updating tunable_scaling
hwmon: (occ) Fix P10 VRM temp sensors
driver core: fw_devlink: Improve handling of cyclic dependencies
ext4: flush s_error_work before journal destroy in ext4_fill_super
NIOS2: setup.c: drop unused variable 'dram_start'
crypto: aesni - xts_crypt() return if walk.nbytes is 0
drivers: net: mhi: fix error path in mhi_net_newlink
UBUNTU: upstream stable to v5.10.71, v5.14.10

CVE References

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu Impish):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Kamal Mostafa (kamalmostafa)
Changed in linux (Ubuntu):
status: Confirmed → Invalid
description: updated
Stefan Bader (smb)
Changed in linux (Ubuntu Impish):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (39.5 KiB)

This bug was fixed in the package linux - 5.13.0-23.23

linux (5.13.0-23.23) impish; urgency=medium

  * impish/linux: 5.13.0-23.23 -proposed tracker (LP: #1952263)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.29)

  * CVE-2021-4002
    - hugetlbfs: flush TLBs correctly after huge_pmd_unshare

  * [SRU][I/OEM-5.13/OEM-5.14] Add MAC passthrough support for more Lenovo docks
    (LP: #1951767)
    - net: usb: r8152: Add MAC passthrough support for more Lenovo Docks

  * Fix non-working e1000e device after resume (LP: #1951861)
    - SAUCE: Revert "e1000e: Additional PHY power saving in S0ix"
    - SAUCE: Revert "e1000e: Add polling mechanism to indicate CSME DPG exit"
    - SAUCE: Revert "e1000e: Add handshake with the CSME to support S0ix"

  * CVE-2021-43267
    - tipc: fix size validations for the MSG_CRYPTO type

  * Impish update: upstream stable patchset 2021-11-22 (LP: #1951880)
    - ext4: check and update i_disksize properly
    - ext4: correct the error path of ext4_write_inline_data_end()
    - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic
    - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
    - netfilter: ip6_tables: zero-initialize fragment offset
    - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
    - ASoC: SOF: loader: release_firmware() on load failure to avoid batching
    - netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic
    - netfilter: nf_nat_masquerade: defer conntrack walk to work queue
    - mac80211: Drop frames from invalid MAC address in ad-hoc mode
    - m68k: Handle arrivals of multiple signals correctly
    - hwmon: (ltc2947) Properly handle errors when looking for the external clock
    - net: prevent user from passing illegal stab size
    - mac80211: check return value of rhashtable_init
    - vboxfs: fix broken legacy mount signature checking
    - net: sun: SUNVNET_COMMON should depend on INET
    - drm/amdgpu: fix pin_count leak
    - scsi: ses: Fix unsigned comparison with less than zero
    - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
    - perf/core: fix userpage->time_enabled of inactive events
    - sched: Always inline is_percpu_thread()
    - hwmon: (pmbus/ibm-cffps) max_power_out swap changes
    - ALSA: usb-audio: Unify mixer resume and reset_resume procedure
    - KVM: arm64: nvhe: Fix missing FORCE for hyp-reloc.S build rule
    - pinctrl: qcom: sc7280: Add PM suspend callbacks
    - net: bgmac-platform: handle mac-address deferral
    - scsi: qla2xxx: Fix excessive messages during device logout
    - io_uring: kill fasync
    - upstream stable to v5.10.74, v5.14.13
    - ALSA: usb-audio: Add quirk for VF0770
    - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl
    - ALSA: seq: Fix a potential UAF by wrong private_free call order
    - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop
    - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254
    - ALSA: hda/realtek: Complete partial device nam...

Changed in linux (Ubuntu Impish):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.