Package "linux-cloud-tools-5.4.0-210"

 linux (5.4.0-210.230) focal; urgency=medium
 .
   * focal/linux: 5.4.0-210.230 -proposed tracker (LP: #2098353)
 .
   * Focal update: v5.4.290 upstream stable release (LP: #2098439)
     - jbd2: flush filesystem device before updating tail sequence
     - dm array: fix releasing a faulty array block twice in dm_array_cursor_end
     - dm array: fix unreleased btree blocks on closing a faulty array cursor
     - dm array: fix cursor index when skipping across block boundaries
     - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
     - net: 802: LLC+SNAP OID:PID lookup on start of skb data
     - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
     - tcp/dccp: allow a connection when sk_max_ack_backlog is zero
     - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
     - tls: Fix tls_sw_sendmsg error handling
     - dm thin: make get_first_thin use rcu-safe list first function
     - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
     - sctp: sysctl: auth_enable: avoid using current->nsproxy
     - drm/amd/display: Add check for granularity in dml ceil/floor helpers
     - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
     - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[]
     - drm/amd/display: increase MAX_SURFACES to the value supported by hw
     - USB: serial: option: add MeiG Smart SRM815
     - USB: serial: option: add Neoway N723-EA support
     - staging: iio: ad9834: Correct phase range check
     - staging: iio: ad9832: Correct phase range check
     - usb-storage: Add max sectors quirk for Nokia 208
     - USB: serial: cp210x: add Phoenix Contact UPS Device
     - usb: gadget: u_serial: Disable ep before setting port to null to fix the
       crash caused by port being null
     - USB: usblp: return error when setting unsupported protocol
     - USB: core: Disable LPM only for non-suspended ports
     - usb: fix reference leak in usb_new_device()
     - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
     - iio: pressure: zpa2326: fix information leak in triggered buffer
     - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered
       buffer
     - iio: light: vcnl4035: fix information leak in triggered buffer
     - iio: imu: kmx61: fix information leak in triggered buffer
     - iio: adc: ti-ads8688: fix information leak in triggered buffer
     - iio: gyro: fxas21002c: Fix missing data update in trigger handler
     - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
     - iio: adc: at91: call input_free_device() on allocated iio_dev
     - iio: inkern: call iio_device_put() only on mapped devices
     - arm64: dts: rockchip: fix defines in pd_vio node for rk3399
     - arm64: dts: rockchip: fix pd_tcpc0 and pd_tcpc1 node position on rk3399
     - arm64: dts: rockchip: add #power-domain-cells to power domain nodes
     - arm64: dts: rockchip: add hevc power domain clock to rk3328
     - phy: core: fix code style in devm_of_phy_provider_unregister
     - phy: core: Fix that API devm_of_phy_provider_unregister() fails to
       unregister the phy provider
     - ocfs2: correct return value of ocfs2_local_free_info()
     - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
     - sctp: sysctl: rto_min/max: avoid using current->nsproxy
     - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
     - net: net_namespace: Optimize the code
     - net: add exit_batch_rtnl() method
     - gtp: use exit_batch_rtnl() method
     - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
     - gtp: Destroy device along with udp socket's netns dismantle.
     - nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
     - drm/v3d: Ensure job pointer is set to NULL after job completion
     - i2c: mux: demux-pinctrl: check initial mux selection, too
     - mac802154: check local interfaces before deleting sdata list
     - hfs: Sanity check the root record
     - kheaders: Ignore silly-rename files
     - poll_wait: add mb() to fix theoretical race between waitqueue_active() and
       .poll()
     - nvmet: propagate npwg topology
     - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
     - fs/proc: fix softlockup in __read_vmcore (part 2)
     - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
     - hrtimers: Handle CPU state correctly on hotplug
     - ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
     - scsi: sg: Fix slab-use-after-free read in sg_release()
     - net: fix data-races around sk->sk_forward_alloc
     - ASoC: wm8994: Add depends on MFD core
     - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
     - irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
     - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
     - m68k: Update ->thread.esp0 before calling syscall_trace() in ret_from_signal
     - m68k: Add missing mmap_read_lock() to sys_cacheflush()
     - signal/m68k: Use force_sigsegv(SIGSEGV) in fpsp040_die
     - net: xen-netback: hash.c: Use built-in RCU list checking
     - net/xen-netback: prevent UAF in xenvif_flush_hash()
     - vfio/platform: check the bounds of read/write syscalls
     - ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path
     - ext4: fix slab-use-after-free in ext4_split_extent_at()
     - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
     - Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix
       the crash caused by port being null"
     - Input: atkbd - map F23 key to support default copilot shortcut
     - Input: xpad - add unofficial Xbox 360 wireless receiver clone
     - Input: xpad - add support for wooting two he (arm)
     - drm/v3d: Assign job pointer to NULL before signaling the fence
     - xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
     - Partial revert of xhci: use pm_ptr() inste

 linux (5.4.0-208.228) focal; urgency=medium
 .
   * CVE-2025-0927
     - SAUCE: fs: hfs/hfsplus: add key_len boundary check to hfs_bnode_read_key
 .

 linux (5.4.0-207.227) focal; urgency=medium
 .
   * focal/linux: 5.4.0-207.227 -proposed tracker (LP: #2095347)
 .
   * Remove "ftrace: Fix possible use-after-free issue in ftrace_location()" bad
     commit from focal (LP: #2095348)
     - Revert "ftrace: Fix possible use-after-free issue in ftrace_location()"
 .

 linux (5.4.0-206.226) focal; urgency=medium
 .
   * focal/linux: 5.4.0-206.226 -proposed tracker (LP: #2093785)
 .
   * nouveau keeps showing `disp: ctrl 00000080` and crippling the system
     (LP: #2078011)
     - drm/nouveau/disp/gv100-: halt NV_PDISP_FE_RM_INTR_STAT_CTRL_DISP_ERROR
       storms
     - drm/nouveau/kms/gv100-: move window ownership setup into modesetting path
     - drm/nouveau/kms/gv100-: avoid sending a core update until the first modeset
 .
   * CVE-2024-43863
     - drm/vmwgfx: Fix a deadlock in dma buf fence polling
 .
   * CVE-2024-40911
     - wifi: cfg80211: Lock wiphy in cfg80211_get_station
 .
   * CVE-2024-35896
     - netfilter: validate user input for expected length
     - netfilter: complete validation of user input
 .
   * CVE-2023-52458
     - block: add check that partition length needs to be aligned with block size
 .
   * kernel:nft "Could not process rule: Device or resource busy" on unreferenced
     chain (LP: #2089699)
     - SAUCE: netfilter: nf_tables: Fix EBUSY on deleting unreferenced chain
 .
   * CVE-2024-35887
     - lockdep: Add preemption enabled/disabled assertion APIs
     - timers: Don't block on ->expiry_lock for TIMER_IRQSAFE timers
     - Documentation: Remove bogus claim about del_timer_sync()
     - ARM: spear: Do not use timer namespace for timer_shutdown() function
     - clocksource/drivers/arm_arch_timer: Do not use timer namespace for
       timer_shutdown() function
     - clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown()
       function
     - timers: Get rid of del_singleshot_timer_sync()
     - timers: Replace BUG_ON()s
     - timers: Rename del_timer() to timer_delete()
     - Documentation: Replace del_timer/del_timer_sync()
     - timers: Silently ignore timers with a NULL function
     - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode
     - timers: Add shutdown mechanism to the internal functions
     - timers: Provide timer_shutdown[_sync]()
     - timers: Update the documentation to reflect on the new timer_shutdown() API
     - ax25: fix use-after-free bugs caused by ax25_ds_del_timer
 .
   * CVE-2024-40965
     - clk: Add a devm variant of clk_rate_exclusive_get()
     - clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get()
     - i2c: lpi2c: Avoid calling clk_get_rate during transfer
 .
   * CVE-2024-40982
     - ssb: Fix potential NULL pointer dereference in ssb_device_uevent()
 .
   * CVE-2024-41066
     - ibmvnic: Add tx check to prevent skb leak
 .
   * CVE-2024-42252
     - closures: Change BUG_ON() to WARN_ON()
 .
   * CVE-2024-46731
     - drm/amd/pm: fix the Out-of-bounds read warning
 .
   * Focal update: v5.4.286 upstream stable release (LP: #2089558)
     - arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-
       excavator
     - arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328
     - arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards
     - arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion
     - ARM: dts: rockchip: fix rk3036 acodec node
     - ARM: dts: rockchip: drop grf reference from rk3036 hdmi
     - ARM: dts: rockchip: Fix the spi controller on rk3036
     - ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin
     - enetc: simplify the return expression of enetc_vf_set_mac_addr()
     - net: enetc: set MAC address to the VF net_device
     - can: c_can: fix {rx,tx}_errors statistics
     - media: stb0899_algo: initialize cfr before using it
     - media: dvb_frontend: don't play tricks with underflow values
     - media: adv7604: prevent underflow condition when reporting colorspace
     - ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init()
     - pwm: imx-tpm: Use correct MODULO value for EPWM mode
     - drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
     - dm cache: correct the number of origin blocks to match the target length
     - dm cache: optimize dirty bit checking with find_next_bit when resizing
     - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t
       overflow
     - mtd: rawnand: protect access to rawnand devices while in suspend
     - spi: fix use-after-free of the add_lock mutex
     - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in
       uvc_parse_format
     - fs/proc: fix compile warning about variable 'vmcore_mmap_ops'
     - USB: serial: qcserial: add support for Sierra Wireless EM86xx
     - USB: serial: option: add Fibocom FG132 0x0112 composition
     - USB: serial: option: add Quectel RG650V
     - irqchip/gic-v3: Force propagation of the active state with a read-back
     - ALSA: usb-audio: Support jack detection on Dell dock
     - ALSA: usb-audio: Add quirks for Dell WD19 dock
     - NFSD: Fix NFSv4's PUTPUBFH operation
     - ALSA: usb-audio: Add endianness annotations
     - 9p: Avoid creating multiple slab caches with the same name
     - HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
     - bpf: use kvzmalloc to allocate BPF verifier environment
     - sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML
     - powerpc/powernv: Free name on error in opal_event_init()
     - fs: Fix uninitialized value issue in from_kuid and from_kgid
     - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition
     - md/raid10: improve code of mrdev in raid10_sync_request
     - mm: clarify a confusing comment for remap_pfn_range()
     - mm: fix ambiguous comments for better code readability
     - mm/memory.c: make remap_pfn_range() reject unaligned addr
     - mm: add remap_pfn_range_notrack
     - 9p: fix slab cache name creation for real
     - Linux 5.4.286
 .
   * Focal update: v5.4.286 upstream stable release (LP: #2089558) //
     CVE-2024-47674
     - mm: avoid leaving partial pfn mappings around in error case
 .
   * Focal update: v5.4.286 upstream stable release (LP: #2089558) //
     CVE-2024-38588
     - ftrace:

 linux (5.4.0-202.222) focal; urgency=medium
 .
   * focal/linux: 5.4.0-202.222 -proposed tracker (LP: #2086451)
     - [Packaging] resync git-ubuntu-log
 .
   * CVE-2021-47501
     - i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc
 .
   * CVE-2024-46724
     - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
 .
   * CVE-2024-42240
     - x86/bhi: Avoid warning in #DB handler due to BHI mitigation
 .
   * CVE-2024-42077
     - ocfs2: fix DIO failure due to insufficient transaction credits
 .
   * CVE-2024-42068
     - bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()
 .
   * CVE-2024-36968
     - Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()
 .
   * CVE-2024-35904
     - selinux: avoid dereference of garbage after mount failure
 .
   * CVE-2023-52498
     - PM: sleep: Avoid calling put_device() under dpm_list_mtx
     - PM: sleep: Fix error handling in dpm_prepare()
     - async: Split async_schedule_node_domain()
     - async: Introduce async_schedule_dev_nocall()
     - PM: sleep: Fix possible deadlocks in core system-wide PM code
 .
   * CVE-2023-52488
     - serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO
 .
   * CVE-2022-48938
     - CDC-NCM: avoid overflow in sanity checking
 .
   * CVE-2024-42156
     - s390/pkey: Wipe copies of clear-key structures on failure
 .
   * CVE-2024-44942
     - f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC
 .
   * CVE-2024-38538
     - net: bridge: xmit: make sure we have at least eth header len bytes
 .
   * CVE-2021-47076
     - RDMA/rxe: Return CQE error if invalid lkey was supplied
 .
   * CVE-2024-36938
     - bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
 .
   * CVE-2024-44940
     - fou: remove warn in gue_gro_receive on unsupported protocol
 .
   * CVE-2024-35951
     - drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()
 .
   * CVE-2023-52497
     - erofs: fix lz4 inplace decompression
 .
   * CVE-2024-36953
     - KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()
 .
   * CVE-2022-48943
     - KVM: x86/mmu: make apf token non-zero to fix bug
 .
   * CVE-2024-26947
     - ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses
 .
   * CVE-2022-48733
     - btrfs: fix use-after-free after failure to create a snapshot
 .
   * CVE-2023-52639
     - KVM: s390: vsie: fix race during shadow creation