UbuntuUpdates.org

Package "linux-headers-5.4.0-192-generic"

Name: linux-headers-5.4.0-192-generic

Description:

Linux kernel headers for version 5.4.0 on 64 bit x86 SMP

Latest version: 5.4.0-192.212
Release: focal (20.04)
Level: proposed
Repository: main
Head package: linux

Links


Download "linux-headers-5.4.0-192-generic"


Other versions of "linux-headers-5.4.0-192-generic" in Focal

Repository Area Version
security main 5.4.0-192.212
updates main 5.4.0-192.212

Changelog

Version: 5.4.0-186.206 2024-05-08 23:07:16 UTC

  linux (5.4.0-186.206) focal; urgency=medium

  * focal/linux: 5.4.0-186.206 -proposed tracker (LP: #2063812)

  * Mount CIFS fails with Permission denied (LP: #2061986)
    - cifs: fix ntlmssp auth when there is no key exchange

  * USB stick can't be detected (LP: #2040948)
    - usb: Disable USB3 LPM at shutdown

  * CVE-2024-26733
    - net: dev: Convert sa_data to flexible array in struct sockaddr
    - arp: Prevent overflow in arp_req_get().
    - stddef: Introduce DECLARE_FLEX_ARRAY() helper

  * CVE-2024-26712
    - powerpc/kasan: Fix addr error caused by page alignment

  * CVE-2023-52530
    - wifi: mac80211: fix potential key use-after-free

  * CVE-2021-47063
    - drm: bridge/panel: Cleanup connector on bridge detach

  * [Ubuntu 22.04.4/linux-image-6.5.0-26-generic] Kernel output "UBSAN: array-
    index-out-of-bounds in /build/linux-hwe-6.5-34pCLi/linux-
    hwe-6.5-6.5.0/drivers/net/hyperv/netvsc.c:1445:41" multiple times,
    especially during boot. (LP: #2058477)
    - hv: hyperv.h: Replace one-element array with flexible-array member

  * CVE-2024-26614
    - tcp: make sure init the accept_queue's spinlocks once
    - ipv6: init the accept_queue's spinlocks in inet6_create

  * Focal update: v5.4.271 upstream stable release (LP: #2060216)
    - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
    - net: ip_tunnel: prevent perpetual headroom growth
    - tun: Fix xdp_rxq_info's queue_index when detaching
    - ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
    - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is
      detected
    - net: usb: dm9601: fix wrong return value in dm9601_mdio_read
    - Bluetooth: Avoid potential use-after-free in hci_error_reset
    - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
    - Bluetooth: Enforce validation on max value of connection interval
    - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
    - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
    - efi/capsule-loader: fix incorrect allocation size
    - power: supply: bq27xxx-i2c: Do not free non existing IRQ
    - ALSA: Drop leftover snd-rtctimer stuff from Makefile
    - afs: Fix endless loop in directory parsing
    - gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
    - wifi: nl80211: reject iftype change with mesh ID change
    - btrfs: dev-replace: properly validate device names
    - dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
    - dmaengine: fsl-qdma: init irq after reg initialization
    - mmc: core: Fix eMMC initialization with 1-bit bus connection
    - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers
    - cachefiles: fix memory leak in cachefiles_add_cache()
    - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
    - gpio: 74x164: Enable output pins after registers are reset
    - Linux 5.4.271

  * Focal update: v5.4.270 upstream stable release (LP: #2060019)
    - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table()
    - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
    - net/sched: Retire CBQ qdisc
    - [Config] updateconfigs for NET_SCH_CBQ
    - net/sched: Retire ATM qdisc
    - [Config] updateconfigs for NET_SCH_ATM
    - net/sched: Retire dsmark qdisc
    - [Config] updateconfigs for NET_SCH_DSMARK
    - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
    - memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock()
    - nilfs2: replace WARN_ONs for invalid DAT metadata block requests
    - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
    - sched/rt: Fix sysctl_sched_rr_timeslice intial value
    - sched/rt: Disallow writing invalid values to sched_rt_period_us
    - scsi: target: core: Add TMF to tmr_list handling
    - dmaengine: shdma: increase size of 'dev_id'
    - dmaengine: fsl-qdma: increase size of 'irq_name'
    - wifi: cfg80211: fix missing interfaces when dumping
    - wifi: mac80211: fix race condition on enabling fast-xmit
    - fbdev: savage: Error out if pixclock equals zero
    - fbdev: sis: Error out if pixclock equals zero
    - ahci: asm1166: correct count of reported ports
    - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers
    - ext4: avoid allocating blocks from corrupted group in
      ext4_mb_try_best_found()
    - ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
    - regulator: pwm-regulator: Add validity checks in continuous .get_voltage
    - nvmet-tcp: fix nvme tcp ida memory leak
    - ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
    - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in
      sctp_new
    - nvmet-fc: abort command when there is no binding
    - hwmon: (coretemp) Enlarge per package core count limit
    - scsi: lpfc: Use unsigned type for num_sge
    - firewire: core: send bus reset promptly on gap count error
    - virtio-blk: Ensure no requests in virtqueues before deleting vqs.
    - s390/qeth: Fix potential loss of L3-IP@ in case of network issues
    - pmdomain: renesas: r8a77980-sysc: CR7 must be always on
    - tcp: factor out __tcp_close() helper
    - tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit
    - tcp: add annotations around sk->sk_shutdown accesses
    - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours
    - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
    - spi: mt7621: Fix an error message in mt7621_spi_probe()
    - net: bridge: clear bridge's private skb space on xmit
    - selftests/bpf: Avoid running unprivileged tests with alignment requirements
    - Revert "drm/sun4i: dsi: Change the start delay calculation"
    - drm/amdgpu: Check for valid number of registers to read
    - x86/alternatives: Disable KASAN in apply_alternatives()
    - dm-integrity: don't modify bio's immuta

Source diff to previous version
2061986 Mount CIFS fails with Permission denied
2058477 [Ubuntu 22.04.4/linux-image-6.5.0-26-generic] Kernel output \
2060216 Focal update: v5.4.271 upstream stable release
2060019 Focal update: v5.4.270 upstream stable release
CVE-2024-26733 In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write i
CVE-2024-26712 In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Fix addr error caused by page alignment In kasan_init_region, wh
CVE-2023-52530 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is c
CVE-2021-47063 In the Linux kernel, the following vulnerability has been resolved: drm: bridge/panel: Cleanup connector on bridge detach If we don't call drm_conn
CVE-2024-26614 In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the accept_queue's spinlocks once When I run syz's reproduc
CVE-2023-47233 The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by
CVE-2021-47070 In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix another memory leak in error handling paths Memory allocate
CVE-2024-26622 In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control(

Version: 5.4.0-181.201 2024-04-11 02:06:51 UTC

  linux (5.4.0-181.201) focal; urgency=medium

  * focal/linux: 5.4.0-181.201 -proposed tracker (LP: #2059549)

  * Packaging resync (LP: #1786013)
    - [Packaging] drop getabis data

  * Drop fips-checks script from trees (LP: #2055083)
    - [Packaging] Remove fips-checks script

  * Remove getabis scripts (LP: #2059143)
    - [Packaging] Remove getabis

  * Focal update: v5.4.269 upstream stable release (LP: #2058948)
    - PCI: mediatek: Clear interrupt status before dispatching handler
    - include/linux/units.h: add helpers for kelvin to/from Celsius conversion
    - units: Add Watt units
    - units: change from 'L' to 'UL'
    - units: add the HZ macros
    - serial: sc16is7xx: set safe default SPI clock frequency
    - spi: introduce SPI_MODE_X_MASK macro
    - serial: sc16is7xx: add check for unsupported SPI modes during probe
    - ext4: allow for the last group to be marked as trimmed
    - crypto: api - Disallow identical driver names
    - PM: hibernate: Enforce ordering during image compression/decompression
    - hwrng: core - Fix page fault dead lock on mmap-ed hwrng
    - rpmsg: virtio: Free driver_override when rpmsg_remove()
    - parisc/firmware: Fix F-extend for PDC addresses
    - arm64: dts: qcom: sdm845: fix USB wakeup interrupt types
    - mmc: core: Use mrq.sbc in close-ended ffu
    - nouveau/vmm: don't set addr on the fail path to avoid warning
    - ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
    - rename(): fix the locking of subdirectories
    - block: Remove special-casing of compound pages
    - mtd: spinand: macronix: Fix MX35LFxGE4AD page size
    - fs: add mode_strip_sgid() helper
    - fs: move S_ISGID stripping into the vfs_*() helpers
    - powerpc: Use always instead of always-y in for crtsavres.o
    - x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum
    - net/smc: fix illegal rmb_desc access in SMC-D connection dump
    - vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
    - llc: make llc_ui_sendmsg() more robust against bonding changes
    - llc: Drop support for ETH_P_TR_802_2.
    - net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
    - tracing: Ensure visibility when inserting an element into tracing_map
    - afs: Hide silly-rename files from userspace
    - tcp: Add memory barrier to tcp_push()
    - netlink: fix potential sleeping issue in mqueue_flush_file
    - net/mlx5: DR, Use the right GVMI number for drop action
    - net/mlx5: Use kfree(ft->g) in arfs_create_groups()
    - net/mlx5e: fix a double-free in arfs_create_groups
    - netfilter: nf_tables: restrict anonymous set and map names to 16 bytes
    - netfilter: nf_tables: validate NFPROTO_* family
    - fjes: fix memleaks in fjes_hw_setup
    - net: fec: fix the unhandled context fault from smmu
    - btrfs: ref-verify: free ref cache before clearing mount opt
    - btrfs: tree-checker: fix inline ref size in error messages
    - btrfs: don't warn if discard range is not aligned to sector
    - btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args
    - rbd: don't move requests to the running list on errors
    - gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04
    - drm: Don't unref the same fb many times by mistake due to deadlock handling
    - drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking
    - drm/bridge: nxp-ptn3460: simplify some error checking
    - drm/exynos: fix accidental on-stack copy of exynos_drm_plane
    - drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume
    - gpio: eic-sprd: Clear interrupt after set the interrupt type
    - spi: bcm-qspi: fix SFDP BFPT read by usig mspi read
    - mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan
    - tick/sched: Preserve number of idle sleeps across CPU hotplug events
    - x86/entry/ia32: Ensure s32 is sign extended to s64
    - powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
    - powerpc: Fix build error due to is_valid_bugaddr()
    - powerpc/mm: Fix build failures due to arch_reserved_kernel_pages()
    - powerpc: pmd_move_must_withdraw() is only needed for
      CONFIG_TRANSPARENT_HUGEPAGE
    - powerpc/lib: Validate size for vector operations
    - x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel
    - perf/core: Fix narrow startup race when creating the perf nr_addr_filters
      sysfs file
    - regulator: core: Only increment use_count when enable_count changes
    - audit: Send netlink ACK before setting connection in auditd_set
    - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
    - PNP: ACPI: fix fortify warning
    - ACPI: extlog: fix NULL pointer dereference check
    - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
    - jfs: fix slab-out-of-bounds Read in dtSearch
    - jfs: fix array-index-out-of-bounds in dbAdjTree
    - pstore/ram: Fix crash when setting number of cpus to an odd number
    - crypto: stm32/crc32 - fix parsing list of devices
    - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
    - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
    - jfs: fix array-index-out-of-bounds in diNewExt
    - s390/ptrace: handle setting of fpc register correctly
    - KVM: s390: fix setting of fpc register
    - SUNRPC: Fix a suspicious RCU usage warning
    - ecryptfs: Reject casefold directory inodes
    - ext4: fix inconsistent between segment fstrim and full fstrim
    - ext4: unify the type of flexbg_size to unsigned int
    - ext4: remove unnecessary check from alloc_flex_gd()
    - ext4: avoid online resizing failures due to oversized flex bg
    - wifi: rt2x00: restart beacon queue when hardware reset
    - selftests/bpf: satisfy compiler by having explicit return in btf test
    - selftests/bpf: Fix pyperf180 compilation failure with clang18
    - scsi: lpfc: Fix possible file string name overflow when updating firmware
    - PCI: Add no PM reset quir

Source diff to previous version
1786013 Packaging resync
2055083 Drop fips-checks script from trees
2059143 Remove getabis scripts
2058948 Focal update: v5.4.269 upstream stable release
CVE-2023-52603 In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the followin
CVE-2023-52600 In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfs_evict_inode When the execution of diMount(ipimap) fails, th
CVE-2023-24023 Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-
CVE-2024-26581 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on
CVE-2024-26589 In the Linux kernel, the following vulnerability has been resolved: bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS For PTR_TO_FLOW_KEYS, check

Version: 5.4.0-176.196 2024-03-25 13:06:59 UTC

  linux (5.4.0-176.196) focal; urgency=medium

  * focal/linux: 5.4.0-176.196 -proposed tracker (LP: #2058756)

  * Problems with HVCS and hotplugging (LP: #2056373)
    - powerpc/pseries: Fix bad drc_index_start value parsing of drc-info entry
    - powerpc/pseries: Fix of_read_drc_info_cell() to point at next record
    - hvcs: Fix hvcs port reference counting
    - hvcs: Use dev_groups to manage hvcs device attributes
    - hvcs: Use driver groups to manage driver attributes
    - hvcs: Get reference to tty in remove
    - hvcs: Use vhangup in hotplug remove
    - hvcs: Synchronize hotplug remove with port free

Source diff to previous version
2056373 Problems with HVCS and hotplugging

Version: 5.4.0-175.195 2024-03-11 19:06:49 UTC

  linux (5.4.0-175.195) focal; urgency=medium

  * focal/linux: 5.4.0-175.195 -proposed tracker (LP: #2055684)

  * Packaging resync (LP: #1786013)
    - [Packaging] drop ABI data
    - [Packaging] update annotations scripts
    - debian.master/dkms-versions -- update from kernel-versions (main/2024.03.04)

  * Drop ABI checks from kernel build (LP: #2055686)
    - [Packaging] Remove in-tree abi checks
    - [Packaging] Bring back install-<flavour> prerequisite for checks-<flavour>
    - [Packaging] Remove abi-check from final-checks

  * Cranky update-dkms-versions rollout (LP: #2055685)
    - [Packaging] remove update-dkms-versions
    - Move debian/dkms-versions to debian.master/dkms-versions
    - [Packaging] Replace debian/dkms-versions with $(DEBIAN)/dkms-versions
    - [Packaging] remove update-version-dkms

  * linux-tools-common: man page of usbip[d] is misplaced (LP: #2054094)
    - [Packaging] rules: Put usbip manpages in the correct directory

  * CVE-2024-23851
    - dm ioctl: log an error if the ioctl structure is corrupted
    - dm: limit the number of targets and parameter size area

  * Focal update: v5.4.268 upstream stable release (LP: #2055075)
    - f2fs: explicitly null-terminate the xattr list
    - pinctrl: lochnagar: Don't build on MIPS
    - ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro
    - ASoC: Intel: Skylake: Fix mem leak in few functions
    - ASoC: nau8822: Fix incorrect type in assignment and cast to restricted
      __be16
    - ASoC: Intel: Skylake: mem leak in skl register function
    - ASoC: cs43130: Fix the position of const qualifier
    - ASoC: cs43130: Fix incorrect frame delay configuration
    - ASoC: rt5650: add mutex to avoid the jack detection failure
    - nouveau/tu102: flush all pdbs on vmm flush
    - net/tg3: fix race condition in tg3_reset_task()
    - ASoC: da7219: Support low DC impedance headset
    - nvme: introduce helper function to get ctrl state
    - drm/exynos: fix a potential error pointer dereference
    - drm/exynos: fix a wrong error checking
    - clk: rockchip: rk3128: Fix HCLK_OTG gate register
    - jbd2: correct the printing of write_flags in jbd2_write_superblock()
    - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc
    - neighbour: Don't let neigh_forced_gc() disable preemption for long
    - tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing
    - tracing: Add size check when printing trace_marker output
    - ring-buffer: Do not record in NMI if the arch does not support cmpxchg in
      NMI
    - reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning
    - Input: atkbd - skip ATKBD_CMD_GETID in translated mode
    - Input: i8042 - add nomux quirk for Acer P459-G2-M
    - s390/scm: fix virtual vs physical address confusion
    - ARC: fix spare error
    - Input: xpad - add Razer Wolverine V2 support
    - ARM: sun9i: smp: fix return code check of of_property_match_string
    - drm/crtc: fix uninitialized variable use
    - ACPI: resource: Add another DMI match for the TongFang GMxXGxx
    - binder: use EPOLLERR from eventpoll.h
    - binder: fix trivial typo of binder_free_buf_locked()
    - binder: fix comment on binder_alloc_new_buf() return value
    - uio: Fix use-after-free in uio_open
    - parport: parport_serial: Add Brainboxes BAR details
    - parport: parport_serial: Add Brainboxes device IDs and geometry
    - coresight: etm4x: Fix width of CCITMIN field
    - x86/lib: Fix overflow when counting digits
    - EDAC/thunderx: Fix possible out-of-bounds string access
    - powerpc: add crtsavres.o to always-y instead of extra-y
    - powerpc/44x: select I2C for CURRITUCK
    - powerpc/pseries/memhotplug: Quieten some DLPAR operations
    - powerpc/pseries/memhp: Fix access beyond end of drmem array
    - selftests/powerpc: Fix error handling in FPU/VMX preemption tests
    - powerpc/powernv: Add a null pointer check to scom_debug_init_one()
    - powerpc/powernv: Add a null pointer check in opal_event_init()
    - powerpc/powernv: Add a null pointer check in opal_powercap_init()
    - powerpc/imc-pmu: Add a null pointer check in update_events_in_group()
    - mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response
    - ACPI: video: check for error while searching for backlight device parent
    - ACPI: LPIT: Avoid u32 multiplication overflow
    - net: netlabel: Fix kerneldoc warnings
    - netlabel: remove unused parameter in netlbl_netlink_auditinfo()
    - calipso: fix memory leak in netlbl_calipso_add_pass()
    - spi: sh-msiof: Enforce fixed DTDL for R-Car H3
    - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
    - selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket
    - crypto: virtio - Handle dataq logic with tasklet
    - crypto: virtio - don't use 'default m'
    - virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC
    - crypto: ccp - fix memleak in ccp_init_dm_workarea
    - crypto: af_alg - Disallow multiple in-flight AIO requests
    - crypto: sahara - remove FLAGS_NEW_KEY logic
    - crypto: sahara - fix ahash selftest failure
    - crypto: sahara - fix processing requests with cryptlen < sg->length
    - crypto: sahara - fix error handling in sahara_hw_descriptor_create()
    - pstore: ram_core: fix possible overflow in persistent_ram_init_ecc()
    - gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
    - crypto: virtio - Wait for tasklet to complete on device remove
    - crypto: sahara - fix ahash reqsize
    - crypto: sahara - fix wait_for_completion_timeout() error handling
    - crypto: sahara - improve error handling in sahara_sha_process()
    - crypto: sahara - fix processing hash requests with req->nbytes < sg->length
    - crypto: sahara - do not resize req->src when doing hash operations
    - crypto: scomp - fix req->dst buffer overflow
    - blocklayoutdriver: Fix reference leak of pnfs_device_node
    - NFSv4.1/pnfs: En

Source diff to previous version
1786013 Packaging resync
2055686 Drop ABI checks from kernel build
2055685 Cranky update-dkms-versions rollout
2054094 linux-tools-common: man page of usbip[d] is misplaced
2055075 Focal update: v5.4.268 upstream stable release
2054406 Focal update: v5.4.267 upstream stable release
2051655 Focal update: v5.4.266 upstream stable release
CVE-2024-23851 copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missi
CVE-2024-24855 A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer deref
CVE-2023-23000 In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error cas
CVE-2023-23004 In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error
CVE-2023-46838 Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them
CVE-2024-1086 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_
CVE-2024-0607 A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a

Version: 5.4.0-173.191 2024-02-09 14:06:51 UTC

  linux (5.4.0-173.191) focal; urgency=medium

  * focal/linux: 5.4.0-173.191 -proposed tracker (LP: #2052135)

  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2024.02.05)

  * CVE-2023-0340
    - vhost: use kzalloc() instead of kmalloc() followed by memset()

  * CVE-2023-6915
    - ida: Fix crash in ida_free when the bitmap is empty

  * Focal update: v5.4.265 upstream stable release (LP: #2051644)
    - afs: Fix refcount underflow from error handling race
    - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX
    - qca_debug: Prevent crash on TX ring changes
    - qca_debug: Fix ethtool -G iface tx behavior
    - qca_spi: Fix reset behavior
    - atm: solos-pci: Fix potential deadlock on &cli_queue_lock
    - atm: solos-pci: Fix potential deadlock on &tx_queue_lock
    - atm: Fix Use-After-Free in do_vcc_ioctl
    - qed: Fix a potential use-after-free in qed_cxt_tables_alloc
    - net: Remove acked SYN flag from packet in the transmit queue correctly
    - sign-file: Fix incorrect return values check
    - vsock/virtio: Fix unsigned integer wrap around in
      virtio_transport_has_space()
    - net: stmmac: use dev_err_probe() for reporting mdio bus registration failure
    - net: stmmac: Handle disabled MDIO busses from devicetree
    - cred: switch to using atomic_long_t
    - ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants
    - usb: aqc111: check packet for fixup for true limit
    - blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock
      required!"
    - bcache: avoid oversize memory allocation by small stripe_size
    - bcache: add code comments for bch_btree_node_get() and
      __bch_btree_node_alloc()
    - bcache: avoid NULL checking to c->root in run_cache_set()
    - platform/x86: intel_telemetry: Fix kernel doc descriptions
    - HID: add ALWAYS_POLL quirk for Apple kb
    - HID: hid-asus: reset the backlight brightness level on resume
    - HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad
    - asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation
    - net: usb: qmi_wwan: claim interface 4 for ZTE MF290
    - HID: hid-asus: add const to read-only outgoing usb buffer
    - soundwire: stream: fix NULL pointer dereference for multi_link
    - ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS
    - arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify
    - team: Fix use-after-free when an option instance allocation fails
    - ring-buffer: Fix memory leak of free page
    - mmc: block: Be sure to wait while busy in CQE error recovery
    - powerpc/ftrace: Create a dummy stackframe to fix stack unwind
    - powerpc/ftrace: Fix stack teardown in ftrace_no_trace
    - Linux 5.4.265

  * Focal update: v5.4.264 upstream stable release (LP: #2049935)
    - hrtimers: Push pending hrtimers away from outgoing CPU earlier
    - netfilter: ipset: fix race condition between swap/destroy and kernel side
      add/del/test
    - tg3: Move the [rt]x_dropped counters to tg3_napi
    - tg3: Increment tx_dropped in tg3_tso_bug()
    - kconfig: fix memory leak from range properties
    - drm/amdgpu: correct chunk_ptr to a pointer to chunk.
    - of: base: Add of_get_cpu_state_node() to get idle states for a CPU node
    - ACPI/IORT: Make iort_get_device_domain IRQ domain agnostic
    - ACPI/IORT: Make iort_msi_map_rid() PCI agnostic
    - of/iommu: Make of_map_rid() PCI agnostic
    - of/irq: make of_msi_map_get_device_domain() bus agnostic
    - of/irq: Make of_msi_map_rid() PCI bus agnostic
    - of: base: Fix some formatting issues and provide missing descriptions
    - of: Fix kerneldoc output formatting
    - of: Add missing 'Return' section in kerneldoc comments
    - of: dynamic: Fix of_reconfig_get_state_change() return value documentation
    - ipv6: fix potential NULL deref in fib6_add()
    - hv_netvsc: rndis_filter needs to select NLS
    - net: arcnet: Fix RESET flag handling
    - net: arcnet: com20020 fix error handling
    - arcnet: restoring support for multiple Sohard Arcnet cards
    - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit()
    - net: hns: fix fake link up on xge port
    - netfilter: xt_owner: Fix for unsafe access of sk->sk_socket
    - tcp: do not accept ACK of bytes we never sent
    - bpf: sockmap, updating the sg structure should also update curr
    - RDMA/bnxt_re: Correct module description string
    - hwmon: (acpi_power_meter) Fix 4.29 MW bug
    - ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate
    - tracing: Fix a warning when allocating buffered events fails
    - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle()
    - ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init
    - ARM: dts: imx: make gpt node name generic
    - ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt
    - ALSA: pcm: fix out-of-bounds in snd_pcm_state_names
    - nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage()
    - tracing: Always update snapshot buffer size
    - tracing: Fix incomplete locking when disabling buffered events
    - tracing: Fix a possible race when disabling buffered events
    - packet: Move reference count in packet_sock to atomic_long_t
    - arm64: dts: mediatek: mt7622: fix memory node warning check
    - arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names
    - gpiolib: sysfs: Fix error handling on failed export
    - mmc: core: add helpers mmc_regulator_enable/disable_vqmmc
    - mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled
    - usb: gadget: f_hid: fix report descriptor allocation
    - parport: Add support for Brainboxes IX/UC/PX parallel cards
    - usb: typec: class: fix typec_altmode_put_partner to put plugs
    - ARM: PL011: Fix DMA support
    - serial: sc16is7xx: address RX timeout interrupt errata
    - serial: 8250_omap: Add earlycon support for the AM654 UART controller
 

1786013 Packaging resync
2051644 Focal update: v5.4.265 upstream stable release
2049935 Focal update: v5.4.264 upstream stable release
2049084 Focal update: v5.4.263 upstream stable release
2049069 Focal update: v5.4.262 upstream stable release
2049049 Focal update: v5.4.261 upstream stable release
2049024 Focal update: v5.4.260 upstream stable release
CVE-2023-0340 The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contribu
CVE-2023-6915 A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cau
CVE-2024-0646 An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with
CVE-2024-0565 An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Ker
CVE-2023-51781 An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race co
CVE-2023-51782 An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race conditi
CVE-2023-51779 bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.
CVE-2023-22995 In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and



About   -   Send Feedback to @ubuntu_updates