Package "linux-azure-5.15-headers-5.15.0-1075"

  linux-azure-5.15 (5.15.0-1074.83~20.04.1) focal; urgency=medium

  * focal/linux-azure-5.15: 5.15.0-1074.83~20.04.1 -proposed tracker
    (LP: #2082128)

  [ Ubuntu: 5.15.0-1074.83 ]

  * jammy/linux-azure: 5.15.0-1074.83 -proposed tracker (LP: #2082129)
  * net: mana: Fix RX buf alloc_size alignment and atomic op panic
    (LP: #2079854)
    - net: mana: Fix RX buf alloc_size alignment and atomic op panic
  * Backport "net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response"
    (LP: #2078001)
    - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response
  * jammy/linux: 5.15.0-124.134 -proposed tracker (LP: #2082176)
  * CVE-2024-45016
    - netem: fix return value if duplicate enqueue fails
  * CVE-2024-38630
    - watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger
  * CVE-2024-27397
    - netfilter: nf_tables: use timestamp to check for set element timeout

 -- Vinicius Peixoto <email address hidden> Thu, 03 Oct 2024 22:01:03 -0300

  linux-azure-5.15 (5.15.0-1073.82~20.04.1) focal; urgency=medium

  * focal/linux-azure-5.15: 5.15.0-1073.82~20.04.1 -proposed tracker
    (LP: #2078108)

  [ Ubuntu: 5.15.0-1073.82 ]

  * jammy/linux-azure: 5.15.0-1073.82 -proposed tracker (LP: #2078109)
  * jammy/linux: 5.15.0-122.132 -proposed tracker (LP: #2078154)
  * isolcpus are ignored when using cgroups V2, causing processes to have wrong
    affinity (LP: #2076957)
    - cgroup/cpuset: Optimize cpuset_attach() on v2
  * Jammy update: v5.15.164 upstream stable release (LP: #2076100) //
    CVE-2024-41009
    - bpf: Fix overrunning reservations in ringbuf
  * CVE-2024-39494
    - ima: Fix use-after-free on a dentry's dname.name
  * CVE-2024-39496
    - btrfs: zoned: fix use-after-free due to race with dev replace
  * CVE-2024-42160
    - f2fs: check validation of fault attrs in f2fs_build_fault_attr()
    - f2fs: Add inline to f2fs_build_fault_attr() stub
  * CVE-2024-38570
    - gfs2: Rename sd_{ glock => kill }_wait
    - gfs2: Fix potential glock use-after-free on unmount
  * CVE-2024-42228
    - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc
  * CVE-2024-27012
    - netfilter: nf_tables: restore set elements when delete set fails
  * CVE-2024-26677
    - rxrpc: Fix delayed ACKs to not set the reference serial number

 -- Roxana Nicolescu <email address hidden> Tue, 03 Sep 2024 14:11:50 +0200

  linux-azure-5.15 (5.15.0-1072.81~20.04.1) focal; urgency=medium

  * focal/linux-azure-5.15: 5.15.0-1072.81~20.04.1 -proposed tracker
    (LP: #2075857)

  [ Ubuntu: 5.15.0-1072.81 ]

  * jammy/linux-azure: 5.15.0-1072.81 -proposed tracker (LP: #2075858)
  * kernel panic was caused by a fatal exception due to a null pointer
    dereference in the iptable_nat module (LP: #2076291)
    - netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().
  * jammy/linux: 5.15.0-121.131 -proposed tracker (LP: #2076347)
  * jammy:linux bpf selftest do not build (LP: #2076334)
    - SAUCE: Revert "bpf: Allow reads from uninit stack"
  * jammy/linux: 5.15.0-120.130 -proposed tracker (LP: #2075903)
  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2024.08.05)
  * Jammy update: v5.15.163 upstream stable release (LP: #2075170)
    - Compiler Attributes: Add __uninitialized macro
    - locking/mutex: Introduce devm_mutex_init()
    - drm/lima: fix shared irq handling on driver remove
    - media: dvb: as102-fe: Fix as10x_register_addr packing
    - media: dvb-usb: dib0700_devices: Add missing release_firmware()
    - IB/core: Implement a limit on UMAD receive List
    - scsi: qedf: Make qedf_execute_tmf() non-preemptible
    - crypto: aead,cipher - zeroize key buffer after use
    - drm/amdgpu: Initialize timestamp for some legacy SOCs
    - drm/amd/display: Check index msg_id before read or write
    - drm/amd/display: Check pipe offset before setting vblank
    - drm/amd/display: Skip finding free audio for unknown engine_id
    - media: dw2102: Don't translate i2c read into write
    - sctp: prefer struct_size over open coded arithmetic
    - firmware: dmi: Stop decoding on broken entry
    - Input: ff-core - prefer struct_size over open coded arithmetic
    - wifi: mt76: replace skb_put with skb_put_zero
    - net: dsa: mv88e6xxx: Correct check for empty list
    - media: dvb-frontends: tda18271c2dd: Remove casting during div
    - media: s2255: Use refcount_t instead of atomic_t for num_channels
    - media: dvb-frontends: tda10048: Fix integer overflow
    - i2c: i801: Annotate apanel_addr as __ro_after_init
    - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n
    - orangefs: fix out-of-bounds fsid access
    - kunit: Fix timeout message
    - powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"
    - igc: fix a log entry using uninitialized netdev
    - bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
    - jffs2: Fix potential illegal address access in jffs2_free_inode
    - s390/pkey: Wipe sensitive data on failure
    - tools/power turbostat: Remember global max_die_id
    - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open()
    - tcp_metrics: validate source addr length
    - KVM: s390: fix LPSWEY handling
    - e1000e: Fix S0ix residency on corporate systems
    - net: allow skb_datagram_iter to be called from any context
    - wifi: wilc1000: fix ies_len type in connect path
    - riscv: kexec: Avoid deadlock in kexec crash path
    - netfilter: nf_tables: unconditionally flush pending work before notifier
    - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
    - selftests: fix OOM in msg_zerocopy selftest
    - selftests: make order checking verbose in msg_zerocopy selftest
    - inet_diag: Initialize pad field in struct inet_diag_req_v2
    - gpiolib: of: factor out code overriding gpio line polarity
    - gpiolib: of: add a quirk for reset line polarity for Himax LCDs
    - gpiolib: of: add polarity quirk for TSC2005
    - Revert "igc: fix a log entry using uninitialized netdev"
    - nilfs2: fix inode number range checks
    - nilfs2: add missing check for inode numbers on directory entries
    - mm: optimize the redundant loop of mm_update_owner_next()
    - mm: avoid overflows in dirty throttling logic
    - btrfs: fix adding block group to a reclaim list and the unused list during
      reclaim
    - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot
    - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct
    - fsnotify: Do not generate events for O_PATH file descriptors
    - Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(),
      again"
    - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes
    - drm/amdgpu/atomfirmware: silence UBSAN warning
    - mtd: rawnand: Ensure ECC configuration is propagated to upper layers
    - mtd: rawnand: Bypass a couple of sanity checks during NAND identification
    - mtd: rawnand: rockchip: ensure NVDDR timings are rejected
    - ima: Avoid blocking in RCU read-side critical section
    - media: dw2102: fix a potential buffer overflow
    - clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents
    - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr
    - fs/ntfs3: Mark volume as dirty if xattr is broken
    - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897
    - nvme-multipath: find NUMA path only for online numa-node
    - dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails
    - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset
    - regmap-i2c: Subtract reg size from max_write
    - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6"
      tablet
    - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro
    - nvmet: fix a possible leak when destroy a ctrl during qp establishment
    - kbuild: fix short log for AS in link-vmlinux.sh
    - nfc/nci: Add the inconsistency check between the input data length and count
    - null_blk: Do not allow runt zone with zone capacity smaller then zone size
    - nilfs2: fix incorrect inode allocation from reserved inodes
    - mm: prevent derefencing NULL ptr in pfn_section_valid()
    - filelock: fix potential use-after-free in posix_lock_inode
    - f

  linux-azure-5.15 (5.15.0-1071.80~20.04.1) focal; urgency=medium

  * focal/linux-azure-5.15: 5.15.0-1071.80~20.04.1 -proposed tracker
    (LP: #2075619)

  [ Ubuntu: 5.15.0-1071.80 ]

  * jammy/linux-azure: 5.15.0-1071.80 -proposed tracker (LP: #2075620)
  * jammy/linux: 5.15.0-119.129 -proposed tracker (LP: #2075665)
  * Virtualbox Guru meditation on VM start caused by kernel commit in v6.9-rc4
    (LP: #2073267)
    - SAUCE: Revert "randomize_kstack: Improve entropy diffusion"
  * CVE-2024-26921
    - inet: inet_defrag: prevent sk release while still in use
  * Jammy update: v5.15.162 upstream stable release (LP: #2073765) //
    CVE-2024-39484
    - mmc: davinci: Don't strip remove function when driver is builtin
  * Jammy update: v5.15.162 upstream stable release (LP: #2073765)
    - mmc: davinci_mmc: Convert to platform remove callback returning void
  * CVE-2024-39292
    - um: Add winch to winch_handlers before registering winch IRQ
  * CVE-2024-36901
    - ipv6: prevent NULL dereference in ip6_output()
  * CVE-2024-26830
    - i40e: Do not allow untrusted VF to remove administratively set MAC
  * CVE-2024-26680
    - net: atlantic: Fix DMA mapping for PTP hwts ring
  * CVE-2023-52760
    - gfs2: Fix slab-use-after-free in gfs2_qd_dealloc
  * CVE-2023-52629
    - sh: push-switch: Reorder cleanup operations to avoid use-after-free bug

 -- Vinicius Peixoto <email address hidden> Wed, 14 Aug 2024 14:37:43 -0300