Package "linux-cloud-tools-5.15.0-122"

  linux (5.15.0-122.132) jammy; urgency=medium

  * jammy/linux: 5.15.0-122.132 -proposed tracker (LP: #2078154)

  * isolcpus are ignored when using cgroups V2, causing processes to have wrong
    affinity (LP: #2076957)
    - cgroup/cpuset: Optimize cpuset_attach() on v2

  * Jammy update: v5.15.164 upstream stable release (LP: #2076100) //
    CVE-2024-41009
    - bpf: Fix overrunning reservations in ringbuf

  * CVE-2024-39494
    - ima: Fix use-after-free on a dentry's dname.name

  * CVE-2024-39496
    - btrfs: zoned: fix use-after-free due to race with dev replace

  * CVE-2024-42160
    - f2fs: check validation of fault attrs in f2fs_build_fault_attr()
    - f2fs: Add inline to f2fs_build_fault_attr() stub

  * CVE-2024-38570
    - gfs2: Rename sd_{ glock => kill }_wait
    - gfs2: Fix potential glock use-after-free on unmount

  * CVE-2024-42228
    - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

  * CVE-2024-27012
    - netfilter: nf_tables: restore set elements when delete set fails

  * CVE-2024-26677
    - rxrpc: Fix delayed ACKs to not set the reference serial number

 -- Manuel Diewald <email address hidden> Thu, 29 Aug 2024 14:23:02 +0200

  linux (5.15.0-121.131) jammy; urgency=medium

  * jammy/linux: 5.15.0-121.131 -proposed tracker (LP: #2076347)

  * jammy:linux bpf selftest do not build (LP: #2076334)
    - SAUCE: Revert "bpf: Allow reads from uninit stack"

  linux (5.15.0-119.129) jammy; urgency=medium

  * jammy/linux: 5.15.0-119.129 -proposed tracker (LP: #2075665)

  * Virtualbox Guru meditation on VM start caused by kernel commit in v6.9-rc4
    (LP: #2073267)
    - SAUCE: Revert "randomize_kstack: Improve entropy diffusion"

  * CVE-2024-26921
    - inet: inet_defrag: prevent sk release while still in use

  * Jammy update: v5.15.162 upstream stable release (LP: #2073765) //
    CVE-2024-39484
    - mmc: davinci: Don't strip remove function when driver is builtin

  * Jammy update: v5.15.162 upstream stable release (LP: #2073765)
    - mmc: davinci_mmc: Convert to platform remove callback returning void

  * CVE-2024-39292
    - um: Add winch to winch_handlers before registering winch IRQ

  * CVE-2024-36901
    - ipv6: prevent NULL dereference in ip6_output()

  * CVE-2024-26830
    - i40e: Do not allow untrusted VF to remove administratively set MAC

  * CVE-2024-26680
    - net: atlantic: Fix DMA mapping for PTP hwts ring

  * CVE-2023-52760
    - gfs2: Fix slab-use-after-free in gfs2_qd_dealloc

  * CVE-2023-52629
    - sh: push-switch: Reorder cleanup operations to avoid use-after-free bug

 -- Manuel Diewald <email address hidden> Fri, 02 Aug 2024 16:15:36 +0200

  linux (5.15.0-118.128) jammy; urgency=medium

  * jammy/linux: 5.15.0-118.128 -proposed tracker (LP: #2072255)

  * Jammy update: v5.15.160 upstream stable release (LP: #2070292)
    - drm/amd/display: Fix division by zero in setup_dsc_config
    - pinctrl: core: handle radix_tree_insert() errors in
      pinctrl_register_one_pin()
    - nfsd: don't allow nfsd threads to be signalled.
    - KEYS: trusted: Fix memory leak in tpm2_key_encode()
    - Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"
    - net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access
    - net: bcmgenet: synchronize UMAC_CMD access
    - netlink: annotate lockless accesses to nlk->max_recvmsg_len
    - netlink: annotate data-races around sk->sk_err
    - KVM: x86: Clear "has_error_code", not "error_code", for RM exception
      injection
    - drm/amdgpu: Fix possible NULL dereference in
      amdgpu_ras_query_error_status_helper()
    - binder: fix max_thread type inconsistency
    - usb: typec: ucsi: displayport: Fix potential deadlock
    - serial: kgdboc: Fix NMI-safety problems from keyboard reset code
    - remoteproc: mediatek: Make sure IPI buffer fits in L2TCM
    - KEYS: trusted: Do not use WARN when encode fails
    - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET
    - docs: kernel_include.py: Cope with docutils 0.21
    - Linux 5.15.160

  * Jammy update: v5.15.159 upstream stable release (LP: #2070028)
    - dmaengine: pl330: issue_pending waits until WFP state
    - dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state"
    - wifi: nl80211: don't free NULL coalescing rule
    - ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf
    - ksmbd: validate request buffer size in smb2_allocate_rsp_buf()
    - ksmbd: clear RENAME_NOREPLACE before calling vfs_rename
    - eeprom: at24: Use dev_err_probe for nvmem register failure
    - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case
    - eeprom: at24: fix memory corruption race condition
    - pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T
    - pinctrl/meson: fix typo in PDM's pin name
    - pinctrl: core: delete incorrect free in pinctrl_enable()
    - pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic
    - pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback
    - pinctrl: mediatek: paris: Rework support for
      PIN_CONFIG_{INPUT,OUTPUT}_ENABLE
    - sunrpc: add a struct rpc_stats arg to rpc_create_args
    - nfs: expose /proc/net/sunrpc/nfs in net namespaces
    - nfs: make the rpc_stat per net namespace
    - nfs: Handle error of rpc_proc_register() in nfs_net_init().
    - power: rt9455: hide unused rt9455_boost_voltage_values
    - power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator
    - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
    - regulator: mt6360: De-capitalize devicetree regulator subnodes
    - bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition
    - bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
    - bpf: Fix a verifier verbose message
    - spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs
    - s390/mm: Fix storage key clearing for guest huge pages
    - s390/mm: Fix clearing storage keys for huge pages
    - xdp: Move conversion to xdp_frame out of map functions
    - xdp: Add xdp_do_redirect_frame() for pre-computed xdp_frames
    - xdp: use flags field to disambiguate broadcast redirect
    - bna: ensure the copied buf is NUL terminated
    - octeontx2-af: avoid off-by-one read from userspace
    - nsh: Restore skb->{protocol,data,mac_header} for outer header in
      nsh_gso_segment().
    - net l2tp: drop flow hash on forward
    - s390/vdso: Add CFI for RA register to asm macro vdso_func
    - net: qede: sanitize 'rc' in qede_add_tc_flower_fltr()
    - net: qede: use return from qede_parse_flow_attr() for flower
    - net: qede: use return from qede_parse_flow_attr() for flow_spec
    - net: qede: use return from qede_parse_actions()
    - ASoC: meson: axg-fifo: use FIELD helpers
    - ASoC: meson: axg-fifo: use threaded irq to check periods
    - ASoC: meson: axg-card: make links nonatomic
    - ASoC: meson: axg-tdm-interface: manage formatters in trigger
    - ASoC: meson: cards: select SND_DYNAMIC_MINORS
    - ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()
    - s390/cio: Ensure the copied buf is NUL terminated
    - cxgb4: Properly lock TX queue for the selftest.
    - net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341
    - net: bridge: fix multicast-to-unicast with fraglist GSO
    - net: core: reject skb_copy(_expand) for fraglist GSO skbs
    - tipc: fix a possible memleak in tipc_buf_append
    - s390/qeth: don't keep track of Input Queue count
    - s390/qeth: Fix kernel panic after setting hsuid
    - drm/panel: ili9341: Respect deferred probe
    - drm/panel: ili9341: Use predefined error codes
    - net: gro: add flush check in udp_gro_receive_segment
    - clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
    - KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id
    - KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()
    - scsi: lpfc: Move NPIV's transport unregistration to after resource clean up
    - scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic
    - scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port()
    - gfs2: Fix invalid metadata access in punch_hole
    - wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc
    - wifi: cfg80211: fix rdev_dump_mpp() arguments order
    - net: mark racy access on sk->sk_rcvbuf
    - scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
    - btrfs: return accurate error code on open failure in open_fs_devices()
    - kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries
    - ALSA: line6: Ze

  linux (5.15.0-117.127) jammy; urgency=medium

  * jammy/linux: 5.15.0-117.127 -proposed tracker (LP: #2072059)

  * CVE-2024-27017
    - netfilter: nft_set_pipapo: constify lookup fn args where possible
    - netfilter: nft_set_pipapo: walk over current view on netlink dump
    - netfilter: nf_tables: missing iterator type in lookup walk

  * CVE-2024-26952
    - ksmbd: fix potencial out-of-bounds when buffer offset is invalid

  * CVE-2024-26886
    - Bluetooth: af_bluetooth: Fix deadlock

  * CVE-2023-52752
    - smb: client: fix use-after-free bug in cifs_debug_data_proc_show()

  * CVE-2024-25742
    - x86/sev: Harden #VC instruction emulation somewhat
    - x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler

  * CVE-2024-36016
    - tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

 -- Manuel Diewald <email address hidden> Fri, 05 Jul 2024 17:04:46 +0200