Package "linux-headers-5.15.0-130"

  linux (5.15.0-130.140) jammy; urgency=medium

  * jammy/linux: 5.15.0-130.140 -proposed tracker (LP: #2092132)

  * ovs/linuxbridge jobs running on ubuntu jammy broken with latest kernel
    5.15.0-127.137 (LP: #2091990)
    - netfilter: xtables: fix typo causing some targets not to load on IPv6

 -- Mehmet Basaran <email address hidden> Wed, 18 Dec 2024 20:19:08 +0300

  linux (5.15.0-128.138) jammy; urgency=medium

  * jammy/linux: 5.15.0-128.138 -proposed tracker (LP: #2090163)

  * CVE-2024-50264
    - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

  * CVE-2024-53057
    - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT

  * CVE-2024-43904
    - drm/amd/display: Add null checks for 'stream' and 'plane' before
      dereferencing

  * CVE-2024-40973
    - media: mtk-vcodec: potential null pointer deference in SCP

  * CVE-2024-38553
    - net: fec: remove .ndo_poll_controller to avoid deadlocks

  * CVE-2024-26822
    - smb: client: set correct id, uid and cruid for multiuser automounts

  * CVE-2020-12351 // CVE-2020-12352 // CVE-2020-24490
    - [Config] Disable BlueZ highspeed support

  * CVE-2024-40910
    - ax25: Fix refcount imbalance on inbound connections

  * CVE-2024-35963
    - Bluetooth: hci_sock: Fix not validating setsockopt user input

  * CVE-2024-35965
    - Bluetooth: L2CAP: Fix not validating setsockopt user input

  * CVE-2024-35966
    - Bluetooth: RFCOMM: Fix not validating setsockopt user input

  * CVE-2024-35967
    - Bluetooth: SCO: Fix not validating setsockopt user input

 -- Manuel Diewald <email address hidden> Sat, 30 Nov 2024 19:12:45 +0100

  linux (5.15.0-127.137) jammy; urgency=medium

  * jammy/linux: 5.15.0-127.137 -proposed tracker (LP: #2086357)

  * Jammy update: v5.15.168 upstream stable release (LP: #2086242)
    - parisc: Fix 64-bit userspace syscall path
    - parisc: Fix stack start for ADDR_NO_RANDOMIZE personality
    - of/irq: Support #msi-cells=<0> in of_msi_get_domain
    - drm: omapdrm: Add missing check for alloc_ordered_workqueue
    - jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
    - jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit
    - mm: krealloc: consider spare memory for __GFP_ZERO
    - ocfs2: fix the la space leak when unmounting an ocfs2 volume
    - ocfs2: fix uninit-value in ocfs2_get_block()
    - ocfs2: reserve space for inline xattr before attaching reflink tree
    - ocfs2: cancel dqi_sync_work before freeing oinfo
    - ocfs2: remove unreasonable unlock in ocfs2_read_blocks
    - ocfs2: fix null-ptr-deref when journal load failed.
    - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
    - usbnet: ipheth: fix carrier detection in modes 1 and 4
    - net: ethernet: use ip_hdrlen() instead of bit shift
    - net: phy: vitesse: repair vsc73xx autonegotiation
    - powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL
    - btrfs: update target inode's ctime on unlink
    - Input: ads7846 - ratelimit the spi_sync error message
    - Input: synaptics - enable SMBus for HP Elitebook 840 G2
    - HID: multitouch: Add support for GT7868Q
    - scripts: kconfig: merge_config: config files: add a trailing newline
    - platform/surface: aggregator_registry: Add support for Surface Laptop Go 3
    - drm/msm/adreno: Fix error return if missing firmware-name
    - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
    - NFSv4: Fix clearing of layout segments in layoutreturn
    - NFS: Avoid unnecessary rescanning of the per-server delegation list
    - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
    - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array
    - mptcp: pm: Fix uaf in __timer_delete_sync
    - arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399
      Puma
    - minmax: reduce min/max macro expansion in atomisp driver
    - net: tighten bad gso csum offset check in virtio_net_hdr
    - mm: avoid leaving partial pfn mappings around in error case
    - fs/ntfs3: Use kvfree to free memory allocated by kvmalloc
    - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E
    - eeprom: digsy_mtc: Fix 93xx46 driver probe failure
    - selftests/bpf: Support SOCK_STREAM in unix_inet_redir_to_connected()
    - hwmon: (pmbus) Introduce and use write_byte_data callback
    - hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >=
      1.2
    - ice: fix accounting for filters shared by multiple VSIs
    - igb: Always call igb_xdp_ring_update_tail() under Tx lock
    - net/mlx5e: Add missing link modes to ptys2ethtool_map
    - net/mlx5: Explicitly set scheduling element and TSAR type
    - net/mlx5: Add support to create match definer
    - net/mlx5: Add IFC bits and enums for flow meter
    - net/mlx5: Add missing masks and QoS bit masks for scheduling elements
    - fou: fix initialization of grc
    - octeontx2-af: Set XOFF on other child transmit schedulers during SMQ flush
    - octeontx2-af: Modify SMQ flush sequence to drop packets
    - net: ftgmac100: Enable TX interrupt to avoid TX timeout
    - netfilter: nft_socket: fix sk refcount leaks
    - net: dpaa: Pad packets to ETH_ZLEN
    - spi: nxp-fspi: fix the KASAN report out-of-bounds bug
    - dma-buf: heaps: Fix off-by-one in CMA heap fault handler
    - ASoC: meson: axg-card: fix 'use-after-free'
    - ASoC: allow module autoloading for table db1200_pids
    - ALSA: hda/realtek - Fixed ALC256 headphone no sound
    - ALSA: hda/realtek - FIxed ALC285 headphone no sound
    - scsi: lpfc: Fix overflow build issue
    - pinctrl: at91: make it work with current gpiolib
    - microblaze: don't treat zero reserved memory regions as error
    - net: ftgmac100: Ensure tx descriptor updates are visible
    - wifi: iwlwifi: lower message level for FW buffer destination
    - wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation
    - wifi: iwlwifi: mvm: pause TCM when the firmware is stopped
    - wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
    - wifi: iwlwifi: clear trans->state earlier upon error
    - ASoC: intel: fix module autoloading
    - ASoC: tda7419: fix module autoloading
    - spi: spidev: Add an entry for elgin,jg10309-01
    - drm: komeda: Fix an issue related to normalized zpos
    - spi: bcm63xx: Enable module autoloading
    - x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency
    - spi: spidev: Add missing spi_device_id for jg10309-01
    - ocfs2: add bounds checking to ocfs2_xattr_find_entry()
    - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
    - cgroup: Make operations on the cgroup root_list RCU safe
    - Revert "wifi: cfg80211: check wiphy mutex is held for wdev mutex"
    - gpio: prevent potential speculation leaks in gpio_device_get_desc()
    - gpiolib: cdev: Ignore reconfiguration without direction
    - cgroup: Move rcu_head up near the top of cgroup_root
    - USB: serial: pl2303: add device id for Macrosilicon MS3020
    - USB: usbtmc: prevent kernel-usb-infoleak
    - EDAC/synopsys: Add support for version 3 of the Synopsys EDAC DDR
    - EDAC/synopsys: Use the correct register to disable the error interrupt on v3
      hw
    - EDAC/synopsys: Re-enable the error interrupts on v3 hw
    - EDAC/synopsys: Fix ECC status and IRQ control race condition
    - EDAC/synopsys: Fix error injection on Zynq UltraScale+
    - wifi: rtw88: always wait for both firmware loading attempts
    - crypto: xor - fix template benchmarking
    - ACPI: PMI

  linux (5.15.0-126.136) jammy; urgency=medium

  * jammy/linux: 5.15.0-126.136 -proposed tracker (LP: #2086027)
    - [Packaging] resync git-ubuntu-log

  * Cannot detect audio sinks and sources in proposed kernel (LP: #2085082)
    - soundwire: stream: Revert "soundwire: stream: fix programming slave ports
      for non-continous port maps"

 -- Stefan Bader <email address hidden> Wed, 06 Nov 2024 10:28:09 +0100

  linux (5.15.0-125.135) jammy; urgency=medium

  * jammy/linux: 5.15.0-125.135 -proposed tracker (LP: #2083001)

  * CVE-2024-26800
    - tls: rx: coalesce exit paths in tls_decrypt_sg()
    - tls: separate no-async decryption request handling from async
    - tls: fix use-after-free on failed backlog decryption

  * Please backport the more restrictive XSAVES deactivation for Zen1/2 arch
    (LP: #2077321)
    - x86/CPU/AMD: Improve the erratum 1386 workaround

  * Jammy update: v5.15.167 upstream stable release (LP: #2081279)
    - drm: panel-orientation-quirks: Add quirk for OrangePi Neo
    - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown
    - ALSA: hda/conexant: Mute speakers at suspend / shutdown
    - i2c: Fix conditional for substituting empty ACPI functions
    - dma-debug: avoid deadlock between dma debug vs printk and netconsole
    - net: usb: qmi_wwan: add MeiG Smart SRM825L
    - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr
    - drm/amd/display: Assign linear_pitch_alignment even for VM
    - drm/amdgpu: fix overflowed array index read warning
    - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc
    - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr
    - drm/amd/pm: fix warning using uninitialized value of max_vid_step
    - drm/amd/pm: fix the Out-of-bounds read warning
    - drm/amdgpu: fix uninitialized scalar variable warning
    - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr
    - drm/amdgpu: avoid reading vf2pf info size from FB
    - drm/amd/display: Check gpio_id before used as array index
    - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6
    - drm/amd/display: Add array index check for hdcp ddc access
    - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
    - drm/amd/display: Check msg_id before processing transcation
    - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within
      dal_gpio_service_create
    - drm/amd/amdgpu: Check tbo resource pointer
    - drm/amdgpu/pm: Fix uninitialized variable warning for smu10
    - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response
    - drm/amdgpu: Fix out-of-bounds write warning
    - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
    - drm/amdgpu: fix ucode out-of-bounds read warning
    - drm/amdgpu: fix mc_data out-of-bounds read warning
    - drm/amdkfd: Reconcile the definition and use of oem_id in struct
      kfd_topology_device
    - apparmor: fix possible NULL pointer dereference
    - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy
      SOCs
    - drm/amdgpu: fix the waring dereferencing hive
    - drm/amd/pm: check specific index for aldebaran
    - drm/amdgpu: the warning dereferencing obj for nbio_v7_4
    - drm/amd/pm: check negtive return for table entries
    - drm/amdgpu: update type of buf size to u32 for eeprom functions
    - wifi: iwlwifi: remove fw_running op
    - cpufreq: scmi: Avoid overflow of target_freq in fast switch
    - PCI: al: Check IORESOURCE_BUS existence during probe
    - hwspinlock: Introduce hwspin_lock_bust()
    - RDMA/efa: Properly handle unexpected AQ completions
    - ionic: fix potential irq name truncation
    - rcu/nocb: Remove buggy bypass lock contention mitigation
    - usbip: Don't submit special requests twice
    - usb: typec: ucsi: Fix null pointer dereference in trace
    - fsnotify: clear PARENT_WATCHED flags lazily
    - smack: tcp: ipv4, fix incorrect labeling
    - drm/meson: plane: Add error handling
    - drm/bridge: tc358767: Check if fully initialized before signalling HPD event
      via IRQ
    - wifi: cfg80211: make hash table duplicates more survivable
    - block: remove the blk_flush_integrity call in blk_integrity_unregister
    - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
    - media: uvcvideo: Enforce alignment of frame and interval
    - drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr
    - virtio_net: Fix napi_skb_cache_put warning
    - rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
    - ext4: reject casefold inode flag without casefold feature
    - udf: Limit file size to 4TB
    - ext4: handle redirtying in ext4_bio_write_page()
    - i2c: Use IS_REACHABLE() for substituting empty ACPI functions
    - sch/netem: fix use after free in netem_dequeue
    - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
    - KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE
    - KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing
    - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius
      devices
    - ALSA: hda/realtek: add patch for internal mic in Lenovo V145
    - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
    - ata: libata: Fix memory leak for error path in ata_host_alloc()
    - irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init()
    - rtmutex: Drop rt_mutex::wait_lock before scheduling
    - nvme-pci: Add sleep quirk for Samsung 990 Evo
    - Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE"
    - Bluetooth: MGMT: Ignore keys being loaded with invalid type
    - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
    - mmc: sdhci-of-aspeed: fix module autoloading
    - mmc: cqhci: Fix checking of CQHCI_HALT state
    - fuse: update stats for pages in dropped aux writeback list
    - fuse: use unsigned type for getxattr/listxattr size truncation
    - clk: qcom: clk-alpha-pll: Fix the pll post div mask
    - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API
    - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
    - tracing: Avoid possible softlockup in tracing_iter_reset()
    - ila: call nf_unregister_net_hooks() sooner
    - sched: sch_cake: fix bulk flow accounting logic for host fairness
    - nilfs2: fix missing cleanup on rollforward rec