This bug was fixed in the package linux - 5.4.0-90.101

---------------
linux (5.4.0-90.101) focal; urgency=medium

  * focal/linux: 5.4.0-90.101 -proposed tracker (LP: #1947260)

  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2021.10.18)

  * Add final-checks to check certificates (LP: #1947174)
    - [Packaging] Add system trusted and revocation keys final check

  * No sound on Lenovo laptop models Legion 15IMHG05, Yoga 7 14ITL5, and 13s
    Gen2 (LP: #1939052)
    - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i
      15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops.
    - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 
13s
      Gen2

  * CVE-2020-36385
    - RDMA/cma: Add missing locking to rdma_accept()
    - RDMA/ucma: Fix the locking of ctx->file
    - RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

  * Focal update: v5.4.148 upstream stable release (LP: #1946802)
    - rtc: tps65910: Correct driver module alias
    - btrfs: wake up async_delalloc_pages waiters after submit
    - btrfs: reset replace target device to allocation state on close
    - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN
    - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
    - PCI/MSI: Skip masking MSI-X on Xen PV
    - powerpc/perf/hv-gpci: Fix counter value parsing
    - xen: fix setting of max_pfn in shared_info
    - include/linux/list.h: add a macro to test if entry is pointing to the head
    - 9p/xen: Fix end of loop tests for list_for_each_entry
    - tools/thermal/tmon: Add cross compiling support
    - pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast
    - pinctrl: ingenic: Fix incorrect pull up/down info
    - soc: qcom: aoss: Fix the out of bound usage of cooling_devs
    - soc: aspeed: lpc-ctrl: Fix boundary check for mmap
    - soc: aspeed: p2a-ctrl: Fix boundary check for mmap
    - arm64: head: avoid over-mapping in map_memory
    - crypto: public_key: fix overflow during implicit conversion
    - block: bfq: fix bfq_set_next_ioprio_data()
    - power: supply: max17042: handle fails of reading status register
    - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()
    - VMCI: fix NULL pointer dereference when unmapping queue pair
    - media: uvc: don't do DMA on stack
    - media: rc-loopback: return number of emitters rather than error
    - Revert "dmaengine: imx-sdma: refine to load context only once"
    - dmaengine: imx-sdma: remove duplicated sdma_load_context
    - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
    - ARM: 9105/1: atags_to_fdt: don't warn about stack size
    - PCI/portdrv: Enable Bandwidth Notification only if port supports it
    - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
    - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
    - PCI: xilinx-nwl: Enable the clock through CCF
    - PCI: aardvark: Fix checking for PIO status
    - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO 
response
    - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
    - HID: input: do not report stylus battery state as "full"
    - f2fs: quota: fix potential deadlock
    - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND
    - IB/hfi1: Adjust pkey entry in index 0
    - RDMA/iwcm: Release resources if iw_cm module initialization fails
    - docs: Fix infiniband uverbs minor number
    - pinctrl: samsung: Fix pinctrl bank pin count
    - vfio: Use config not menuconfig for VFIO_NOIOMMU
    - powerpc/stacktrace: Include linux/delay.h
    - RDMA/efa: Remove double QP type assignment
    - f2fs: show f2fs instance in printk_ratelimited
    - f2fs: reduce the scope of setting fsck tag when de->name_len is zero
    - openrisc: don't printk() unconditionally
    - dma-debug: fix debugfs initialization order
    - SUNRPC: Fix potential memory corruption
    - scsi: fdomain: Fix error return code in fdomain_probe()
    - pinctrl: single: Fix error return code in 
pcs_parse_bits_in_pinctrl_entry()
    - scsi: smartpqi: Fix an error code in pqi_get_raid_map()
    - scsi: qedi: Fix error codes in qedi_alloc_global_queues()
    - scsi: qedf: Fix error codes in qedf_alloc_global_queues()
    - powerpc/config: Renable MTD_PHYSMAP_OF
    - scsi: target: avoid per-loop XCOPY buffer allocations
    - HID: i2c-hid: Fix Elan touchpad regression
    - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs
      are live
    - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
      run_smbios_call
    - fscache: Fix cookie key hashing
    - clk: at91: sam9x60: Don't use audio PLL
    - clk: at91: clk-generated: pass the id of changeable parent at registration
    - clk: at91: clk-generated: Limit the requested rate to our range
    - KVM: PPC: Fix clearing never mapped TCEs in realmode
    - f2fs: fix to account missing .skipped_gc_rwsem
    - f2fs: fix unexpected ENOENT comes from f2fs_map_blocks()
    - f2fs: fix to unmap pages from userspace process in punch_hole()
    - MIPS: Malta: fix alignment of the devicetree buffer
    - kbuild: Fix 'no symbols' warning when CONFIG_TRIM_UNUSD_KSYMS=y
    - userfaultfd: prevent concurrent API initialization
    - drm/amdgpu: Fix amdgpu_ras_eeprom_init()
    - ASoC: atmel: ATMEL drivers don't need HAS_DMA
    - media: dib8000: rewrite the init prbs logic
    - crypto: mxs-dcp - Use sg_mapping_iter to copy data
    - PCI: Use pci_update_current_state() in pci_enable_device_flags()
    - tipc: keep the skb in rcv queue until the whole data is read
    - iio: dac: ad5624r: Fix incorrect handling of an optional regulator.
    - iavf: do not override the adapter state in the watchdog task
    - iavf: fix locking of critical sections
    - ARM: dts: qcom: apq8064: correct clock names
    - video: fbdev: kyro: fix a DoS bug by restricting user input
    - netlink: Deal with ESRCH error in nlmsg_notify()
    - Smack: Fix wrong semantics in smk_access_entry()
    - drm: avoid blocking in drm_clients_info's rcu section
    - igc: Check if num of q_vectors is smaller than max before array access
    - usb: host: fotg210: fix the endpoint's transactional opportunities
      calculation
    - usb: host: fotg210: fix the actual_length of an iso packet
    - usb: gadget: u_ether: fix a potential null pointer dereference
    - USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable()
    - usb: gadget: composite: Allow bMaxPower=0 if self-powered
    - staging: board: Fix uninitialized spinlock when attaching genpd
    - tty: serial: jsm: hold port lock when reporting modem line changes
    - drm/amd/display: Fix timer_per_pixel unit error
    - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex
    - bpf/tests: Fix copy-and-paste error in double word test
    - bpf/tests: Do not PASS tests without actually testing the result
    - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
    - video: fbdev: kyro: Error out if 'pixclock' equals zero
    - video: fbdev: riva: Error out if 'pixclock' equals zero
    - ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
    - flow_dissector: Fix out-of-bounds warnings
    - s390/jump_label: print real address in a case of a jump label bug
    - s390: make PCI mio support a machine flag
    - serial: 8250: Define RX trigger levels for OxSemi 950 devices
    - xtensa: ISS: don't panic in rs_init
    - hvsi: don't panic on tty_register_driver failure
    - serial: 8250_pci: make setup_port() parameters explicitly unsigned
    - staging: ks7010: Fix the initialization of the 'sleep_status' structure
    - samples: bpf: Fix tracex7 error raised on the missing argument
    - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
    - Bluetooth: skip invalid hci_sync_conn_complete_evt
    - workqueue: Fix possible memory leaks in wq_numa_init()
    - bonding: 3ad: fix the concurrency between __bond_release_one() and
      bond_3ad_state_machine_handler()
    - arm64: tegra: Fix Tegra194 PCIe EP compatible string
    - ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for 
the
      matching in-/output
    - media: imx258: Rectify mismatch of VTS value
    - media: imx258: Limit the max analogue gain to 480
    - media: v4l2-dv-timings.c: fix wrong condition in two for-loops
    - media: TDA1997x: fix tda1997x_query_dv_timings() return value
    - media: tegra-cec: Handle errors of clk_prepare_enable()
    - ARM: dts: imx53-ppd: Fix ACHC entry
    - arm64: dts: qcom: sdm660: use reg value for memory node
    - net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe()
    - drm/msm: mdp4: drop vblank get/put from prepare/complete_commit
    - selftests/bpf: Fix xdp_tx.c prog section name
    - Bluetooth: schedule SCO timeouts with delayed_work
    - Bluetooth: avoid circular locks in sco_sock_connect
    - net/mlx5: Fix variable type to match 64bit
    - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable
      access in amdgpu_i2c_router_select_ddc_port()
    - drm/display: fix possible null-pointer dereference in dcn10_set_clock()
    - mac80211: Fix monitor MTU limit so that A-MSDUs get through
    - ARM: tegra: tamonten: Fix UART pad setting
    - arm64: tegra: Fix compatible string for Tegra132 CPUs
    - arm64: dts: ls1046a: fix eeprom entries
    - nvme-tcp: don't check blk_mq_tag_to_rq when receiving pdu data
    - Bluetooth: Fix handling of LE Enhanced Connection Complete
    - opp: Don't print an error if required-opps is missing
    - serial: sh-sci: fix break handling for sysrq
    - tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD
    - rpc: fix gss_svc_init cleanup on failure
    - staging: rts5208: Fix get_ms_information() heap buffer size
    - gfs2: Don't call dlm after protocol is unmounted
    - usb: chipidea: host: fix port index underflow and UBSAN complains
    - lockd: lockd server-side shouldn't set fl_ops
    - drm/exynos: Always initialize mapping in exynos_drm_register_dma()
    - m68knommu: only set CONFIG_ISA_DMA_API for ColdFire sub-arch
    - btrfs: tree-log: check btrfs_lookup_data_extent return value
    - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER
    - ASoC: Intel: Skylake: Fix passing loadable flag for module
    - of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS
    - mmc: sdhci-of-arasan: Check return value of non-void funtions
    - mmc: rtsx_pci: Fix long reads when clock is prescaled
    - selftests/bpf: Enlarge select() timeout for test_maps
    - mmc: core: Return correct emmc response in case of ioctl error
    - cifs: fix wrong release in sess_alloc_buffer() failed path
    - Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST
      quirk set"
    - usb: musb: musb_dsps: request_irq() after initializing musb
    - usbip: give back URBs for unsent unlink requests during cleanup
    - usbip:vhci_hcd USB port can get stuck in the disabled state
    - ASoC: rockchip: i2s: Fix regmap_ops hang
    - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B
    - drm/amdkfd: Account for SH/SE count when setting up cu masks.
    - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed
    - iwlwifi: mvm: avoid static queue number aliasing
    - iwlwifi: mvm: fix access to BSS elements
    - net/mlx5: DR, Enable QP retransmission
    - parport: remove non-zero check on count
    - ath9k: fix OOB read ar9300_eeprom_restore_internal
    - ath9k: fix sleeping in atomic context
    - net: fix NULL pointer reference in cipso_v4_doi_free
    - fix array-index-out-of-bounds in taprio_change
    - net: w5100: check return value after calling platform_get_resource()
    - parisc: fix crash with signals and alloca
    - ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup()
    - scsi: BusLogic: Fix missing pr_cont() use
    - scsi: qla2xxx: Changes to support kdump kernel
    - scsi: qla2xxx: Sync queue idx with queue_pair_map idx
    - cpufreq: powernv: Fix init_chip_info initialization in numa=off
    - s390/pv: fix the forcing of the swiotlb
    - mm/hugetlb: initialize hugetlb_usage in mm_init
    - mm,vmscan: fix divide by zero in get_scan_count
    - memcg: enable accounting for pids in nested pid namespaces
    - platform/chrome: cros_ec_proto: Send command again when timeout occurs
    - lib/test_stackinit: Fix static initializer test
    - net: dsa: lantiq_gswip: fix maximum frame length
    - drm/msi/mdp4: populate priv->kms in mdp4_kms_init
    - drm/amdgpu: Fix BUG_ON assert
    - drm/panfrost: Simplify lock_region calculation
    - drm/panfrost: Use u64 for size in lock_region
    - drm/panfrost: Clamp lock region to Bifrost minimum
    - btrfs: fix upper limit for max_inline for page size 64K
    - xen: reset legacy rtc flag for PV domU
    - bnx2x: Fix enabling network interfaces without VFs
    - arm64/sve: Use correct size when reinitialising SVE state
    - PM: base: power: don't try to use non-existing RTC for storing data
    - PCI: Add AMD GPU multi-function power dependencies
    - drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10
    - drm/etnaviv: return context from etnaviv_iommu_context_get
    - drm/etnaviv: put submit prev MMU context when it exists
    - drm/etnaviv: stop abusing mmu_context as FE running marker
    - drm/etnaviv: keep MMU context across runtime suspend/resume
    - drm/etnaviv: exec and MMU state is lost when resetting the GPU
    - drm/etnaviv: fix MMU context leak on GPU reset
    - drm/etnaviv: reference MMU context when setting up hardware state
    - drm/etnaviv: add missing MMU context put when reaping MMU mapping
    - s390/sclp: fix Secure-IPL facility detection
    - x86/mm: Fix kern_addr_valid() to cope with existing but not present 
entries
    - tipc: fix an use-after-free issue in tipc_recvmsg
    - net-caif: avoid user-triggerable WARN_ON(1)
    - ptp: dp83640: don't define PAGE0
    - net/l2tp: Fix reference count leak in l2tp_udp_recv_core
    - r6040: Restore MDIO clock frequency after MAC reset
    - tipc: increase timeout in tipc_sk_enqueue()
    - perf machine: Initialize srcline string member in add_location struct
    - net/mlx5: FWTrace, cancel work on alloc pd error flow
    - net/mlx5: Fix potential sleeping in atomic context
    - events: Reuse value read using READ_ONCE instead of re-reading it
    - vhost_net: fix OoB on sendmsg() failure.
    - net/af_unix: fix a data-race in unix_dgram_poll
    - net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup
    - tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
    - qed: Handle management FW error
    - dt-bindings: arm: Fix Toradex compatible typo
    - ibmvnic: check failover_pending in login response
    - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing
      registers
    - net: hns3: pad the short tunnel frame before sending to hardware
    - net: hns3: change affinity_mask to numa node range
    - net: hns3: disable mac in flr process
    - net: hns3: fix the timing issue of VF clearing interrupt sources
    - mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range()
    - dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
    - mfd: db8500-prcmu: Adjust map to reality
    - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms
    - fuse: fix use after free in fuse_read_interrupt()
    - mfd: Don't use irq_create_mapping() to resolve a mapping
    - tracing/probes: Reject events which have the same name of existing one
    - PCI: Add ACS quirks for Cavium multi-function devices
    - Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6
    - net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
    - PCI: ibmphp: Fix double unmap of io_mem
    - ethtool: Fix an error code in cxgb2.c
    - NTB: Fix an error code in ntb_msit_probe()
    - NTB: perf: Fix an error code in perf_setup_inbuf()
    - mfd: axp20x: Update AXP288 volatile ranges
    - PCI: Fix pci_dev_str_match_path() alloc while atomic bug
    - mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set
    - KVM: arm64: Handle PSCI resets before userspace touches vCPU state
    - PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
    - mtd: rawnand: cafe: Fix a resource leak in the error handling path of
      'cafe_nand_probe()'
    - ARC: export clear_user_page() for modules
    - perf unwind: Do not overwrite 
FEATURE_CHECK_LDFLAGS-libunwind-{x86,aarch64}
    - net: dsa: b53: Fix calculating number of switch ports
    - netfilter: socket: icmp6: fix use-after-scope
    - fq_codel: reject silly quantum parameters
    - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
    - ip_gre: validate csum_start only on pull
    - net: renesas: sh_eth: Fix freeing wrong tx descriptor
    - Linux 5.4.148

  * Focal update: v5.4.147 upstream stable release (LP: #1946795)
    - Linux 5.4.147
    - upstream stable to v5.4.147

  * CVE-2021-3428
    - ext4: save the error code which triggered an ext4_error() in the 
superblock
    - ext4: simulate various I/O and checksum errors when reading metadata
    - ext4: save all error info in save_error_info() and drop ext4_set_errno()
    - ext4: check journal inode extents more carefully

  * ip6gretap / erspan / ip6erspan in rtnetlink.sh from net of
    ubuntu_kernel_selftests failed on B-5.4-aws / B-5.4-gke / B-5.4-oracle /
    B-5.4-azure / B-5.4 (LP: #1896448)
    - SAUCE: selftests: rtnetlink: fixes for older iproute2

  * CVE-2019-19449
    - f2fs: fix wrong total_sections check and fsmeta check
    - f2fs: fix to do sanity check on segment/section count

  * kernel bug found when disconnecting one fiber channel interface on Cisco
    Chassis with fnic DRV_VERSION "1.6.0.47" (LP: #1944586)
    - scsi: fnic: Do not call 'scsi_done()' for unhandled commands

  * memfd from ubuntu_kernel_selftests failed to build on B-5.4 (unknown type
    name ‘__u64’) (LP: #1944613)
    - SAUCE: selftests/memfd: fix __u64 not defined build issue

  * Medion Notebook Keyboard not working (LP: #1909814)
    - ACPI: resources: Add DMI-based legacy IRQ override quirk

  * vrf: fix refcnt leak with vxlan slaves (LP: #1945180)
    - ipv4: Fix device used for dst_alloc with local routes

  * Check for changes relevant for security certifications (LP: #1945989)
    - [Packaging] Add a new fips-checks script
    - [Packaging] Add fips-checks as part of finalchecks

  * Fix cold plugged USB device on certain PCIe USB cards (LP: #1945211)
    - Revert "UBUNTU: SAUCE: Revert "usb: core: reduce power-on-good delay time 
of
      root hub""
    - usb: core: hcd: Add support for deferring roothub registration
    - xhci: Set HCD flag to defer primary roothub registration
    - usb: core: hcd: Modularize HCD stop configuration in usb_stop_hcd()

  * CVE-2021-3759
    - memcg: enable accounting of ipc resources

  * Focal update: v5.4.146 upstream stable release (LP: #1946024)
    - locking/mutex: Fix HANDOFF condition
    - regmap: fix the offset of register error log
    - crypto: mxs-dcp - Check for DMA mapping errors
    - sched/deadline: Fix reset_on_fork reporting of DL tasks
    - power: supply: axp288_fuel_gauge: Report register-address on readb / 
writeb
      errors
    - crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop()
    - sched/deadline: Fix missing clock update in migrate_task_rq_dl()
    - rcu/tree: Handle VM stoppage in stall detection
    - hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns()
    - hrtimer: Ensure timerfd notification for HIGHRES=n
    - udf: Check LVID earlier
    - udf: Fix iocharset=utf8 mount option
    - isofs: joliet: Fix iocharset=utf8 mount option
    - bcache: add proper error unwinding in bcache_device_init
    - nvme-tcp: don't update queue count when failing to set io queues
    - nvme-rdma: don't update queue count when failing to set io queues
    - nvmet: pass back cntlid on successful completion
    - power: supply: max17042_battery: fix typo in MAx17042_TOFF
    - s390/cio: add dev_busid sysfs entry for each subchannel
    - libata: fix ata_host_start()
    - crypto: qat - do not ignore errors from enable_vf2pf_comms()
    - crypto: qat - handle both source of interrupt in VF ISR
    - crypto: qat - fix reuse of completion variable
    - crypto: qat - fix naming for init/shutdown VF to PF notifications
    - crypto: qat - do not export adf_iov_putmsg()
    - fcntl: fix potential deadlock for &fasync_struct.fa_lock
    - udf_get_extendedattr() had no boundary checks.
    - s390/kasan: fix large PMD pages address alignment check
    - s390/debug: fix debug area life cycle
    - m68k: emu: Fix invalid free in nfeth_cleanup()
    - sched: Fix UCLAMP_FLAG_IDLE setting
    - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config
    - spi: spi-pic32: Fix issue with uninitialized dma_slave_config
    - genirq/timings: Fix error return code in irq_timings_test_irqs()
    - lib/mpi: use kcalloc in mpi_resize
    - clocksource/drivers/sh_cmt: Fix wrong setting if don't request IRQ for 
clock
      source channel
    - crypto: qat - use proper type for vf_mask
    - certs: Trigger creation of RSA module signing key if it's not an RSA key
    - regulator: vctrl: Use locked regulator_get_voltage in probe path
    - regulator: vctrl: Avoid lockdep warning in enable/disable ops
    - spi: sprd: Fix the wrong WDG_LOAD_VAL
    - spi: spi-zynq-qspi: use wait_for_completion_timeout to make
      zynq_qspi_exec_mem_op not interruptible
    - EDAC/i10nm: Fix NVDIMM detection
    - drm/panfrost: Fix missing clk_disable_unprepare() on error in
      panfrost_clk_init()
    - media: TDA1997x: enable EDID support
    - soc: rockchip: ROCKCHIP_GRF should not default to y, unconditionally
    - media: cxd2880-spi: Fix an error handling path
    - bpf: Fix a typo of reuseport map in bpf.h.
    - bpf: Fix potential memleak and UAF in the verifier.
    - ARM: dts: aspeed-g6: Fix HVI3C function-group in pinctrl dtsi
    - arm64: dts: renesas: r8a77995: draak: Remove bogus adv7511w properties
    - soc: qcom: rpmhpd: Use corner in power_off
    - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
    - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
    - media: dvb-usb: Fix error handling in dvb_usb_i2c_init
    - media: go7007: remove redundant initialization
    - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats
    - Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
    - 6lowpan: iphc: Fix an off-by-one check of array index
    - netns: protect netns ID lookups with RCU
    - tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos
    - ARM: dts: meson8: Use a higher default GPU clock frequency
    - ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties
    - ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties
    - ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties
    - net/mlx5e: Prohibit inner indir TIRs in IPoIB
    - cgroup/cpuset: Fix a partition bug with hotplug
    - net: cipso: fix warnings in netlbl_cipsov4_add_std
    - i2c: highlander: add IRQ check
    - leds: lt3593: Put fwnode in any case during ->probe()
    - leds: trigger: audio: Add an activate callback to ensure the initial
      brightness is set
    - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
    - media: venus: venc: Fix potential null pointer dereference on pointer fmt
    - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently
    - PCI: PM: Enable PME if it can be signaled from D3cold
    - soc: qcom: smsm: Fix missed interrupts if state changes while masked
    - debugfs: Return error during {full/open}_proxy_open() on rmmod
    - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
    - PM: EM: Increase energy calculation precision
    - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs
    - arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7
    - counter: 104-quad-8: Return error when invalid mode during ceiling_write
    - Bluetooth: fix repeated calls to sco_sock_kill
    - drm/msm/dsi: Fix some reference counted resource leaks
    - usb: gadget: udc: at91: add IRQ check
    - usb: phy: fsl-usb: add IRQ check
    - usb: phy: twl6030: add IRQ checks
    - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse
    - usb: host: ohci-tmio: add IRQ check
    - usb: phy: tahvo: add IRQ check
    - mac80211: Fix insufficient headroom issue for AMSDU
    - lockd: Fix invalid lockowner cast after vfs_test_lock
    - nfsd4: Fix forced-expiry locking
    - usb: gadget: mv_u3d: request_irq() after initializing UDC
    - mm/swap: consider max pages in iomap_swapfile_add_extent
    - Bluetooth: add timeout sanity check to hci_inquiry
    - i2c: iop3xx: fix deferred probing
    - i2c: s3c2410: fix IRQ check
    - rsi: fix error code in rsi_load_9116_firmware()
    - rsi: fix an error code in rsi_probe()
    - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs
    - ASoC: Intel: Skylake: Fix module resource and format selection
    - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
    - mmc: moxart: Fix issue with uninitialized dma_slave_config
    - bpf: Fix possible out of bound write in narrow load handling
    - CIFS: Fix a potencially linear read overflow
    - i2c: mt65xx: fix IRQ check
    - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
    - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA
      config is available
    - tty: serial: fsl_lpuart: fix the wrong mapbase value
    - ASoC: wcd9335: Fix a double irq free in the remove function
    - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe
      function
    - ASoC: wcd9335: Disable irq on slave ports in the remove function
    - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
    - bcma: Fix memory leak for internally-handled cores
    - brcmfmac: pcie: fix oops on failure to resume and reprobe
    - ipv6: make exception cache less predictible
    - ipv4: make exception cache less predictible
    - net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed
    - net: qualcomm: fix QCA7000 checksum handling
    - octeontx2-af: Fix loop in free and unmap counter
    - ipv4: fix endianness issue in inet_rtm_getroute_build_skb()
    - bpf: Introduce BPF nospec instruction for mitigating Spectre v4
    - bpf: Fix leakage due to insufficient speculative store bypass mitigation
    - bpf: verifier: Allocate idmap scratch in verifier env
    - bpf: Fix pointer arithmetic mask tightening under state pruning
    - tty: Fix data race between tiocsti() and flush_to_ldisc()
    - perf/x86/amd/ibs: Extend PERF_PMU_CAP_NO_EXCLUDE to IBS Op
    - x86/resctrl: Fix a maybe-uninitialized build warning treated as error
    - KVM: s390: index kvm->arch.idle_mask by vcpu_idx
    - KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is
      adjusted
    - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter
    - fuse: truncate pagecache on atomic_o_trunc
    - fuse: flush extending writes
    - IMA: remove -Wmissing-prototypes warning
    - IMA: remove the dependency on CRYPTO_MD5
    - fbmem: don't allow too huge resolutions
    - backlight: pwm_bl: Improve bootloader/kernel device handover
    - clk: kirkwood: Fix a clocking boot regression
    - Linux 5.4.146

  * AMD A8-7680 (amdgpu): broken Xorg acceleration and hibernation
    (LP: #1920674) // Focal update: v5.4.146 upstream stable release
    (LP: #1946024)
    - drm/amdgpu/acp: Make PM domain really work

  * Focal update: v5.4.145 upstream stable release (LP: #1945517)
    - fscrypt: add fscrypt_symlink_getattr() for computing st_size
    - ext4: report correct st_size for encrypted symlinks
    - f2fs: report correct st_size for encrypted symlinks
    - ubifs: report correct st_size for encrypted symlinks
    - kthread: Fix PF_KTHREAD vs to_kthread() race
    - xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG
    - gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V
      formats
    - reset: reset-zynqmp: Fixed the argument data type
    - qed: Fix the VF msix vectors flow
    - net: macb: Add a NULL check on desc_ptp
    - qede: Fix memset corruption
    - perf/x86/intel/pt: Fix mask of num_address_ranges
    - perf/x86/amd/ibs: Work around erratum #1197
    - perf/x86/amd/power: Assign pmu.module
    - cryptoloop: add a deprecation warning
    - ARM: 8918/2: only build return_address() if needed
    - ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17
    - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
    - ARC: wireup clone3 syscall
    - media: stkwebcam: fix memory leak in stk_camera_probe
    - igmp: Add ip_mc_list lock in ip_check_mc_rcu
    - USB: serial: mos7720: improve OOM-handling in read_mos_reg()
    - ipv4/icmp: l3mdev: Perform icmp error route lookup on source device 
routing
      table (v2)
    - powerpc/boot: Delete unneeded .globl _zimage_start
    - net: ll_temac: Remove left-over debug message
    - mm/page_alloc: speed up the iteration of max_order
    - Revert "r8169: avoid link-up interrupt issue on RTL8106e if user enables
      ASPM"
    - x86/events/amd/iommu: Fix invalid Perf result due to IOMMU PMC 
power-gating
    - Revert "btrfs: compression: don't try to compress if we don't have enough
      pages"
    - ALSA: usb-audio: Add registration quirk for JBL Quantum 800
    - usb: host: xhci-rcar: Don't reload firmware after the completion
    - usb: mtu3: use @mult for HS isoc or intr
    - usb: mtu3: fix the wrong HS mult value
    - xhci: fix unsafe memory usage in xhci tracing
    - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
    - PCI: Call Max Payload Size-related fixup quirks early
    - Linux 5.4.145

  * Focal update: v5.4.144 upstream stable release (LP: #1944756)
    - net: qrtr: fix another OOB Read in qrtr_endpoint_post
    - ARC: Fix CONFIG_STACKDEPOT
    - netfilter: conntrack: collect all entries in one cycle
    - once: Fix panic when module unload
    - ovl: fix uninitialized pointer read in ovl_lookup_real_one()
    - mmc: sdhci-msm: Update the software timeout value for sdhc
    - mm, oom: make the calculation of oom badness more accurate
    - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX
      and TX error counters
    - Revert "USB: serial: ch341: fix character loss at high transfer rates"
    - USB: serial: option: add new VID/PID to support Fibocom FG150
    - usb: dwc3: gadget: Fix dwc3_calc_trbs_left()
    - usb: dwc3: gadget: Stop EP0 transfers during pullup disable
    - scsi: core: Fix hang of freezing queue between blocking and running device
    - RDMA/bnxt_re: Add missing spin lock initialization
    - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs()
    - e1000e: Fix the max snoop/no-snoop latency for 10M
    - RDMA/efa: Free IRQ vectors on error flow
    - ip_gre: add validation for csum_start
    - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()'
    - net: marvell: fix MVNETA_TX_IN_PRGRS bit number
    - rtnetlink: Return correct error on changing device netns
    - net: hns3: clear hardware resource when loading driver
    - net: hns3: fix duplicate node in VLAN list
    - net: hns3: fix get wrong pfc_en when query PFC configuration
    - drm/i915: Fix syncmap memory leak
    - usb: gadget: u_audio: fix race condition on endpoint stop
    - perf/x86/intel/uncore: Fix integer overflow on 23 bit left shift of a u32
    - opp: remove WARN when no valid OPPs remain
    - virtio: Improve vq->broken access to avoid any compiler optimization
    - virtio_pci: Support surprise removal of virtio pci device
    - vringh: Use wiov->used to check for read/write desc order
    - qed: qed ll2 race condition fixes
    - qed: Fix null-pointer dereference in qed_rdma_create_qp()
    - drm: Copy drm_wait_vblank to user before returning
    - drm/nouveau/disp: power down unused DP links during init
    - net/rds: dma_map_sg is entitled to merge entries
    - btrfs: fix race between marking inode needs to be logged and log syncing
    - vt_kdsetmode: extend console locking
    - bpf: Track contents of read-only maps as scalars
    - bpf: Fix cast to pointer from integer of different size warning
    - net: dsa: mt7530: fix VLAN traffic leaks again
    - KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs
    - arm64: dts: qcom: msm8994-angler: Fix gpio-reserved-ranges 85-88
    - btrfs: fix NULL pointer dereference when deleting device by invalid id
    - Revert "floppy: reintroduce O_NDELAY fix"
    - Revert "parisc: Add assembly implementations for memset, strlen, strcpy,
      strncpy and strcat"
    - net: don't unconditionally copy_from_user a struct ifreq for socket ioctls
    - audit: move put_tree() to avoid trim_trees refcount underflow and UAF
    - Linux 5.4.144

 -- Kelsey Skunberg <kelsey.skunb...@canonical.com>  Fri, 15 Oct 2021
11:56:24 -0600

** Changed in: linux (Ubuntu Focal)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3428

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1947174

Title:
  Add final-checks to check certificates

Status in linux package in Ubuntu:
  Fix Committed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Hirsute:
  Fix Released
Status in linux source package in Impish:
  Fix Released

Bug description:
  [Impact]

   * As part of landing builtin revocation certificates work
  https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1932029 it has
  been identified that many kernels do not correct enforce newly enfoced
  keys in the derivative flavours. I.e. due to annotations not importing
  parent annotations, due to not having do_enforce_all, or using older
  formats of annotations files.

   * As part fips validation work final-checks got added to check and
  assert that correct things are turned on.

   * It has been agreed that having a final-check for builtin system
  trusted & revocation certificates would be a good thing. If packaging
  declares that certain certificates should be built-in trusted or
  revoked, the kernel must be configured pointing at the packaging
  generated .pem bundle in the config.

  [Test Plan]

   * Kernel should build
   * If trusted or revocation are configured in packaging but the config option 
is misconfigured (i.e. typo or not set), the kernel build and cranky close 
should fail

  
  [Where problems could occur]

   * This is a packaging change only, thus may result in valid kernels
  ftbfs but should be easy to rectify.

  [Other Info]
   
   * Also see

  https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1932029

  and kernels that derived from a primary kernel that had that fixed,
  and the subsequently failed boot testing due to not enabling those
  options.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1947174/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to