[Bug 2078388] Re: Focal update: v5.4.282 upstream stable release

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 5.4.0-200.220

---
linux (5.4.0-200.220) focal; urgency=medium

  * focal/linux: 5.4.0-200.220 -proposed tracker (LP: #2082937)

  * Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
  (main/2024.09.30)

  * CVE-2024-26800
- tls: rx: coalesce exit paths in tls_decrypt_sg()
- tls: separate no-async decryption request handling from async
- tls: fix use-after-free on failed backlog decryption

  * CVE-2024-26641
- ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()

  * CVE-2021-47212
- net/mlx5: Update error handler for UCTX and UMEM

  * wbt:wbt_* trace event NULL pointer dereference with GENHD_FL_HIDDEN disks
(LP: #2081085)
- bdi: use bdi_dev_name() to get device name

  * Focal update: v5.4.284 upstream stable release (LP: #2081278)
- drm: panel-orientation-quirks: Add quirk for OrangePi Neo
- i2c: Fix conditional for substituting empty ACPI functions
- net: usb: qmi_wwan: add MeiG Smart SRM825L
- drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr
- drm/amdgpu: fix overflowed array index read warning
- drm/amd/display: Check gpio_id before used as array index
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within
  dal_gpio_service_create
- drm/amdgpu: fix ucode out-of-bounds read warning
- drm/amdgpu: fix mc_data out-of-bounds read warning
- drm/amdkfd: Reconcile the definition and use of oem_id in struct
  kfd_topology_device
- apparmor: fix possible NULL pointer dereference
- ionic: fix potential irq name truncation
- usbip: Don't submit special requests twice
- usb: typec: ucsi: Fix null pointer dereference in trace
- smack: tcp: ipv4, fix incorrect labeling
- wifi: cfg80211: make hash table duplicates more survivable
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
- media: uvcvideo: Enforce alignment of frame and interval
- block: initialize integrity buffer to zero before writing it to media
- net: set SOCK_RCU_FREE before inserting socket into hashtable
- virtio_net: Fix napi_skb_cache_put warning
- udf: Limit file size to 4TB
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions
- sch/netem: fix use after free in netem_dequeue
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius
  devices
- ata: libata: Fix memory leak for error path in ata_host_alloc()
- irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init()
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
- mmc: sdhci-of-aspeed: fix module autoloading
- fuse: update stats for pages in dropped aux writeback list
- fuse: use unsigned type for getxattr/listxattr size truncation
- reset: hi6220: Add support for AO reset controller
- clk: hi6220: use CLK_OF_DECLARE_DRIVER
- clk: qcom: clk-alpha-pll: Fix the pll post div mask
- clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API
- ila: call nf_unregister_net_hooks() sooner
- sched: sch_cake: fix bulk flow accounting logic for host fairness
- nilfs2: fix missing cleanup on rollforward recovery error
- nilfs2: fix state management in error path of log writing function
- ALSA: hda: Add input value sanity checks to HDMI channel map controls
- smack: unix sockets: fix accept()ed socket label
- irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1
- af_unix: Remove put_pid()/put_cred() in copy_peercred().
- netfilter: nf_conncount: fix wrong variable type
- udf: Avoid excessive partition lengths
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
- usb: uas: set host status byte on data completion error
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
- pcmcia: Use resource_size function on resource object
- can: bcm: Remove proc entry when dev is unregistered.
- igb: Fix not clearing TimeSync interrupts for 82580
- platform/x86: dell-smbios: Fix error path in dell_smbios_init()
- tcp_bpf: fix return value of tcp_bpf_sendmsg()
- cx82310_eth: re-enable ethernet mode after router reboot
- drivers/net/usb: Remove all strcpy() uses
- net: usb: don't write directly to netdev->dev_addr
- usbnet: modern method to get random MAC
- net: bridge: fdb: convert is_local to bitops
- net: bridge: fdb: convert is_static to bitops
- net: bridge: fdb: convert is_sticky to bitops
- net: bridge: fdb: convert added_by_user to bitops
- net: bridge: fdb: convert added_by_external_learn to use bitops
- net: bridge: br_fdb_external_lear

[Bug 2078388] Re: Focal update: v5.4.282 upstream stable release

[Stefan Bader]

Skipped "netfilter: nf_tables: use timestamp to check for set element
timeout" as it was already applied for CVE-2024-27397.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-27397

** Changed in: linux (Ubuntu Focal)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2078388

Title:
  Focal update: v5.4.282 upstream stable release

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2078388/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs