[PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits
Forwarded: not-needed
Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.
The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch
Tweak gitignore for Debian pkg-kernel using git svn.
Forwarded: not-needed
[bwh: Tweak further for pure git]
Gbp-Pq: Topic debian
Gbp-Pq: Name gitignore.patch
linux (6.1.115-1) bookworm; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.113
- wifi: rtw88: always wait for both firmware loading attempts
(CVE-2024-47718)
- crypto: xor - fix template benchmarking
- ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe()
- wifi: ath9k: fix parameter check in ath9k_init_debug()
- wifi: ath9k: Remove error checks when creating debugfs entries
- wifi: rtw88: remove CPT execution branch never used
- fs/namespace: fnic: Switch to use %ptTd
- mount: handle OOM on mnt_warn_timestamp_expiry
- drivers/perf: Fix ali_drw_pmu driver interrupt status clearing
(CVE-2024-47731)
- wifi: mac80211: don't use rate mask for offchannel TX either
(CVE-2024-47738)
- wifi: iwlwifi: mvm: increase the time between ranging measurements
- ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE
- ACPICA: executer/exsystem: Don't nag user about every Stall() violating
the spec
- padata: Honor the caller's alignment in case of chunk_size 0
- drivers/perf: hisi_pcie: Record hardware counts correctly
- can: j1939: use correct function name in comment
- ACPI: CPPC: Fix MASK_VAL() usage
- netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
- netfilter: nf_tables: reject element expiration with no timeout
- netfilter: nf_tables: reject expiration higher than timeout
- netfilter: nf_tables: remove annotation to access set timeout while
holding lock
- [arm64] perf/arm-cmn: Rework DTC counters (again)
- [arm64] perf/arm-cmn: Improve debugfs pretty-printing for large configs
- [arm64] perf/arm-cmn: Refactor node ID handling. Again.
- [arm64] perf/arm-cmn: Ensure dtm_idx is big enough
- cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately
- [x86] sgx: Fix deadlock in SGX NUMA node search (CVE-2024-49856)
- crypto: hisilicon/hpre - enable sva error interrupt event
- crypto: hisilicon/hpre - mask cluster timeout error
- crypto: hisilicon/qm - fix coding style issues
- crypto: hisilicon/qm - reset device before enabling it
- crypto: hisilicon/qm - inject error before stopping queue (CVE-2024-47730)
- wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
- wifi: mt76: mt7915: fix rx filter setting for bfee functionality
- wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors
- wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
(CVE-2024-47713)
- wifi: wilc1000: fix potential RCU dereference issue in
wilc_parse_join_bss_param (CVE-2024-47712)
- Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED
- Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL
- sock_map: Add a cond_resched() in sock_hash_free()
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
(CVE-2024-47709)
- can: m_can: Remove repeated check for is_peripheral
- can: m_can: enable NAPI before enabling interrupts
- can: m_can: m_can_close(): stop clocks after device has been shut down
- Bluetooth: btusb: Fix not handling ZPL/short-transfer
- bareudp: Pull inner IP header in bareudp_udp_encap_recv().
- bareudp: Pull inner IP header on xmit.
- net: enetc: Use IRQF_NO_AUTOEN flag in request_irq()
- r8169: disable ALDPS per default for RTL8125
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input
- net: tipc: avoid possible garbage value
- ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
(CVE-2024-47707)
- nbd: fix race between timeout and normal completion (CVE-2024-49855)
- block, bfq: fix possible UAF for bfqq->bic with merge chain
(CVE-2024-47706)
- block, bfq: choose the last bfqq from merge chain in
bfq_setup_cooperator()
- block, bfq: don't break merge chain in bfq_split_bfqq()
- block: print symbolic error name instead of error code
- block: fix potential invalid pointer dereference in blk_add_partition
(CVE-2024-47705)
- spi: ppc4xx: handle irq_of_parse_and_map() errors
- [arm64] dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB
- firmware: arm_scmi: Fix double free in OPTEE transport (CVE-2024-49853)
- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ
- regulator: Return actual error in of_regulator_bulk_get_all()
- [arm64] dts: renesas: r9a07g043u: Correct GICD and GICR sizes
- [arm64] dts: renesas: r9a07g054: Correct GICD and GICR sizes
- [arm64] dts: renesas: r9a07g044: Correct GICD and GICR sizes
- [arm64] dts: ti: k3-j721e-sk: Fix reversed C6x carveout locations
- reset: berlin: fix OF node leak in probe() error path
- reset: k210: fix OF node leak in probe() error path
- clocksource/drivers/qcom: Add missing iounmap() on errors in
msm_dt_timer_init()
- ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error
- ALSA: hda: cs35l41: fix module autoloading
- hwmon: (max16065) Fix overflows seen when writing limits
- i2c: Add i2c_get_match_data()
- hwmon: (max16065) Remove use of i2c_match_id()
- hwmon: (max16065) Fix alarm attributes
- mtd: slram: insert break after errors in parsing the map
- hwmon: (ntc_thermistor) fix module autoloading
- power: supply: axp20x_battery: Remove design from min and max voltage
- power: supply: max17042_battery: Fix SOC threshold calc w/ no current
sense
- fbdev: hpfb: Fix an error handling path in hpfb_dio_probe()
- [amd64] iommu/amd: Do not set the D bit on AMD v2 table entries
- mtd: powernv: Add check devm_kasprintf() returned value
- rcu/nocb: Fix RT throttling hrtimer armed from offline CPU
- mtd: rawnand: mtk: Use for_each_child_of_node_scoped()
- mtd: rawnand: mtk: Factorize out the logic cleaning mtk chips
- mtd: rawnand: mtk: Fix init error path
- pmdomain: core: Harden inter-column space in debug summary
- drm/stm: Fix an error handling path in stm_drm_platform_probe()
- drm/stm: ltdc: check memory returned by devm_kzalloc()
- drm/amd/display: Add null check for set_output_gamma in
dcn30_set_output_transfer_func (CVE-2024-47720)
- drm/amdgpu: Replace one-element array with flexible-array member
- drm/amdgpu: properly handle vbios fake edid sizing
- drm/radeon: Replace one-element array with flexible-array member
- drm/radeon: properly handle vbios fake edid sizing
- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly
- scsi: NCR5380: Check for phase match during PDMA fixup
- drm/amd/amdgpu: Properly tune the size of struct
- drm/rockchip: vop: Allow 4096px width scaling
- drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
- drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets
- drm/bridge: lontium-lt8912b: Validate mode in
drm_bridge_funcs::mode_valid()
- drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get
- scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()
(CVE-2024-49852)
- jfs: fix out-of-bounds in dbNextAG() and diAlloc()
- drm/mediatek: Fix missing configuration flags in mtk_crtc_ddp_config()
- drm/mediatek: Use spin_lock_irqsave() for CRTC event lock
- [powerpc*] 8xx: Fix initial memory mapping
- [powerpc*] 8xx: Fix kernel vs user address comparison
- drm/msm: Fix incorrect file name output in adreno_request_fw()
- drm/msm/a5xx: disable preemption in submits by default
- drm/msm/a5xx: properly clear preemption records on resume
- drm/msm/a5xx: fix races in preemption evaluation stage
- drm/msm/a5xx: workaround early ring-buffer emptiness check
- ipmi: docs: don't advertise deprecated sysfs entries
- drm/msm: fix %s null argument error
- drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind()
- xen: use correct end address of kernel for conflict checking
- HID: wacom: Support sequence numbers smaller than 16-bit
- HID: wacom: Do not warn about dropped packets for first packet
- xen/swiotlb: add alignment check for dma buffers
- xen/swiotlb: fix allocated size
- tpm: Clean up TPM space after command failure (CVE-2024-49851)
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos
(CVE-2024-49850)
- xz: cleanup CRC32 edits from 2018
- kthread: fix task state in kthread worker if being frozen
- ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard
- smackfs: Use rcu_assign_pointer() to ensure safe assignment in
smk_set_cipso
- ext4: avoid buffer_head leak in ext4_mark_inode_used()
- ext4: avoid potential buffer_head leak in __ext4_new_inode()
- ext4: avoid negative min_clusters in find_group_orlov()
- ext4: return error on ext4_find_inline_entry
- ext4: avoid OOB when system.data xattr changes underneath the filesystem
(CVE-2024-47701)
- nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
(CVE-2024-47699)
- nilfs2: determine empty node blocks as corrupted
- nilfs2: fix potential oob read in nilfs_btree_check_delete()
(CVE-2024-47757)
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error
(CVE-2024-47728)
- perf mem: Free the allocated sort string, fixing a leak
- perf inject: Fix leader sampling inserting additional samples
- perf sched timehist: Fix missing free of session in perf_sched__timehist()
- perf stat: Display iostat headers correctly
- perf sched timehist: Fixed timestamp error when unable to confirm event
sched_in time
- perf time-utils: Fix 32-bit nsec parsing
- clk: imx: composite-8m: Less function calls in __imx8m_clk_hw_composite()
after error detection
- clk: imx: composite-8m: Enable gate clk with mcore_booted
- clk: imx: composite-7ulp: Check the PCC present bit
- clk: imx: fracn-gppll: support integer pll
- clk: imx: fracn-gppll: fix fractional part of PLL getting lost
- clk: imx: imx8mp: fix clock tree update of TF-A managed clocks
- clk: imx: imx8qxp: Register dc0_bypass0_clk before disp clk
- clk: imx: imx8qxp: Parent should be initialized earlier than the clock
- remoteproc: imx_rproc: Correct ddr alias for i.MX8M
- remoteproc: imx_rproc: Initialize workqueue earlier
- clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228
- Input: ilitek_ts_i2c - avoid wrong input subsystem sync
- Input: ilitek_ts_i2c - add report id message validation
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
(CVE-2024-47698)
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
(CVE-2024-47697)
- PCI/PM: Increase wait time after resume
- PCI/PM: Drop pci_bridge_wait_for_secondary_bus() timeout parameter
- PCI: Wait for Link before restoring Downstream Buses
- PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
(CVE-2024-47756)
- clk: qcom: dispcc-sm8250: use special function for Lucid 5LPE PLL
- nvdimm: Fix devs leaks in scan_labels()
- PCI: xilinx-nwl: Fix register misspelling
- PCI: xilinx-nwl: Clean up clock on probe failure/removal
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
(CVE-2024-47696)
- pinctrl: single: fix missing error code in pcs_probe()
- RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer
- RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (CVE-2024-47695)
- clk: ti: dra7-atl: Fix leak of of_nodes
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire
- nfsd: fix refcount leak when file is unhashed after being found
- pinctrl: mvebu: Use devm_platform_get_and_ioremap_resource()
- pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function
- IB/core: Fix ib_cache_setup_one error flow cleanup (CVE-2024-47693)
- PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port()
(CVE-2024-47751)
- RDMA/erdma: Return QP state in erdma_query_qp
- watchdog: imx_sc_wdt: Don't disable WDT in suspend
- [arm64] RDMA/hns: Don't modify rq next block addr in HIP09 QPC
- [arm64] RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 (CVE-2024-47750)
- [arm64] RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range()
- [arm64] RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
- [arm64] RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler
- [arm64] RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS
- [arm64] RDMA/hns: Optimize hem allocation performance
- RDMA/cxgb4: Added NULL check for lookup_atid (CVE-2024-47749)
- RDMA/irdma: fix error message in irdma_modify_qp_roce()
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
- ntb_perf: Fix printk format
- ntb: Force physically contiguous allocation of rx ring buffers
- nfsd: call cache_put if xdr_reserve_space returns NULL (CVE-2024-47737)
- nfsd: return -EINVAL when namelen is 0 (CVE-2024-47692)
- f2fs: fix to update i_ctime in __f2fs_setxattr()
- f2fs: remove unneeded check condition in __f2fs_setxattr()
- f2fs: reduce expensive checkpoint trigger frequency
- f2fs: factor the read/write tracing logic into a helper
- f2fs: fix to avoid racing in between read and OPU dio write
- f2fs: fix to wait page writeback before setting gcing flag
- f2fs: atomic: fix to truncate pagecache before on-disk metadata truncation
- f2fs: clean up w/ dotdot_name
- f2fs: get rid of online repaire on corrupted directory (CVE-2024-47690)
- spi: atmel-quadspi: Undo runtime PM changes at driver exit time
- spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time
- lib/sbitmap: define swap_lock as raw_spinlock_t
- nvme-multipath: system fails to create generic nvme device
- iio: adc: ad7606: fix oversampling gpio array
- iio: adc: ad7606: fix standby gpio state to match the documentation
- ABI: testing: fix admv8818 attr description
- iio: chemical: bme680: Fix read/write ops to device by adding mutexes
- iio: magnetometer: ak8975: Convert enum->pointer for data in the match
tables
- iio: magnetometer: ak8975: drop incorrect AK09116 compatible
- dt-bindings: iio: asahi-kasei,ak8975: drop incorrect AK09116 compatible
- coresight: tmc: sg: Do not leak sg_table
- cxl/pci: Break out range register decoding from cxl_hdm_decode_init()
- cxl/pci: Fix to record only non-zero ranges
- vdpa: Add eventfd for the vdpa callback
- vhost_vdpa: assign irq bypass producer token correctly (CVE-2024-47748)
- ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() (CVE-2024-47686)
- Revert "dm: requeue IO if mapping table not yet available"
- net: xilinx: axienet: Schedule NAPI in two steps
- net: xilinx: axienet: Fix packet counting
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (CVE-2024-47685)
- net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race
Condition (CVE-2024-47747)
- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL
- tcp: check skb is non-NULL in tcp_rto_delta_us() (CVE-2024-47684)
- net: qrtr: Update packets cloning when broadcasting
- bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave()
(CVE-2024-47734)
- net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled
- netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
- netfilter: ctnetlink: compile ctnetlink_label_size with
CONFIG_NF_CONNTRACK_EVENTS
- io_uring/sqpoll: do not allow pinning outside of cpuset
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination
- io_uring/io-wq: do not allow pinning outside of cpuset
- io_uring/io-wq: inherit cpuset of cgroup in io worker
- vfio/pci: fix potential memory leak in vfio_intx_enable() (CVE-2024-38632)
- selinux,smack: don't bypass permissions check in inode_setsecctx hook
(CVE-2024-46695)
- drm/vmwgfx: Prevent unmapping active read buffers (CVE-2024-46710)
- io_uring/sqpoll: retain test for whether the CPU is valid
- io_uring/sqpoll: do not put cpumask on stack
- Remove *.orig pattern from .gitignore
- PCI: imx6: Fix missing call to phy_power_off() in error handling
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler
- ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error
- soc: versatile: integrator: fix OF node leak in probe() error path
- Revert "media: tuners: fix error return code of
hybrid_tuner_request_state()"
- Input: adp5588-keys - fix check on return code
- Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table
- Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table
- Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line
- [x86] KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits
- [x86] KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode()
- drm/amd/display: Skip Recompute DSC Params if no Stream on Link
(CVE-2024-47683)
- drm/amd/display: Round calculated vtotal
- drm/amd/display: Validate backlight caps are sane
- KEYS: prevent NULL pointer dereference in find_asymmetric_key()
(CVE-2024-47743)
- fs: Create a generic is_dot_dotdot() utility
- ksmbd: make __dir_empty() compatible with POSIX
- ksmbd: allow write with FILE_APPEND_DATA
- ksmbd: handle caseless file creation
- scsi: sd: Fix off-by-one error in sd_read_block_characteristics()
(CVE-2024-47682)
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages
- scsi: mac_scsi: Refactor polling loop
- scsi: mac_scsi: Disallow bus errors during PDMA send
- usbnet: fix cyclical race on disconnect with work queue
- [arm64] dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled
- USB: appledisplay: close race between probe and completion handler
- USB: misc: cypress_cy7c63: check for short transfer
- USB: class: CDC-ACM: fix race between get_serial and set_serial
- usb: cdnsp: Fix incorrect usb_request status
- usb: dwc2: drd: fix clock gating on USB role switch
- bus: integrator-lm: fix OF node leak in probe()
- bus: mhi: host: pci_generic: Fix the name for the Telit FE990A
- firmware_loader: Block path traversal (CVE-2024-47742)
- tty: rp2: Fix reset with non forgiving PCIe host bridges
- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them.
- crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure
- drbd: Fix atomicity violation in drbd_uuid_set_bm()
- drbd: Add NULL check for net_conf to prevent dereference in state
validation
- ACPI: sysfs: validate return type of _STR method (CVE-2024-49860)
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption
(CVE-2024-49858)
- perf/x86/intel/pt: Fix sampling synchronization
- wifi: rtw88: 8822c: Fix reported RX band width
- wifi: mt76: mt7615: check devm_kasprintf() returned value
- debugobjects: Fix conditions in fill_pool()
- f2fs: fix several potential integer overflows in file offsets
- f2fs: prevent possible int overflow in dir_block_index()
- f2fs: avoid potential int overflow in sanity_check_area_boundary()
- f2fs: fix to check atomic_file in f2fs ioctl interfaces (CVE-2024-49859)
- hwrng: mtk - Use devm_pm_runtime_enable
- hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init
- hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume
- [arm64] dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency
- [arm64] dts: rockchip: Correct the Pinebook Pro battery design capacity
- vfs: fix race between evice_inodes() and find_inode()&iput()
- fs: Fix file_set_fowner LSM hook inconsistencies
- nfs: fix memory leak in error path of nfs4_do_reclaim
- EDAC/igen6: Fix conversion of system address to physical memory address
- padata: use integer wrap around to prevent deadlock on seq_nr overflow
(CVE-2024-47739)
- soc: versatile: realview: fix memory leak during device remove
- soc: versatile: realview: fix soc_dev leak during device remove
- [powerpc*] 64: Option to build big-endian with ELFv2 ABI
- [powerpc*] 64: Add support to build with prefixed instructions
- [powerpc*] atomic: Use YZ constraints for DS-form instructions
- usb: yurex: Replace snprintf() with the safer scnprintf() variant
- USB: misc: yurex: fix race between read and write
- xhci: fix event ring segment table related masks and variables in header
- xhci: remove xhci_test_trb_in_td_math early development check
- xhci: Refactor interrupter code for initial multi interrupter support.
- xhci: Preserve RsvdP bits in ERSTBA register correctly
- xhci: Add a quirk for writing ERST in high-low order
- usb: xhci: fix loss of data on Cadence xHC
- pps: remove usage of the deprecated ida_simple_xx() API
- pps: add an error check in parport_attach
- [x86] idtentry: Incorporate definitions/declarations of the FRED entries
- [x86] entry: Remove unwanted instrumentation in common_interrupt()
- mm/filemap: return early if failed to allocate memory for split
- lib/xarray: introduce a new helper xas_get_order
- mm/filemap: optimize filemap folio adding
- icmp: Add counters for rate limits
- icmp: change the order of rate limits (CVE-2024-47678)
- bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0
- lockdep: fix deadlock issue between lockdep and rcu
- mm: only enforce minimum stack gap size if it's sensible
- module: Fix KCOV-ignored file name
- mm/damon/vaddr: protect vma traversal in __damon_va_thre_regions() with
rcu read lock
- i2c: aspeed: Update the stop sw state when the bus recovery occurs
- i2c: isch: Add missed 'else'
- usb: yurex: Fix inconsistent locking bug in yurex_read()
- perf/arm-cmn: Fail DTC counter allocation correctly
- iio: magnetometer: ak8975: Fix 'Unexpected device' error
- [powerpc*] Allow CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 with ld.lld 15+
- PCI/PM: Mark devices disconnected if upstream PCIe link is down on resume
- [x86*] tdx: Fix "in-kernel MMIO" check (CVE-2024-47727)
- static_call: Handle module init failure correctly in
static_call_del_module() (CVE-2024-50002)
- static_call: Replace pointless WARN_ON() in static_call_module_notify()
- jump_label: Simplify and clarify static_key_fast_inc_cpus_locked()
- jump_label: Fix static_key_slow_dec() yet again
- scsi: pm8001: Do not overwrite PCI queue mapping
- mailbox: rockchip: fix a typo in module autoloading
- mailbox: bcm2835: Fix timeout during suspend mode (CVE-2024-49963)
- ceph: remove the incorrect Fw reference check when dirtying pages
- ieee802154: Fix build error
- net: sparx5: Fix invalid timestamps
- net/mlx5: Fix error path in multi-packet WQE transmit (CVE-2024-50001)
- net/mlx5: Added cond_resched() to crdump collection
- net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (CVE-2024-50000)
- netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED
- net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq()
- net: wwan: qcom_bam_dmux: Fix missing pm_runtime_disable()
- netfilter: nf_tables: prevent nf_skb_duplicated corruption
(CVE-2024-49952)
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq()
- net: ethernet: lantiq_etop: fix memory disclosure (CVE-2024-49997)
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO
- net: add more sanity checks to qdisc_pkt_len_init() (CVE-2024-49948)
- net: stmmac: dwmac4: extend timeout for VLAN Tag register busy bit check
- ipv4: ip_gre: Fix drops of small packets in ipgre_xmit
- ppp: do not assume bh is held in ppp_channel_bridge_input()
(CVE-2024-49946)
- fsdax,xfs: port unshare to fsdax
- iomap: constrain the file range passed to iomap_file_unshare
- sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
(CVE-2024-49944)
- i2c: xiic: improve error message when transfer fails to start
- i2c: xiic: Try re-initialization on bus busy timeout
- loop: don't set QUEUE_FLAG_NOMERGES
- Bluetooth: hci_sock: Fix not validating setsockopt user input
(CVE-2024-35963)
- media: usbtv: Remove useless locks in usbtv_video_free() (CVE-2024-27072)
- ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is
uninitialized
- ALSA: mixer_oss: Remove some incorrect kfree_const() usages
- ALSA: hda/realtek: Fix the push button function for the ALC257
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
- ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
- f2fs: Require FMODE_WRITE for atomic write ioctls (CVE-2024-47740)
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats()
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
- ice: Adjust over allocation of memory in ice_sched_add_root_node() and
ice_sched_add_node()
- wifi: iwlwifi: mvm: Fix a race in scan abort flow
- wifi: cfg80211: Set correct chandef when starting CAC (CVE-2024-49937)
- net/xen-netback: prevent UAF in xenvif_flush_hash() (CVE-2024-49936)
- net: hisilicon: hip04: fix OF node leak in probe()
- net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info()
- net: hisilicon: hns_mdio: fix OF node leak in probe()
- ACPI: PAD: fix crash in exit_round_robin() (CVE-2024-49935)
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails
- wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable
- net: sched: consistently use rcu_replace_pointer() in taprio_change()
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122
- ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18
- blk_iocost: fix more out of bound shifts (CVE-2024-49933)
- nvme-pci: qdepth 1 quirk
- wifi: ath11k: fix array out-of-bound access in SoC stats (CVE-2024-49930)
- wifi: rtw88: select WANT_DEV_COREDUMP
- ACPI: EC: Do not release locks during operation region accesses
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in
acpi_db_convert_to_package()
- tipc: guard against string buffer overrun (CVE-2024-49995)
- net: mvpp2: Increase size of queue_name buffer
- bnxt_en: Extend maximum length of version string by 1 byte
- ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR).
- wifi: rtw89: correct base HT rate mask for firmware
- ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family
- net: atlantic: Avoid warning about potential string truncation
- crypto: simd - Do not call crypto_alloc_tfm during registration
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process
- wifi: mac80211: fix RCU list iterations
- ACPICA: iasl: handle empty connection_node
- proc: add config & param to block forcing mem writes
- wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_cmd_802_11_scan_ext()
- nfp: Use IRQF_NO_AUTOEN flag in request_irq()
- ALSA: usb-audio: Add input value sanity checks for standard types
- [x86] ioapic: Handle allocation failures gracefully (CVE-2024-49927)
- ALSA: usb-audio: Define macros for quirk table entries
- ALSA: usb-audio: Replace complex quirk lines with macros
- ALSA: usb-audio: Add logitech Audio profile quirk
- ASoC: codecs: wsa883x: Handle reading version failure
- [x86] kexec: Add EFI config table identity mapping for kexec kernel
- ALSA: asihpi: Fix potential OOB array access (CVE-2024-50007)
- ALSA: hdsp: Break infinite MIDI input flush loop
- [x86] syscall: Avoid memcpy() for ia32 syscall_get_arguments()
- fbdev: pxafb: Fix possible use after free in pxafb_task() (CVE-2024-49924)
- rcuscale: Provide clear error when async specified without primitives
- [arm64] iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux
- power: reset: brcmstb: Do not go into infinite loop if reset fails
- [amd64] iommu/vt-d: Always reserve a domain ID for identity setup
- [amd64] iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0
count (CVE-2024-49993)
- drm/stm: Avoid use-after-free issues with crtc and plane (CVE-2024-49992)
- drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit
- drm/amd/display: Add null check for top_pipe_to_program in
commit_planes_for_stream (CVE-2024-49913)
- ata: pata_serverworks: Do not use the term blacklist
- ata: sata_sil: Rename sil_blacklist to sil_quirks
- drm/amd/display: Handle null 'stream_status' in
'planes_changed_for_existing_stream' (CVE-2024-49912)
- drm/amd/display: Check null pointers before using dc->clk_mgr
(CVE-2024-49907)
- drm/amd/display: Add null check for 'afb' in
amdgpu_dm_plane_handle_cursor_update (v2)
- jfs: UBSAN: shift-out-of-bounds in dbFindBits
- jfs: Fix uaf in dbFreeBits (CVE-2024-49903)
- jfs: check if leafidx greater than num leaves per dmap tree
(CVE-2024-49902)
- scsi: smartpqi: correct stream detection
- jfs: Fix uninit-value access of new_ea in ea_buffer (CVE-2024-49900)
- drm/amdgpu: add raven1 gfxoff quirk
- drm/amdgpu: enable gfxoff quirk on HP 705G4
- HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio
- [x86] platform/x86: touchscreen_dmi: add nanote-next quirk
- drm/stm: ltdc: reset plane transparency after plane disable
- drm/amd/display: Check stream before comparing them (CVE-2024-49896)
- drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format
translation (CVE-2024-49895)
- drm/amd/display: Fix index out of bounds in degamma hardware format
translation (CVE-2024-49894)
- drm/amd/display: Fix index out of bounds in DCN30 color transformation
(CVE-2024-49969)
- drm/amd/display: Initialize get_bytes_per_element's default to 1
(CVE-2024-49892)
- drm/printer: Allow NULL data in devcoredump printer
- [x86] perf,x86: avoid missing caller address in stack traces captured in
uprobe
- scsi: aacraid: Rearrange order of struct aac_srb_unit
- scsi: lpfc: Update PRLO handling in direct attached topology
- drm/amdgpu: fix unchecked return value warning for amdgpu_gfx
- scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode()
- drm/amd/pm: ensure the fw_info is not null before using it
(CVE-2024-49890)
- of/irq: Refer to actual buffer size in of_irq_parse_one()
- [powerpc*] pseries: Use correct data types from pseries_hp_errorlog struct
- ext4: ext4_search_dir should return a proper error
- ext4: avoid use-after-free in ext4_ext_show_leaf() (CVE-2024-49889)
- ext4: fix i_data_sem unlock order in ext4_ind_migrate() (CVE-2024-50006)
- iomap: handle a post-direct I/O invalidate race in
iomap_write_delalloc_release
- blk-integrity: use sysfs_emit
- blk-integrity: convert to struct device_attribute
- blk-integrity: register sysfs attributes on struct device
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled
- spi: s3c64xx: fix timeout counters in flush_fifo
- [powerpc*] vdso: Fix VDSO data access when running in a non-root time
namespace
- Revert "ALSA: hda: Conditionally use snooping for AMD HDMI"
(Closes: #
1081833)
- [x86] platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug
(CVE-2024-49886)
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
(CVE-2024-49985)
- i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
- i2c: xiic: Wait for TX empty to avoid missed TX NAKs
- media: i2c: ar0521: Use cansleep version of gpiod_set_value()
(CVE-2024-49961)
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp()
- spi: bcm63xx: Fix module autoloading
- power: supply: hwmon: Fix missing temp1_max_alarm attribute
- perf/core: Fix small negative period being ignored
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
- ALSA: core: add isascii() check to card ID generator
- ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET
- ALSA: usb-audio: Add native DSD support for Luxman D-08u
- ALSA: line6: add hw monitor volume control to POD HD500X
- ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9
- ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200
- ext4: no need to continue when the number of entries is 1 (CVE-2024-49967)
- ext4: correct encrypted dentry name hash when not casefolded
- ext4: fix slab-use-after-free in ext4_split_extent_at() (CVE-2024-49884)
- ext4: propagate errors from ext4_find_extent() in ext4_insert_range()
- ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible()
- ext4: dax: fix overflowing extents beyond inode size when partially
writing (CVE-2024-50015)
- ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space()
- ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free
- ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883)
- ext4: fix double brelse() the buffer of the extents path
- ext4: update orig_path in ext4_find_extent() (CVE-2024-49881)
- ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit()
- ext4: fix incorrect tid assumption in
jbd2_journal_shrink_checkpoint_list()
- ext4: fix fast commit inode enqueueing during a full journal commit
- ext4: use handle to mark fc as ineligible in __track_dentry_update()
- ext4: mark fc as ineligible using an handle in ext4_xattr_set()
- drm/rockchip: vop: clear DMA stop bit on RK3066
- of/irq: Support #msi-cells=<0> in of_msi_get_domain
- drm: omapdrm: Add missing check for alloc_ordered_workqueue
(CVE-2024-49879)
- resource: fix region_intersects() vs add_memory_driver_managed()
- jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns
error
- jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit
- mm: krealloc: consider spare memory for __GFP_ZERO
- ocfs2: fix the la space leak when unmounting an ocfs2 volume
- ocfs2: fix uninit-value in ocfs2_get_block()
- ocfs2: reserve space for inline xattr before attaching reflink tree
(CVE-2024-49958)
- ocfs2: cancel dqi_sync_work before freeing oinfo (CVE-2024-49966)
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks (CVE-2024-49965)
- ocfs2: fix null-ptr-deref when journal load failed. (CVE-2024-49957)
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
(CVE-2024-49877)
- exfat: fix memory leak in exfat_load_bitmap() (CVE-2024-50013)
- perf hist: Update hist symbol when updating maps
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds
- nfsd: map the EBADMSG to nfserr_io to avoid warning (CVE-2024-49875)
- NFSD: Fix NFSv4's PUTPUBFH operation
- aoe: fix the potential use-after-free problem in more places
(CVE-2024-49982)
- clk: rockchip: fix error for unknown clocks
- remoteproc: k3-r5: Fix error handling when power-up failed
- clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks
- media: sun4i_csi: Implement link validate for sun4i_csi subdev
- clk: qcom: gcc-sm8450: Do not turn off PCIe GDSCs during gdsc_disable()
- media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
- clk: qcom: clk-rpmh: Fix overflow in BCM vote
- clk: qcom: gcc-sm8150: De-register gcc_cpuss_ahb_clk_src
- media: venus: fix use after free bug in venus_remove due to race condition
(CVE-2024-49981)
- clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable()
- media: qcom: camss: Fix ordering of pm_runtime_enable
- clk: qcom: gcc-sc8180x: Fix the sdcc2 and sdcc4 clocks freq table
- clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL
- smb: client: use actual path when queryfs
- iio: magnetometer: ak8975: Fix reading for ak099xx sensors
- gso: fix udp gso fraglist segmentation after pull from frag_list
(CVE-2024-49978)
- tomoyo: fallback to realpath if symlink's pathname does not exist
(Closes: #
1082001)
- net: stmmac: Fix zero-division error when disabling tc cbs
(CVE-2024-49977)
- rtc: at91sam9: fix OF node leak in probe() error path
- Input: adp5589-keys - fix NULL pointer dereference (CVE-2024-49871)
- Input: adp5589-keys - fix adp5589_gpio_get_value()
- cachefiles: fix dentry leak in cachefiles_open_file() (CVE-2024-49870)
- ACPI: resource: Add Asus Vivobook X1704VAP to
irq1_level_low_skip_override[] (Closes: #
1078696)
- ACPI: resource: Add Asus ExpertBook B2502CVA to
irq1_level_low_skip_override[]
- btrfs: fix a NULL pointer dereference when failed to start a new
trasacntion (CVE-2024-49868)
- btrfs: send: fix invalid clone operation for file that got its size
decreased
- btrfs: wait for fixup workers before stopping cleaner kthread during
umount (CVE-2024-49867)
- gpio: davinci: fix lazy disable
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
(CVE-2024-8805)
- ceph: fix cap ref leak via netfs init_request
- tracing/hwlat: Fix a race during cpuhp processing
- tracing/timerlat: Fix a race during cpuhp processing (CVE-2024-49866)
- close_range(): fix the logics in descriptor table trimming
- [x86] drm/i915/gem: fix bitwise and logical AND mixup
- drm/sched: Add locking to drm_sched_entity_modify_sched
- drm/amd/display: Fix system hang while resume with TBT monitor
(CVE-2024-50003)
- cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock
(Closes: #
1076483)
- kconfig: qconf: fix buffer overflow in debug links
- i2c: create debugfs entry per adapter
- i2c: core: Lock address during client device instantiation
- i2c: xiic: Use devm_clk_get_enabled()
- i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled
- dt-bindings: clock: exynos7885: Fix duplicated binding
- spi: bcm63xx: Fix missing pm_runtime_disable()
- [arm64] Add Cortex-715 CPU part definition
- [arm64] cputype: Add Neoverse-N3 definitions
- [arm64] errata: Expand speculative SSBS workaround once more
- io_uring/net: harden multishot termination case for recv
- uprobes: fix kernel info leak via "[uprobes]" vma
- mm: z3fold: deprecate CONFIG_Z3FOLD
- drm/amd/display: Allow backlight to go below
`AMDGPU_DM_DEFAULT_MIN_BACKLIGHT`
- build-id: require program headers to be right after ELF header
- lib/buildid: harden build ID parsing logic
- docs/zh_CN: Update the translation of delay-accounting to 6.1-rc8
- delayacct: improve the average delay precision of getdelay tool to
microsecond
- sched: psi: fix bogus pressure spikes from aggregation race
- media: i2c: imx335: Enable regulator supplies
- media: imx335: Fix reset-gpio handling
- remoteproc: k3-r5: Acquire mailbox handle during probe routine
- remoteproc: k3-r5: Delay notification of wakeup event
- dt-bindings: clock: qcom: Add missing UFS QREF clocks
- dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x
- clk: samsung: exynos7885: do not define number of clocks in bindings
- clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings fix
- r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"
- r8169: add tally counter fields added with RTL8125 (CVE-2024-49973)
- clk: qcom: gcc-sc8180x: Add GPLL9 support
- ACPI: battery: Simplify battery hook locking
- ACPI: battery: Fix possible crash when unregistering a battery hook
(CVE-2024-49955)
- Revert "arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of
bindings"
- erofs: get rid of erofs_inode_datablocks()
- erofs: get rid of z_erofs_do_map_blocks() forward declaration
- erofs: avoid hardcoded blocksize for subpage block support
- erofs: set block size to the on-disk block size
- erofs: fix incorrect symlink detection in fast symlink
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (CVE-2024-49863)
- perf report: Fix segfault when 'sym' sort key is not used
- fsdax: dax_unshare_iter() should return a valid length
- fsdax: unshare: zero destination if srcmap is HOLE or UNWRITTEN
- unicode: Don't special case ignorable code points
- net: ethernet: cortina: Drop TSO support
- tracing: Remove precision vsnprintf() check from print event
- ALSA: hda/realtek: cs35l41: Fix order and duplicates in quirks table
- ALSA: hda/realtek: cs35l41: Fix device ID / model name
- drm/crtc: fix uninitialized variable use even harder
- tracing: Have saved_cmdlines arrays all in one allocation
- bootconfig: Fix the kerneldoc of _xbc_exit()
- perf lock: Dynamically allocate lockhash_table
- perf sched: Avoid large stack allocations
- perf sched: Move start_work_mutex and work_done_wait_mutex initialization
to perf_sched__replay()
- perf sched: Fix memory leak in perf_sched__map()
- perf sched: Move curr_thread initialization to perf_sched__map()
- perf sched: Move curr_pid and cpu_last_switched initialization to
perf_sched__{lat|map|replay}()
- libsubcmd: Don't free the usage string
- Bluetooth: Fix usage of __hci_cmd_sync_status
- virtio_console: fix misc probe bugs
- Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
- bpf: Check percpu map value size first
- [s390x] facility: Disable compile time optimization for decompressor code
- [s390x] mm: Add cond_resched() to cmm_alloc/free_pages()
- bpf, x64: Fix a jit convergence issue
- ext4: don't set SB_RDONLY after filesystem errors
- ext4: nested locking for xattr inode
- [s390x] cpum_sf: Remove WARN_ON_ONCE statements
- RDMA/mad: Improve handling of timed out WRs of mad agent
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
- RDMA/rtrs-srv: Avoid null pointer deref during path establishment
(CVE-2024-50062)
- clk: bcm: bcm53573: fix OF node leak in init
- PCI: Add ACS quirk for Qualcomm SA8775P
- i2c: i801: Use a different adapter-name for IDF adapters
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken
- io_uring: check if we need to reschedule during overflow flush
(CVE-2024-50060)
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in
switchtec_ntb_remove due to race condition (CVE-2024-50059)
- RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults
- media: videobuf2-core: clear memory related fields in
__vb2_plane_dmabuf_put()
- remoteproc: imx_rproc: Use imx specific hook for find_loaded_rsc_table
- clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D
- usb: chipidea: udc: enable suspend interrupt after usb reset
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the
Crashkernel Scenario
- comedi: ni_routing: tools: Check when the file could not be opened
- netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n
- virtio_pmem: Check device status before requesting flush
- tools/iio: Add memory allocation failure check for trigger_name
- staging: vme_user: added bound check to geoid
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus
attribute
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in
lpfc_els_flush_cmd()
- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV
instance
- drm/amd/display: Check null pointer before dereferencing se
(CVE-2024-50049)
- fbcon: Fix a NULL pointer dereference issue in fbcon_putcs
(CVE-2024-50048)
- fbdev: sisfb: Fix strbuf array overflow
- drm/rockchip: vop: limit maximum resolution to hardware capabilities
- drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066
- NFSD: Mark filecache "down" if init fails
- ice: fix VLAN replay after reset
- SUNRPC: Fix integer overflow in decode_rc_list()
- NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
(CVE-2024-50046)
- net: phy: dp83869: fix memory corruption when enabling fiber
- tcp: fix to allow timestamp undo if no retransmits were sent
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe
- netfilter: br_netfilter: fix panic with metadata_dst skb (CVE-2024-50045)
- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
(CVE-2024-50044)
- net: phy: bcm84881: Fix some error handling paths
- thermal: int340x: processor_thermal: Set feature mask before
proc_thermal_add
- thermal: intel: int340x: processor: Fix warning during module unload
- Revert "net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled"
- net: ethernet: adi: adin1110: Fix some error handling path in
adin1110_read_fifo()
- net: dsa: b53: fix jumbo frame mtu check
- net: dsa: b53: fix max MTU for 1g switches
- net: dsa: b53: fix max MTU for BCM5325/BCM5365
- net: dsa: b53: allow lower MTUs on BCM5325/5365
- net: dsa: b53: fix jumbo frames on 10/100 ports
- gpio: aspeed: Add the flush write to ensure the write complete.
- gpio: aspeed: Use devm_clk api to manage clock source
- ice: Fix netif_is_ice() in Safe Mode
- i40e: Fix macvlan leak by synchronizing access to mac_filter_hash
(CVE-2024-50041)
- igb: Do not bring the device up after non-fatal error (CVE-2024-50040)
- net/sched: accept TCA_STAB only for root qdisc (CVE-2024-50039)
- net: ibm: emac: mal: fix wrong goto
- btrfs: zoned: fix missing RCU locking in error message when loading zone
info
- sctp: ensure sk_state is set to CLOSED if hashing fails in
sctp_listen_start
- netfilter: xtables: avoid NFPROTO_UNSPEC where needed (CVE-2024-50038)
- netfilter: fib: check correct rtable in vrf setups
- net: ibm/emac: allocate dummy net_device dynamically
- net: ibm: emac: mal: add dcr_unmap to _remove
- rtnetlink: Add bulk registration helpers for rtnetlink message handlers.
- vxlan: Handle error of rtnl_register_module().
- mctp: Handle error of rtnl_register_module().
- ppp: fix ppp_async_encode() illegal access
- slip: make slhc_remember() more robust against malicious packets
- rust: macros: provide correct provenance when constructing THIS_MODULE
- HID: multitouch: Add support for lenovo Y9000P Touchpad
- net/mlx5: Always drain health in shutdown callback (CVE-2024-43866)
- wifi: mac80211: Avoid address calculations via out of bounds array
indexing (CVE-2024-41071)
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C
- hwmon: (adt7470) Add missing dependency on REGMAP_I2C
- Revert "net: ibm/emac: allocate dummy net_device dynamically"
- HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()
- HID: plantronics: Workaround for an unexcepted opposite volume key
- Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant"
- usb: dwc3: core: Stop processing of pending events if controller is halted
- usb: xhci: Fix problem with xhci resume from suspend
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip
- usb: gadget: core: force synchronous registration
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in
ish_fw_xfer_direct_dma
- drm/v3d: Stop the active perfmon before being destroyed (CVE-2024-50031)
- drm/vc4: Stop the active perfmon before being destroyed
- scsi: wd33c93: Don't use stale scsi_pointer value (CVE-2024-50026)
- mptcp: fallback when MPTCP opts are dropped after 1st data
- ata: libata: avoid superfluous disk spin down + spin up during hibernation
- net: explicitly clear the sk pointer, when pf->create fails
- net: Fix an unsafe loop on the list (CVE-2024-50024)
- net: dsa: lan9303: ensure chip reset and wait for READY status
- mptcp: handle consistently DSS corruption
- mptcp: pm: do not remove closing subflows
- device-dax: correct pgoff align in dax_set_mapping() (CVE-2024-50022)
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
- kthread: unpark only parked kthread (CVE-2024-50019)
- secretmem: disable memfd_secret() if arch cannot set direct map
- net: ethernet: cortina: Restore TSO support
- perf lock: Don't pass an ERR_PTR() directly to perf_session__delete()
- block, bfq: fix uaf for accessing waker_bfqq after splitting
(CVE-2024-49854)
- Revert "iommu/vt-d: Retrieve IOMMU perfmon capability information"
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.114
- btrfs: fix uninitialized pointer free in add_inode_ref() (CVE-2024-50088)
- btrfs: fix uninitialized pointer free on read_alloc_one_name() error
- ksmbd: fix user-after-free from session log off (CVE-2024-50086)
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2
- mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (CVE-2024-50085)
- udf: New directory iteration code
- udf: Convert udf_expand_dir_adinicb() to new directory iteration
- udf: Move udf_expand_dir_adinicb() to its callsite
- udf: Implement searching for directory entry using new iteration code
- udf: Provide function to mark entry as deleted using new directory
iteration code
- udf: Convert udf_rename() to new directory iteration code
- udf: Convert udf_readdir() to new directory iteration
- udf: Convert udf_lookup() to use new directory iteration code
- udf: Convert udf_get_parent() to new directory iteration code
- udf: Convert empty_dir() to new directory iteration code
- udf: Convert udf_rmdir() to new directory iteration code
- udf: Convert udf_unlink() to new directory iteration code
- udf: Implement adding of dir entries using new iteration code
- udf: Convert udf_add_nondir() to new directory iteration
- udf: Convert udf_mkdir() to new directory iteration code
- udf: Convert udf_link() to new directory iteration code
- udf: Remove old directory iteration code
- udf: Handle error when expanding directory
- udf: Don't return bh from udf_expand_dir_adinicb()
- net: enetc: remove xdp_drops statistic from enetc_xdp_drop()
- net: enetc: add missing static descriptor and inline keyword
- posix-clock: Fix missing timespec64 check in pc_clock_settime()
- [arm64] probes: Remove broken LDR (literal) uprobe support
- [arm64] probes: Fix simulate_ldr*_literal()
- net: macb: Avoid 20s boot delay by skipping MDIO bus registration for
fixed-link PHY
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1
- fat: fix uninitialized variable
- mm/swapfile: skip HugeTLB pages for unuse_vma
- devlink: drop the filter argument from devlinks_xa_find_get
- devlink: bump the instance index directly when iterating
- maple_tree: correct tree corruption on spanning store
- drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)
(CVE-2024-39497)
- [amd64] iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI
devices
- [s390x] sclp: Deactivate sclp after all its users
- [s390x] sclp_vt220: Convert newlines to CRLF instead of LFCR
- [s390x] KVM: s390: gaccess: Check if guest address is in memslot
- [s390x] KVM: s390: Change virtual to physical address access in diag 0x258
handler
- [x86] cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
- [x86] cpufeatures: Add a IBPB_NO_RET BUG flag
- [x86] entry: Have entry_ibpb() invalidate return predictions
- [x86] bugs: Skip RSB fill at VMEXIT
- [x86] bugs: Do not use UNTRAIN_RET with IBPB on entry
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
(CVE-2024-50082)
- io_uring/sqpoll: close race on waiting for sqring entries
- scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down
- drm/radeon: Fix encoder->possible_clones
- drm/vmwgfx: Handle surface check failure correctly
- drm/amdgpu/swsmu: Only force workload setup on init
- drm/amdgpu: prevent BO_HANDLES error from being overwritten
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig
- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
- iio: hid-sensors: Fix an error handling path in
_hid_sensor_set_report_latency()
- iio: light: veml6030: fix ALS sensor resolution
- iio: light: veml6030: fix IIO device retrieval from embedded device
- iio: light: opt3001: add missing full-scale range value
- iio: amplifiers:
ada4250: add missing select REGMAP_SPI in Kconfig
- iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in
Kconfig
- iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in
Kconfig
- Bluetooth: Call iso_exit() on module unload
- Bluetooth: Remove debugfs directory on module init failure
- Bluetooth: ISO: Fix multiple init when debugfs is disabled
(CVE-2024-50077)
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
- xhci: Fix incorrect stream context type macro
- xhci: Mitigate failed set dequeue pointer commands
- USB: serial: option: add support for Quectel EG916Q-GL
- USB: serial: option: add Telit FN920C04 MBIM compositions
- usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG
- parport: Proper fix for array out-of-bounds access (CVE-2024-50074)
- [x86] resctrl: Annotate get_mem_config() functions as __init
- [x86] apic: Always explicitly disarm TSC-deadline timer
- [x86] entry_32: Do not clobber user EFLAGS.ZF
- [x86] entry_32: Clear CPU buffers after register restore in NMI return
- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (CVE-2024-50073)
- pinctrl: ocelot: fix system hang on level based interrupts
- pinctrl: apple: check devm_kasprintf() returned value
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
- irqchip/sifive-plic: Unmask interrupt in plic_irq_enable()
- tcp: fix mptcp DSS corruption due to large pmtu xmit (CVE-2024-50083)
- mptcp: prevent MPC handshake on port-based signal endpoints
- nilfs2: propagate directory read errors from nilfs_find_entry()
- [powerpc*] 64: Add big-endian ELFv2 flavour to crypto VMX asm generation
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne
1000 G2
- udf: Allocate name buffer in directory iterator on heap
- udf: Avoid directory type conversion failure due to ENOMEM
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.115
- bpf: Use raw_spinlock_t in ringbuf
- iio: accel: bma400: Fix uninitialized variable field_value in tap event
handling.
- bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
- bpf: devmap: provide rxq after redirect
- bpf: Fix memory leak in bpf_core_apply
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure
- RDMA/bnxt_re: Add a check for memory allocation
- [x86] resctrl: Avoid overflow in MB settings in bw_validate()
- [armhf] dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
- [s390x] pci: Handle PCI error codes other than 0x3a
- bpf: fix kfunc btf caching for modules
- drm/vmwgfx: Handle possible ENOMEM in vmw_stdu_connector_atomic_check
- ALSA: hda/cs8409: Fix possible NULL dereference
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
- RDMA/irdma: Fix misspelling of "accept*"
- RDMA/srpt: Make slab cache names unique
- ipv4: give an IPv4 dev to blackhole_netdev
- RDMA/bnxt_re: Return more meaningful error
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
- [arm64] drm/msm/dpu: make sure phys resources are properly initialized
- [arm64] drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate
calculation
- [arm64] drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
- [arm64] drm/msm: Allocate memory for disp snapshot with kvzalloc()
- net: usb: usbnet: fix race in probe failure
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring
- macsec: don't increment counters for an unrelated SA
- netdevsim: use cond_resched() in nsim_dev_trap_report_work()
- net: ethernet: aeroflex: fix potential memory leak in
greth_start_xmit_gbit()
- net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid
- net: xilinx: axienet: fix potential memory leak in axienet_start_xmit()
- net: systemport: fix potential memory leak in bcm_sysport_xmit()
- [arm64] drm/msm/dpu: Wire up DSC mask for active CTL configuration
- [arm64] drm/msm/dpu: don't always program merge_3d block
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().
- genetlink: hold RCU in genlmsg_mcast()
- ravb: Remove setting of RX software timestamp
- net: ravb: Only advertise Rx/Tx timestamps if hardware supports it
- scsi: target: core: Fix null-ptr-deref in target_alloc_device()
- smb: client: fix OOBs when building SMB2_IOCTL request
- usb: typec: altmode should keep reference to parent
- [s390x] Initialize psw mask in perf_arch_fetch_caller_regs()
- Bluetooth: bnep: fix wild-memory-access in proto_unregister
- net/mlx5: Remove redundant cmdif revision check
- net/mlx5: split mlx5_cmd_init() to probe and reload routines
- net/mlx5: Fix command bitmask initialization
- net/mlx5: Unregister notifier on eswitch init failure
- bpf: Fix iter/task tid filtering
- [arm64] uprobe fix the uprobe SWBP_INSN in big-endian
- [arm64] probes: Fix uprobes for big-endian kernels
- usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant
- usb: gadget: f_uac2: fix non-newline-terminated function name
- usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store
- usb: gadget: Add function wakeup support
- XHCI: Separate PORT and CAPs macros into dedicated file
- [arm64,armhf] usb: dwc3: core: Fix system suspend on TI AM62 platforms
- tty/serial: Make ->dcd_change()+uart_handle_dcd_change() status bool
active
- serial: Make uart_handle_cts_change() status param bool active
- serial: imx: Update mctrl old_status on RTSD interrupt
- block, bfq: fix procress reference leakage for bfqq in merge chain
- exec: don't WARN for racy path_noexec check (CVE-2024-50010)
- fs/ntfs3: Add more attributes checks in mi_enum_attr() (CVE-2023-45896)
- [x86] drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape
with real VLA
- ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to
default regs values
- [arm64] ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit
- [arm64] Force position-independent veneers
- udf: refactor udf_current_aext() to handle error
- udf: fix uninit-value use in udf_get_fileshortad
- [x86] platform/x86: dell-sysman: add support for alienware products
- jfs: Fix sanity check in dbMount
- tracing: Consider the NULL character when validating the event length
- xfrm: extract dst lookup parameters into a struct
- xfrm: respect ip protocols rules criteria when performing dst lookups
- be2net: fix potential memory leak in be_xmit()
- net: plip: fix break; causing plip to never transmit
- [arm64,armhf] net: dsa: mv88e6xxx: Fix error when setting port policy on
mv88e6393x
- netfilter: xtables: fix typo causing some targets not to load on IPv6
- net: wwan: fix global oob in wwan_rtnl_policy
- docs: net: reformat driver.rst from a list to sections
- net: provide macros for commonly copied lockless queue stop/wake code
- net/sched: adjust device watchdog timer to detect stopped queue at right
time
- net: fix races in netdev_tx_sent_queue()/dev_watchdog()
- net: usb: usbnet: fix name regression
- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions
created by classifiers
- net: sched: fix use-after-free in taprio_change()
- r8169: avoid unsolicited interrupts
- posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
- Bluetooth: SCO: Fix UAF on sco_sock_timeout
- Bluetooth: ISO: Fix UAF on iso_sock_timeout
- bpf,perf: Fix perf_event_detach_bpf_prog error handling
- ASoC: dt-bindings: davinci-mcasp: Fix interrupts property
- ASoC: dt-bindings: davinci-mcasp: Fix interrupt properties
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
- powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request()
- ALSA: hda/realtek: Update default depop procedure
- cpufreq/cppc: Move and rename cppc_cpufreq_{perf_to_khz|khz_to_perf}()
- cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception
- btrfs: fix passing 0 to ERR_PTR in btrfs_search_dir_index_item()
- btrfs: zoned: fix zone unusable accounting for freed reserved extent
- drm/amd: Guard against bad data for ATIF ACPI method
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid
detection issue
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag
- openat2: explicitly return -E2BIG for (usize > PAGE_SIZE)
- [x86] KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
- [arm64] KVM: arm64: Don't eagerly teardown the vgic on init error
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
- xfrm: fix one more kernel-infoleak in algo dumping
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event
- drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too
- selinux: improve error checking in sel_write_load()
- serial: protect uart_port_dtr_rts() in uart_shutdown() too
(CVE-2024-50058)
- net: phy: dp83822: Fix reset pin definitions
- [arm64] ASoC: qcom: Fix NULL Dereference in
asoc_qcom_lpass_cpu_platform_probe()
- [x86] platform/x86: dell-wmi: Ignore suspend notifications
- ACPI: PRM: Clean up guid type in struct prm_handler_info
- [arm64] uprobes: change the uprobe_opcode_t typedef to fix the sparse
warning
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset
[ Salvatore Bonaccorso ]
* Bump ABI to 27
* d/config: Update with the help of kconfigeditor2
- mm: Enable Z3FOLD_DEPRECATED instead of Z3FOLD
[dgit import unpatched linux 6.1.115-1]
projects / linux.git / log