"HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup"
applied for CVE-2024-46747
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-46747
** Changed in: linux (Ubuntu Noble)
Status: In Progress => Fix Committed
--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2085849
Title:
Noble update: upstream stable patchset 2024-10-29
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Noble:
Fix Committed
Bug description:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
upstream stable patchset 2024-10-29
Ported from the following upstream stable releases:
v6.6.51, v6.10.10
from git://git.kernel.org/
net: microchip: vcap: Fix use-after-free error in kunit test
ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE
KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing
ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices
ALSA: hda/realtek: add patch for internal mic in Lenovo V145
ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
powerpc/qspinlock: Fix deadlock in MCS queue
ksmbd: unset the binding mark of a reused connection
ksmbd: Unlock on in ksmbd_tcp_set_interfaces()
ata: libata: Fix memory leak for error path in ata_host_alloc()
x86/tdx: Fix data leak in mmio_read()
perf/x86/intel: Limit the period on Haswell
irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init()
x86/kaslr: Expose and use the end of the physical memory address space
rtmutex: Drop rt_mutex::wait_lock before scheduling
nvme-pci: Add sleep quirk for Samsung 990 Evo
rust: types: Make Opaque::get const
rust: macros: provide correct provenance when constructing THIS_MODULE
Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE"
Bluetooth: MGMT: Ignore keys being loaded with invalid type
mmc: core: apply SD quirks earlier during probe
mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
mmc: sdhci-of-aspeed: fix module autoloading
mmc: cqhci: Fix checking of CQHCI_HALT state
fuse: update stats for pages in dropped aux writeback list
fuse: use unsigned type for getxattr/listxattr size truncation
fuse: fix memory leak in fuse_create_open
clk: starfive: jh7110-sys: Add notifier for PLL0 clock
clk: qcom: clk-alpha-pll: Fix the pll post div mask
clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API
can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y
mm: vmalloc: ensure vmap_block is initialised before adding to queue
spi: rockchip: Resolve unbalanced runtime PM / system PM handling
tracing/osnoise: Use a cpumask to know what threads are kthreads
tracing/timerlat: Only clear timer if a kthread exists
tracing: Avoid possible softlockup in tracing_iter_reset()
tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread()
userfaultfd: don't BUG_ON() if khugepaged yanks our page table
userfaultfd: fix checks for huge PMDs
fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF
eventfs: Use list_del_rcu() for SRCU protected list variable
net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
net: mctp-serial: Fix missing escapes on transmit
x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported
x86/apic: Make x2apic_disable() work correctly
tcp_bpf: fix return value of tcp_bpf_sendmsg()
ila: call nf_unregister_net_hooks() sooner
sched: sch_cake: fix bulk flow accounting logic for host fairness
nilfs2: fix missing cleanup on rollforward recovery error
nilfs2: protect references to superblock parameters exposed in sysfs
nilfs2: fix state management in error path of log writing function
drm/i915: Do not attempt to load the GSC multiple times
ALSA: control: Apply sanity check of input values for user elements
ALSA: hda: Add input value sanity checks to HDMI channel map controls
wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he()
wifi: ath12k: fix firmware crash due to invalid peer nss
smack: unix sockets: fix accept()ed socket label
bpf, verifier: Correct tail_call_reachable for bpf prog
ELF: fix kernel.randomize_va_space double read
accel/habanalabs/gaudi2: unsecure edma max outstanding register
irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1
af_unix: Remove put_pid()/put_cred() in copy_peercred().
x86/kmsan: Fix hook for unaligned accesses
iommu: sun50i: clear bypass register
netfilter: nf_conncount: fix wrong variable type
wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check
udf: Avoid excessive partition lengths
fs/ntfs3: One more reason to mark inode bad
riscv: kprobes: Use patch_text_nosync() for insn slots
media: vivid: fix wrong sizeimage value for mplane
leds: spi-byte: Call of_node_put() on error path
wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
usb: uas: set host status byte on data completion error
usb: gadget: aspeed_udc: validate endpoint index for ast udc
drm/amd/display: Run DC_LOG_DC after checking link->link_enc
drm/amd/display: Check HDCP returned status
drm/amdgpu: Fix smatch static checker warning
drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts
media: vivid: don't set HDMI TX controls if there are no HDMI outputs
vfio/spapr: Always clear TCEs before unsetting the window
ice: Check all ice_vsi_rebuild() errors in function
PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
Input: ili210x - use kvmalloc() to allocate buffer for firmware update
media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
pcmcia: Use resource_size function on resource object
drm/amd/display: Check denominator pbn_div before used
drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6
can: bcm: Remove proc entry when dev is unregistered.
can: m_can: Release irq on error in m_can_open
can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode
rust: kbuild: fix export of bss symbols
cifs: Fix FALLOC_FL_ZERO_RANGE to preflush buffered part of target region
igb: Fix not clearing TimeSync interrupts for 82580
ice: Add netif_device_attach/detach into PF reset flow
platform/x86: dell-smbios: Fix error path in dell_smbios_init()
regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR
can: kvaser_pciefd: Skip redundant NULL pointer check in ISR
can: kvaser_pciefd: Remove unnecessary comment
can: kvaser_pciefd: Rename board_irq to pci_irq
can: kvaser_pciefd: Move reset of DMA RX buffers to the end of the ISR
can: kvaser_pciefd: Use a single write when releasing RX buffers
Bluetooth: qca: If memdump doesn't work, re-enable IBS
Bluetooth: hci_sync: Introduce hci_cmd_sync_run/hci_cmd_sync_run_once
Bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT
igc: Unlock on error in igc_io_resume()
hwmon: (hp-wmi-sensors) Check if WMI event data exists
net: phy: Fix missing of_node_put() for leds
ice: protect XDP configuration with a mutex
ice: do not bring the VSI up, if it was down before the XDP setup
usbnet: modern method to get random MAC
bpf, net: Fix a potential race in do_sock_getsockopt()
bareudp: Fix device stats updates.
fou: Fix null-ptr-deref in GRO.
r8152: fix the firmware doesn't work
net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN
net: dsa: vsc73xx: fix possible subblocks range of CAPT block
selftests: net: enable bind tests
xen: privcmd: Fix possible access to a freed kirqfd instance
firmware: cs_dsp: Don't allow writes to read-only controls
phy: zynqmp: Take the phy mutex in xlate
ASoC: topology: Properly initialize soc_enum values
dm init: Handle minors larger than 255
iommu/vt-d: Handle volatile descriptor status read
cgroup: Protect css->cgroup write under css_set_lock
um: line: always fill *error_out in setup_one_line()
devres: Initialize an uninitialized struct member
pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
virtio_ring: fix KMSAN error for premapped mode
wifi: rtw88: usb: schedule rx work after everything is set up
scsi: ufs: core: Remove SCSI host only if added
scsi: pm80xx: Set phy->enable_completion only when we wait for it
crypto: qat - fix unintentional re-enabling of error interrupts
ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially broken alignment
libbpf: Add NULL checks to bpf_object__{prev_map,next_map}
drm/amdgpu: Set no_hw_access when VF request full GPU fails
ext4: fix possible tid_t sequence overflows
jbd2: avoid mount failed when commit block is partial submitted
dma-mapping: benchmark: Don't starve others when doing the test
wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
drm/amdgpu: reject gang submit on reserved VMIDs
smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu()
fs/ntfs3: Check more cases when directory is corrupted
btrfs: replace BUG_ON with ASSERT in walk_down_proc()
btrfs: clean up our handling of refs == 0 in snapshot delete
btrfs: replace BUG_ON() with error handling at update_ref_for_cow()
cxl/region: Verify target positions using the ordered target list
riscv: set trap vector earlier
PCI: Add missing bridge lock to pci_bus_lock()
tcp: Don't drop SYN+ACK for simultaneous connect().
Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()
net: dpaa: avoid on-stack arrays of NR_CPUS elements
LoongArch: Use correct API to map cmdline in relocate_kernel()
regmap: maple: work around gcc-14.1 false-positive warning
vfs: Fix potential circular locking through setxattr() and removexattr()
i3c: master: svc: resend target address when get NACK
i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup
kselftests: dmabuf-heaps: Ensure the driver name is null-terminated
spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware
btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry()
s390/vmlinux.lds.S: Move ro_after_init section behind rodata section
HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
HID: amd_sfh: free driver_data after destroying hid device
Input: uinput - reject requests with unreasonable number of slots
usbnet: ipheth: race between ipheth_close and error handling
Squashfs: sanity check symbolic link size
lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed
spi: spi-fsl-lpspi: limit PRESCALE bit in TCR register
ata: pata_macio: Use WARN instead of BUG
NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations
ACPI: CPPC: Add helper to get the highest performance value
cpufreq: amd-pstate: Enable amd-pstate preferred core support
cpufreq: amd-pstate: fix the highest frequency issue which limits performance
tcp: process the 3rd ACK with sk_socket for TFO/MPTCP
staging: iio: frequency: ad9834: Validate frequency parameter value
iio: buffer-dmaengine: fix releasing dma channel on error
iio: fix scale application in iio_convert_raw_to_processed_unlocked
iio: adc: ad7124: fix config comparison
iio: adc: ad7606: remove frstdata check for serial mode
iio: adc: ad7124: fix chip ID mismatch
usb: dwc3: core: update LC timer as per USB Spec V3.2
usb: cdns2: Fix controller reset issue
usb: dwc3: Avoid waking up gadget during startxfer
misc: fastrpc: Fix double free of 'buf' in error path
binder: fix UAF caused by offsets overwrite
nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc
uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX
clocksource/drivers/imx-tpm: Fix next event not taking effect sometime
clocksource/drivers/timer-of: Remove percpu irq related code
uprobes: Use kzalloc to allocate xol area
perf/aux: Fix AUX buffer serialization
Revert "mm: skip CMA pages when they are not available"
workqueue: wq_watchdog_touch is always called with valid CPU
workqueue: Improve scalability of workqueue watchdog touch
ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add()
ACPI: processor: Fix memory leaks in error paths of processor_add()
arm64: acpi: Move get_cpu_for_acpi_id() to a header
arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry
can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function
can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum
can: mcp251xfd: clarify the meaning of timestamp
can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd
drm/amd: Add gfx12 swizzle mode defs
drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes
ata: libata-scsi: Remove redundant sense_buffer memsets
ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf
crypto: starfive - Align rsa input data to 32-bit
crypto: starfive - Fix nent assignment in rsa dec
clk: qcom: ipq9574: Update the alpha PLL type for GPLLs
powerpc/64e: remove unused IBM HTW code
powerpc/64e: split out nohash Book3E 64-bit code
powerpc/64e: Define mmu_pte_psize static
powerpc/vdso: Don't discard rela sections
ASoC: tegra: Fix CBB error during probe()
nvmet-tcp: fix kernel crash if commands allocation fails
nvme-pci: allocate tagset on reset if necessary
ASoc: SOF: topology: Clear SOF link platform name upon unload
ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode
clk: qcom: gcc-sm8550: Don't use parking clk_ops for QUPs
clk: qcom: gcc-sm8550: Don't park the USB RCG at registration time
drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused
drm/i915/fence: Mark debug_fence_free() with __maybe_unused
gpio: rockchip: fix OF node leak in probe()
gpio: modepin: Enable module autoloading
riscv: Fix toolchain vector detection
riscv: Do not restrict memory size because of linear mapping on nommu
ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()
membarrier: riscv: Add full memory barrier in switch_mm()
UBUNTU: [Config] updateconfigs for ARCH_HAS_MEMBARRIER_CALLBACKS
x86/mm: Fix PTI for i386 some more
btrfs: fix race between direct IO write and fsync when using same fd
spi: spi-fsl-lpspi: Fix off-by-one in prescale max
ALSA: hda/realtek: Enable Mute Led for HP Victus 15-fb1xxx
ALSA: hda/realtek - Fix inactive headset mic jack for ASUS Vivobook 15 X1504VAP
fuse: clear PG_uptodate when using a stolen page
ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder
riscv: misaligned: remove CONFIG_RISCV_M_MODE specific code
riscv: misaligned: Restrict user access to kernel memory
parisc: Delay write-protection until mark_rodata_ro() call
pinctrl: qcom: x1e80100: Bypass PDC wakeup parent for now
maple_tree: remove rcu_read_lock() from mt_validate()
Revert "wifi: ath11k: restore country code during resume"
btrfs: qgroup: don't use extent changeset when not needed
btrfs: zoned: handle broken write pointer on zones
drm/xe/gsc: Do not attempt to load the GSC multiple times
drm/imagination: Free pvr_vm_gpuva after unlink
drm/amdgpu: always allocate cleared VRAM for GEM allocations
drm/amd/display: Lock DC and exit IPS when changing backlight
ALSA: hda/realtek: extend quirks for Clevo V5[46]0
drm/amd/display: Check UnboundedRequestEnabled's value
cgroup/cpuset: Delay setting of CS_CPU_EXCLUSIVE until valid partition
virt: sev-guest: Mark driver struct with __refdata to prevent section mismatch
media: b2c2: flexcop-usb: fix flexcop_usb_memory_req
gve: Add adminq mutex lock
wifi: rtw89: wow: prevent to send unexpected H2C during download Firmware
drm/amd/display: Validate function returns
drm/amdgpu: add missing error handling in function amdgpu_gmc_flush_gpu_tlb_pasid
crypto: qat - initialize user_input.lock for rate_limiting
locking: Add rwsem_assert_held() and rwsem_assert_held_write()
fs: don't copy to userspace under namespace semaphore
fs: relax permissions for statmount()
powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
seccomp: release task filters when the task exits
drm/amd/display: Check denominator crb_pipes before used
drm/amdgpu/display: handle gfx12 in amdgpu_dm_plane_format_mod_supported
can: m_can: Remove m_can_rx_peripheral indirection
can: m_can: Do not cancel timer from within timer
mm: Provide a means of invalidation without using launder_folio
cifs: Fix copy offload to flush destination region
hwmon: ltc2991: fix register bits defines
scripts: fix gfp-translate after ___GFP_*_BITS conversion to an enum
ptp: ocp: convert serial ports to array
ptp: ocp: adjust sysfs entries to expose tty information
ice: move netif_queue_set_napi to rtnl-protected sections
ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset
ice: remove ICE_CFG_BUSY locking from AF_XDP code
net: xilinx: axienet: Fix race in axienet_stop
iommu/vt-d: Remove control over Execute-Requested requests
block: don't call bio_uninit from bio_endio
scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
tracing/kprobes: Add symbol counting check when module loads
perf/x86/intel: Hide Topdown metrics events if the feature is not enumerated
PCI: qcom: Override NO_SNOOP attribute for SA8775P RC
staging: vchiq_core: Bubble up wait_event_interruptible() return value
iommufd: Require drivers to supply the cache_invalidate_user ops
bpf: Remove tst_run from lwt_seg6local_prog_ops.
watchdog: imx7ulp_wdt: keep already running watchdog enabled
btrfs: slightly loosen the requirement for qgroup removal
btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()
btrfs: handle errors from btrfs_dec_ref() properly
btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()
ethtool: fail closed if we can't get max channel used in indirection tables
drm/amdgpu: add PSP RAS address query command
drm/amdgpu: add mutex to protect ras shared memory
s390/boot: Do not assume the decompressor range is reserved
kunit/overflow: Fix UB in overflow_allocation_test
drm/amdgpu: Fix two reset triggered in a row
drm/amdgpu: Add reset_context flag for host FLR
drm/amdgpu: Fix amdgpu_device_reset_sriov retry logic
fs: only copy to userspace on success in listmount()
iio: adc: ad7124: fix DT configuration parsing
nvmem: u-boot-env: error if NVMEM device is too small
mm: zswap: rename is_zswap_enabled() to zswap_is_enabled()
mm/memcontrol: respect zswap.writeback setting from parent cg too
path: add cleanup helper
fs: simplify error handling
fs: relax permissions for listmount()
hid: bpf: add BPF_JIT dependency
net/mlx5e: SHAMPO, Use KSMs instead of KLMs
net/mlx5e: SHAMPO, Fix page leak
drm/xe/xe2: Add workaround 14021402888
drm/xe/xe2lpg: Extend workaround 14021402888
clk: qcom: gcc-x1e80100: Fix USB 0 and 1 PHY GDSC pwrsts flags
clk: qcom: gcc-x1e80100: Don't use parking clk_ops for QUPs
nouveau: fix the fwsec sb verification register.
riscv: Add tracepoints for SBI calls and returns
riscv: Improve sbi_ecall() code generation by reordering arguments
riscv: Fix RISCV_ALTERNATIVE_EARLY
cifs: Fix zero_point init on inode initialisation
nvme: rename nvme_sc_to_pr_err to nvme_status_to_pr_err
nvme: fix status magic numbers
nvme: rename CDR/MORE/DNR to NVME_STATUS_*
nvmet: Identify-Active Namespace ID List command should reject invalid nsid
drm/i915/display: Add mechanism to use sink model when applying quirk
drm/i915/display: Increase Fast Wake Sync length as a quirk
LoongArch: Use accessors to page table entries instead of direct dereference
UBUNTU: Upstream stable to v6.6.51, v6.10.10
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2085849/+subscriptions
Комментариев нет:
Отправить комментарий