From cd33946915d32175760e3764af765abfddc0f7d9 Mon Sep 17 00:00:00 2001 From: Luke Nowakowski-Krijger Date: Wed, 12 Jul 2023 14:22:27 -0700 Subject: [PATCH] UBUNTU: Ubuntu-6.2.0-27.28 Signed-off-by: Luke Nowakowski-Krijger --- debian.master/changelog | 779 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 774 insertions(+), 5 deletions(-) diff --git a/debian.master/changelog b/debian.master/changelog index 79fb39dacbdca..3cc832a70833c 100644 --- a/debian.master/changelog +++ b/debian.master/changelog @@ -1,10 +1,779 @@ -linux (6.2.0-27.28) UNRELEASED; urgency=medium +linux (6.2.0-27.28) lunar; urgency=medium - CHANGELOG: Do not edit directly. Autogenerated at release. - CHANGELOG: Use the printchanges target to see the curent changes. - CHANGELOG: Use the insertchanges target to create the final log. + * lunar/linux: 6.2.0-27.28 -proposed tracker (LP: #2026488) - -- Luke Nowakowski-Krijger Wed, 12 Jul 2023 14:07:40 -0700 + * Packaging resync (LP: #1786013) + - [Packaging] resync update-dkms-versions helper + - [Packaging] update annotations scripts + + * CVE-2023-2640 // CVE-2023-32629 + - Revert "UBUNTU: SAUCE: overlayfs: handle idmapped mounts in + ovl_do_(set|remove)xattr" + - Revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for + trusted.overlayfs.* xattrs" + - SAUCE: overlayfs: default to userxattr when mounted from non initial user + namespace + + * UNII-4 5.9G Band support request on 8852BE (LP: #2023952) + - wifi: rtw89: 8851b: add 8851B basic chip_info + - wifi: rtw89: introduce realtek ACPI DSM method + - wifi: rtw89: regd: judge UNII-4 according to BIOS and chip + - wifi: rtw89: support U-NII-4 channels on 5GHz band + + * Disable hv-kvp-daemon if /dev/vmbus/hv_kvp is not present (LP: #2024900) + - [Packaging] disable hv-kvp-daemon if needed + + * A deadlock issue in scsi rescan task while resuming from S3 (LP: #2018566) + - ata: libata-scsi: Avoid deadlock on rescan after device resume + + * [SRU] Intel Sapphire Rapids HBM support needs CONFIG_NUMA_EMU (LP: #2008745) + - [Config] Intel Sapphire Rapids HBM support needs CONFIG_NUMA_EMU + + * Lunar update: v6.2.15 upstream stable release (LP: #2025067) + - ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 + - ASoC: Intel: soc-acpi: add table for Intel 'Rooks County' NUC M15 + - ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm + - x86/hyperv: Block root partition functionality in a Confidential VM + - ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx + (8A22) + - iio: adc: palmas_gpadc: fix NULL dereference on rmmod + - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 + - ASoC: da7213.c: add missing pm_runtime_disable() + - net: wwan: t7xx: do not compile with -Werror + - wifi: mt76: mt7921: Fix use-after-free in fw features query. + - selftests mount: Fix mount_setattr_test builds failed + - scsi: mpi3mr: Handle soft reset in progress fault code (0xF002) + - net: sfp: add quirk enabling 2500Base-x for HG MXPD-483II + - platform/x86: thinkpad_acpi: Add missing T14s Gen1 type to s2idle quirk list + - wifi: ath11k: reduce the MHI timeout to 20s + - tracing: Error if a trace event has an array for a __field() + - asm-generic/io.h: suppress endianness warnings for readq() and writeq() + - asm-generic/io.h: suppress endianness warnings for relaxed accessors + - x86/cpu: Add model number for Intel Arrow Lake processor + - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset + - ASoC: amd: ps: update the acp clock source. + - arm64: Always load shadow stack pointer directly from the task struct + - arm64: Stash shadow stack pointer in the task struct on interrupt + - powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU + - PCI: kirin: Select REGMAP_MMIO + - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock + - PCI: qcom: Fix the incorrect register usage in v2.7.0 config + - bus: mhi: host: pci_generic: Revert "Add a secondary AT port to Telit FN990" + - phy: qcom-qmp-pcie: sc8180x PCIe PHY has 2 lanes + - IMA: allow/fix UML builds + - wifi: rtw88: usb: fix priority queue to endpoint mapping + - usb: gadget: udc: core: Invoke usb_gadget_connect only when started + - usb: gadget: udc: core: Prevent redundant calls to pullup + - usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive + - USB: dwc3: fix runtime pm imbalance on probe errors + - USB: dwc3: fix runtime pm imbalance on unbind + - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write + - hwmon: (adt7475) Use device_property APIs when configuring polarity + - tpm: Add !tpm_amd_is_rng_defective() to the hwrng_unregister() call site + - posix-cpu-timers: Implement the missing timer_wait_running callback + - media: ov8856: Do not check for for module version + - drm/vmwgfx: Fix Legacy Display Unit atomic drm support + - blk-stat: fix QUEUE_FLAG_STATS clear + - blk-mq: release crypto keyslot before reporting I/O complete + - blk-crypto: make blk_crypto_evict_key() return void + - blk-crypto: make blk_crypto_evict_key() more robust + - staging: iio: resolver: ads1210: fix config mode + - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH + - xhci: fix debugfs register accesses while suspended + - serial: fix TIOCSRS485 locking + - serial: 8250: Fix serial8250_tx_empty() race with DMA Tx + - serial: max310x: fix IO data corruption in batched operations + - tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem + - fs: fix sysctls.c built + - MIPS: fw: Allow firmware to pass a empty env + - ipmi:ssif: Add send_retries increment + - ipmi: fix SSIF not responding under certain cond. + - iio: addac: stx104: Fix race condition when converting analog-to-digital + - iio: addac: stx104: Fix race condition for stx104_write_raw() + - kheaders: Use array declaration instead of char + - wifi: mt76: add missing locking to protect against concurrent rx/status + calls + - wifi: rtw89: correct 5 MHz mask setting + - pwm: meson: Fix axg ao mux parents + - pwm: meson: Fix g12a ao clk81 name + - soundwire: qcom: correct setting ignore bit on v1.5.1 + - pinctrl: qcom: lpass-lpi: set output value before enabling output + - ring-buffer: Ensure proper resetting of atomic variables in + ring_buffer_reset_online_cpus + - ring-buffer: Sync IRQ works before buffer destruction + - crypto: api - Demote BUG_ON() in crypto_unregister_alg() to a WARN_ON() + - crypto: safexcel - Cleanup ring IRQ workqueues on load failure + - crypto: arm64/aes-neonbs - fix crash with CFI enabled + - crypto: testmgr - fix RNG performance in fuzz tests + - crypto: ccp - Don't initialize CCP for PSP 0x1649 + - rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe- + ed + - reiserfs: Add security prefix to xattr name in reiserfs_security_write() + - cpufreq: qcom-cpufreq-hw: fix double IO unmap and resource release on exit + - KVM: x86/pmu: Disallow legacy LBRs if architectural LBRs are available + - KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted + - KVM: arm64: Avoid vcpu->mutex v. kvm->lock inversion in CPU_ON + - KVM: arm64: Avoid lock inversion when setting the VM register width + - KVM: arm64: Use config_lock to protect data ordered against KVM_RUN + - KVM: arm64: Use config_lock to protect vgic state + - KVM: arm64: vgic: Don't acquire its_lock before config_lock + - relayfs: fix out-of-bounds access in relay_file_read + - drm/amd/display: Remove stutter only configurations + - drm/amd/display: limit timing for single dimm memory + - drm/amd/display: fix PSR-SU/DSC interoperability support + - drm/amd/display: fix a divided-by-zero error + - KVM: RISC-V: Retry fault if vma_lookup() results become invalid + - ksmbd: fix racy issue under cocurrent smb2 tree disconnect + - ksmbd: call rcu_barrier() in ksmbd_server_exit() + - ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem() + - ksmbd: fix memleak in session setup + - ksmbd: not allow guest user on multichannel + - ksmbd: fix deadlock in ksmbd_find_crypto_ctx() + - ACPI: video: Remove acpi_backlight=video quirk for Lenovo ThinkPad W530 + - i2c: omap: Fix standard mode false ACK readings + - riscv: mm: remove redundant parameter of create_fdt_early_page_table + - tracing: Fix permissions for the buffer_percent file + - drm/amd/pm: re-enable the gfx imu when smu resume + - iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE + - RISC-V: Align SBI probe implementation with spec + - Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path" + - ubifs: Fix memleak when insert_old_idx() failed + - ubi: Fix return value overwrite issue in try_write_vid_and_data() + - ubifs: Free memory for tmpfile name + - ubifs: Fix memory leak in do_rename + - ceph: fix potential use-after-free bug when trimming caps + - fs: dlm: fix DLM_IFL_CB_PENDING gets overwritten + - xfs: don't consider future format versions valid + - cxl/hdm: Fail upon detecting 0-sized decoders + - bus: mhi: host: Remove duplicate ee check for syserr + - bus: mhi: host: Use mhi_tryset_pm_state() for setting fw error state + - bus: mhi: host: Range check CHDBOFF and ERDBOFF + - ASoC: dt-bindings: qcom,lpass-rx-macro: correct minItems for clocks + - kunit: fix bug in the order of lines in debugfs logs + - rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check + - selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem + - selftests/resctrl: Move ->setup() call outside of test specific branches + - selftests/resctrl: Allow ->setup() to return errors + - selftests/resctrl: Check for return value after write_schemata() + - selinux: fix Makefile dependencies of flask.h + - selinux: ensure av_permissions.h is built when needed + - tpm, tpm_tis: Do not skip reset of original interrupt vector + - tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register + - tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed + - tpm, tpm_tis: Claim locality before writing interrupt registers + - tpm, tpm: Implement usage counter for locality + - tpm, tpm_tis: Claim locality when interrupts are reenabled on resume + - erofs: stop parsing non-compact HEAD index if clusterofs is invalid + - erofs: initialize packed inode after root inode is assigned + - erofs: fix potential overflow calculating xattr_isize + - drm/rockchip: Drop unbalanced obj unref + - drm/i915/dg2: Drop one PCI ID + - drm/vgem: add missing mutex_destroy + - drm/probe-helper: Cancel previous job before starting new one + - drm/amdgpu: register a vga_switcheroo client for MacBooks with apple-gmux + - tools/x86/kcpuid: Fix avx512bw and avx512lvl fields in Fn00000007 + - soc: ti: k3-ringacc: Add try_module_get() to k3_dmaring_request_dual_ring() + - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe + - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table + - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table + - arm64: dts: renesas: r9a07g044: Update IRQ numbers for SSI channels + - arm64: dts: renesas: r9a07g054: Update IRQ numbers for SSI channels + - arm64: dts: renesas: r9a07g043: Update IRQ numbers for SSI channels + - drm/mediatek: dp: Only trigger DRM HPD events if bridge is attached + - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release + shared resources + - EDAC/skx: Fix overflows on the DRAM row address mapping arrays + - ARM: dts: qcom-apq8064: Fix opp table child name + - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since + booted + - arm64: dts: ti: k3-am62-main: Fix GPIO numbers in DT + - arm64: dts: ti: k3-am62a7-sk: Fix DDR size to full 4GB + - arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property + - arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name + - arm64: dts: broadcom: bcmbca: bcm4908: fix LED nodenames + - arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename + - arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name + - arm64: dts: qcom: sc7280: fix EUD port properties + - arm64: dts: qcom: sdm845: correct dynamic power coefficients + - arm64: dts: qcom: sdm845: Fix the PCI I/O port range + - arm64: dts: qcom: msm8998: Fix the PCI I/O port range + - arm64: dts: qcom: sc7280: Fix the PCI I/O port range + - arm64: dts: qcom: ipq8074: Fix the PCI I/O port range + - arm64: dts: qcom: ipq6018: Add/remove some newlines + - arm64: dts: qcom: ipq6018: Fix the PCI I/O port range + - arm64: dts: qcom: msm8996: Fix the PCI I/O port range + - arm64: dts: qcom: sm8250: Fix the PCI I/O port range + - arm64: dts: qcom: sc8280xp: Fix the PCI I/O port range + - arm64: dts: qcom: sm8150: Fix the PCI I/O port range + - arm64: dts: qcom: sm8450: Fix the PCI I/O port range + - ARM: dts: qcom: ipq4019: Fix the PCI I/O port range + - ARM: dts: qcom: ipq8064: Fix the PCI I/O port range + - arm64: dts: qcom: msm8976: Add and provide xo clk to rpmcc + - ARM: dts: qcom: sdx55: Fix the unit address of PCIe EP node + - x86/MCE/AMD: Use an u64 for bank_map + - media: bdisp: Add missing check for create_workqueue + - media: platform: mtk-mdp3: Add missing check and free for ida_alloc + - media: amphion: decoder implement display delay enable + - media: av7110: prevent underflow in write_ts_to_decoder() + - firmware: qcom_scm: Clear download bit during reboot + - drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 + - media: max9286: Free control handler + - accel: Link to compute accelerator subsystem intro + - arm64: dts: ti: k3-am625: Correct L2 cache size to 512KB + - arm64: dts: ti: k3-am62a7: Correct L2 cache size to 512KB + - drm/msm/adreno: drop bogus pm_runtime_set_active() + - drm: msm: adreno: Disable preemption on Adreno 510 + - virt/coco/sev-guest: Double-buffer messages + - arm64: dts: qcom: sm8350-microsoft-surface: fix USB dual-role mode property + - drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known + override-init warnings + - ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 + - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data + - arm64: dts: qcom: sm8450: fix pcie1 gpios properties name + - drm: rcar-du: Fix a NULL vs IS_ERR() bug + - ARM: dts: gta04: fix excess dma channel usage + - firmware: arm_scmi: Fix xfers allocation on Rx channel + - perf/arm-cmn: Move overlapping wp_combine field + - perf/amlogic: Fix config1/config2 parsing issue + - ARM: dts: stm32: fix spi1 pin assignment on stm32mp15 + - arm64: dts: apple: t8103: Disable unused PCIe ports + - cpufreq: mediatek: fix passing zero to 'PTR_ERR' + - cpufreq: mediatek: fix KP caused by handler usage after + regulator_put/clk_put + - cpufreq: mediatek: raise proc/sram max voltage for MT8516 + - cpufreq: mediatek: Raise proc and sram max voltage for MT7622/7623 + - cpufreq: qcom-cpufreq-hw: Revert adding cpufreq qos + - arm64: dts: mediatek: mt8192-asurada: Fix voltage constraint for Vgpu + - ACPI: VIOT: Initialize the correct IOMMU fwspec + - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() + - drm/mediatek: dp: Change the aux retries times when receiving AUX_DEFER + - mailbox: mpfs: switch to txdone_poll + - soc: bcm: brcmstb: biuctrl: fix of_iomap leak + - soc: renesas: renesas-soc: Release 'chipid' from ioremap() + - gpu: host1x: Fix potential double free if IOMMU is disabled + - gpu: host1x: Fix memory leak of device names + - arm64: dts: qcom: sc7280-herobrine-villager: correct trackpad supply + - arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply + - arm64: dts: qcom: sc7180-trogdor-pazquel: correct trackpad supply + - arm64: dts: qcom: msm8998-oneplus-cheeseburger: revert "fix backlight pin + function" + - arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator + - arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 + regulator + - arm64: dts: qcom: apq8096-db820c: drop unit address from PMI8994 regulator + - drm/ttm/pool: Fix ttm_pool_alloc error path + - regulator: core: Consistently set mutex_owner when using + ww_mutex_lock_slow() + - regulator: core: Avoid lockdep reports when resolving supplies + - x86/apic: Fix atomic update of offset in reserve_eilvt_offset() + - soc: qcom: rpmh-rsc: Support RSC v3 minor versions + - arm64: dts: qcom: msm8994-angler: Fix cont_splash_mem mapping + - arm64: dts: qcom: msm8994-angler: removed clash with smem_region + - arm64: dts: sc7180: Rename qspi data12 as data23 + - arm64: dts: sc7280: Rename qspi data12 as data23 + - arm64: dts: sdm845: Rename qspi data12 as data23 + - media: mtk-jpeg: Fixes jpeghw multi-core judgement + - media: mtk-jpeg: Fixes jpeg enc&dec worker sw flow + - media: mediatek: vcodec: Use 4K frame size when supported by stateful + decoder + - media: mediatek: vcodec: Make MM21 the default capture format + - media: mediatek: vcodec: Force capture queue format to MM21 + - media: mediatek: vcodec: add params to record lat and core lat_buf count + - media: mediatek: vcodec: using each instance lat_buf count replace core + ready list + - media: mediatek: vcodec: move lat_buf to the top of core list + - media: mediatek: vcodec: add core decode done event + - media: mediatek: vcodec: remove unused lat_buf + - media: mediatek: vcodec: making sure queue_work successfully + - media: mediatek: vcodec: change lat thread decode error condition + - media: cedrus: fix use after free bug in cedrus_remove due to race condition + - media: rkvdec: fix use after free bug in rkvdec_remove + - platform/x86/amd/pmf: Move out of BIOS SMN pair for driver probe + - platform/x86/amd: pmc: Don't try to read SMU version on Picasso + - platform/x86/amd: pmc: Hide SMU version and program attributes for Picasso + - platform/x86/amd: pmc: Don't dump data after resume from s0i3 on picasso + - platform/x86/amd: pmc: Move idlemask check into `amd_pmc_idlemask_read` + - platform/x86/amd: pmc: Utilize SMN index 0 for driver probe + - platform/x86/amd: pmc: Move out of BIOS SMN pair for STB init + - media: dm1105: Fix use after free bug in dm1105_remove due to race condition + - media: saa7134: fix use after free bug in saa7134_finidev due to race + condition + - media: platform: mtk-mdp3: fix potential frame size overflow in + mdp_try_fmt_mplane() + - media: vsp1: Replace vb2_is_streaming() with vb2_start_streaming_called() + - platform: Provide a remove callback that returns no value + - media: rcar_fdp1: Convert to platform remove callback returning void + - media: rcar_fdp1: Fix refcount leak in probe and remove function + - media: v4l: async: Return async sub-devices to subnotifier list + - media: hi846: Fix memleak in hi846_init_controls() + - drm/amd/display: Fix potential null dereference + - media: rc: gpio-ir-recv: Fix support for wake-up + - media: venus: dec: Fix handling of the start cmd + - media: venus: dec: Fix capture formats enumeration order + - regulator: stm32-pwr: fix of_iomap leak + - x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() + - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step + - perf/arm-cmn: Fix port detection for CMN-700 + - media: mediatek: vcodec: fix decoder disable pm crash + - media: mediatek: vcodec: add remove function for decoder platform driver + - debugobject: Prevent init race with static objects + - drm/i915: Make intel_get_crtc_new_encoder() less oopsy + - tick/common: Align tick period with the HZ tick. + - ACPI: bus: Ensure that notify handlers are not running after removal + - cpufreq: use correct unit when verify cur freq + - rpmsg: glink: Propagate TX failures in intentless mode as well + - hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E + - platform/chrome: cros_typec_switch: Add missing fwnode_handle_put() + - wifi: ath6kl: minor fix for allocation size + - wifi: ath9k: hif_usb: fix memory leak of remain_skbs + - wifi: ath11k: Use platform_get_irq() to get the interrupt + - wifi: ath5k: Use platform_get_irq() to get the interrupt + - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() + - wifi: ath11k: fix SAC bug on peer addition with sta band migration + - wifi: rtl8xxxu: Remove always true condition in rtl8xxxu_print_chipinfo + - wifi: brcmfmac: support CQM RSSI notification with older firmware + - wifi: ath6kl: reduce WARN to dev_dbg() in callback + - tools: bpftool: Remove invalid \' json escape + - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() + - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() + - bpf: take into account liveness when propagating precision + - bpf: fix precision propagation verbose logging + - crypto: qat - fix concurrency issue when device state changes + - scm: fix MSG_CTRUNC setting condition for SO_PASSSEC + - wifi: ath11k: fix deinitialization of firmware resources + - selftests/bpf: Fix a fd leak in an error path in network_helpers.c + - bpf: Remove misleading spec_v1 check on var-offset stack read + - net: pcs: xpcs: remove double-read of link state when using AN + - vlan: partially enable SIOCSHWTSTAMP in container + - net/packet: annotate accesses to po->xmit + - net/packet: convert po->origdev to an atomic flag + - net/packet: convert po->auxdata to an atomic flag + - libbpf: Fix ld_imm64 copy logic for ksym in light skeleton. + - net: dsa: qca8k: remove assignment of an_enabled in pcs_get_state() + - netfilter: keep conntrack reference until IPsecv6 policy checks are done + - bpf: return long from bpf_map_ops funcs + - bpf: Fix __reg_bound_offset 64->32 var_off subreg propagation + - scsi: target: Move sess cmd counter to new struct + - scsi: target: Move cmd counter allocation + - scsi: target: Pass in cmd counter to use during cmd setup + - scsi: target: iscsit: isert: Alloc per conn cmd counter + - scsi: target: iscsit: Stop/wait on cmds during conn close + - scsi: target: Fix multiple LUN_RESET handling + - scsi: target: iscsit: Fix TAS handling during conn cleanup + - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS + - net: sunhme: Fix uninitialized return code + - f2fs: handle dqget error in f2fs_transfer_project_quota() + - f2fs: fix uninitialized skipped_gc_rwsem + - f2fs: apply zone capacity to all zone type + - f2fs: compress: fix to call f2fs_wait_on_page_writeback() in + f2fs_write_raw_pages() + - f2fs: fix scheduling while atomic in decompression path + - crypto: caam - Clear some memory in instantiate_rng + - crypto: sa2ul - Select CRYPTO_DES + - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() + - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() + - scsi: hisi_sas: Handle NCQ error when IPTT is valid + - wifi: rt2x00: Fix memory leak when handling surveys + - bpf: rename list_head -> graph_root in field info types + - bpf: Add __bpf_kfunc tag for marking kernel functions as kfuncs + - bpf: Migrate release_on_unlock logic to non-owning ref semantics + - bpf: Add basic bpf_rb_{root,node} support + - bpf: Add bpf_rbtree_{add,remove,first} kfuncs + - bpf: Add support for bpf_rb_root and bpf_rb_node in kfunc args + - bpf: Add callback validation to kfunc verifier logic + - bpf: factor out fetching basic kfunc metadata + - bpf: Fix struct_meta lookup for bpf_obj_free_fields kfunc call + - f2fs: fix iostat lock protection + - net: qrtr: correct types of trace event parameters + - selftests: xsk: Use correct UMEM size in testapp_invalid_desc + - selftests: xsk: Disable IPv6 on VETH1 + - selftests: xsk: Deflakify STATS_RX_DROPPED test + - selftests/bpf: Wait for receive in cg_storage_multi test + - bpftool: Fix bug for long instructions in program CFG dumps + - crypto: drbg - Only fail when jent is unavailable in FIPS mode + - xsk: Fix unaligned descriptor validation + - f2fs: fix to avoid use-after-free for cached IPU bio + - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table + - bpf/btf: Fix is_int_ptr() + - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() + - net: ethernet: stmmac: dwmac-rk: rework optional clock handling + - net: ethernet: stmmac: dwmac-rk: fix optional phy regulator handling + - wifi: ath11k: fix writing to unintended memory region + - bpf, sockmap: fix deadlocks in the sockhash and sockmap + - nvmet: fix error handling in nvmet_execute_identify_cns_cs_ns() + - nvmet: fix Identify Namespace handling + - nvmet: fix Identify Controller handling + - nvmet: fix Identify Active Namespace ID list handling + - nvmet: fix I/O Command Set specific Identify Controller + - nvme: fix async event trace event + - nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage" + - selftests/bpf: Use read_perf_max_sample_freq() in perf_event_stackmap + - selftests/bpf: Fix leaked bpf_link in get_stackid_cannot_attach + - blk-mq: don't plug for head insertions in blk_execute_rq_nowait + - wifi: iwlwifi: debug: fix crash in __iwl_err() + - wifi: iwlwifi: mvm: fix A-MSDU checks + - wifi: iwlwifi: trans: don't trigger d3 interrupt twice + - wifi: iwlwifi: mvm: don't set CHECKSUM_COMPLETE for unsupported protocols + - bpf, sockmap: Revert buggy deadlock fix in the sockhash and sockmap + - f2fs: fix to check return value of f2fs_do_truncate_blocks() + - f2fs: fix to check return value of inc_valid_block_count() + - md/raid10: fix task hung in raid10d + - md/raid10: fix leak of 'r10bio->remaining' for recovery + - md/raid10: fix memleak for 'conf->bio_split' + - md/raid10: fix memleak of md thread + - md/raid10: don't call bio_start_io_acct twice for bio which experienced read + error + - wifi: iwlwifi: mvm: don't drop unencrypted MCAST frames + - wifi: iwlwifi: yoyo: skip dump correctly on hw error + - wifi: iwlwifi: yoyo: Fix possible division by zero + - wifi: iwlwifi: mvm: initialize seq variable + - wifi: iwlwifi: fw: move memset before early return + - jdb2: Don't refuse invalidation of already invalidated buffers + - io_uring/rsrc: use nospec'ed indexes + - wifi: iwlwifi: make the loop for card preparation effective + - wifi: mt76: remove redundent MCU_UNI_CMD_* definitions + - wifi: mt76: mt7921: fix wrong command to set STA channel + - wifi: mt76: mt7921: fix PCI DMA hang after reboot + - wifi: mt76: mt7915: unlock on error in mt7915_thermal_temp_store() + - wifi: mt76: mt7996: fix radiotap bitfield + - wifi: mt76: mt7915: expose device tree match table + - wifi: mt76: mt7915: add error message in + mt7915_thermal_set_cur_throttle_state() + - wifi: mt76: mt7915: rework init flow in mt7915_thermal_init() + - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work + - wifi: mt76: mt7996: let non-bufferable MMPDUs use correct hw queue + - wifi: mt76: mt7996: fix pointer calculation in ie countdown event + - wifi: mt76: mt7996: fix eeprom tx path bitfields + - wifi: mt76: add flexible polling wait-interval support + - wifi: mt76: mt7921e: fix probe timeout after reboot + - wifi: mt76: fix 6GHz high channel not be scanned + - mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data + - wifi: mt76: mt7921: fix missing unwind goto in `mt7921u_probe` + - wifi: mt76: mt7921e: improve reliability of dma reset + - wifi: mt76: mt7921e: stop chip reset worker in unregister hook + - wifi: mt76: connac: fix txd multicast rate setting + - wifi: iwlwifi: mvm: check firmware response size + - netfilter: conntrack: restore IPS_CONFIRMED out of + nf_conntrack_hash_check_insert() + - wifi: mt76: mt7996: rely on mt76_connac_txp_common structure + - wifi: mt76: mt7996: fill txd by host driver + - netfilter: conntrack: fix wrong ct->timeout value + - wifi: iwlwifi: fw: fix memory leak in debugfs + - ixgbe: Allow flow hash to be set via ethtool + - ixgbe: Enable setting RSS table to default values + - net/mlx5e: Don't clone flow post action attributes second time + - net/mlx5: E-switch, Create per vport table based on devlink encap mode + - net/mlx5: E-switch, Don't destroy indirect table in split rule + - net/mlx5e: Fix error flow in representor failing to add vport rx rule + - net/mlx5: Remove "recovery" arg from mlx5_load_one() function + - net/mlx5: Suspend auxiliary devices only in case of PCI device suspend + - Revert "net/mlx5: Remove "recovery" arg from mlx5_load_one() function" + - net/mlx5: Use recovery timeout on sync reset flow + - net/mlx5e: Nullify table pointer when failing to create + - Revert "net/mlx5e: Don't use termination table when redundant" + - net: stmmac:fix system hang when setting up tag_8021q VLAN for DSA ports + - bpf: Fix race between btf_put and btf_idr walk. + - bpf: Don't EFAULT for getsockopt with optval=NULL + - netfilter: nf_tables: don't write table validation state without mutex + - net: dpaa: Fix uninitialized variable in dpaa_stop() + - net/sched: sch_fq: fix integer overflow of "credit" + - ipv4: Fix potential uninit variable access bug in __ip_make_skb() + - rxrpc: Fix error when reading rxrpc tokens + - Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to + unfinished work" + - netlink: Use copy_to_user() for optval in netlink_getsockopt(). + - net: amd: Fix link leak when verifying config failed + - tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. + - ipmi: ASPEED_BT_IPMI_BMC: select REGMAP_MMIO instead of depending on it + - ASoC: cs35l41: Only disable internal boost + - drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() + - drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() + - pstore: Revert pmsg_lock back to a normal mutex + - usb: host: xhci-rcar: remove leftover quirk handling + - usb: dwc3: gadget: Change condition for processing suspend event + - serial: stm32: Re-assert RTS/DE GPIO in RS485 mode only if more data are + transmitted + - fpga: bridge: fix kernel-doc parameter description + - iommufd/selftest: Catch overflow of uptr and length + - iio: light: max44009: add missing OF device matching + - serial: 8250_bcm7271: Fix arbitration handling + - spi: atmel-quadspi: Don't leak clk enable count in pm resume + - spi: atmel-quadspi: Free resources even if runtime resume failed in + .remove() + - spi: imx: Don't skip cleanup in remove's error path + - interconnect: qcom: drop obsolete OSM_L3/EPSS defines + - interconnect: qcom: osm-l3: drop unuserd header inclusion + - spi: f_ospi: Add missing spi_mem_default_supports_op() helper + - module/decompress: Never use kunmap() for local un-mappings + - usb: gadget: udc: renesas_usb3: Fix use after free bug in + renesas_usb3_remove due to race condition + - ASoC: soc-compress: Inherit atomicity from DAI link for Compress FE + - PCI: imx6: Install the fault handler only on compatible match + - ASoC: es8316: Handle optional IRQ assignment + - linux/vt_buffer.h: allow either builtin or modular for macros + - spi: qup: Don't skip cleanup in remove's error path + - interconnect: qcom: rpm: drop bogus pm domain attach + - spi: mchp-pci1xxxx: Fix length of SPI transactions not set properly in + driver + - spi: mchp-pci1xxxx: Fix SPI transactions not working after suspend and + resume + - spi: fsl-spi: Fix CPM/QE mode Litte Endian + - vmci_host: fix a race condition in vmci_host_poll() causing GPF + - of: Fix modalias string generation + - PCI/EDR: Clear Device Status after EDR error recovery + - ia64: mm/contig: fix section mismatch warning/error + - ia64: salinfo: placate defined-but-not-used warning + - scripts/gdb: bail early if there are no clocks + - scripts/gdb: bail early if there are no generic PD + - HID: amd_sfh: Correct the structure fields + - HID: amd_sfh: Correct the sensor enable and disable command + - HID: amd_sfh: Fix illuminance value + - HID: amd_sfh: Add support for shutdown operation + - HID: amd_sfh: Correct the stop all command + - HID: amd_sfh: Increase sensor command timeout for SFH1.1 + - HID: amd_sfh: Handle "no sensors" enabled for SFH1.1 + - cacheinfo: Check sib_leaf in cache_leaves_are_shared() + - coresight: etm_pmu: Set the module field + - drm/panel: novatek-nt35950: Improve error handling + - ASoC: fsl_mqs: move of_node_put() to the correct location + - PCI/PM: Extend D3hot delay for NVIDIA HDA controllers + - drm/panel: novatek-nt35950: Only unregister DSI1 if it exists + - spi: cadence-quadspi: fix suspend-resume implementations + - i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path + - i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path + - scripts/gdb: raise error with reduced debugging information + - uapi/linux/const.h: prefer ISO-friendly __typeof__ + - sh: sq: Fix incorrect element size for allocating bitmap buffer + - usb: gadget: tegra-xudc: Fix crash in vbus_draw + - usb: chipidea: fix missing goto in `ci_hdrc_probe` + - usb: mtu3: fix kernel panic at qmu transfer done irq handler + - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe + - tty: serial: fsl_lpuart: adjust buffer length to the intended size + - serial: 8250: Add missing wakeup event reporting + - spi: cadence-quadspi: use macro DEFINE_SIMPLE_DEV_PM_OPS + - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start + - spmi: Add a check for remove callback when removing a SPMI driver + - virtio_ring: don't update event idx on get_buf + - fbdev: mmp: Fix deferred clk handling in mmphw_probe() + - selftests/powerpc/pmu: Fix sample field check in the + mmcra_thresh_marked_sample_test + - macintosh/windfarm_smu_sat: Add missing of_node_put() + - powerpc/perf: Properly detect mpc7450 family + - powerpc/mpc512x: fix resource printk format warning + - powerpc/wii: fix resource printk format warnings + - powerpc/sysdev/tsi108: fix resource printk format warnings + - macintosh: via-pmu-led: requires ATA to be set + - powerpc/rtas: use memmove for potentially overlapping buffer copy + - sched/fair: Fix inaccurate tally of ttwu_move_affine + - perf/core: Fix hardlockup failure caused by perf throttle + - Revert "objtool: Support addition to set CFA base" + - riscv: Fix ptdump when KASAN is enabled + - sched/rt: Fix bad task migration for rt tasks + - rv: Fix addition on an uninitialized variable 'run' + - tracing/user_events: Ensure write index cannot be negative + - clk: at91: clk-sam9x60-pll: fix return value check + - IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init + - RDMA/siw: Fix potential page_array out of range access + - clk: mediatek: mt2712: Add error handling to clk_mt2712_apmixed_probe() + - clk: mediatek: Consistently use GATE_MTK() macro + - clk: mediatek: mt7622: Properly use CLK_IS_CRITICAL flag + - clk: mediatek: mt8135: Properly use CLK_IS_CRITICAL flag + - RDMA/rdmavt: Delete unnecessary NULL check + - clk: mediatek: clk-pllfh: fix missing of_node_put() in fhctl_parse_dt() + - clk: qcom: gcc-qcm2290: Fix up gcc_sdcc2_apps_clk_src + - workqueue: Fix hung time report of worker pools + - rtc: omap: include header for omap_rtc_power_off_program prototype + - RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() + - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time + - rtc: k3: handle errors while enabling wake irq + - RDMA/rxe: Replace exists by rxe in rxe.c + - RDMA/erdma: Use fixed hardware page size + - fs/ntfs3: Fix memory leak if ntfs_read_mft failed + - fs/ntfs3: Add check for kmemdup + - fs/ntfs3: Fix OOB read in indx_insert_into_buffer + - fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de() + - iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN + - RDMA/rxe: Remove tasklet call from rxe_cq.c + - power: supply: generic-adc-battery: fix unit scaling + - clk: add missing of_node_put() in "assigned-clocks" property parsing + - RDMA/siw: Remove namespace check from siw_netdev_event() + - clk: qcom: gcc-sm6115: Mark RCGs shared where applicable + - power: supply: rk817: Fix low SOC bugs + - RDMA/cm: Trace icm_send_rej event before the cm state is reset + - RDMA/srpt: Add a check for valid 'mad_agent' pointer + - IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order + - IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests + - clk: imx: fracn-gppll: fix the rate table + - clk: imx: fracn-gppll: disable hardware select control + - clk: imx: imx8ulp: Fix XBAR_DIVBUS and AD_SLOW clock parents + - NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease + - iommu/amd: Set page size bitmap during V2 domain allocation + - s390/checksum: always use cksm instruction + - clk: qcom: lpasscc-sc7280: Skip qdsp6ss clock registration + - clk: qcom: lpassaudiocc-sc7280: Add required gdsc power domain clks in + lpass_cc_sc7280_desc + - clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling + - clk: qcom: dispcc-qcm2290: get rid of test clock + - clk: qcom: dispcc-qcm2290: Remove inexistent DSI1PHY clk + - Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe + - swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup + - swiotlb: fix debugfs reporting of reserved memory pools + - RDMA/rxe: Convert tasklet args to queue pairs + - RDMA/rxe: Remove __rxe_do_task() + - RDMA/rxe: Fix the error "trying to register non-static key in + rxe_cleanup_task" + - RDMA/mlx5: Check pcie_relaxed_ordering_enabled() in UMR + - RDMA/mlx5: Fix flow counter query via DEVX + - SUNRPC: remove the maximum number of retries in call_bind_status + - RDMA/mlx5: Use correct device num_ports when modify DC + - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when + init fails + - openrisc: Properly store r31 to pt_regs on unhandled exceptions + - timekeeping: Fix references to nonexistent ktime_get_fast_ns() + - SMB3: Add missing locks to protect deferred close file list + - SMB3: Close deferred file handles in case of handle lease break + - ext4: fix i_disksize exceeding i_size problem in paritally written case + - ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline + - pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration + - pinctrl: renesas: r8a779f0: Fix tsn1_avtp_pps pin group + - pinctrl: renesas: r8a779g0: Fix Group 4/5 pin functions + - pinctrl: renesas: r8a779g0: Fix Group 6/7 pin functions + - pinctrl: renesas: r8a779g0: Fix ERROROUTC function names + - leds: TI_LMU_COMMON: select REGMAP instead of depending on it + - pinctrl: ralink: reintroduce ralink,rt2880-pinmux compatible string + - dmaengine: mv_xor_v2: Fix an error code. + - leds: tca6507: Fix error handling of using fwnode_property_read_string + - pwm: mtk-disp: Disable shadow registers before setting backlight values + - pwm: mtk-disp: Configure double buffering before reading in .get_state() + - soundwire: intel: don't save hw_params for use in prepare + - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and + ulpi_port + - phy: ti: j721e-wiz: Fix unreachable code in wiz_mode_select() + - dma: gpi: remove spurious unlock in gpi_ch_init + - dmaengine: dw-edma: Fix to change for continuous transfer + - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing + - dmaengine: at_xdmac: do not enable all cyclic channels + - pinctrl-bcm2835.c: fix race condition when setting gpio dir + - thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in + mtk_thermal_probe + - mfd: tqmx86: Do not access I2C_DETECT register through io_base + - mfd: tqmx86: Specify IO port register range more precisely + - mfd: tqmx86: Correct board names for TQMxE39x + - mfd: ocelot-spi: Fix unsupported bulk read + - mfd: arizona-spi: Add missing MODULE_DEVICE_TABLE + - hte: tegra: fix 'struct of_device_id' build error + - hte: tegra-194: Fix off by one in tegra_hte_map_to_line_id() + - ACPI: PM: Do not turn of unused power resources on the Toshiba Click Mini + - PM: hibernate: Turn snapshot_test into global variable + - PM: hibernate: Do not get block device exclusively in test_resume mode + - afs: Fix updating of i_size with dv jump from server + - afs: Fix getattr to report server i_size on dirs, not local size + - afs: Avoid endless loop if file is larger than expected + - parisc: Fix argument pointer in real64_call_asm() + - parisc: Ensure page alignment in flush functions + - ALSA: usb-audio: Add quirk for Pioneer DDJ-800 + - ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 + - ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED + - nilfs2: do not write dirty data after degenerating to read-only + - nilfs2: fix infinite loop in nilfs_mdt_get_block() + - mm: do not reclaim private data from pinned page + - drbd: correctly submit flush bio on barrier + - md/raid10: fix null-ptr-deref in raid10_sync_request + - md/raid5: Improve performance for sequential IO + - kasan: hw_tags: avoid invalid virt_to_page() + - mtd: core: provide unique name for nvmem device, take two + - mtd: core: fix nvmem error reporting + - mtd: core: fix error path for nvmem provider + - mtd: spi-nor: core: Update flash's current address mode when changing + address mode + - drivers: remoteproc: xilinx: Fix carveout names + - mailbox: zynqmp: Fix IPI isr handling + - kcsan: Avoid READ_ONCE() in read_instrumented_memory() + - mailbox: zynqmp: Fix typo in IPI documentation + - nfp: fix incorrect pointer deference when offloading IPsec with bonding + - wifi: rtl8xxxu: RTL8192EU always needs full init + - wifi: rtw88: rtw8821c: Fix rfe_option field width + - wifi: rtw89: fix potential race condition between napi_init and napi_enable + - clk: microchip: fix potential UAF in auxdev release callback + - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent + - scripts/gdb: fix lx-timerlist for Python3 + - btrfs: scrub: reject unsupported scrub flags + - s390/dasd: fix hanging blockdevice after request requeue + - ia64: fix an addr to taddr in huge_pte_offset() + - mm/mempolicy: correctly update prev when policy is equal on mbind + - vhost_vdpa: fix unmap process in no-batch mode + - dm verity: fix error handling for check_at_most_once on FEC + - dm clone: call kmem_cache_destroy() in dm_clone_init() error path + - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path + - dm flakey: fix a crash with invalid table line + - dm ioctl: fix nested locking in table_clear() to remove deadlock concern + - dm: don't lock fs when the map is NULL in process of resume + - blk-iocost: avoid 64-bit division in ioc_timer_fn + - cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname + - cifs: protect session status check in smb2_reconnect() + - cifs: fix sharing of DFS connections + - cifs: fix potential race when tree connecting ipc + - cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath + - thunderbolt: Use correct type in tb_port_is_clx_enabled() prototype + - perf auxtrace: Fix address filter entire kernel size + - perf intel-pt: Fix CYC timestamps after standalone CBR + - i40e: Remove unused i40e status codes + - i40e: Remove string printing for i40e_status + - i40e: use int for i40e_status + - debugobject: Ensure pool refill (again) + - Linux 6.2.15 + + * Lunar update: v6.2.14 upstream stable release (LP: #2025066) + - rust: arch/um: Disable FP/SIMD instruction to match x86 + - um: Only disable SSE on clang to work around old GCC bugs + - rcu/kvfree: Avoid freeing new kfree_rcu() memory after old grace period + - mm/mempolicy: fix use-after-free of VMA iterator + - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var + - gpiolib: acpi: Add a ignore wakeup quirk for Clevo NL5xNU + - bluetooth: Perform careful capability checks in hci_sock_ioctl() + - wifi: brcmfmac: add Cypress 43439 SDIO ids + - btrfs: fix uninitialized variable warnings + - USB: serial: option: add UNISOC vendor and TOZED LT70C product + - driver core: Don't require dynamic_debug for initcall_debug probe timing + - riscv: Move early dtb mapping into the fixmap region + - riscv: Do not set initial_boot_params to the linear address of the dtb + - riscv: No need to relocate the dtb as it lies in the fixmap region + - Linux 6.2.14 + + * CVE-2023-35001 + - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval + + * CVE-2023-31248 + - netfilter: nf_tables: do not ignore genmask when looking up chain by id + + * CVE-2023-3389 + - io_uring/poll: serialize poll linked timer start with poll removal + + * CVE-2023-3269 + - mm: introduce new 'lock_mm_and_find_vma()' page fault helper + - mm: make the page fault mmap locking killable + - arm64/mm: Convert to using lock_mm_and_find_vma() + - powerpc/mm: Convert to using lock_mm_and_find_vma() + - mips/mm: Convert to using lock_mm_and_find_vma() + - riscv/mm: Convert to using lock_mm_and_find_vma() + - arm/mm: Convert to using lock_mm_and_find_vma() + - mm/fault: convert remaining simple cases to lock_mm_and_find_vma() + - powerpc/mm: convert coprocessor fault to lock_mm_and_find_vma() + - mm: make find_extend_vma() fail if write lock not held + - execve: expand new process stack manually ahead of time + - mm: always expand the stack with the mmap write lock held + - [CONFIG]: Set CONFIG_LOCK_MM_AND_FIND_VMA + + * CVE-2023-3390 + - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE + + * CVE-2023-3141 + - memstick: r592: Fix UAF bug in r592_remove due to race condition + + * CVE-2023-3090 + - ipvlan:Fix out-of-bounds caused by unclear skb->cb + + -- Luke Nowakowski-Krijger Wed, 12 Jul 2023 14:22:27 -0700 linux (6.2.0-25.25) lunar; urgency=medium