[ Ubuntu: 4.15.0-237.248 ] * CVE-url: https://ubuntu.com/security/CVE-2024-26752 - l2tp: pass correct message length to ip6_append_data * CVE-url: https://ubuntu.com/security/CVE-2021-47188 - scsi: ufs: core: Improve SCSI abort handling * CVE-url: https://ubuntu.com/security/CVE-2024-26677 - rxrpc: Fix delayed ACKs to not set the reference serial number * CVE-url: https://ubuntu.com/security/CVE-2023-52527 - ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() * CVE-url: https://ubuntu.com/security/CVE-2024-43882 - exec: Fix ToCToU between perm check and set-uid/gid usage * CVE-url: https://ubuntu.com/security/CVE-2022-48943 - KVM: x86/mmu: make apf token non-zero to fix bug * CVE-url: https://ubuntu.com/security/CVE-2024-38630 - watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger * CVE-url: https://ubuntu.com/security/CVE-2024-44987 - ipv6: prevent UAF in ip6_send_skb() * CVE-url: https://ubuntu.com/security/CVE-2024-42285 - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs * CVE-url: https://ubuntu.com/security/CVE-2022-48733 - btrfs: fix use-after-free after failure to create a snapshot * CVE-url: https://ubuntu.com/security/CVE-2024-44940 - fou: remove warn in gue_gro_receive on unsupported protocol * CVE-url: https://ubuntu.com/security/CVE-2024-41059 - hfsplus: fix uninit-value in copy_name * CVE-url: https://ubuntu.com/security/CVE-2024-46673 - scsi: aacraid: Fix double-free on probe failure * CVE-url: https://ubuntu.com/security/CVE-2024-42313 - media: venus: fix use after free in vdec_close * CVE-url: https://ubuntu.com/security/CVE-2024-44999 - gtp: pull network headers in gtp_dev_xmit() * CVE-url: https://ubuntu.com/security/CVE-2024-42271 - net/iucv: fix use after free in iucv_sock_close() * CVE-url: https://ubuntu.com/security/CVE-2024-44942 - f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC * CVE-url: https://ubuntu.com/security/CVE-2024-43858 - jfs: Fix array-index-out-of-bounds in diFree * CVE-url: https://ubuntu.com/security/CVE-2024-41071 - wifi: mac80211: Avoid address calculations via out of bounds array indexing * CVE-url: https://ubuntu.com/security/CVE-2024-42301 - dev/parport: fix the array out-of-bounds risk * CVE-url: https://ubuntu.com/security/CVE-2024-46674 - usb: dwc3: st: fix probed platform device ref count on probe error path * CVE-url: https://ubuntu.com/security/CVE-2024-43900 - media: xc2028: avoid use-after-free in load_firmware_cb() * CVE-url: https://ubuntu.com/security/CVE-2024-42284 - tipc: Return non-zero value from tipc_udp_addr2str() on error * CVE-url: https://ubuntu.com/security/CVE-2024-44998 - atm: idt77252: prevent use after free in dequeue_rx() * CVE-url: https://ubuntu.com/security/CVE-2024-42280 - mISDN: Fix a use after free in hfcmulti_tx() * CVE-url: https://ubuntu.com/security/CVE-2024-39503 - netns: add pre_exit method to struct pernet_operations - netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type * CVE-url: https://ubuntu.com/security/CVE-2024-39499 - vmci: prevent speculation leaks by sanitizing event in event_deliver() * CVE-url: https://ubuntu.com/security/CVE-2024-40988 - drm/radeon: fix UBSAN warning in kv_dpm.c * CVE-url: https://ubuntu.com/security/CVE-2024-40916 - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found * CVE-url: https://ubuntu.com/security/CVE-2024-40904 - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages * CVE-url: https://ubuntu.com/security/CVE-2024-39506 - liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet * CVE-url: https://ubuntu.com/security/CVE-2024-42106 - inet_diag: Initialize pad field in struct inet_diag_req_v2 * CVE-url: https://ubuntu.com/security/CVE-2024-42145 - IB/core: Implement a limit on UMAD receive List * CVE-url: https://ubuntu.com/security/CVE-2024-40945 - iommu: Return right value in iommu_sva_bind_device() * CVE-url: https://ubuntu.com/security/CVE-2024-40932 - drm/exynos/vidi: fix memory leak in .get_modes() * CVE-url: https://ubuntu.com/security/CVE-2024-41006 - netrom: Fix a memory leak in nr_heartbeat_expiry() * CVE-url: https://ubuntu.com/security/CVE-2024-40943 - ocfs2: fix races between hole punching and AIO+DIO * CVE-url: https://ubuntu.com/security/CVE-2024-36894 - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete * CVE-url: https://ubuntu.com/security/CVE-2024-42124 - scsi: qedf: Make qedf_execute_tmf() non-preemptible * CVE-url: https://ubuntu.com/security/CVE-2024-42115 - jffs2: Fix potential illegal address access in jffs2_free_inode * CVE-url: https://ubuntu.com/security/CVE-2024-41035 - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor * CVE-url: https://ubuntu.com/security/CVE-2024-41097 - usb: atm: cxacru: fix endpoint checking in cxacru_bind() * CVE-url: https://ubuntu.com/security/CVE-2024-42119 - drm/amd/display: Skip finding free audio for unknown engine_id * CVE-url: https://ubuntu.com/security/CVE-2024-39501 - drivers: core: synchronize really_probe() and dev_uevent() * CVE-url: https://ubuntu.com/security/CVE-2024-42105 - nilfs2: fix inode number range checks * CVE-url: https://ubuntu.com/security/CVE-2024-40984 - ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." * CVE-url: https://ubuntu.com/security/CVE-2024-40987 - drm/amdgpu: fix UBSAN warning in kv_dpm.c * CVE-url: https://ubuntu.com/security/CVE-2024-42097 - ALSA: emux: improve patch ioctl data validation * CVE-url: https://ubuntu.com/security/CVE-2024-42090 - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER * CVE-url: https://ubuntu.com/security/CVE-2024-40942 - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects * CVE-url: https://ubuntu.com/security/CVE-2024-40981 - batman-adv: bypass empty buckets in batadv_purge_orig_ref() * CVE-url: https://ubuntu.com/security/CVE-2024-40959 - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() * CVE-url: https://ubuntu.com/security/CVE-2024-42089 - ASoC: fsl-asoc-card: set priv->pdev before using it * CVE-url: https://ubuntu.com/security/CVE-2024-40901 - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory * CVE-url: https://ubuntu.com/security/CVE-2024-42101 - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes * CVE-url: https://ubuntu.com/security/CVE-2024-40980 - drop_monitor: replace spin_lock by raw_spin_lock * CVE-url: https://ubuntu.com/security/CVE-2024-42084 - ftruncate: pass a signed offset * CVE-url: https://ubuntu.com/security/CVE-2024-39509 - HID: core: remove unnecessary WARN_ON() in implement() * CVE-url: https://ubuntu.com/security/CVE-2024-42096 - x86: stop playing stack games in profile_pc() * CVE-url: https://ubuntu.com/security/CVE-2024-38619 - usb-storage: alauda: Check whether the media is initialized * CVE-url: https://ubuntu.com/security/CVE-2024-42102 - Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" - mm: avoid overflows in dirty throttling logic * CVE-url: https://ubuntu.com/security/CVE-2024-41044 - ppp: reject claimed-as-LCP but actually malformed packets * CVE-url: https://ubuntu.com/security/CVE-2024-40978 - scsi: qedi: Fix crash while reading debugfs attribute * CVE-url: https://ubuntu.com/security/CVE-2024-40941 - wifi: iwlwifi: mvm: don't read past the mfuart notifcation * CVE-url: https://ubuntu.com/security/CVE-2024-40905 - ipv6: fix possible race in __fib6_drop_pcpu_from() * CVE-url: https://ubuntu.com/security/CVE-2023-52803 - SUNRPC: Fix RPC client cleaned up the freed pipefs dentries * CVE-url: https://ubuntu.com/security/CVE-2024-42104 - nilfs2: add missing check for inode numbers on directory entries * CVE-url: https://ubuntu.com/security/CVE-2024-42148 - bnx2x: Fix multiple UBSAN array-index-out-of-bounds * CVE-url: https://ubuntu.com/security/CVE-2024-42094 - net/iucv: Avoid explicit cpumask var allocation on stack * CVE-url: https://ubuntu.com/security/CVE-2024-41046 - net: ethernet: lantiq_etop: fix double free in detach * CVE-url: https://ubuntu.com/security/CVE-2024-38538 - net: bridge: xmit: make sure we have at least eth header len bytes * CVE-url: https://ubuntu.com/security/CVE-2024-26830 - i40e: Fix permission check for VF MAC filters - i40e: Fix MAC address setting for a VF via Host/VM - i40e: Do not allow untrusted VF to remove administratively set MAC * CVE-url: https://ubuntu.com/security/CVE-2023-52885 - SUNRPC: Fix UAF in svc_tcp_listen_data_ready() * CVE-url: https://ubuntu.com/security/CVE-2023-52629 - sh: push-switch: Reorder cleanup operations to avoid use-after-free bug * Miscellaneous upstream changes - fixup! scsi: qla2xxx: Fix double free of fcport