Back to linux PTS page

Accepted linux 4.19.282-1 (source) into oldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 29 Apr 2023 22:07:39 +0200
Source: linux
Architecture: source
Version: 4.19.282-1
Distribution: buster-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <benh@debian.org>
Closes: 825141
Changes:
 linux (4.19.282-1) buster-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.270
     - mm/khugepaged: fix GUP-fast interaction by sending IPI
     - mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
     - block: unhash blkdev part inode when the part is deleted
     - nfp: fix use-after-free in area_cache_get() (CVE-2022-3545)
     - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
     - can: sja1000: fix size of OCR_MODE_MASK define
     - can: mcba_usb: Fix termination command argument
     - ASoC: ops: Correct bounds check for second channel on SX controls
     - udf: Discard preallocation before extending file with a hole
     - udf: Fix preallocation discarding at indirect extent boundary
     - udf: Do not bother looking for prealloc extents if i_lenExtents matches
       i_size
     - udf: Fix extending file within last block
     - usb: gadget: uvc: Prevent buffer overflow in setup handler
     - USB: serial: option: add Quectel EM05-G modem
     - USB: serial: cp210x: add Kamstrup RF sniffer PIDs
     - USB: serial: f81534: fix division by zero on line-speed change
     - igb: Initialize mailbox message for VF reset
     - Bluetooth: L2CAP: Fix u8 overflow (CVE-2022-45934)
     - net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
     - [arm*] usb: musb: remove extra check in musb_gadget_vbus_draw
     - [armhf] soc: ti: smartreflex: Fix PM disable depth imbalance in
       omap_sr_probe
     - [armhf] dts: dove: Fix assigned-addresses for every PCIe Root Port
     - [armhf] dts: armada-370: Fix assigned-addresses for every PCIe Root Port
     - [armhf] dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
     - [armhf] dts: armada-375: Fix assigned-addresses for every PCIe Root Port
     - [armhf] dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
     - [armhf] dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
     - [armhf] dts: turris-omnia: Add ethernet aliases
     - [armhf] dts: turris-omnia: Add switch port 6 node
     - pstore/ram: Fix error return code in ramoops_probe()
     - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
     - [x86] tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
     - [arm64] cpuidle: dt: Return the correct numbers of parsed idle states
     - fs: don't audit the capability check in simple_xattr_list()
     - selftests/ftrace: event_triggers: wait longer for test_event_enable
     - perf: Fix possible memleak in pmu_dev_alloc()
     - timerqueue: Use rb_entry_safe() in timerqueue_getnext()
     - ocfs2: fix memory leak in ocfs2_stack_glue_init()
     - PNP: fix name memory leak in pnp_alloc_dev()
     - [x86] perf/x86/intel/uncore: Fix reference count leak in
       hswep_has_limit_sbox() (regression in 4.19.189)
     - [x86] cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()
     - lib/notifier-error-inject: fix error when writing -errno to debugfs file
     - debugfs: fix error when writing negative value to atomic_t debugfs file
       (regression in 4.19.160)
     - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
     - [x86] uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
     - [x86] xen/events: only register debug interrupt for 2-level events
     - [x86] xen: Fix memory leak in xen_smp_intr_init{_pv}()
     - [x86] xen: Fix memory leak in xen_init_lock_cpu()
     - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
     - PM: runtime: Improve path in rpm_idle() when no callback
     - PM: runtime: Do not call __rpm_callback() from rpm_idle()
     - [x86] platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
     - fs: sysv: Fix sysv_nblocks() returns wrong value
     - relay: fix type mismatch when allocating memory in relay_create_buf()
     - hfs: Fix OOB Write in hfs_asc2mac
     - wifi: ath9k: hif_usb: fix memory leak of urbs in
       ath9k_hif_usb_dealloc_tx_urbs() (regression in 4.19.154)
     - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
     - wifi: rtl8xxxu: Fix reading the vendor of combo chips
     - can: kvaser_usb: do not increase tx statistics when sending error message
       frames
     - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
     - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to
       {leaf,usbcan}_cmd_can_error_event
     - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
     - can: kvaser_usb_leaf: Set Warning state even without bus errors
     - can: kvaser_usb_leaf: Fix improved state not being reported
     - can: kvaser_usb_leaf: Fix wrong CAN state after stopping
     - can: kvaser_usb_leaf: Fix bogus restart events
     - can: kvaser_usb: Add struct kvaser_usb_busparams
     - can: kvaser_usb: Compare requested bittiming parameters with actual
       parameters in do_set_{,data}_bittiming
     - media: vivid: fix compose size exceed boundary
     - mtd: Fix device name leak when register device failed in add_mtd_device()
     - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port
     - drm/radeon: Add the missed acpi_put_table() to fix memory leak
     - regulator: core: fix unbalanced of node refcount in
       regulator_dev_lookup()
     - wifi: ath10k: Fix return value in ath10k_pci_init()
     - [arm64] Input: elants_i2c - properly handle the reset GPIO when power is
       off
     - media: solo6x10: fix possible memory leak in solo_sysfs_init()
     - HID: hid-sensor-custom: set fixed size for custom attributes
     - bonding: Export skip slave logic to function
     - media: imon: fix a race condition in send_packet()
     - pinctrl: pinconf-generic: add missing of_node_put()
     - media: dvb-core: Fix ignored return value in dvb_register_frontend()
     - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
       (CVE-2023-28328)
     - [arm*] drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe()
     - NFSv4.2: Fix a memory stomp in decode_attr_security_label
     - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
     - [x86] ALSA: asihpi: fix missing pci_disable_device()
     - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
     - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
     - wifi: cfg80211: Fix not unregister reg_pdev when
       load_builtin_regdb_keys() fails
     - regulator: core: fix module refcount leak in set_supply()
     - media: saa7164: fix missing pci_disable_device()
     - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
     - SUNRPC: Fix missing release socket in rpc_sockname()
     - NFSv4.x: Fail client initialisation if state manager thread can't run
     - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
     - mmc: toshsd: fix return value check of mmc_add_host()
     - mmc: vub300: fix return value check of mmc_add_host()
     - [armhf] mmc: wmt-sdmmc: fix return value check of mmc_add_host()
     - [arm64] mmc: meson-gx: fix return value check of mmc_add_host()
     - mmc: via-sdmmc: fix return value check of mmc_add_host()
     - [x86] mmc: wbsd: fix return value check of mmc_add_host()
     - [arm*] mmc: mmci: fix return value check of mmc_add_host()
     - [armhf] clk: samsung: Fix memory leak in _samsung_clk_register_pll()
     - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
     - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
     - blktrace: Fix output non-blktrace event when blk_classic option enabled
     - [armhf] clk: socfpga: use clk_hw_register for a5/c5
     - [x86] net: vmw_vsock: vmci: Check memcpy_from_msg()
     - net: defxx: Fix missing err handling in dfx_init()
     - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
     - ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
     - [x86] net: farsync: Fix kmemleak when rmmods farsync
     - net/tunnel: wait until all sk_user_data reader finish before releasing
       the sock
     - [i386] hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
     - [i386] net: amd: lance: don't call dev_kfree_skb() under
       spin_lock_irqsave()
     - [amd64,arm64] net: amd-xgbe: Fix logic around active and passive cables
     - [amd64,arm64] net: amd-xgbe: Check only the minimum speed for active/
       passive cables
     - Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
     - Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
     - Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
     - [x86] Bluetooth: hci_bcsp: don't call kfree_skb() under
       spin_lock_irqsave()
     - Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
     - Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
       (regression in 4.19.254)
     - [arm*] stmmac: fix potential division by 0 (regression in 4.19.122)
     - apparmor: fix a memleak in multi_transaction_new()
     - apparmor: fix lockdep warning when removing a namespace
     - apparmor: Fix abi check to include v8 abi
     - f2fs: fix normal discard process
     - RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port
     - [x86] scsi: scsi_debug: Fix a warning in resp_write_scat()
     - PCI: Check for alloc failure in pci_request_irq()
     - [amd64] RDMA/hfi: Decrease PCI device reference count in error path
     - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create
       failed
     - scsi: hpsa: use local workqueues instead of system workqueues
     - scsi: hpsa: Fix possible memory leak in hpsa_init_one()
     - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
     - scsi: hpsa: Fix error handling in hpsa_add_sas_host()
     - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
     - scsi: fcoe: Fix possible name leak when device_register() fails
     - [x86] scsi: ipr: Fix WARNING in ipr_init()
     - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
     - scsi: snic: Fix possible UAF in snic_tgt_create()
     - [amd64] RDMA/hfi1: Fix error return code in parse_platform_config()
     - orangefs: Fix sysfs not cleanup when dev init failed
     - [x86] hwrng: amd - Fix PCI device refcount leak
     - [i386] hwrng: geode - Fix PCI device refcount leak
     - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
     - [arm*] serial: tegra: avoid reg access when clk disabled
     - [arm*] serial: tegra: check for FIFO mode enabled status
     - [arm*] serial: tegra: set maximum num of uart ports to 8
     - [arm*] serial: tegra: add support to use 8 bytes trigger
     - [arm*] serial: tegra: add support to adjust baud rate
     - [arm*] serial: tegra: report clk rate errors
     - [arm*] serial: tegra: Add PIO mode support
     - [arm*] tty: serial: tegra: Activate RX DMA transfer by request
     - [arm*] serial: tegra: Read DMA status before terminating
     - [x86] usb: typec: Check for ops->exit instead of ops->enter in
       altmode_exit
     - [arm*] serial: amba-pl011: avoid SBSA UART accessing DMACR register
     - [arm*] serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
       (regression in 4.19.253)
     - [i386] serial: pch: Fix PCI device refcount leak in pch_request_dma()
     - [x86] misc: sgi-gru: fix use-after-free error in gru_set_context_option,
       gru_fault and gru_handle_user_call_os (CVE-2022-3424)
     - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
     - usb: gadget: f_hid: optional SETUP/SET_REPORT mode
     - usb: gadget: f_hid: fix f_hidg lifetime vs cdev
     - usb: gadget: f_hid: fix refcount leak on error path
     - chardev: fix error handling in cdev_device_add()
     - [i386] i2c: pxa-pci: fix missing pci_disable_device() on error in
       ce4100_i2c_probe
     - [x86] staging: rtl8192u: Fix use after free in ieee80211_rx()
     - [x86] staging: rtl8192e: Fix potential use-after-free in
       rtllib_rx_Monitor()
     - [x86] i2c: ismt: Fix an out-of-bounds bug in ismt_access()
       (CVE-2022-2873)
     - usb: storage: Add check for kcalloc
     - tracing/hist: Fix issue of losting command info in error_log
     - [x86] fbdev: pm2fb: fix missing pci_disable_device()
     - [x86] fbdev: via: Fix error in via_core_init()
     - [x86] fbdev: vermilion: decrease reference count in error path
     - [x86] fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
     - [armhf] HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
     - [armhf] HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
     - power: supply: fix residue sysfs file in error handle route of
       __power_supply_register()
     - perf symbol: correction while adjusting symbol (regression in 4.19.255)
     - [armhf] HSI: omap_ssi_core: Fix error handling in ssi_init()
     - include/uapi/linux/swab: Fix potentially missing __always_inline
     - [armhf] rtc: snvs: Allow a time difference on clock register read
     - [amd64] iommu/amd: Fix pci device refcount leak in ppr_notifier()
     - nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
       (regression in 4.19.130)
     - [x86] mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under
       spin_lock_irqsave()
     - [x86] mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under
       spin_lock_irqsave()
     - [x86] mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under
       spin_lock_irqsave()
     - nfc: pn533: Clear nfc_target before being used
     - r6040: Fix kmemleak in probe and remove
     - openvswitch: Fix flow lookup to use unmasked key
     - skbuff: Account for tail adjustment during pull operations
     - net_sched: reject TCF_EM_SIMPLE case for complex ematch module
     - rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
     - myri10ge: Fix an error handling path in myri10ge_probe()
     - net: stream: purge sk_error_queue in sk_stream_kill_queues()
       (regression in 4.19.218)
     - fs: jfs: fix shift-out-of-bounds in dbAllocAG
     - udf: Avoid double brelse() in udf_rename()
     - fs: jfs: fix shift-out-of-bounds in dbDiscardAG
     - ACPICA: Fix error code path in acpi_ds_call_control_method()
     - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
     - acct: fix potential integer overflow in encode_comp_t()
     - hfs: fix OOB Read in __hfs_brec_find
     - wifi: ath9k: verify the expected usb_endpoints are present
     - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
     - bpf: make sure skb->len != 0 when redirecting to a tunneling device
     - [i386] hamradio: baycom_epp: Fix return type of baycom_send_packet()
     - wifi: brcmfmac: Fix potential shift-out-of-bounds in
       brcmf_fw_alloc_request()
     - igb: Do not free q_vector unless new one was allocated
     - drm/amdgpu: Fix type of second parameter in trans_msg() callback
     - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
     - md/raid1: stop mdx_raid1 thread when raid1 array run failed
     - mrp: introduce active flags to prevent UAF when applicant uninit
     - ppp: associate skb with a device at tx
     - media: dvb-frontends: fix leak of memory fw
     - media: dvbdev: adopts refcnt to avoid UAF
     - media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
     - blk-mq: fix possible memleak when register 'hctx' failed
     - regulator: core: fix use_count leakage when handling boot-on
     - [arm64] mmc: f-sdh30: Add quirks for broken timeout clock capability
     - media: si470x: Fix use-after-free in si470x_int_in_callback()
     - orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
     - [arm*] ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in
       rk_spdif_runtime_resume()
     - [x86] ASoC: rt5670: Remove unbalanced pm_runtime_put()
     - [arm*] usb: dwc3: core: defer probe on ulpi_read_id timeout
     - HID: wacom: Ensure bootloader PID is usable in hidraw mode
     - reiserfs: Add missing calls to reiserfs_security_free()
     - media: dvbdev: fix refcnt bug
     - ata: ahci: Fix PCS quirk application for suspend (regression in 4.19.77)
     - HID: plantronics: Additional PIDs for double volume key presses quirk
     - hfsplus: fix bug causing custom uid and gid being unable to be assigned
       with mount
     - ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
     - ALSA: line6: correct midi status byte when receiving data from podxt
     - ALSA: line6: fix stack overflow in line6_midi_transmit
     - pnode: terminate at peers of source
     - md: fix a crash in mempool_free
     - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
     - SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
     - media: stv0288: use explicitly signed char
     - dm cache: Fix ABBA deadlock between shrink_slab and
       dm_cache_metadata_abort
     - dm thin: Use last transaction's pmd->root when commit failed
     - dm thin: Fix UAF in run_timer_softirq()
     - dm cache: Fix UAF in destroy()
     - dm cache: set needs_check flag after aborting metadata
     - [x86] microcode/intel: Do not retry microcode reloading on the APs
     - tracing: Fix infinite loop in tracing_read_pipe on overflowed
       print_trace_line
     - media: dvb-core: Fix double free in dvb_register_device()
       (regression in 4.19.77)
     - media: dvb-core: Fix UAF due to refcount races at releasing
       (CVE-2022-41218)
     - md/bitmap: Fix bitmap chunk size overflow issues
     - ipmi: fix long wait in unload when IPMI disconnect
     - ipmi: fix use after free in _ipmi_destroy_user()
     - PCI: Fix pci_device_is_present() for VFs by checking PF
     - PCI/sysfs: Fix double free in error path
     - [amd64] iommu/amd: Fix ivrs_acpihid cmdline parsing code
     - device_cgroup: Roll back to original exceptions after copy failure
     - drm/connector: send hotplug uevent on connector cleanup
     - [x86] drm/vmwgfx: Validate the box size for the snooped cursor
       (CVE-2022-36280)
     - ext4: add inode table check in __ext4_get_inode_loc to aovid possible
       infinite loop
     - ext4: add helper to check quota inums
     - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
     - ext4: init quota for 'old.inode' in 'ext4_rename'
     - ext4: fix corruption when online resizing a 1K bigalloc fs
     - ext4: fix error code return to user-space in ext4_get_branch()
     - ext4: avoid BUG_ON when creating xattrs
     - ext4: fix inode leak in ext4_xattr_inode_create() on an error path
     - ext4: initialize quota before expanding inode in setproject ioctl
     - ext4: avoid unaccounted block allocation when expanding inode
     - ext4: allocate extended attribute value in vmalloc area
     - btrfs: send: avoid unnecessary backref lookups when finding clone source
     - btrfs: replace strncpy() with strscpy()
     - dm thin: resume even if in FAIL mode
     - perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
     - perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as
       unsinged data
     - driver core: Set deferred_probe_timeout to a longer default if
       CONFIG_MODULES is set
     - ext4: goto right label 'failed_mount3a'
     - ext4: correct inconsistent error msg in nojournal mode
     - ext4: use kmemdup() to replace kmalloc + memcpy
     - mbcache: don't reclaim used entries
     - mbcache: add functions to delete entry if unused
     - ext4: remove EA inode entry from mbcache on inode eviction
     - ext4: unindent codeblock in ext4_xattr_block_set()
     - ext4: fix race when reusing xattr blocks
     - mbcache: automatically delete entries from cache on freeing
     - ext4: fix deadlock due to mbcache entry corruption
     - SUNRPC: ensure the matching upcall is in-flight upon downcall
     - bpf: pull before calling skb_postpull_rcsum()
     - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
     - nfc: Fix potential resource leaks
     - [amd64,arm64] net: amd-xgbe: add missed tasklet_kill
     - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
     - net: sched: atm: dont intepret cls results when asked to drop
       (CVE-2023-23455)
     - usb: rndis_host: Secure rndis_query check against int overflow
     - udf: Fix extension of the last extent in the file
     - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071
       tablet
     - [x86] bugs: Flush IBP in ib_prctl_set() (CVE-2023-0045)
     - nfsd: fix handling of readdir in v4root vs. mount upcall timeout
     - ext4: don't allow journal inode to have encrypt flag
     - hfs/hfsplus: use WARN_ON for sanity check
     - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
     - mbcache: Avoid nesting of cache->c_list_lock under bit locks
     - driver core: Fix bus_type.match() error handling in __driver_attach()
     - net: sched: disallow noqueue for qdisc classes (CVE-2022-47929)
     - perf auxtrace: Fix address filter duplicate symbol selection
     - net/ulp: prevent ULP without clone op from entering the LISTEN status
       (CVE-2023-0461)
     - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
       (CVE-2023-0266)
     - cifs: Fix uninitialized memory read for smb311 posix symlink create
     - [x86] platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight
       during probe
     - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
       (CVE-2023-0394)
     - [x86] ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later
     - quota: Factor out setup of quota inode
     - ext4: fix bug_on in __es_tree_search caused by bad quota inode
     - ext4: lost matching-pair of trace in ext4_truncate
     - ext4: fix use-after-free in ext4_orphan_cleanup
     - ext4: fix uninititialized value in 'ext4_evict_inode'
     - netfilter: ipset: Fix overflow before widen in the bitmap_ip_create()
       function.
     - [x86] boot: Avoid using Intel mnemonics in AT&T syntax asm
     - EDAC/device: Fix period calculation in edac_device_reset_delay_period()
     - hvc/xen: lock console list traversal
     - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
     - net/mlx5: Rename ptp clock info
     - net/mlx5: Fix ptp max frequency adjustment range
     - drm/virtio: Fix GEM handle creation UAF
     - [arm64] cmpxchg_double*: hazard against entire exchange variable
     - efi: fix NULL-deref in init error path (regression in 4.19.142)
     - [arm*] tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasn't
       started
     - [arm*] serial: tegra: Only print FIFO error message when an error occurs
     - [arm*] serial: tegra: Change lower tolerance baud rate limit for tegra20
       and tegra30
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.271
     - pNFS/filelayout: Fix coalescing test for single DS
     - net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats
     - RDMA/srp: Move large values to a new enum for gcc13
     - f2fs: let's avoid panic if extent_tree is not created
     - nilfs2: fix general protection fault in nilfs_btree_insert()
     - xhci-pci: set the dma max_seg_size
     - usb: xhci: Check endpoint is valid before dereferencing it
     - xhci: Fix null pointer dereference when host dies
     - xhci: Add a flag to disable USB3 lpm on a xhci root port level.
     - prlimit: do_prlimit needs to have a speculation check (CVE-2023-0458)
     - USB: serial: option: add Quectel EM05-G (GR) modem
     - USB: serial: option: add Quectel EM05-G (CS) modem
     - USB: serial: option: add Quectel EM05-G (RS) modem
     - USB: serial: option: add Quectel EC200U modem
     - USB: serial: option: add Quectel EM05CN (SG) modem
     - USB: serial: option: add Quectel EM05CN modem
     - USB: misc: iowarrior: fix up header size for
       USB_DEVICE_ID_CODEMERCS_IOW100
     - usb: core: hub: disable autosuspend for TI TUSB8041
     - [x86] comedi: adv_pci1760: Fix PWM instruction handling
     - [arm*] mmc: sunxi-mmc: Fix clock refcount imbalance during unbind
     - cifs: do not include page data when checking signature
     - USB: serial: cp210x: add SCALANCE LPE-9000 device id
     - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
     - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210
     - [i386] serial: pch_uart: Pass correct sg to dma_unmap_sg()
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.272
     - [armhf] dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts'
     - [amd64] intel_ish-hid: Add check for ishtp_dma_tx_map
     - [amd64] IB/hfi1: Reject a zero-length user expected buffer
     - [amd64] IB/hfi1: Reserve user expected TIDs
     - [amd64] IB/hfi1: Fix expected receive setup error exit issues
     - affs: initialize fsdata in affs_truncate()
     - amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent
     - amd-xgbe: Delay AN timeout during KR training
     - bpf: Fix pointer-leak due to insufficient speculative store bypass
       mitigation
     - [arm64] phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in
       rockchip_usb2phy_power_on()
     - net: nfc: Fix use-after-free in local_cleanup()
     - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid
       (CVE-2023-23559)
     - net: usb: sr9700: Handle negative len
     - net: mdio: validate parameter addr in mdiobus_get_phy()
     - HID: check empty report_list in hid_validate_values() (CVE-2023-1073)
     - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
     - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request
     - net: mlx5: eliminate anonymous module_init & module_exit
     - dmaengine: Fix double increment of client_count in dma_chan_get()
     - [arm64] net: macb: fix PTP TX timestamp failure due to packet padding
     - HID: betop: check shape of output reports
     - tcp: avoid the lookup process failing to get sk in ehash table
     - w1: fix deadloop in __w1_remove_master_device()
     - w1: fix WARNING after calling w1_process()
     - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state
     - block: fix and cleanup bio_check_ro
     - perf env: Do not return pointers to local variables
     - fs: reiserfs: remove useless new_opts in reiserfs_remount
     - Bluetooth: hci_sync: cancel cmd_timer if hci_open failed
     - scsi: hpsa: Fix allocation size for scsi_host_alloc()
     - module: Don't wait for GOING modules
     - tracing: Make sure trace_printk() can output as soon as it can be used
     - trace_events_hist: add check for return value of 'create_hist_field'
     - smbd: Make upper layer decide when to destroy the transport
     - cifs: Fix oops due to uncleared server->smbd_conn in reconnect
     - EDAC/device: Respect any driver-supplied workqueue polling value
     - net: fix UaF in netns ops registration error path (regression in
       4.19.264)
     - netfilter: nft_set_rbtree: skip elements in transaction from garbage
       collection
     - netlink: remove hash::nelems check in netlink_insert
     - netlink: annotate data races around nlk->portid
     - netlink: annotate data races around dst_portid and dst_group
     - netlink: annotate data races around sk_state
     - ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
     - netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE
     - [x86] netrom: Fix use-after-free of a listening socket. (regression in
       4.19.199)
     - sctp: fail if no bound addresses can be used for a given scope
       (CVE-2023-1074)
     - net/tg3: resolve deadlock in tg3_reset_task() during EEH
     - [x86] Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU
       to RMI mode" (regression in 4.19.268)
     - [x86] i8259: Mark legacy PIC interrupts with IRQ_LEVEL
     - [x86] drm/i915/display: fix compiler warning about array overrun
     - [armhf] dts: imx: Fix pca9547 i2c-mux node name
     - [armhf] dmaengine: imx-sdma: Fix a possible memory leak in
       sdma_transfer_init
     - panic: unset panic_on_warn inside panic()
     - exit: Add and use make_task_dead.
     - exit: Put an upper limit on how often we can oops
     - exit: Expose "oops_count" to sysfs
     - exit: Allow oops_limit to be disabled
     - panic: Consolidate open-coded panic_on_warn checks
     - panic: Introduce warn_limit
     - panic: Expose "warn_count" to sysfs
     - docs: Fix path paste-o for /sys/kernel/warn_count
     - exit: Use READ_ONCE() for all oops/warn limit reads
     - ipv6: ensure sane device mtu in tunnels
     - [arm*] usb: host: xhci-plat: add wakeup entry at sysfs
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.273
     - firewire: fix memory leak for payload of request subaction to IEC 61883-1
       FCP region
     - [arm*] bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
     - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
     - [x86] netrom: Fix use-after-free caused by accept on already connected
       socket
     - ata: libata: Fix sata_down_spd_limit() when no link speed is reported
     - net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
     - scsi: target: core: Fix warning on RT kernels
     - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
       (CVE-2023-2162)
     - [arm*] i2c: rk3x: fix a bunch of kernel-doc warnings
     - [arm64] usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API
     - [arm64] usb: dwc3: qcom: enable vbus override when in OTG dr-mode
     - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait
     - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
     - [x86] Input: i8042 - merge quirk tables
     - [x86] Input: i8042 - add TUXEDO devices to i8042 quirk tables
     - [x86] Input: i8042 - add Clevo PCX0DX to i8042 quirk table
     - [x86] nVMX x86: Check VMX-preemption timer controls on vmentry of L2
       guests
     - [x86] KVM: VMX: Move caching of MSR_IA32_XSS to hardware_setup()
     - [x86] KVM: x86/vmx: Do not skip segment attributes if unusable bit is set
     - [x86] thermal: intel: int340x: Protect trip temperature from concurrent
       updates
     - fbcon: Check font dimension limits
     - efi: Accept version 2 of memory attributes table
     - iio: hid: fix the retval in accel_3d_capture_sample
     - mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
     - mm/swapfile: add cond_resched() in get_swap_pages()
     - Squashfs: fix handling and sanity checking of xattr_ids count
     - serial: 8250_dma: Fix DMA Rx completion race
     - serial: 8250_dma: Fix DMA Rx rearm race
     - [x86] thermal: intel: int340x: Add locking to
       int340x_thermal_get_trip_type()
     - btrfs: limit device extents to the device size
     - [x86] ALSA: emux: Avoid potential array out-of-bound in
       snd_emux_xg_control()
     - [amd64] IB/hfi1: Restore allocated resources on failed copyout
     - [arm64] net: phy: meson-gxl: add g12a support
     - [arm64] net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal
       PHY
     - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078)
     - ALSA: pci: lx6464es: fix a debug loop
     - [arm*] pinctrl: single: fix potential NULL dereference
     - [x86] pinctrl: intel: Convert unsigned to unsigned int
     - [x86] pinctrl: intel: Restore the pins that used to be in Direct IRQ mode
     - net: USB: Fix wrong-direction WARNING in plusb.c
     - usb: core: add quirk for Alcor Link AK9563 smartcard reader
     - [arm64] dts: meson-gx: Make mmc host controller interrupts level-
       sensitive
     - [arm64] dts: meson-axg: Make mmc host controller interrupts level-
       sensitive
     - bpf: Always return target ifindex in bpf_fib_lookup
     - migrate: hugetlb: check for hugetlb shared PMD in node migration
     - [x86] net/rose: Fix to not accept on connected socket
     - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association
     - aio: fix mremap after fork null-deref
     - netfilter: nft_tproxy: restrict to prerouting hook
     - mmc: sdio: fix possible resource leaks in some error paths
     - ALSA: hda/conexant: add a new hda codec SN6180
     - ALSA: hda/realtek - fixed wrong gpio assigned
     - [armhf,i386] hugetlb: check for undefined shift on 32 bit architectures
     - i40e: add double of VLAN header when computing the max MTU
     - dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.
     - net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
     - [arm*] net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence
     - bnxt_en: Fix mqprio and XDP ring checking logic
     - [arm*] net: stmmac: Restrict warning on disabling DMA store and fwd mode
     - net: mpls: fix stale pointer if allocation fails during device rename
       (CVE-2023-26545)
     - ipv6: Fix datagram socket connection with DSCP.
     - ipv6: Fix tcp socket connection with DSCP.
     - i40e: Add checking for null for nlmsg_find_attr()
     - [x86] kvm: initialize all of the kvm_debugregs structure before sending
       it to userspace (CVE-2023-1513)
     - nilfs2: fix underflow in second superblock position calculations
     - [arm64] net: phy: meson-gxl: Add generic dummy stubs for MMD register
       access
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.274
     - wifi: rtl8xxxu: gen2: Turn on the rate control
     - random: always mix cycle counter in add_latent_entropy()
     - can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len
     - alarmtimer: Prevent starvation by small intervals and SIG_IGN
     - [x86] drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
       (CVE-2022-3707)
     - mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh
     - uaccess: Add speculation barrier to copy_from_user() (CVE-2023-0459)
     - bpf: add missing header file include
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.275
     - [armhf] dts: rockchip: add power-domains property to dp node on rk3288
     - [amd64,arm64] ACPI: NFIT: fix a potential deadlock during NFIT teardown
     - btrfs: send: limit number of clones and allocated memory size
     - [amd64] IB/hfi1: Assign npages earlier
     - net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues().
     - vc_screen: don't clobber return value in vcs_read
     - USB: serial: option: add support for VW/Skoda "Carstick LTE"
     - USB: core: Don't hold device lock while reading the "descriptors" sysfs
      file
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.276
     - HID: asus: Remove check for same LED brightness on set
     - HID: asus: use spinlock to protect concurrent accesses
     - HID: asus: use spinlock to safely schedule workers (CVE-2023-1079)
     - [armhf] OMAP2+: Fix memory leak in realtime_counter_init()
     - [armhf] imx: Call ida_simple_remove() for ida_simple_get
     - [arm64] dts: meson-axg: enable SCPI
     - blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx
     - block: bio-integrity: Copy flags when bio_integrity_payload is cloned
     - wifi: rsi: Fix memory leak in rsi_coex_attach()
     - wifi: libertas: fix memory leak in lbs_init_adapter()
     - wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave()
     - rtlwifi: fix -Wpointer-sign warning
     - wifi: rtlwifi: Fix global-out-of-bounds bug in
       _rtl8812ae_phy_set_txpower_limit()
     - ipw2x00: switch from 'pci_' to 'dma_' API
     - wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave()
     - wifi: ipw2200: fix memory leak in ipw_wdev_init()
     - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
     - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
     - wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave()
     - wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave()
     - wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave()
     - wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave()
     - [x86] wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave()
     - [x86] ACPICA: Drop port I/O validation for some regions
     - genirq: Fix the return type of kstat_cpu_irqs_sum()
     - lib/mpi: Fix buffer overrun when SG is too long
     - ACPICA: nsrepair: handle cases without a return value correctly
     - [x86] wifi: orinoco: check return value of hermes_write_wordrec()
     - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no
       callback function
     - wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
     - wifi: ath9k: Fix potential stack-out-of-bounds write in
       ath9k_wmi_rsp_callback()
     - [x86] ACPI: battery: Fix missing NUL-termination with large strings
     - crypto: seqiv - Handle EBUSY correctly
     - Bluetooth: L2CAP: Fix potential user-after-free
     - libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
     - rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
     - crypto: rsa-pkcs1pad - Use akcipher_request_complete
     - wifi: iwl3945: Add missing check for create_singlethread_workqueue
     - wifi: iwl4965: Add missing check for create_singlethread_workqueue()
     - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
     - wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
     - can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of
       a bus error
     - [arm*] drm/vc4: dpi: Add option for inverting pixel clock and output
       enable
     - [arm*] drm/vc4: dpi: Fix format mapping for RGB565
     - [arm64] drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
     - ALSA: hda/ca0132: minor fix for allocation size
     - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
     - [arm64] drm/msm: use strscpy instead of strncpy
     - [arm64] drm/msm/dpu: Add check for pstates
     - [arm*] gpu: host1x: Don't skip assigning syncpoints to channels
     - [x86] ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress()
     - scsi: aic94xx: Add missing check for dma_map_single()
     - nfsd: fix race to check ls_layouts
     - gfs2: jdata writepage fix
     - perf llvm: Fix inadvertent file creation
     - [arm64] perf tools: Fix auto-complete on aarch64
     - [armhf] mtd: rawnand: sunxi: Fix the size of the last OOB region
     - Input: ads7846 - don't report pressure for ads7845
     - Input: ads7846 - don't check penirq immediately for 7845
     - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled()
     - [armhf] media: platform: ti: Add missing check for devm_regulator_get
     - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
       (CVE-2023-1118)
     - media: i2c: ov7670: 0 instead of -EINVAL was returned
     - media: usb: siano: Fix use after free bugs caused by do_submit_urb
     - [arm64] rpmsg: glink: Avoid infinite loop on intent for missing channel
     - [armhf] dts: exynos: Use Exynos5420 compatible for the MIPI video phy
     - wifi: brcmfmac: Fix potential stack-out-of-bounds in
       brcmf_c_preinit_dcmds()
     - rcu: Suppress smp_processor_id() complaint in
       synchronize_rcu_expedited_wait()
     - [x86] thermal: intel: Fix unsigned comparison with less than zero
     - timers: Prevent union confusion from unexpected restart_syscall()
     - [x86] bugs: Reset speculation control settings on init
     - wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-
       out-of-bounds
     - inet: fix fast path in __inet_hash_connect()
     - ACPI: Don't build ACPICA with '-Os'
     - [x86] ACPI: video: Fix Lenovo Ideapad Z570 DMI match
     - drm/amd/display: Fix potential null-deref in dm_resume
     - [arm64] drm/msm/dsi: Add missing check for alloc_ordered_workqueue
     - dm thin: add cond_resched() to various workqueue loops
     - dm cache: add cond_resched() to various workqueue loops
     - wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
     - [arm64] rtc: pm8xxx: fix set-alarm race
     - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
     - fs: hfsplus: fix UAF issue in hfsplus_put_super
     - f2fs: fix information leak in f2fs_move_inline_dirents()
     - ocfs2: fix defrag path triggering jbd2 ASSERT
     - ocfs2: fix non-auto defrag path not working issue
     - udf: Truncate added extents on failed expansion
     - udf: Do not bother merging very long extents
     - udf: Do not update file length for failed writes to inline files
     - udf: Fix file corruption when appending just after end of preallocated
       extent
     - [x86] virt: Force GIF=1 prior to disabling SVM (for reboot flows)
     - [x86] crash: Disable virt in core NMI crash handler to avoid double
       shootdown
     - [x86] reboot: Disable virtualization in an emergency if SVM is supported
     - [x86] reboot: Disable SVM, not just VMX, when stopping CPUs
     - [x86] kprobes: Fix __recover_optprobed_insn check optimizing logic
     - [x86] kprobes: Fix arch_check_optimized_kprobe check within
       optimized_kprobe range
     - [x86] microcode/amd: Remove load_microcode_amd()'s bsp parameter
     - [x86] microcode/AMD: Add a @cpu parameter to the reloading functions
     - [x86] microcode/AMD: Fix mixed steppings support
     - [x86] speculation: Allow enabling STIBP with legacy IBRS (CVE-2023-1998)
     - irqdomain: Fix association race
     - irqdomain: Fix disassociation race
     - irqdomain: Drop bogus fwspec-mapping error handling
     - [x86] ALSA: ice1712: Do not left ice->gpio_mutex locked in
       aureon_add_controls()
     - ext4: optimize ea_inode block expansion
     - ext4: refuse to create ea block when umounted
     - wifi: rtl8xxxu: Use a longer retry limit of 48
     - wifi: cfg80211: Fix use after free for wext
     - dm flakey: fix logic when corrupting a bio
     - dm flakey: don't corrupt the zero page
     - [armhf] dts: exynos: correct TMU phandle in Exynos4
     - [armhf] dts: exynos: correct TMU phandle in Odroid XU
     - rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
     - scsi: qla2xxx: Fix link failure in NPIV environment
     - scsi: qla2xxx: Fix erroneous link down
     - scsi: ses: Don't attach if enclosure has no components
     - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
     - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
     - scsi: ses: Fix possible desc_ptr out-of-bounds accesses
     - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
     - [x86] PCI: Avoid FLR for AMD FCH AHCI adapters
     - [x86] drm/radeon: Fix eDP for single-display iMac11,2
     - wifi: ath9k: use proper statements in conditionals
     - net/sched: Retire tcindex classifier (CVE-2023-1281, CVE-2023-1829)
     - fs/jfs: fix shift exponent db_agl2size negative
     - ubi: ensure that VID header offset + VID header size <= alloc, size
     - ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
     - ubifs: Rectify space budget for ubifs_xrename()
     - ubifs: Fix wrong dirty space budget for dirty inode
     - ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
     - ubifs: Reserve one leb for each journal head while doing budget
     - ubi: Fix use-after-free when volume resizing failed
     - ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
     - ubi: Fix possible null-ptr-deref in ubi_free_volume()
     - ubifs: Re-statistic cleaned znode count if commit failed
     - ubifs: dirty_cow_znode: Fix memleak in error handling path
     - ubifs: ubifs_writepage: Mark page dirty after writing inode failed
     - ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
     - ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
     - [x86] watchdog: pcwd_usb: Fix attempting to access uninitialized memory
     - netfilter: ctnetlink: fix possible refcount leak in
       ctnetlink_create_conntrack()
     - net: fix __dev_kfree_skb_any() vs drop monitor
     - 9p/xen: fix version parsing
     - 9p/xen: fix connection sequence
     - 9p/rdma: unmap receive dma buffer in rdma_request()/post_recv()
     - nfc: fix memory leak of se_io context in nfc_genl_se_io
     - tcp: tcp_check_req() can be called from process context
     - vc_screen: modify vcs_size() handling in vcs_read()
     - [x86] scsi: ipr: Work around fortify-string warning
     - tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
     - [x86] firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
     - media: uvcvideo: Handle cameras with invalid descriptors
     - media: uvcvideo: Handle errors from calls to usb_string
     - media: uvcvideo: Silence memcpy() run-time false positive warnings
     - tty: fix out-of-bounds access in tty_driver_lookup_tty()
     - [x86] mei: bus-fixup:upon error print return values of send and receive
     - USB: ene_usb6250: Allocate enough memory for full object
     - [arm64] phy: rockchip-typec: Fix unsigned comparison with less than zero
     - Bluetooth: hci_sock: purge socket queues in the destruct() callback
     - tcp: Fix listen() regression in 4.19.270
     - media: uvcvideo: Provide sync and async uvc_ctrl_status_event
     - media: uvcvideo: Fix race condition with usb_kill_urb
     - f2fs: fix cgroup writeback accounting with fs-layer encryption
     - [x86] thermal: intel: powerclamp: Fix cur_state for multi package system
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.277
     - wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for
       wext"
     - [x86] staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling
       a script
     - [x86] staging: rtl8192e: Remove call_usermodehelper starting
       RadioPower.sh
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.278
     - fs: prevent out-of-bounds array speculation when closing a file
       descriptor
     - [x86] CPU/AMD: Disable XSAVES on AMD family 0x17
     - ext4: fix RENAME_WHITEOUT handling for inline directories (regression in
       4.19.183)
     - ext4: fix another off-by-one fsmap error on 1k block filesystems
     - ext4: move where set the MAY_INLINE_DATA flag is set
     - ext4: fix WARNING in ext4_update_inline_data
     - ext4: zero i_disksize when initializing the bootloader inode
     - nfc: change order inside nfc_se_io error path
     - udf: reduce leakage of blocks related to named streams
     - udf: Remove pointless union in udf_inode_info
     - udf: Preserve link count of system files
     - udf: Detect system inodes linked into directory hierarchy
     - kbuild: fix false-positive need-builtin calculation
     - kbuild: generate modules.order only in directories visited by obj-y/m
     - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
     - tipc: improve function tipc_wait_for_cond()
     - [x86] drm/i915: Don't use BAR mappings for ring buffers with LLC
     - ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.279
     - ext4: fix cgroup writeback accounting with fs-layer encryption
     - fs: sysfs_emit_at: Remove PAGE_SIZE alignment check (regression in
       4.19.179)
     - tcp: tcp_make_synack() can be called from process context
     - nfc: pn533: initialize struct pn533_out_arg properly
     - qed/qed_dev: guard against a possible division by zero
     - net: tunnels: annotate lockless accesses to dev->needed_headroom
     - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status
       fails
     - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
       (CVE-2023-1990)
     - net: usb: smsc75xx: Limit packet length to skb->len
     - nvmet: avoid potential UAF in nvmet_req_complete()
     - ipv4: Fix incorrect table ID in IOCTL path
     - net: usb: smsc75xx: Move packet length check to prevent kernel panic in
       skb_pull
     - hwmon: (adt7475) Display smoothing attributes in correct order
     - hwmon: (adt7475) Fix masking of hysteresis registers
     - [arm64] hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due
       to race condition (CVE-2023-1855)
     - jffs2: correct logic when creating a hole in jffs2_write_begin
     - ext4: fail ext4_iget if special inode unallocated
     - ext4: fix task hung in ext4_xattr_delete_inode
     - [amd64] drm/amdkfd: Fix an illegal memory access
     - tracing: Check field value in hist_field_name()
     - ftrace: Fix invalid address access in lookup_rec() when index is 0
     - [x86] mm: Fix use of uninitialized buffer in sme_enable()
     - [x86] drm/i915: Don't use stolen memory for ring buffers with LLC
     - HID: core: Provide new max_buffer_size attribute to over-ride the default
     - HID: uhid: Over-ride the default maximum data buffer value with our own
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.280
     - power: supply: da9150: Fix use after free bug in da9150_charger_remove
       due to race condition (CVE-2023-30772)
     - i40evf: Change a VF mac without reloading the VF driver
     - intel-ethernet: rename i40evf to iavf
     - iavf: diet and reformat
     - iavf: fix inverted Rx hash condition leading to disabled hash
     - intel/igbvf: free irq on the error path in igbvf_request_msix()
     - igbvf: Regard vf reset nack as success
     - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
     - net: usb: smsc95xx: Limit packet length to skb->len
     - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
     - [x86] xirc2ps_cs: Fix use after free bug in xirc2ps_detach
       (CVE-2023-1670)
     - [arm64] net: qcom/emac: Fix use after free bug in emac_remove due to race
       condition
     - bpf: Adjust insufficient default bpf_jit_limit
     - net/mlx5: Read the TC mapping of all priorities on ETS query
     - erspan: do not use skb_mac_header() in ndo_start_xmit()
     - hvc/xen: prevent concurrent accesses to the shared ring
     - [arm64] net: mdio: thunder: Add missing fwnode_handle_put()
     - [arm64 ]Bluetooth: btqcomsmd: Fix command timeout after setting BD
       address
     - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to
       unfinished work (CVE-2023-1989)
     - [x86] hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs
     - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
     - [x86] thunderbolt: Use const qualifier for `ring_interrupt_index`
     - scsi: target: iscsi: Fix an error message in iscsi_check_key()
     - scsi: ufs: core: Add soft dependency on governor_simpleondemand
     - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
     - net: usb: qmi_wwan: add Telit 0x1080 composition
     - cifs: empty interface list when server doesn't support query interfaces
     - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
     - usb: gadget: u_audio: don't let userspace block driver unbind
     - igb: revert rtnl_lock() that causes deadlock (regression in 4.19.256)
     - dm thin: fix deadlock when swapping to thin device
     - [arm*] usb: chipdea: core: fix return -EINVAL if request role is the same
       with current role
     - [arm*] usb: chipidea: core: fix possible concurrent when switch role
     - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
     - [arm64] i2c: xgene-slimpro: Fix out-of-bounds bug in
       xgene_slimpro_i2c_xfer() (CVE-2023-2194)
     - dm stats: check for and propagate alloc_percpu failure
     - dm crypt: add cond_resched() to dmcrypt_write()
     - sched/fair: sanitize vruntime of entity being placed
     - sched/fair: Sanitize vruntime of entity being migrated
     - tun: avoid double free in tun_free_netdev (CVE-2022-4744)
     - ocfs2: fix data corruption after failed write (regression in 4.19.155)
     - md: avoid signed overflow in slot_store()
     - [x86] ALSA: asihpi: check pao in control_message()
     - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
     - sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
     - [i386] fbdev: lxfb: Fix potential divide by zero
     - scsi: megaraid_sas: Fix crash after a double completion
     - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
     - i40e: fix registers dump after run ethtool adapter self test
     - [arm*] net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only
     - [arm*] net: mvneta: make tx buffer array agnostic
     - [arm*] Input: alps - fix compatibility with -funsigned-char
     - [arm*] Input: focaltech - use explicitly signed char type
     - cifs: prevent infinite recursion in CIFSGetDFSRefer()
     - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
     - xen/netback: don't do grant copy across page boundary (regression in
       4.19.269)
     - [x86] ALSA: hda/conexant: Partial revert of a quirk for Lenovo
       (regression in 4.19.256)
     - ALSA: usb-audio: Fix regression on detection of Roland VS-100
       (regression in 4.19.164)
     - [armhf] drm/etnaviv: fix reference leak when mmaping imported buffer
     - ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
     - gfs2: Always check inode size of inline inodes
     - net: sched: cbq: dont intepret cls results when asked to drop
       (CVE-2023-23454)
     - cgroup/cpuset: Change cpuset_rwsem and hotplug lock order
     - cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock (regression
       in 4.19.232)
     - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.281
     - pinctrl: Added IRQF_SHARED flag for amd-pinctrl driver
     - pinctrl: amd: Use irqchip template
     - pinctrl: amd: disable and mask interrupts on probe
     - NFSv4: Convert struct nfs4_state to use refcount_t
     - NFSv4: Check the return value of update_open_stateid()
     - NFSv4: Fix hangs when recovering open state after a server reboot
     - [arm64] pwm: cros-ec: Explicitly set .polarity in .get_state()
     - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded
       sta
     - icmp: guard against too small mtu
     - net: don't let netpoll invoke NAPI if in xmit context
     - sctp: check send stream number after wait_for_sndbuf
     - ipv6: Fix an uninit variable access bug in __ip6_make_skb()
     - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
     - USB: serial: option: add Telit FE990 compositions
     - USB: serial: option: add Quectel RM500U-CN modem
     - nilfs2: fix potential UAF of struct nilfs_sc_info in
       nilfs_segctor_thread()
     - nilfs2: fix sysfs interface lifetime
     - [x86] ALSA: hda/realtek: Add quirk for Clevo X370SNW
     - perf/core: Fix the same task check in perf_event_set_output
     - ftrace: Mark get_lock_parent_ip() __always_inline
     - ring-buffer: Fix race while reader and writer are on the same page
     - mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
     - [x86] ALSA: emu10k1: fix capture interrupt handler unlinking
     - [x86] ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
     - [x86] ALSA: i2c/cs8427: fix iec958 mixer control deactivation
     - [x86] ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
     - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
     - Bluetooth: Fix race condition in hidp_session_thread
     - mtdblock: tolerate corrected bit-flips
     - 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race
       condition (CVE-2023-1859)
     - niu: Fix missing unwind goto in niu_alloc_channels()
     - qlcnic: check pci_reset_function result
     - sctp: fix a potential overflow in sctp_ifwdtsn_skip
     - [arm64] net: macb: fix a memory corruption in extended buffer descriptor
       mode
     - udp6: fix potential access to stale information
     - [arm64] power: supply: cros_usbpd: reclassify "default case!" as debug
     - [x86] efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
     - [amd64] verify_pefile: relax wrapper length check
     - scsi: ses: Handle enclosure with just a primary component gracefully
     - [x86] PCI: Add quirk for AMD XHCI controller that loses MSI-X state in
       D3hot
     - ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
     - ubi: Fix deadlock caused by recursively holding work_sem
     - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
     - [arm64] watchdog: sbsa_wdog: Make sure the timeout programming is within
       the limits
     - [x86] KVM: nVMX: add missing consistency checks for CR0 and CR4
       (CVE-2023-30456)
     - [arm64] KVM: arm64: Factor out core register ID enumeration
     - [arm64] KVM: arm64: Filter out invalid core register IDs in
       KVM_GET_REG_LIST (regression in 4.19)
     - [arm64] KVM: Fix system register enumeration
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.282
     - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
     - virtio_net: bugfix overflow inside xdp_linearize_page()
     - i40e: fix accessing vsi->active_filters without holding lock
     - i40e: fix i40e_setup_misc_vector() error handling
     - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()
     - e1000e: Disable TSO on i219-LM card to increase speed
     - f2fs: Fix f2fs_truncate_partial_nodes ftrace event
     - [x86] Input: i8042 - add quirk for Fujitsu Lifebook A574/H
     - scsi: megaraid_sas: Fix fw_crash_buffer_show()
     - scsi: core: Improve scsi_vpd_inquiry() checks
     - xen/netback: use same error messages for same errors
     - nilfs2: initialize unused bytes in segment summary blocks
     - memstick: fix memory leak if card device is never registered
     - [x86] purgatory: Don't generate debug info for purgatory.ro
     - Revert "ext4: fix use-after-free in ext4_xattr_set_entry"  (regression in
       4.19.256)
     - ext4: remove duplicate definition of ext4_xattr_ibody_inline_set()
     - ext4: fix use-after-free in ext4_xattr_set_entry
     - udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM).
     - tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().
     - inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
     - dccp: Call inet6_destroy_sock() via sk->sk_destruct().
     - sctp: Call inet6_destroy_sock() via sk->sk_destruct().
 .
   [ Ben Hutchings ]
   * Bump ABI to 24
   * [armhf] Disable LOCK_DOWN_KERNEL, LOCK_DOWN_IN_EFI_SECURE_BOOT, and
     MODULE_SIG where we don't sign code (Closes: #825141)
   * [rt] Update to 4.19.280-rt123:
     - workqueue: Fix deadlock due to recursive locking of pool->lock
   * [rt] netpoll: Fix netif_local_xmit_active() for 4.19-rt
Checksums-Sha1:
 52d59a57c71445af378e877a1ba79088f1f362fc 191175 linux_4.19.282-1.dsc
 dd9ee165101087d6c57710a18227d0861762cdc0 107691628 linux_4.19.282.orig.tar.xz
 afa4711af3fef983b3fe658a9f5d663539765744 1583640 linux_4.19.282-1.debian.tar.xz
 23e0f3144a2975f773868095a3ad5d8a2422a065 47714 linux_4.19.282-1_source.buildinfo
Checksums-Sha256:
 bbeb315958c6f263ab2cca7a1d94e20e692fead32b5af29cba65761285bb04b2 191175 linux_4.19.282-1.dsc
 854ad29b296cd876d19c13977680207f0ae93d2d4ee09296afe0a7190debf960 107691628 linux_4.19.282.orig.tar.xz
 36a21bf9e36271d546ca21cdf553432d518c852e6f9a11f356b1cc0572b364bc 1583640 linux_4.19.282-1.debian.tar.xz
 12296a0d1588ecb05bccbbd0bb2a054966fe8aedbef7742b3342e5a110f95e5c 47714 linux_4.19.282-1_source.buildinfo
Files:
 4cb7674ca831604bbb033b3d72eb9ec6 191175 kernel optional linux_4.19.282-1.dsc
 ac53ae98e3df54f0332c303adbb7b8a0 107691628 kernel optional linux_4.19.282.orig.tar.xz
 a34b947f05895ed636a3c69bd3486b21 1583640 kernel optional linux_4.19.282-1.debian.tar.xz
 44281676bf2dce470e71ca98ebe808ac 47714 kernel optional linux_4.19.282-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmRNexAACgkQ57/I7JWG
EQmeJg//bYpfDRtC77NOceshsZ6bNUv5D2R9ddRZnje0AVMKSPHQeDkNnDQX0hDg
yzTtSA/GaO7XePv1wV4ZLqIDLidyDGDgMLFiG3ULGzv57yaVh5N4gJpYKVppMLia
FeKIRcShTqdVMYn6+4gzPXME5jwd6+xZvgSm5zWb2rDQR1czGwxwzRJLZaXYJLgw
n/czGRP94d1ZrbM3dHH8z2NJUYzCnwtltcAjmmAyTFhGeKxy93CxjL45y24QvR9v
6+eBcos8zKJglHWFc0RAoftxKbA/AeGjoYm69WakqfcgVhEcv5qyg3SXwphrARU/
Jcsp0m9/YAmIdu2tqa7u5hJ2XadRRLYQPwooJgVLMC6E8yfL0Tet7Fl47VZk7acG
rQABm8vJTLQrxbYzRgiiubtmFsSZ2jLOqLN5nZOh6iOAIqFizaiFAaE/k2GQkDNV
PHjEwCX9L0U3s6cvPUC7CxCmLGlMdxICPWjgqxEfLeMbAqKWrR6QGnzUa+Y0SP4m
Wt26j7xuGNTeYKamGj4bY0uAco0JqeEcGhe3qLSF/XK/KaQndG45Rh8d2278Obr5
suRMhprNUuEhHjaCJiZBvgF5xdOp1BwIrGdINVGT0lMUPrO2ZgNuBkOhr9LGNWq1
IUE9/qdPkSVJlFzSEyVzp+b58lDCAuVkkbVQNekX2dgQm20pY/g=
=+Ilg
-----END PGP SIGNATURE-----