Bug #2008157 “[SRU][Ubuntu 22.04.1]: Observed “Array Index out o...” : Bugs : linux package : Ubuntu

Revision history for this message

Michael Reed (mreed8855) wrote on 2023-02-23:

#1

I have created a test kernel. Please test it and provide feedback.

https://people.canonical.com/~mreed/dell/lp_1999503_array_index/

Revision history for this message

Michael Reed (mreed8855) wrote on 2023-02-23:

#2

The test kernel was tested on 01-13-2023 and the issue was not seen

Michael Reed (mreed8855) on 2023-02-23

description:

updated

Revision history for this message

Ubuntu Foundations Team Bug Bot (crichton) wrote on 2023-02-23:

#3

Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Libera.chat.

To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+bug/2008157/+editstatus and add the package name in the text box next to the word Package.

[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]

tags:

added: bot-comment

Michael Reed (mreed8855) on 2023-02-23

Changed in ubuntu:
assignee:	nobody → Michael Reed (mreed8855)
importance:	Undecided → Medium
status:	New → In Progress

Brian Murray (brian-murray) on 2023-02-23

affects:

ubuntu → linux (Ubuntu)

Stefan Bader (smb) on 2023-03-22

Changed in linux (Ubuntu Jammy):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-04-20:

#4

This bug is awaiting verification that the linux/5.15.0-72.79 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux verification-needed-jammy

AceLan Kao (acelankao) on 2023-05-11

Changed in linux (Ubuntu Kinetic):
status:	New → In Progress
assignee:	nobody → AceLan Kao (acelankao)

Stefan Bader (smb) on 2023-05-12

Changed in linux (Ubuntu Kinetic):
importance:	Undecided → Medium

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-05-15:

#5

Download full text (23.7 KiB)

This bug was fixed in the package linux - 5.15.0-72.79

---------------
linux (5.15.0-72.79) jammy; urgency=medium

* jammy/linux: 5.15.0-72.79 -proposed tracker (LP: #2016548)

* Add split lock detection for EMR (LP: #2015855)
- x86/split_lock: Enumerate architectural split lock disable bit

* selftest: fib_tests: Always cleanup before exit (LP: #2015956)
- selftest: fib_tests: Always cleanup before exit

  * Add support for intel EMR cpu (LP: #2015372)
    - platform/x86: intel-uncore-freq: add Emerald Rapids support
    - perf/x86/intel/cstate: Add Emerald Rapids
    - perf/x86/rapl: Add support for Intel Emerald Rapids
    - intel_idle: add Emerald Rapids Xeon support
    - tools/power/x86/intel-speed-select: Add Emerald Rapid quirk
    - tools/power turbostat: Introduce support for EMR
    - powercap: intel_rapl: add support for Emerald Rapids
    - EDAC/i10nm: Add Intel Emerald Rapids server support

  * Kernel livepatch ftrace graph fix (LP: #2013603)
    - kprobes: treewide: Remove trampoline_address from
      kretprobe_trampoline_handler()
    - kprobes: treewide: Make it harder to refer kretprobe_trampoline directly
    - kprobes: Add kretprobe_find_ret_addr() for searching return address
    - s390/unwind: recover kretprobe modified return address in stacktrace
    - s390/unwind: fix fgraph return address recovery

* Jammy update: v5.15.98 upstream stable release (LP: #2015600)
- Linux 5.15.98

  * Jammy update: v5.15.97 upstream stable release (LP: #2015599)
    - ionic: refactor use of ionic_rx_fill()
    - Fix XFRM-I support for nested ESP tunnels
    - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc
    - ARM: dts: rockchip: add power-domains property to dp node on rk3288
    - HID: elecom: add support for TrackBall 056E:011C
    - ACPI: NFIT: fix a potential deadlock during NFIT teardown
    - btrfs: send: limit number of clones and allocated memory size
    - ASoC: rt715-sdca: fix clock stop prepare timeout issue
    - IB/hfi1: Assign npages earlier
    - neigh: make sure used and confirmed times are valid
    - HID: core: Fix deadloop in hid_apply_multiplier.
    - x86/cpu: Add Lunar Lake M
    - staging: mt7621-dts: change palmbus address to lower case
    - bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state
    - net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues().
    - vc_screen: don't clobber return value in vcs_read
    - scripts/tags.sh: Invoke 'realpath' via 'xargs'
    - scripts/tags.sh: fix incompatibility with PCRE2
    - usb: dwc3: pci: add support for the Intel Meteor Lake-M
    - USB: serial: option: add support for VW/Skoda "Carstick LTE"
    - usb: gadget: u_serial: Add null pointer check in gserial_resume
    - USB: core: Don't hold device lock while reading the "descriptors" sysfs file
    - Linux 5.15.97

  * Jammy update: v5.15.96 upstream stable release (LP: #2015595)
    - drm/etnaviv: don't truncate physical page address
    - wifi: rtl8xxxu: gen2: Turn on the rate control
    - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink
    - clk: mxl: Switch from direct readl/writel based IO to regmap based IO
    - ...

This bug was fixed in the package linux - 5.15.0-72.79

---------------
linux (5.15.0-72.79) jammy; urgency=medium

* jammy/linux: 5.15.0-72.79 -proposed tracker (LP: #2016548)

* Add split lock detection for EMR (LP: #2015855)
    - x86/split_lock: Enumerate architectural split lock disable bit

*  selftest: fib_tests: Always cleanup before exit  (LP: #2015956)
    - selftest: fib_tests: Always cleanup before exit

* Add support for intel EMR cpu (LP: #2015372)
    - platform/x86: intel-uncore-freq: add Emerald Rapids support
    - perf/x86/intel/cstate: Add Emerald Rapids
    - perf/x86/rapl: Add support for Intel Emerald Rapids
    - intel_idle: add Emerald Rapids Xeon support
    - tools/power/x86/intel-speed-select: Add Emerald Rapid quirk
    - tools/power turbostat: Introduce support for EMR
    - powercap: intel_rapl: add support for Emerald Rapids
    - EDAC/i10nm: Add Intel Emerald Rapids server support

* Kernel livepatch ftrace graph fix (LP: #2013603)
    - kprobes: treewide: Remove trampoline_address from
      kretprobe_trampoline_handler()
    - kprobes: treewide: Make it harder to refer kretprobe_trampoline directly
    - kprobes: Add kretprobe_find_ret_addr() for searching return address
    - s390/unwind: recover kretprobe modified return address in stacktrace
    - s390/unwind: fix fgraph return address recovery

* Jammy update: v5.15.98 upstream stable release (LP: #2015600)
    - Linux 5.15.98

* Jammy update: v5.15.97 upstream stable release (LP: #2015599)
    - ionic: refactor use of ionic_rx_fill()
    - Fix XFRM-I support for nested ESP tunnels
    - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc
    - ARM: dts: rockchip: add power-domains property to dp node on rk3288
    - HID: elecom: add support for TrackBall 056E:011C
    - ACPI: NFIT: fix a potential deadlock during NFIT teardown
    - btrfs: send: limit number of clones and allocated memory size
    - ASoC: rt715-sdca: fix clock stop prepare timeout issue
    - IB/hfi1: Assign npages earlier
    - neigh: make sure used and confirmed times are valid
    - HID: core: Fix deadloop in hid_apply_multiplier.
    - x86/cpu: Add Lunar Lake M
    - staging: mt7621-dts: change palmbus address to lower case
    - bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state
    - net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues().
    - vc_screen: don't clobber return value in vcs_read
    - scripts/tags.sh: Invoke 'realpath' via 'xargs'
    - scripts/tags.sh: fix incompatibility with PCRE2
    - usb: dwc3: pci: add support for the Intel Meteor Lake-M
    - USB: serial: option: add support for VW/Skoda "Carstick LTE"
    - usb: gadget: u_serial: Add null pointer check in gserial_resume
    - USB: core: Don't hold device lock while reading the "descriptors" sysfs file
    - Linux 5.15.97

* Jammy update: v5.15.96 upstream stable release (LP: #2015595)
    - drm/etnaviv: don't truncate physical page address
    - wifi: rtl8xxxu: gen2: Turn on the rate control
    - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink
    - clk: mxl: Switch from direct readl/writel based IO to regmap based IO
    - clk: mxl: Remove redundant spinlocks
    - clk: mxl: Add option to override gate clks
    - clk: mxl: Fix a clk entry by adding relevant flags
    - powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G
    - clk: mxl: syscon_node_to_regmap() returns error pointers
    - random: always mix cycle counter in add_latent_entropy()
    - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception
    - KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid
    - can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len
    - powerpc: dts: t208x: Disable 10G on MAC1 and MAC2
    - powerpc: use generic version of arch_is_kernel_initmem_freed()
    - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned
    - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary
    - powerpc/64s/radix: Fix crash with unaligned relocated kernel
    - powerpc/64s/radix: Fix RWX mapping with relocated kernel
    - drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
    - uaccess: Add speculation barrier to copy_from_user()
    - binder: read pre-translated fds from sender buffer
    - binder: defer copies of pre-patched txn data
    - binder: fix pointer cast warning
    - binder: Address corner cases in deferred copy and fixup
    - binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0
    - nbd: fix possible overflow on 'first_minor' in nbd_dev_add()
    - wifi: mwifiex: Add missing compatible string for SD8787
    - audit: update the mailing list in MAINTAINERS
    - ext4: Fix function prototype mismatch for ext4_feat_ktype
    - bpf: add missing header file include
    - Linux 5.15.96

* Debian autoreconstruct Fix restoration of execute permissions (LP: #2015498)
    - [Debian] autoreconstruct - fix restoration of execute permissions

* kernel: fix __clear_user() inline assembly constraints (LP: #2013088)
    - s390/uaccess: add missing earlyclobber annotations to __clear_user()

* Kernel crash during Mellanox performance testing (LP: #2015097)
    - net/mlx5: fs, refactor software deletion rule

* expoline.o is packaged unconditionally for s390x (LP: #2013209)
    - [Packaging] Copy expoline.o only when produced by the build

* Intel E810 NICs driver in causing hangs when booting and bonds configured
    (LP: #2004262)
    - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock

* Jammy update: v5.15.95 upstream stable release (LP: #2013118)
    - mptcp: fix locking for in-kernel listener creation
    - kprobes: treewide: Cleanup the error messages for kprobes
    - riscv: kprobe: Fixup misaligned load text
    - ACPI / x86: Add support for LPS0 callback handler
    - ASoC: Intel: sof_rt5682: always set dpcm_capture for amplifiers
    - ASoC: Intel: sof_cs42l42: always set dpcm_capture for amplifiers
    - selftests/bpf: Verify copy_register_state() preserves parent/live fields
    - ALSA: hda: Do not unset preset when cleaning up codec
    - bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself
    - ASoC: cs42l56: fix DT probe
    - tools/virtio: fix the vringh test for virtio ring changes
    - net/rose: Fix to not accept on connected socket
    - net: stmmac: do not stop RX_CLK in Rx LPI state for qcs404 SoC
    - drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED
    - net: sched: sch: Bounds check priority
    - s390/decompressor: specify __decompress() buf len to avoid overflow
    - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association
    - drm/amd/display: Properly handle additional cases where DCN is not supported
    - platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match
    - nvmem: core: add error handling for dev_set_name
    - nvmem: core: fix cleanup after dev_set_name()
    - nvmem: core: fix registration vs use race
    - nvmem: core: fix return value
    - xfs: zero inode fork buffer at allocation
    - xfs: fix potential log item leak
    - xfs: detect self referencing btree sibling pointers
    - xfs: set XFS_FEAT_NLINK correctly
    - xfs: validate v5 feature fields
    - xfs: avoid unnecessary runtime sibling pointer endian conversions
    - xfs: don't assert fail on perag references on teardown
    - xfs: assert in xfs_btree_del_cursor should take into account error
    - xfs: purge dquots after inode walk fails during quotacheck
    - xfs: don't leak btree cursor when insrec fails after a split
    - mptcp: do not wait for bare sockets' timeout
    - aio: fix mremap after fork null-deref
    - drm/amd/display: Fail atomic_check early on normalize_zpos error
    - platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled
    - platform/x86: amd-pmc: Correct usage of SMU version
    - platform/x86/amd: pmc: Disable IRQ1 wakeup for RN/CZN
    - netfilter: nft_tproxy: restrict to prerouting hook
    - tcp: Fix listen() regression in 5.15.88.
    - mmc: jz4740: Work around bug on JZ4760(B)
    - mmc: sdio: fix possible resource leaks in some error paths
    - mmc: mmc_spi: fix error handling in mmc_spi_probe()
    - ALSA: hda/conexant: add a new hda codec SN6180
    - ALSA: hda/realtek - fixed wrong gpio assigned
    - sched/psi: Fix use-after-free in ep_remove_wait_queue()
    - hugetlb: check for undefined shift on 32 bit architectures
    - of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem
    - selftest/lkdtm: Skip stack-entropy test if lkdtm is not available
    - net: Fix unwanted sign extension in netdev_stats_to_stats64()
    - revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
    - ixgbe: allow to increase MTU to 3K with XDP enabled
    - i40e: add double of VLAN header when computing the max MTU
    - net: bgmac: fix BCM5358 support by setting correct flags
    - net: ethernet: ti: am65-cpsw: Add RX DMA Channel Teardown Quirk
    - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list
    - dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.
    - net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
    - net: openvswitch: fix possible memory leak in ovs_meter_cmd_set()
    - net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence
    - bnxt_en: Fix mqprio and XDP ring checking logic
    - net: stmmac: Restrict warning on disabling DMA store and fwd mode
    - ixgbe: add double of VLAN header when computing the max MTU
    - ipv6: Fix datagram socket connection with DSCP.
    - ipv6: Fix tcp socket connection with DSCP.
    - nilfs2: fix underflow in second superblock position calculations
    - mm/filemap: fix page end in filemap_get_read_batch
    - drm/i915/gen11: Moving WAs to icl_gt_workarounds_init()
    - drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list
    - flow_offload: fill flags to action structure
    - net/sched: act_ctinfo: use percpu stats
    - i40e: Add checking for null for nlmsg_find_attr()
    - kvm: initialize all of the kvm_debugregs structure before sending it to
      userspace
    - alarmtimer: Prevent starvation by small intervals and SIG_IGN
    - ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak
    - net: sched: sch: Fix off by one in htb_activate_prios()
    - platform/x86/amd: pmc: add CONFIG_SERIO dependency
    - Linux 5.15.95

* CVE-2023-1075
    - net/tls: tls_is_tx_ready() checked list_entry

* devlink_port_split from ubuntu_kernel_selftests.net fails on hirsute
    (KeyError: 'flavour') (LP: #1937133)
    - selftests: net: devlink_port_split.py: skip test if no suitable device
      available

* Connection timeout due to conntrack limits (LP: #2011616)
    - netfilter: conntrack: adopt safer max chain length

* Jammy update: v5.15.94 upstream stable release (LP: #2012673)
    - mm/migration: return errno when isolate_huge_page failed
    - migrate: hugetlb: check for hugetlb shared PMD in node migration
    - btrfs: limit device extents to the device size
    - btrfs: zlib: zero-initialize zlib workspace
    - ALSA: hda/realtek: Add Positivo N14KP6-TG
    - ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()
    - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360
    - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9
    - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and
      trace_pipe_raw
    - of/address: Return an error when no valid dma-ranges are found
    - can: j1939: do not wait 250 ms if the same addr was already claimed
    - xfrm: compat: change expression for switch in xfrm_xlate64
    - IB/hfi1: Restore allocated resources on failed copyout
    - xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr()
    - IB/IPoIB: Fix legacy IPoIB due to wrong number of queues
    - RDMA/irdma: Fix potential NULL-ptr-dereference
    - RDMA/usnic: use iommu_map_atomic() under spin_lock()
    - xfrm: fix bug with DSCP copy to v6 from v4 tunnel
    - net: phylink: move phy_device_free() to correctly release phy device
    - bonding: fix error checking in bond_debug_reregister()
    - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY
    - ionic: clean interrupt before enabling queue to avoid credit race
    - uapi: add missing ip/ipv6 header dependencies for linux/stddef.h
    - ice: Do not use WQ_MEM_RECLAIM flag for workqueue
    - net: dsa: mt7530: don't change PVC_EG_TAG when CPU port becomes VLAN-aware
    - net: mscc: ocelot: fix VCAP filters not matching on MAC with "protocol
      802.1Q"
    - net/mlx5e: Move repeating clear_bit in mlx5e_rx_reporter_err_rq_cqe_recover
    - net/mlx5e: Introduce the mlx5e_flush_rq function
    - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change
    - net/mlx5: Bridge, fix ageing of peer FDB entries
    - net/mlx5e: IPoIB, Show unknown speed instead of error
    - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers
    - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer
    - net/mlx5: Serialize module cleanup with reload and remove
    - igc: Add ndo_tx_timeout support
    - rds: rds_rm_zerocopy_callback() use list_first_entry()
    - selftests: forwarding: lib: quote the sysctl values
    - ALSA: pci: lx6464es: fix a debug loop
    - riscv: stacktrace: Fix missing the first frame
    - ASoC: topology: Return -ENOMEM on memory allocation failure
    - pinctrl: mediatek: Fix the drive register definition of some Pins
    - pinctrl: aspeed: Fix confusing types in return value
    - pinctrl: single: fix potential NULL dereference
    - spi: dw: Fix wrong FIFO level setting for long xfers
    - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode
    - cifs: Fix use-after-free in rdata->read_into_pages()
    - net: USB: Fix wrong-direction WARNING in plusb.c
    - mptcp: be careful on subflow status propagation on errors
    - btrfs: free device in btrfs_close_devices for a single device filesystem
    - usb: core: add quirk for Alcor Link AK9563 smartcard reader
    - usb: typec: altmodes/displayport: Fix probe pin assign check
    - clk: ingenic: jz4760: Update M/N/OD calculation algorithm
    - ceph: flush cap releases when the session is flushed
    - riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte
    - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation
      switch
    - rtmutex: Ensure that the top waiter is always woken up
    - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive
    - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-
      sensitive
    - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive
    - Fix page corruption caused by racy check in __free_pages
    - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini
    - drm/i915: Initialize the obj flags for shmem objects
    - drm/i915: Fix VBT DSI DVO port handling
    - x86/speculation: Identify processors vulnerable to SMT RSB predictions
    - KVM: x86: Mitigate the cross-thread return address predictions bug
    - Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions
    - Linux 5.15.94

* Jammy update: v5.15.93 upstream stable release (LP: #2012665)
    - firewire: fix memory leak for payload of request subaction to IEC 61883-1
      FCP region
    - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
    - ASoC: Intel: boards: fix spelling in comments
    - ASoC: Intel: bytcht_es8316: move comment to the right place
    - ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device after use
    - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use
    - ASoC: Intel: bytcr_rt5640: Drop reference count of ACPI device after use
    - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use
    - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers
    - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
    - bpf: Support <8-byte scalar spill and refill
    - bpf: Fix to preserve reg parent/live fields when copying range info
    - bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener
    - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX
    - drm/vc4: hdmi: make CEC adapter name unique
    - scsi: Revert "scsi: core: map PQ=1, PDT=other values to
      SCSI_SCAN_TARGET_PRESENT"
    - vhost/net: Clear the pending messages when the backend is removed
    - WRITE is "data source", not destination...
    - READ is "data destination", not source...
    - fix iov_iter_bvec() "direction" argument
    - fix "direction" argument of iov_iter_kvec()
    - ice: Prevent set_channel from changing queues while RDMA active
    - qede: execute xdp_do_flush() before napi_complete_done()
    - virtio-net: execute xdp_do_flush() before napi_complete_done()
    - dpaa_eth: execute xdp_do_flush() before napi_complete_done()
    - dpaa2-eth: execute xdp_do_flush() before napi_complete_done()
    - sfc: correctly advertise tunneled IPv6 segmentation
    - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices
    - block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC"
    - block, bfq: replace 0/1 with false/true in bic apis
    - block, bfq: fix uaf for bfqq in bic_set_bfqq()
    - netrom: Fix use-after-free caused by accept on already connected socket
    - drm/i915/guc: Fix locking when searching for a hung request
    - drm/i915/adlp: Fix typo for reference clock
    - netfilter: br_netfilter: disable sabotage_in hook after first suppression
    - squashfs: harden sanity check in squashfs_read_xattr_id_table
    - net: phy: meson-gxl: Add generic dummy stubs for MMD register access
    - ip/ip6_gre: Fix changing addr gen mode not generating IPv6 link local
      address
    - ip/ip6_gre: Fix non-point-to-point tunnel not generating IPv6 link local
      address
    - riscv: kprobe: Fixup kernel panic when probing an illegal position
    - igc: return an error if the mac type is unknown in
      igc_ptp_systim_to_hwtstamp()
    - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate
    - ata: libata: Fix sata_down_spd_limit() when no link speed is reported
    - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning
    - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided
    - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy
      benchmarking
    - virtio-net: Keep stop() to follow mirror sequence of open()
    - net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
    - efi: fix potential NULL deref in efi_mem_reserve_persistent
    - i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU
    - i2c: mxs: suppress probe-deferral error message
    - scsi: target: core: Fix warning on RT kernels
    - perf/x86/intel: Add Emerald Rapids
    - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress
    - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
    - i2c: rk3x: fix a bunch of kernel-doc warnings
    - platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF
    - net/x25: Fix to not accept on connected socket
    - drm/amd/display: Fix timing not changning when freesync video is enabled
    - iio: adc: stm32-dfsdm: fill module aliases
    - usb: dwc3: qcom: enable vbus override when in OTG dr-mode
    - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait
    - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
    - Input: i8042 - add Clevo PCX0DX to i8042 quirk table
    - fbcon: Check font dimension limits
    - net: qrtr: free memory on error path in radix_tree_insert()
    - watchdog: diag288_wdt: do not use stack buffers for hardware data
    - watchdog: diag288_wdt: fix __diag288() inline assembly
    - ALSA: hda/realtek: Add Acer Predator PH315-54
    - efi: Accept version 2 of memory attributes table
    - iio: hid: fix the retval in accel_3d_capture_sample
    - iio: hid: fix the retval in gyro_3d_capture_sample
    - iio: adc: berlin2-adc: Add missing of_node_put() in error path
    - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others
    - iio: imu: fxos8700: fix ACCEL measurement range selection
    - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback
    - iio: imu: fxos8700: fix IMU data bits returned to user space
    - iio: imu: fxos8700: fix map label of channel type to MAGN sensor
    - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback
    - iio: imu: fxos8700: fix incorrect ODR mode readback
    - iio: imu: fxos8700: fix failed initialization ODR mode assignment
    - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN
    - iio: imu: fxos8700: fix MAGN sensor scale and unit
    - nvmem: qcom-spmi-sdam: fix module autoloading
    - parisc: Fix return code of pdc_iodc_print()
    - parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case
    - riscv: disable generation of unwind tables
    - mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
    - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints
    - kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup()
    - x86/debug: Fix stack recursion caused by wrongly ordered DR7 accesses
    - fpga: stratix10-soc: Fix return value check in s10_ops_write_init()
    - mm/swapfile: add cond_resched() in get_swap_pages()
    - highmem: round down the address passed to kunmap_flush_on_unmap()
    - Squashfs: fix handling and sanity checking of xattr_ids count
    - drm/i915: Fix potential bit_17 double-free
    - nvmem: core: initialise nvmem->id early
    - nvmem: core: remove nvmem_config wp_gpio
    - nvmem: core: fix cell removal on error
    - serial: 8250_dma: Fix DMA Rx completion race
    - serial: 8250_dma: Fix DMA Rx rearm race
    - phy: qcom-qmp-combo: disable runtime PM on unbind
    - phy: qcom-qmp-combo: fix memleak on probe deferral
    - phy: qcom-qmp-usb: fix memleak on probe deferral
    - phy: qcom-qmp-combo: fix broken power on
    - phy: qcom-qmp-combo: fix runtime suspend
    - bpf: Fix incorrect state pruning for <8B spill/fill
    - bpf: Do not reject when the stack read size is different from the tracked
      scalar size
    - iio:adc:twl6030: Enable measurement of VAC
    - powerpc/imc-pmu: Revert nest_init_lock to being a mutex
    - fs/ntfs3: Validate attribute data and valid sizes
    - ovl: Use "buf" flexible array for memcpy() destination
    - fbdev: smscufx: fix error handling code in ufx_usb_probe
    - f2fs: fix to do sanity check on i_extra_isize in is_alive()
    - wifi: brcmfmac: Check the count value of channel spec to prevent out-of-
      bounds reads
    - gfs2: Cosmetic gfs2_dinode_{in,out} cleanup
    - gfs2: Always check inode size of inline inodes
    - bpf: Skip invalid kfunc call in backtrack_insn
    - Linux 5.15.93

* CVE-2023-1118
    - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()

* [SRU][Ubuntu 22.04.1]: Observed "Array Index out of bounds" Call Trace
    multiple times on Ubuntu 22.04.1 OS during boot (LP: #2008157)
    - scsi: megaraid_sas: Replace one-element array with flexible-array member in
      MR_FW_RAID_MAP
    - scsi: megaraid_sas: Replace one-element array with flexible-array member in
      MR_FW_RAID_MAP_DYNAMIC
    - scsi: megaraid_sas: Replace one-element array with flexible-array member in
      MR_DRV_RAID_MAP
    - scsi: megaraid_sas: Replace one-element array with flexible-array member in
      MR_PD_CFG_SEQ_NUM_SYNC
    - scsi: megaraid_sas: Use struct_size() in code related to struct
      MR_FW_RAID_MAP
    - scsi: megaraid_sas: Use struct_size() in code related to struct
      MR_PD_CFG_SEQ_NUM_SYNC

* Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo
    child qdiscs" (LP: #2011926)
    - Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo
      child qdiscs"

-- Stefan Bader <stefan.bader@canonical.com>  Tue, 18 Apr 2023 16:42:38 +0200

Changed in linux (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Vinay HM (vinay-hm) on 2023-05-18

tags:

added: verification-done-jammy
removed: verification-needed-jammy

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-05-18:

#6

This bug is awaiting verification that the linux-riscv-5.15/5.15.0-1034.38~20.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-focal-linux-riscv-5.15 verification-needed-focal

Revision history for this message

Vadim Sukhomlinov (vsukhoml) wrote on 2023-05-18:

#7

I verified that on 22.04 5.15.0-72.79 fixes this issue. Thanks!

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-05-25:

#8

This bug is awaiting verification that the linux-intel-iotg/5.15.0-1031.36 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-intel-iotg verification-needed-jammy
removed: verification-done-jammy

Jian Hui Lee (jianhuilee) on 2023-05-25

tags:

added: verification-done-jammy
removed: verification-needed-jammy

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-06-02:

#9

This bug is awaiting verification that the linux-aws/5.15.0-1038.43 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-aws verification-needed-jammy
removed: verification-done-jammy

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-06-03:

#10

This bug is awaiting verification that the linux-azure/5.15.0-1040.47 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-azure

Stefan Bader (smb) on 2023-06-15

Changed in linux (Ubuntu Kinetic):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-07-08:

#11

This bug is awaiting verification that the linux/5.19.0-47.49 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the problem still exists, change the tag 'verification-needed-kinetic' to 'verification-failed-kinetic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-kinetic-linux verification-needed-kinetic

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-09-09:

#12

This bug is awaiting verification that the linux-aws-5.15/5.15.0-1046.51~20.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-aws-5.15' to 'verification-done-focal-linux-aws-5.15'. If the problem still exists, change the tag 'verification-needed-focal-linux-aws-5.15' to 'verification-failed-focal-linux-aws-5.15'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-focal-linux-aws-5.15-v2 verification-needed-focal-linux-aws-5.15

Revision history for this message

Vitaly Protsko (atanw) wrote on 2023-11-16:

#13

Download full text (5.0 KiB)

Bug is still here. 5.15.0-91-generic

Nov 16 21:15:29 mon-host kernel: [ 101.739280] ================================================================================
Nov 16 21:15:29 mon-host kernel: [ 101.785597] UBSAN: array-index-out-of-bounds in /build/linux-90ta4T/linux-5.15.0/drivers/edac/i5000_edac.c:956:20
Nov 16 21:15:29 mon-host kernel: [ 101.786940] IPMI message handler: version 39.2
Nov 16 21:15:29 mon-host kernel: [ 101.836146] index 4 is out of range for type 'u16 [4]'
Nov 16 21:15:29 mon-host kernel: [ 101.836152] CPU: 0 PID: 447 Comm: systemd-udevd Not tainted 5.15.0-91-generic #101-Ubuntu
Nov 16 21:15:29 mon-host kernel: [ 101.836156] Hardware name: Dell Inc. PowerEdge 1950/0D8635, BIOS 2.7.0 10/30/2010
Nov 16 21:15:29 mon-host kernel: [ 101.836158] Call Trace:
Nov 16 21:15:29 mon-host kernel: [ 101.836162] <TASK>
Nov 16 21:15:29 mon-host kernel: [ 101.836166] show_stack+0x52/0x5c
Nov 16 21:15:29 mon-host kernel: [ 101.836175] dump_stack_lvl+0x4a/0x63
Nov 16 21:15:29 mon-host kernel: [ 101.836182] dump_stack+0x10/0x16
Nov 16 21:15:29 mon-host kernel: [ 101.836184] ubsan_epilogue+0x9/0x36
Nov 16 21:15:29 mon-host kernel: [ 101.836187] __ubsan_handle_out_of_bounds.cold+0x44/0x49
Nov 16 21:15:29 mon-host kernel: [ 101.836190] ? i5000_get_mc_regs.isra.0+0x14c/0x1c0 [i5000_edac]
Nov 16 21:15:29 mon-host kernel: [ 101.836197] i5000_probe1+0x506/0x5c0 [i5000_edac]
Nov 16 21:15:29 mon-host kernel: [ 101.836201] ? pci_bus_read_config_byte+0x40/0x70
Nov 16 21:15:29 mon-host kernel: [ 101.862944] ? do_pci_enable_device+0x54/0x110
Nov 16 21:15:29 mon-host kernel: [ 101.862948] i5000_init_one+0x26/0x30 [i5000_edac]
Nov 16 21:15:29 mon-host kernel: [ 101.862952] local_pci_probe+0x4b/0x90
Nov 16 21:15:29 mon-host kernel: [ 101.862956] pci_device_probe+0x119/0x1f0
Nov 16 21:15:29 mon-host kernel: [ 101.862960] really_probe+0x222/0x420
Nov 16 21:15:29 mon-host kernel: [ 101.862964] __driver_probe_device+0xe8/0x140
Nov 16 21:15:29 mon-host kernel: [ 101.862966] driver_probe_device+0x23/0xc0
Nov 16 21:15:29 mon-host kernel: [ 101.862969] __driver_attach+0xf7/0x1f0
Nov 16 21:15:29 mon-host kernel: [ 101.862971] ? __device_attach_driver+0x140/0x140
Nov 16 21:15:29 mon-host kernel: [ 101.862974] bus_for_each_dev+0x7f/0xd0
Nov 16 21:15:29 mon-host kernel: [ 101.862978] driver_attach+0x1e/0x30
Nov 16 21:15:29 mon-host kernel: [ 101.862980] bus_add_driver+0x148/0x220
Nov 16 21:15:29 mon-host kernel: [ 101.862982] ? vunmap_range_noflush+0x3d5/0x470
Nov 16 21:15:29 mon-host kernel: [ 101.862987] driver_register+0x95/0x100
Nov 16 21:15:29 mon-host kernel: [ 101.862990] ? 0xffffffffc03d8000
Nov 16 21:15:29 mon-host kernel: [ 101.862993] __pci_register_driver+0x68/0x70
Nov 16 21:15:29 mon-host kernel: [ 101.862996] i5000_init+0x36/0x1000 [i5000_edac]
Nov 16 21:15:29 mon-host kernel: [ 101.863000] do_one_initcall+0x49/0x1e0
Nov 16 21:15:29 mon-host kernel: [ 101.863005] ? kmem_cache_alloc_trace+0x19e/0x2e0
Nov 16 21:15:29 mon-host kernel: [ 101.863011] do_init_module+0x52/0x260
Nov 16 21:15:29 mon-host kernel: [ 101.863016] load_module+0xb2b/0xbc0
Nov 16 21:15:29 mon-host kernel: [ 101.8630...

Ubuntu
linux package

[SRU][Ubuntu 22.04.1]: Observed "Array Index out of bounds" Call Trace multiple times on Ubuntu 22.04.1 OS during boot

Bug Description

CVE References

Duplicates of this bug

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
linux (Ubuntu)	In Progress	Medium	Michael Reed
Jammy	Fix Released	Medium	Michael Reed
Kinetic	Fix Committed	Medium	AceLan Kao

Ubuntulinux package

[SRU][Ubuntu 22.04.1]: Observed "Array Index out of bounds" Call Trace multiple times on Ubuntu 22.04.1 OS during boot

Bug Description

CVE References

Duplicates of this bug

Other bug subscribers

Remote bug watches

Ubuntu
linux package