CVE-2023-52894

EUVD-2023-59605

21.08.2024, 07:15

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()

In Google internal bug 265639009 we've received an (as yet) unreproducible
crash report from an aarch64 GKI 5.10.149-android13 running device.

AFAICT the source code is at:
  https://android.googlesource.com/kernel/common/+/refs/tags/ASB-2022-12-05_13-5.10

The call stack is:
  ncm_close() -> ncm_notify() -> ncm_do_notify()
with the crash at:
  ncm_do_notify+0x98/0x270
Code: 79000d0b b9000a6c f940012a f9400269 (b9405d4b)

Which I believe disassembles to (I don't know ARM assembly, but it looks sane enough to me...):

  // halfword (16-bit) store presumably to event->wLength (at offset 6 of struct usb_cdc_notification)
  0B 0D 00 79    strh w11, [x8, #6]

  // word (32-bit) store presumably to req->Length (at offset 8 of struct usb_request)
  6C 0A 00 B9    str  w12, [x19, #8]

  // x10 (NULL) was read here from offset 0 of valid pointer x9
  // IMHO we're reading 'cdev->gadget' and getting NULL
  // gadget is indeed at offset 0 of struct usb_composite_dev
  2A 01 40 F9    ldr  x10, [x9]

  // loading req->buf pointer, which is at offset 0 of struct usb_request
  69 02 40 F9    ldr  x9, [x19]

  // x10 is null, crash, appears to be attempt to read cdev->gadget->max_speed
  4B 5D 40 B9    ldr  w11, [x10, #0x5c]

which seems to line up with ncm_do_notify() case NCM_NOTIFY_SPEED code fragment:

  event->wLength = cpu_to_le16(8);
  req->length = NCM_STATUS_BYTECOUNT;

  /* SPEED_CHANGE data is up/down speeds in bits/sec */
  data = req->buf + sizeof *event;
  data[0] = cpu_to_le32(ncm_bitrate(cdev->gadget));

My analysis of registers and NULL ptr deref crash offset
  (Unable to handle kernel NULL pointer dereference at virtual address 000000000000005c)
heavily suggests that the crash is due to 'cdev->gadget' being NULL when executing:
  data[0] = cpu_to_le32(ncm_bitrate(cdev->gadget));
which calls:
  ncm_bitrate(NULL)
which then calls:
  gadget_is_superspeed(NULL)
which reads
  ((struct usb_gadget *)NULL)->max_speed
and hits a panic.

AFAICT, if I'm counting right, the offset of max_speed is indeed 0x5C.
(remember there's a GKI KABI reservation of 16 bytes in struct work_struct)

It's not at all clear to me how this is all supposed to work...
but returning 0 seems much better than panic-ing...

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	𝑥 < 4.14.304
linux	linux_kernel	4.15 ≤ 𝑥 < 4.19.271
linux	linux_kernel	4.20 ≤ 𝑥 < 5.4.230
linux	linux_kernel	5.5 ≤ 𝑥 < 5.10.165
linux	linux_kernel	5.11 ≤ 𝑥 < 5.15.90
linux	linux_kernel	5.16 ≤ 𝑥 < 6.1.8
linux	linux_kernel	6.2:rc1
linux	linux_kernel	6.2:rc2
linux	linux_kernel	6.2:rc3
linux	linux_kernel	6.2:rc4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.115-1 fixed
bookworm (security)	6.1.119-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.226-1 fixed
sid	6.12.6-1 fixed
trixie	6.12.6-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

bionic	Fixed 4.15.0-209.220 released
focal	Fixed 5.4.0-147.164 released
jammy	Fixed 5.15.0-70.77 released
noble	not-affected
oracular	not-affected
trusty	ignored
xenial	ignored

linux-allwinner-5.19

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws

bionic	Fixed 4.15.0-1154.167 released
focal	Fixed 5.4.0-1100.108 released
jammy	Fixed 5.15.0-1034.38 released
noble	not-affected
oracular	not-affected
trusty	ignored
xenial	ignored

linux-aws-5.0

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-5.11

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-5.13

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-5.15

bionic	dne
focal	Fixed 5.15.0-1034.38~20.04.1 released
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-5.19

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-5.4

bionic	Fixed 5.4.0-1100.108~18.04.1 released
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-5.8

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-6.2

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-6.5

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-6.8

bionic	dne
focal	dne
jammy	not-affected
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-fips

bionic	dne
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	ignored

linux-aws-hwe

bionic	dne
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	Fixed 4.15.0-1154.167~16.04.1 released

linux-azure

bionic	ignored
focal	Fixed 5.4.0-1106.112 released
jammy	Fixed 5.15.0-1036.43 released
noble	not-affected
oracular	not-affected
trusty	Fixed 4.15.0-1163.178~14.04.1 released
xenial	Fixed 4.15.0-1163.178~16.04.1 released

linux-azure-4.15

bionic	Fixed 4.15.0-1163.178 released
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-5.11

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-5.13

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-5.15

bionic	dne
focal	Fixed 5.15.0-1036.43~20.04.1 released
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-5.19

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-5.4

bionic	Fixed 5.4.0-1106.112~18.04.1 released
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-5.8

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-6.2

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-6.5

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-6.8

bionic	dne
focal	dne
jammy	not-affected
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-edge

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-fde

bionic	dne
focal	ignored
jammy	Fixed 5.15.0-1036.43.1 released
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-fde-5.15

bionic	dne
focal	Fixed 5.15.0-1036.43~20.04.1.1 released
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-fde-5.19

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-fde-6.2

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-fips

bionic	dne
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	ignored

linux-bluefield

bionic	dne
focal	Fixed 5.4.0-1062.68 released
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-fips

bionic	dne
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp

bionic	ignored
focal	Fixed 5.4.0-1103.112 released
jammy	Fixed 5.15.0-1032.40 released
noble	not-affected
oracular	not-affected
trusty	dne
xenial	Fixed 4.15.0-1148.164~16.04.1 released

linux-gcp-4.15

bionic	Fixed 4.15.0-1148.164 released
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-5.11

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-5.13

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-5.15

bionic	dne
focal	Fixed 5.15.0-1032.40~20.04.1 released
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-5.19

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-5.4

bionic	Fixed 5.4.0-1103.112~18.04.1 released
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-5.8

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-6.2

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-6.5

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-6.8

bionic	dne
focal	dne
jammy	not-affected
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-fips

bionic	dne
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	ignored

linux-gke

bionic	dne
focal	ignored
jammy	Fixed 5.15.0-1031.36 released
noble	not-affected
oracular	dne
trusty	dne
xenial	ignored

linux-gke-4.15

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gke-5.15

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gke-5.4

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gkeop

bionic	dne
focal	Fixed 5.4.0-1067.71 released
jammy	Fixed 5.15.0-1018.23 released
noble	not-affected
oracular	dne
trusty	dne
xenial	dne

linux-gkeop-5.15

bionic	dne
focal	Fixed 5.15.0-1018.23~20.04.1 released
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gkeop-5.4

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-hwe

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	Fixed 4.15.0-209.220~16.04.1 released

linux-hwe-5.11

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-hwe-5.13

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-hwe-5.15

bionic	dne
focal	Fixed 5.15.0-70.77~20.04.1 released
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-hwe-5.19

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-hwe-5.4

bionic	Fixed 5.4.0-147.164~18.04.1 released
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-hwe-5.8

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-hwe-6.2

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-hwe-6.5

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-hwe-6.8

bionic	dne
focal	dne
jammy	not-affected
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-hwe-edge

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	ignored

linux-ibm

bionic	dne
focal	Fixed 5.4.0-1047.52 released
jammy	Fixed 5.15.0-1028.31 released
noble	not-affected
oracular	dne
trusty	dne
xenial	dne

linux-ibm-5.15

bionic	dne
focal	not-affected
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-ibm-5.4

bionic	Fixed 5.4.0-1047.52~18.04.1 released
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-intel

bionic	dne
focal	dne
jammy	dne
noble	not-affected
oracular	dne
trusty	dne
xenial	dne

linux-intel-5.13

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-intel-iot-realtime

bionic	dne
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-intel-iotg

bionic	dne
focal	dne
jammy	Fixed 5.15.0-1028.33 released
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-intel-iotg-5.15

bionic	dne
focal	Fixed 5.15.0-1030.35~20.04.1 released
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-iot

bionic	dne
focal	Fixed 5.4.0-1017.18 released
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-kvm

bionic	Fixed 4.15.0-1138.143 released
focal	Fixed 5.4.0-1089.95 released
jammy	Fixed 5.15.0-1031.36 released
noble	dne
oracular	dne
trusty	dne
xenial	ignored

linux-lowlatency

bionic	dne
focal	dne
jammy	Fixed 5.15.0-70.77 released
noble	not-affected
oracular	not-affected
trusty	dne
xenial	dne

linux-lowlatency-hwe-5.15

bionic	dne
focal	Fixed 5.15.0-70.77~20.04.1 released
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-lowlatency-hwe-5.19

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-lowlatency-hwe-6.2

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-lowlatency-hwe-6.5

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-lowlatency-hwe-6.8

bionic	dne
focal	dne
jammy	not-affected
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-lts-xenial

bionic	dne
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	ignored
xenial	dne

linux-nvidia

bionic	dne
focal	dne
jammy	Fixed 5.15.0-1023.23 released
noble	not-affected
oracular	dne
trusty	dne
xenial	dne

linux-nvidia-6.2

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-nvidia-6.5

bionic	dne
focal	dne
jammy	not-affected
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-nvidia-6.8

bionic	dne
focal	dne
jammy	not-affected
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-nvidia-lowlatency

bionic	dne
focal	dne
jammy	dne
noble	not-affected
oracular	dne
trusty	dne
xenial	dne

linux-oem

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	ignored

linux-oem-5.10

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oem-5.13

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oem-5.14

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oem-5.17

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oem-5.6

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oem-6.0

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oem-6.1

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oem-6.11

bionic	dne
focal	dne
jammy	dne
noble	not-affected
oracular	dne
trusty	dne
xenial	dne

linux-oem-6.5

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oem-6.8

bionic	dne
focal	dne
jammy	dne
noble	not-affected
oracular	dne
trusty	dne
xenial	dne

linux-oracle

bionic	Fixed 4.15.0-1117.128 released
focal	Fixed 5.4.0-1099.108 released
jammy	Fixed 5.15.0-1033.39 released
noble	not-affected
oracular	not-affected
trusty	dne
xenial	Fixed 4.15.0-1117.128~16.04.1 released

linux-oracle-5.0

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oracle-5.11

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oracle-5.13

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oracle-5.15

bionic	dne
focal	Fixed 5.15.0-1033.39~20.04.1 released
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oracle-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oracle-5.4

bionic	Fixed 5.4.0-1099.108~18.04.1 released
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oracle-5.8

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oracle-6.5

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oracle-6.8

bionic	dne
focal	dne
jammy	not-affected
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-raspi

bionic	dne
focal	Fixed 5.4.0-1083.94 released
jammy	Fixed 5.15.0-1027.29 released
noble	not-affected
oracular	not-affected
trusty	dne
xenial	dne

linux-raspi-5.4

bionic	Fixed 5.4.0-1083.94~18.04.1 released
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-raspi-realtime

bionic	dne
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-raspi2

bionic	ignored
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	ignored

linux-realtime

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	not-affected
trusty	dne
xenial	dne

linux-riscv

bionic	dne
focal	ignored
jammy	ignored
noble	not-affected
oracular	not-affected
trusty	dne
xenial	dne

linux-riscv-5.11

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-riscv-5.15

bionic	dne
focal	Fixed 5.15.0-1031.35~20.04.1 released
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-riscv-5.19

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-riscv-5.8

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-riscv-6.5

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-riscv-6.8

bionic	dne
focal	dne
jammy	not-affected
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-starfive-5.19

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-starfive-6.2

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-starfive-6.5

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-xilinx-zynqmp

bionic	dne
focal	Fixed 5.4.0-1024.28 released
jammy	not-affected
noble	dne
oracular	dne
trusty	dne
xenial	dne

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

https://git.kernel.org/stable/c/09e4507ec8ef2d44da6ba4092b8ee2d81f216497

https://git.kernel.org/stable/c/63d161f29cd39c050e8873aa36e0c9fc013bb763

https://git.kernel.org/stable/c/a21da7f7aae618c785f7e4a275d43c06dc8412b6

https://git.kernel.org/stable/c/a69c8dfb85b44be9cc223be07d35cc3a9baefbea

https://git.kernel.org/stable/c/c6ec929595c7443250b2a4faea988c62019d5cd2

https://git.kernel.org/stable/c/e92c70059178da751e5af7de02384b7dfadb5ec7

https://git.kernel.org/stable/c/fef6b29671b66dfb71f17e337c1ad14b5a2cedae