This bug was fixed in the package linux - 4.4.0-157.185 --------------- linux (4.4.0-157.185) xenial; urgency=medium
* linux: 4.4.0-157.185 -proposed tracker (LP: #1837476) * systemd 229-4ubuntu21.22 ADT test failure with linux 4.4.0-156.183 (storage) (LP: #1837235) - Revert "block/bio: Do not zero user pages" - Revert "block: Clear kernel memory before copying to user" - Revert "bio_copy_from_iter(): get rid of copying iov_iter" linux (4.4.0-156.183) xenial; urgency=medium * linux: 4.4.0-156.183 -proposed tracker (LP: #1836880) * BCM43602 802.11ac Wireless regression - PCI ID 14e4:43ba (LP: #1836801) - brcmfmac: add eth_type_trans back for PCIe full dongle linux (4.4.0-155.182) xenial; urgency=medium * linux: 4.4.0-155.182 -proposed tracker (LP: #1834918) * Geneve tunnels don't work when ipv6 is disabled (LP: #1794232) - geneve: correctly handle ipv6.disable module parameter * Kernel modules generated incorrectly when system is localized to a non- English language (LP: #1828084) - scripts: override locale from environment when running recordmcount.pl * Handle overflow in proc_get_long of sysctl (LP: #1833935) - sysctl: handle overflow in proc_get_long * Xenial update: 4.4.181 upstream stable release (LP: #1832661) - x86/speculation/mds: Revert CPU buffer clear on double fault exit - x86/speculation/mds: Improve CPU buffer clear documentation - ARM: exynos: Fix a leaked reference by adding missing of_node_put - crypto: vmx - fix copy-paste error in CTR mode - crypto: crct10dif-generic - fix use via crypto_shash_digest() - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() - ALSA: usb-audio: Fix a memory leak bug - ALSA: hda/hdmi - Consider eld_valid when reporting jack event - ALSA: hda/realtek - EAPD turn on later - ASoC: max98090: Fix restore of DAPM Muxes - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers - mm/mincore.c: make mincore() more conservative - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler - ext4: actually request zeroing of inode table after grow - ext4: fix ext4_show_options for file systems w/o journal - Btrfs: do not start a transaction at iterate_extent_inodes() - bcache: fix a race between cache register and cacheset unregister - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() - ipmi:ssif: compare block number correctly for multi-part return messages - crypto: gcm - Fix error return code in crypto_gcm_create_common() - crypto: gcm - fix incompatibility between "gcm" and "gcm_base" - crypto: chacha20poly1305 - set cra_name correctly - crypto: salsa20 - don't access already-freed walk.iv - crypto: arm/aes-neonbs - don't access already-freed walk.iv - writeback: synchronize sync(2) against cgroup writeback membership switches - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount - ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug - KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes - net: avoid weird emergency message - net/mlx4_core: Change the error print to info print - ppp: deflate: Fix possible crash in deflate_init - tipc: switch order of device registration to fix a crash - tipc: fix modprobe tipc failed after switch order of device registration - stm class: Fix channel free in stm output free path - md: add mddev->pers to avoid potential NULL pointer dereference - intel_th: msu: Fix single mode with IOMMU - of: fix clang -Wunsequenced for be32_to_cpu() - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() - media: ov6650: Fix sensor possibly not detected on probe - NFS4: Fix v4.0 client state corruption when mount - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider - fuse: fix writepages on 32bit - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate - iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114 - ceph: flush dirty inodes before proceeding with remount - tracing: Fix partial reading of trace event's id file - memory: tegra: Fix integer overflow on tick value calculation - perf intel-pt: Fix instructions sampling rate - perf intel-pt: Fix improved sample timestamp - perf intel-pt: Fix sample timestamp wrt non-taken branches - fbdev: sm712fb: fix brightness control on reboot, don't set SR30 - fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75 - fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F - fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA - fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM - fbdev: sm712fb: fix support for 1024x768-16 mode - fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display - fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting - PCI: Mark Atheros AR9462 to avoid bus reset - dm delay: fix a crash when invalid device is specified - xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink - xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module - vti4: ipip tunnel deregistration fixes. - xfrm4: Fix uninitialized memory read in _decode_session4 - KVM: arm/arm64: Ensure vcpu target is unset on reset failure - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour - perf bench numa: Add define for RUSAGE_THREAD if not present - Revert "Don't jump to compute_result state from check_result state" - md/raid: raid5 preserve the writeback action after the parity check - btrfs: Honour FITRIM range constraints during free space trim - fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough - ext4: do not delete unlinked inode from orphan list on failed truncate - KVM: x86: fix return value for reserved EFER - bio: fix improper use of smp_mb__before_atomic() - Revert "scsi: sd: Keep disk read-only when re-reading partition" - crypto: vmx - CTR: always increment IV as quadword - gfs2: Fix sign extension bug in gfs2_update_stats - Btrfs: fix race between ranged fsync and writeback of adjacent ranges - btrfs: sysfs: don't leak memory when failing add fsid - fbdev: fix divide error in fb_var_to_videomode - hugetlb: use same fault hash key for shared and private mappings - fbdev: fix WARNING in __alloc_pages_nodemask bug - media: cpia2: Fix use-after-free in cpia2_exit - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit - at76c50x-usb: Don't register led_trigger if usb_register_driver failed - perf tools: No need to include bitops.h in util.h - gfs2: Fix lru_count going negative - cxgb4: Fix error path in cxgb4_init_module - mmc: core: Verify SD bus width - powerpc/boot: Fix missing check of lseek() return value - ASoC: imx: fix fiq dependencies - spi: pxa2xx: fix SCR (divisor) calculation - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() - rtc: 88pm860x: prevent use-after-free on device remove - w1: fix the resume command API - dmaengine: pl330: _stop: clear interrupt status - mac80211/cfg80211: update bss channel on channel switch - ASoC: fsl_sai: Update is_slave_mode with correct value - mwifiex: prevent an array overflow - net: cw1200: fix a NULL pointer dereference - bcache: return error immediately in bch_journal_replay() - bcache: fix failure in journal relplay - bcache: add failure check to run_cache_set() for journal replay - bcache: avoid clang -Wunintialized warning - x86/build: Move _etext to actual end of .text - smpboot: Place the __percpu annotation correctly - x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() - mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version - pinctrl: pistachio: fix leaked of_node references - dmaengine: at_xdmac: remove BUG_ON macro in tasklet - media: coda: clear error return value before picture run - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper - media: au0828: stop video streaming only when last user stops - media: ov2659: make S_FMT succeed even if requested format doesn't match - audit: fix a memory leak bug - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() - media: pvrusb2: Prevent a buffer overflow - powerpc/numa: improve control of topology updates - sched/core: Check quota and period overflow at usec to nsec conversion - sched/core: Handle overflow in cpu_shares_write_u64 - USB: core: Don't unbind interfaces following device reset failure - x86/irq/64: Limit IST stack overflow check to #DB stack - i40e: don't allow changes to HW VLAN stripping on active port VLANs - RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses - scsi: libsas: Do discovery on empty PHY to update PHY info - mmc_spi: add a status check for spi_sync_locked - mmc: sdhci-of-esdhc: add erratum eSDHC5 support - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support - PM / core: Propagate dev->power.wakeup_path when no callbacks - extcon: arizona: Disable mic detect if running when driver is removed - s390: cio: fix cio_irb declaration - cpufreq: ppc_cbe: fix possible object reference leak - cpufreq/pasemi: fix possible object reference leak - cpufreq: pmac32: fix possible object reference leak - x86/build: Keep local relocations with ld.lld - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion - iio: hmc5843: fix potential NULL pointer dereferences - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data - rtlwifi: fix a potential NULL pointer dereference - brcmfmac: fix missing checks for kmemdup - b43: shut up clang -Wuninitialized variable warning - brcmfmac: convert dev_init_lock mutex to completion - brcmfmac: fix race during disconnect when USB completion is in progress - scsi: ufs: Fix regulator load and icc-level configuration - scsi: ufs: Avoid configuring regulator with undefined voltage range - arm64: cpu_ops: fix a leaked reference by adding missing of_node_put - x86/ia32: Fix ia32_restore_sigcontext() AC leak - chardev: add additional check for minor range overlap - HID: core: move Usage Page concatenation to Main item - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put - cxgb3/l2t: Fix undefined behaviour - spi: tegra114: reset controller on probe - media: wl128x: prevent two potential buffer overflows - virtio_console: initialize vtermno value for ports - tty: ipwireless: fix missing checks for ioremap - rcutorture: Fix cleanup path for invalid torture_type strings - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown - scsi: qla4xxx: avoid freeing unallocated dma memory - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend - media: go7007: avoid clang frame overflow warning with KASAN - media: saa7146: avoid high stack usage with clang - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices - spi : spi-topcliff-pch: Fix to handle empty DMA buffers - spi: rspi: Fix sequencer reset during initialization - spi: Fix zero length xfer bug - ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address - llc: fix skb leak in llc_build_and_send_ui_pkt() - net-gro: fix use-after-free read in napi_gro_frags() - net: stmmac: fix reset gpio free missing - usbnet: fix kernel crash after disconnect - tipc: Avoid copying bytes beyond the supplied data - bnxt_en: Fix aggregation buffer leak under OOM condition. - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value - crypto: vmx - ghash: do nosimd fallback manually - xen/pciback: Don't disable PCI_COMMAND on PCI device reset. - Revert "tipc: fix modprobe tipc failed after switch order of device registration" - tipc: fix modprobe tipc failed after switch order of device registration -v2 - sparc64: Fix regression in non-hypervisor TLB flush xcall - include/linux/bitops.h: sanitize rotate primitives - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() - usb: xhci: avoid null pointer deref when bos field is NULL - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor - USB: sisusbvga: fix oops in error path of sisusb_probe - USB: Add LPM quirk for Surface Dock GigE adapter - USB: rio500: refuse more than one device at a time - USB: rio500: fix memory leak in close after disconnect - media: usb: siano: Fix general protection fault in smsusb - media: usb: siano: Fix false-positive "uninitialized variable" warning - media: smsusb: better handle optional alignment - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) - Btrfs: fix race updating log root item during fsync - ALSA: hda/realtek - Set default power save node to 0 - drm/nouveau/i2c: Disable i2c bus access after ->fini() - tty: serial: msm_serial: Fix XON/XOFF - tty: max310x: Fix external crystal register setup - memcg: make it work on sparse non-0-node systems - kernel/signal.c: trace_signal_deliver when signal_group_exit - CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM - binder: Replace "%p" with "%pK" for stable - binder: replace "%p" with "%pK" - brcmfmac: Add length checks on firmware events - brcmfmac: screening firmware event packet - brcmfmac: revise handling events in receive path - brcmfmac: fix incorrect event channel deduction - brcmfmac: add length checks in scheduled scan result handler - brcmfmac: add subtype check for event handling in data path - userfaultfd: don't pin the user memory in userfaultfd_file_create() - Revert "x86/build: Move _etext to actual end of .text" - net: cdc_ncm: GetNtbFormat endian fix - usb: gadget: fix request length error for isoc transfer - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment - ethtool: fix potential userspace buffer overflow - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query - net: rds: fix memory leak in rds_ib_flush_mr_pool - pktgen: do not sleep with the thread lock held. - rcu: locking and unlocking need to always be at least barriers - parisc: Use implicit space register selection for loading the coherence index of I/O pdirs - fuse: fallocate: fix return with locked inode - MIPS: pistachio: Build uImage.gz by default - genwqe: Prevent an integer overflow in the ioctl - drm/gma500/cdv: Check vbt config bits when detecting lvds panels - fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock - fuse: Add FOPEN_STREAM to use stream_open() - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled - ethtool: check the return value of get_regs_len - Linux 4.4.181 * CVE-2019-2054 - arm/ptrace: run seccomp after ptrace * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 - x86/speculation: Remove redundant arch_smt_update() invocation * Revert x86/vdso linker changes from #1830890 as this causes glibc 2.29-0ubuntu3 FTBFS on eoan (LP: #1834315) - Revert "x86/vdso: Pass --eh-frame-hdr to the linker" - Revert "x86: vdso: Use $LD instead of $CC to link" * CONFIG_LOG_BUF_SHIFT set to 14 is too low on arm64 (LP: #1824864) - [Config] CONFIG_LOG_BUF_SHIFT=18 on all 64bit arches * CVE-2019-11833 - ext4: zero out the unused memory region in the extent tree block * idle-page oopses when accessing page frames that are out of range (LP: #1833410) - mm/page_idle.c: fix oops because end_pfn is larger than max_pfn * Performance degradation when copying from LVM snapshot backed by NVMe disk (LP: #1833319) - NVMe: Allow request merges * Bluetooth regressions with Xenial kernel 4.4.0-152.179 (LP: #1833698) - Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" * 4.4.0-145-generic Kernel Panic ip6_expire_frag_queue (LP: #1824687) - SAUCE: ipv6: frags: fix skb extraction in ip6_expire_frag_queue() * [Xenial] Customer can not SSH to Linux VM due to "VSC State Unhealthy" (LP: #1826416) - vmbus: fix missing signaling in hv_signal_on_read() * Xenial update: 4.4.180 upstream stable release (LP: #1830176) - kbuild: simplify ld-option implementation - KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number - cifs: do not attempt cifs operation on smb2+ rename error - MIPS: scall64-o32: Fix indirect syscall number load - trace: Fix preempt_enable_no_resched() abuse - sched/numa: Fix a possible divide-by-zero - ceph: ensure d_name stability in ceph_dentry_hash() - ceph: fix ci->i_head_snapc leak - nfsd: Don't release the callback slot unless it was actually held - sunrpc: don't mark uninitialised items as VALID. - USB: Add new USB LPM helpers - USB: Consolidate LPM checks to avoid enabling LPM twice - powerpc/xmon: Add RFI flush related fields to paca dump - powerpc/64s: Improve RFI L1-D cache flush fallback - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() - Revert "UBUNTU: SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit" - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit - powerpc/64s: Add barrier_nospec - powerpc/64s: Add support for ori barrier_nospec patching - powerpc/64s: Patch barrier_nospec in modules - powerpc/64s: Enable barrier_nospec based on firmware settings - powerpc/64: Use barrier_nospec in syscall entry - powerpc: Use barrier_nospec in copy_from_user() - powerpc/64s: Enhance the information in cpu_show_spectre_v1() - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 - powerpc/64: Disable the speculation barrier from the command line - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC - powerpc/64: Call setup_barrier_nospec() from setup_arch() - powerpc/64: Make meltdown reporting Book3S 64 specific - powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E - powerpc/asm: Add a patch_site macro & helpers for patching instructions - powerpc/64s: Add new security feature flags for count cache flush - powerpc/64s: Add support for software count cache flush - powerpc/pseries: Query hypervisor for count cache flush settings - powerpc/powernv: Query firmware for count cache flush settings - powerpc: Avoid code patching freed init sections - powerpc/fsl: Add infrastructure to fixup branch predictor flush - powerpc/fsl: Add macro to flush the branch predictor - powerpc/fsl: Fix spectre_v2 mitigations reporting - powerpc/fsl: Add nospectre_v2 command line argument - powerpc/fsl: Flush the branch predictor at each kernel entry (64bit) - powerpc/fsl: Update Spectre v2 reporting - powerpc/security: Fix spectre_v2 reporting - powerpc/fsl: Fix the flush of branch predictor. - tipc: handle the err returned from cmd header function - slip: make slhc_free() silently accept an error pointer - intel_th: gth: Fix an off-by-one in output unassigning - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family. - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable - tipc: check link name with right length in tipc_nl_compat_link_set - bpf: reject wrong sized filters earlier - Revert "block/loop: Use global lock for ioctl() operation." - ipv4: add sanity checks in ipv4_link_failure() - team: fix possible recursive locking when add slaves - net: stmmac: move stmmac_check_ether_addr() to driver probe - ipv4: set the tcp_min_rtt_wlen range from 0 to one day - powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used - powerpc/fsl: Flush branch predictor when entering KVM - powerpc/fsl: Emulate SPRN_BUCSR register - powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) - powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms - powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup' - powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg - Documentation: Add nospectre_v1 parameter - usbnet: ipheth: prevent TX queue timeouts when device not ready - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set - qlcnic: Avoid potential NULL pointer dereference - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() - usb: gadget: net2280: Fix overrun of OUT messages - usb: gadget: net2280: Fix net2280_dequeue() - usb: gadget: net2272: Fix net2272_dequeue() - ARM: dts: pfla02: increase phy reset duration - net: ks8851: Dequeue RX packets explicitly - net: ks8851: Reassert reset pin if chip ID check fails - net: ks8851: Delay requesting IRQ until opened - net: ks8851: Set initial carrier state to down - net: xilinx: fix possible object reference leak - net: ibm: fix possible object reference leak - net: ethernet: ti: fix possible object reference leak - scsi: qla4xxx: fix a potential NULL pointer dereference - usb: u132-hcd: fix resource leak - ceph: fix use-after-free on symlink traversal - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN - libata: fix using DMA buffers on stack - kconfig/[mn]conf: handle backspace (^H) key - ALSA: line6: use dynamic buffers - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation - ipv6/flowlabel: wait rcu grace period before put_pid() - ipv6: invert flowlabel sharing check in process and user mode - bnxt_en: Improve multicast address setup logic. - packet: validate msg_namelen in send directly - USB: yurex: Fix protection fault after device removal - USB: w1 ds2490: Fix bug caused by improper use of altsetting array - USB: core: Fix unterminated string returned by usb_string() - USB: core: Fix bug caused by duplicate interface PM usage counter - HID: debug: fix race condition with between rdesc_show() and device removal - rtc: sh: Fix invalid alarm warning for non-enabled alarm - bonding: show full hw address in sysfs for slave entries - jffs2: fix use-after-free on symlink traversal - debugfs: fix use-after-free on symlink traversal - rtc: da9063: set uie_unsupported when relevant - vfio/pci: use correct format characters - scsi: storvsc: Fix calculation of sub-channel count - net: hns: Use NAPI_POLL_WEIGHT for hns driver - net: hns: Fix WARNING when remove HNS driver with SMMU enabled - hugetlbfs: fix memory leak for resv_map - xsysace: Fix error handling in ace_setup - ARM: orion: don't use using 64-bit DMA masks - ARM: iop: don't use using 64-bit DMA masks - usb: usbip: fix isoc packet num validation in get_pipe - staging: iio: adt7316: allow adt751x to use internal vref for all dacs - staging: iio: adt7316: fix the dac read calculation - staging: iio: adt7316: fix the dac write calculation - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ - selinux: never allow relabeling on context mounts - x86/mce: Improve error message when kernel cannot recover, p2 - media: v4l2: i2c: ov7670: Fix PLL bypass register values - scsi: libsas: fix a race condition when smp task timeout - ASoC:soc-pcm:fix a codec fixup issue in TDM case - ASoC: cs4270: Set auto-increment bit for register writes - ASoC: tlv320aic32x4: Fix Common Pins - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() - iommu/amd: Set exclusion range correctly - genirq: Prevent use-after-free and work list corruption - usb: dwc3: Fix default lpm_nyet_threshold value - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines - Bluetooth: hidp: fix buffer overflow - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections - UAS: fix alignment of scatter/gather segments - ipv6: fix a potential deadlock in do_ipv6_setsockopt() - ASoC: Intel: avoid Oops if DMA setup fails - timer/debug: Change /proc/timer_stats from 0644 to 0600 - netfilter: compat: initialize all fields in xt_init - platform/x86: sony-laptop: Fix unintentional fall-through - iio: adc: xilinx: fix potential use-after-free on remove - HID: input: add mapping for Expose/Overview key - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys - libnvdimm/btt: Fix a kmemdup failure check - s390/dasd: Fix capacity calculation for large volumes - s390/3270: fix lockdep false positive on view->lock - KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing - tools lib traceevent: Fix missing equality check for strcmp - init: initialize jump labels before command line option parsing - ipvs: do not schedule icmp errors from tunnels - s390: ctcm: fix ctcm_new_device error return code - gpu: ipu-v3: dp: fix CSC handling - cw1200: fix missing unlock on error in cw1200_hw_scan() - Don't jump to compute_result state from check_result state - x86/microcode/intel: Add a helper which gives the microcode revision - x86: stop exporting msr-index.h to userland - x86/microcode/intel: Check microcode revision before updating sibling threads - x86/MCE: Save microcode revision in machine check records - x86/bugs: Add AMD's variant of SSB_NO - x86/bugs: Add AMD's SPEC_CTRL MSR usage - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date - x86/microcode: Update the new microcode revision unconditionally - x86/mm: Use WRITE_ONCE() when setting PTEs - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation - x86/speculation: Propagate information about RSB filling mitigation to sysfs - x86/speculation: Update the TIF_SSBD comment - x86/speculation: Clean up spectre_v2_parse_cmdline() - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() - x86/speculation: Disable STIBP when enhanced IBRS is in use - x86/speculation: Rename SSBD update functions - x86/speculation: Reorganize speculation control MSRs update - x86/Kconfig: Select SCHED_SMT if SMP enabled - x86/speculation: Mark string arrays const correctly - x86/speculataion: Mark command line parser data __initdata - x86/speculation: Add command line control for indirect branch speculation - x86/speculation: Prepare for per task indirect branch speculation control - x86/process: Consolidate and simplify switch_to_xtra() code - x86/speculation: Avoid __switch_to_xtra() calls - x86/speculation: Prepare for conditional IBPB in switch_mm() - x86/speculation: Split out TIF update - x86/speculation: Prepare arch_smt_update() for PRCTL mode - x86/speculation: Prevent stale SPEC_CTRL msr content - x86/speculation: Add prctl() control for indirect branch speculation - x86/speculation: Enable prctl mode for spectre_v2_user - x86/speculation: Add seccomp Spectre v2 user space protection mode - x86/speculation: Provide IBPB always command line options - x86/cpu/bugs: Use __initconst for 'const' init data - USB: serial: use variable for status - USB: serial: fix unthrottle races - bridge: Fix error path for kobject_init_and_add() - net: ucc_geth - fix Oops when changing number of buffers in the ring - packet: Fix error path in packet_init - vlan: disable SIOCSHWTSTAMP in container - vrf: sit mtu should not be updated when vrf netdev is the link - ipv4: Fix raw socket lookup for local traffic - bonding: fix arp_validate toggling in active-backup mode - drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl - drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl - powerpc/booke64: set RI in default MSR - powerpc/lib: fix book3s/32 boot failure due to code patching - Linux 4.4.180 - SAUCE: Clarify IBRS/IBPB runtime state change messages - SAUCE: x86/speculation: Move STIBP hunks - SAUCE: powerpc/speculation: Support 'mitigations=' cmdline option - SAUCE: x86/speculation: Update 'mitigations=' documentation - SAUCE: Show 'pti' instead of 'kaiser' in /proc/cpuinfo - SAUCE: perf/bench: Drop definition of BIT in numa.c - SAUCE: x86/speculation: Fix SSB command line documentation * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091 - SAUCE: Synchronize MDS mitigations with upstream - Documentation: Correct the possible MDS sysfs values - x86/speculation/mds: Fix documentation typo * CVE-2019-11091 - x86/mds: Add MDSUM variant to the MDS documentation -- Stefan Bader <stefan.ba...@canonical.com> Tue, 23 Jul 2019 10:55:25 +0200 ** Changed in: linux (Ubuntu Xenial) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12126 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12127 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12130 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11091 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11833 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-2054 -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1830176 Title: Xenial update: 4.4.180 upstream stable release Status in linux package in Ubuntu: Invalid Status in linux source package in Xenial: Fix Released Bug description: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The following upstream stable patches should be included in the Ubuntu kernel: 4.4.180 upstream stable release from git://git.kernel.org/ Linux 4.4.180 powerpc/lib: fix book3s/32 boot failure due to code patching powerpc/booke64: set RI in default MSR drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl bonding: fix arp_validate toggling in active-backup mode ipv4: Fix raw socket lookup for local traffic vrf: sit mtu should not be updated when vrf netdev is the link vlan: disable SIOCSHWTSTAMP in container packet: Fix error path in packet_init net: ucc_geth - fix Oops when changing number of buffers in the ring bridge: Fix error path for kobject_init_and_add() powerpc/64s: Include cpu header USB: serial: fix unthrottle races USB: serial: use variable for status x86/bugs: Change L1TF mitigation string to match upstream x86/speculation/mds: Fix documentation typo Documentation: Correct the possible MDS sysfs values x86/mds: Add MDSUM variant to the MDS documentation x86/speculation/mds: Add 'mitigations=' support for MDS x86/speculation: Support 'mitigations=' cmdline option cpu/speculation: Add 'mitigations=' cmdline option x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off x86/speculation/mds: Fix comment x86/speculation/mds: Add SMT warning message x86/speculation: Move arch_smt_update() call to after mitigation decisions x86/cpu/bugs: Use __initconst for 'const' init data Documentation: Add MDS vulnerability documentation Documentation: Move L1TF to separate directory x86/speculation/mds: Add mitigation mode VMWERV x86/speculation/mds: Add sysfs reporting for MDS x86/speculation/l1tf: Document l1tf in sysfs x86/speculation/mds: Add mitigation control for MDS x86/speculation/mds: Conditionally clear CPU buffers on idle entry x86/speculation/mds: Clear CPU buffers on exit to user x86/speculation/mds: Add mds_clear_cpu_buffers() x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests x86/speculation/mds: Add BUG_MSBDS_ONLY x86/speculation/mds: Add basic bug infrastructure for MDS x86/speculation: Consolidate CPU whitelists x86/msr-index: Cleanup bit defines kvm: x86: Report STIBP on GET_SUPPORTED_CPUID x86/speculation: Provide IBPB always command line options x86/speculation: Add seccomp Spectre v2 user space protection mode x86/speculation: Enable prctl mode for spectre_v2_user x86/speculation: Add prctl() control for indirect branch speculation x86/speculation: Prevent stale SPEC_CTRL msr content x86/speculation: Prepare arch_smt_update() for PRCTL mode x86/speculation: Split out TIF update x86/speculation: Prepare for conditional IBPB in switch_mm() x86/speculation: Avoid __switch_to_xtra() calls x86/process: Consolidate and simplify switch_to_xtra() code x86/speculation: Prepare for per task indirect branch speculation control x86/speculation: Add command line control for indirect branch speculation x86/speculation: Unify conditional spectre v2 print functions x86/speculataion: Mark command line parser data __initdata x86/speculation: Mark string arrays const correctly x86/speculation: Reorder the spec_v2 code x86/speculation: Rework SMT state change sched: Add sched_smt_active() x86/Kconfig: Select SCHED_SMT if SMP enabled x86/speculation: Reorganize speculation control MSRs update x86/speculation: Rename SSBD update functions x86/speculation: Disable STIBP when enhanced IBRS is in use x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() x86/speculation: Remove unnecessary ret variable in cpu_show_common() x86/speculation: Clean up spectre_v2_parse_cmdline() x86/speculation: Update the TIF_SSBD comment x86/speculation: Propagate information about RSB filling mitigation to sysfs x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation x86/speculation: Apply IBPB more strictly to avoid cross-process data leak x86/mm: Use WRITE_ONCE() when setting PTEs KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled x86/cpu: Sanitize FAM6_ATOM naming x86/microcode: Update the new microcode revision unconditionally x86/microcode: Make sure boot_cpu_data.microcode is up-to-date x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features x86/bugs: Add AMD's SPEC_CTRL MSR usage x86/bugs: Add AMD's variant of SSB_NO x86/speculation: Simplify the CPU bug detection logic x86/speculation: Support Enhanced IBRS on future CPUs x86/cpufeatures: Hide AMD-specific speculation flags x86/MCE: Save microcode revision in machine check records x86/microcode/intel: Check microcode revision before updating sibling threads bitops: avoid integer overflow in GENMASK(_ULL) x86: stop exporting msr-index.h to userland x86/microcode/intel: Add a helper which gives the microcode revision locking/static_keys: Provide DECLARE and well as DEFINE macros Don't jump to compute_result state from check_result state x86/vdso: Pass --eh-frame-hdr to the linker cw1200: fix missing unlock on error in cw1200_hw_scan() gpu: ipu-v3: dp: fix CSC handling selftests/net: correct the return value for run_netsocktests s390: ctcm: fix ctcm_new_device error return code ipvs: do not schedule icmp errors from tunnels init: initialize jump labels before command line option parsing tools lib traceevent: Fix missing equality check for strcmp KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing s390/3270: fix lockdep false positive on view->lock s390/dasd: Fix capacity calculation for large volumes libnvdimm/btt: Fix a kmemdup failure check HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys HID: input: add mapping for Expose/Overview key iio: adc: xilinx: fix potential use-after-free on remove platform/x86: sony-laptop: Fix unintentional fall-through netfilter: compat: initialize all fields in xt_init timer/debug: Change /proc/timer_stats from 0644 to 0600 ASoC: Intel: avoid Oops if DMA setup fails ipv6: fix a potential deadlock in do_ipv6_setsockopt() UAS: fix alignment of scatter/gather segments Bluetooth: Align minimum encryption key size for LE and BR/EDR connections Bluetooth: hidp: fix buffer overflow scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines usb: dwc3: Fix default lpm_nyet_threshold value genirq: Prevent use-after-free and work list corruption iommu/amd: Set exclusion range correctly scsi: csiostor: fix missing data copy in csio_scsi_err_handler() perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS ASoC: tlv320aic32x4: Fix Common Pins ASoC: cs4270: Set auto-increment bit for register writes ASoC:soc-pcm:fix a codec fixup issue in TDM case scsi: libsas: fix a race condition when smp task timeout media: v4l2: i2c: ov7670: Fix PLL bypass register values x86/mce: Improve error message when kernel cannot recover, p2 selinux: never allow relabeling on context mounts Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ staging: iio: adt7316: fix the dac write calculation staging: iio: adt7316: fix the dac read calculation staging: iio: adt7316: allow adt751x to use internal vref for all dacs usb: usbip: fix isoc packet num validation in get_pipe ARM: iop: don't use using 64-bit DMA masks ARM: orion: don't use using 64-bit DMA masks xsysace: Fix error handling in ace_setup hugetlbfs: fix memory leak for resv_map net: hns: Fix WARNING when remove HNS driver with SMMU enabled net: hns: Use NAPI_POLL_WEIGHT for hns driver scsi: storvsc: Fix calculation of sub-channel count vfio/pci: use correct format characters rtc: da9063: set uie_unsupported when relevant debugfs: fix use-after-free on symlink traversal jffs2: fix use-after-free on symlink traversal bonding: show full hw address in sysfs for slave entries igb: Fix WARN_ONCE on runtime suspend rtc: sh: Fix invalid alarm warning for non-enabled alarm HID: debug: fix race condition with between rdesc_show() and device removal USB: core: Fix bug caused by duplicate interface PM usage counter USB: core: Fix unterminated string returned by usb_string() USB: w1 ds2490: Fix bug caused by improper use of altsetting array USB: yurex: Fix protection fault after device removal packet: validate msg_namelen in send directly bnxt_en: Improve multicast address setup logic. ipv6: invert flowlabel sharing check in process and user mode ipv6/flowlabel: wait rcu grace period before put_pid() ipv4: ip_do_fragment: Preserve skb_iif during fragmentation ALSA: line6: use dynamic buffers vfio/type1: Limit DMA mappings per container kconfig/[mn]conf: handle backspace (^H) key libata: fix using DMA buffers on stack scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN ceph: fix use-after-free on symlink traversal usb: u132-hcd: fix resource leak scsi: qla4xxx: fix a potential NULL pointer dereference net: ethernet: ti: fix possible object reference leak net: ibm: fix possible object reference leak net: xilinx: fix possible object reference leak net: ks8851: Set initial carrier state to down net: ks8851: Delay requesting IRQ until opened net: ks8851: Reassert reset pin if chip ID check fails net: ks8851: Dequeue RX packets explicitly ARM: dts: pfla02: increase phy reset duration usb: gadget: net2272: Fix net2272_dequeue() usb: gadget: net2280: Fix net2280_dequeue() usb: gadget: net2280: Fix overrun of OUT messages sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING qlcnic: Avoid potential NULL pointer dereference usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set usbnet: ipheth: prevent TX queue timeouts when device not ready Documentation: Add nospectre_v1 parameter powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup' powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) powerpc/fsl: Emulate SPRN_BUCSR register powerpc/fsl: Flush branch predictor when entering KVM powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used ipv4: set the tcp_min_rtt_wlen range from 0 to one day net: stmmac: move stmmac_check_ether_addr() to driver probe team: fix possible recursive locking when add slaves ipv4: add sanity checks in ipv4_link_failure() Revert "block/loop: Use global lock for ioctl() operation." bpf: reject wrong sized filters earlier tipc: check link name with right length in tipc_nl_compat_link_set tipc: check bearer name with right length in tipc_nl_compat_bearer_enable netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family. fs/proc/proc_sysctl.c: Fix a NULL pointer dereference intel_th: gth: Fix an off-by-one in output unassigning slip: make slhc_free() silently accept an error pointer tipc: handle the err returned from cmd header function powerpc/fsl: Fix the flush of branch predictor. powerpc/security: Fix spectre_v2 reporting powerpc/fsl: Update Spectre v2 reporting powerpc/fsl: Flush the branch predictor at each kernel entry (64bit) powerpc/fsl: Add nospectre_v2 command line argument powerpc/fsl: Fix spectre_v2 mitigations reporting powerpc/fsl: Add macro to flush the branch predictor powerpc/fsl: Add infrastructure to fixup branch predictor flush powerpc: Avoid code patching freed init sections powerpc/powernv: Query firmware for count cache flush settings powerpc/pseries: Query hypervisor for count cache flush settings powerpc/64s: Add support for software count cache flush powerpc/64s: Add new security feature flags for count cache flush powerpc/asm: Add a patch_site macro & helpers for patching instructions powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E powerpc/64: Make meltdown reporting Book3S 64 specific powerpc/64: Call setup_barrier_nospec() from setup_arch() powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. powerpc/64: Disable the speculation barrier from the command line powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 powerpc/64s: Enhance the information in cpu_show_spectre_v1() powerpc: Use barrier_nospec in copy_from_user() powerpc/64: Use barrier_nospec in syscall entry powerpc/64s: Enable barrier_nospec based on firmware settings powerpc/64s: Patch barrier_nospec in modules powerpc/64s: Add support for ori barrier_nospec patching powerpc/64s: Add barrier_nospec powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() powerpc/pseries: Restore default security feature flags on setup powerpc: Move default security feature flags powerpc/pseries: Fix clearing of security feature flags powerpc/64s: Wire up cpu_show_spectre_v2() powerpc/64s: Wire up cpu_show_spectre_v1() powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() powerpc/64s: Enhance the information in cpu_show_meltdown() powerpc/64s: Move cpu_show_meltdown() powerpc/powernv: Set or clear security feature flags powerpc/pseries: Set or clear security feature flags powerpc: Add security feature flags for Spectre/Meltdown powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags powerpc/rfi-flush: Differentiate enabled and patched flush types powerpc/rfi-flush: Always enable fallback flush on pseries powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code powerpc/powernv: Support firmware disable of RFI flush powerpc/pseries: Support firmware disable of RFI flush powerpc/64s: Improve RFI L1-D cache flush fallback powerpc/xmon: Add RFI flush related fields to paca dump USB: Consolidate LPM checks to avoid enabling LPM twice USB: Add new USB LPM helpers sunrpc: don't mark uninitialised items as VALID. nfsd: Don't release the callback slot unless it was actually held ceph: fix ci->i_head_snapc leak ceph: ensure d_name stability in ceph_dentry_hash() sched/numa: Fix a possible divide-by-zero trace: Fix preempt_enable_no_resched() abuse MIPS: scall64-o32: Fix indirect syscall number load cifs: do not attempt cifs operation on smb2+ rename error KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number kbuild: simplify ld-option implementation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1830176/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp