This bug was fixed in the package linux - 4.15.0-50.54 --------------- linux (4.15.0-50.54) bionic; urgency=medium
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 - Documentation/l1tf: Fix small spelling typo - x86/cpu: Sanitize FAM6_ATOM naming - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file - tools include: Adopt linux/bits.h - x86/msr-index: Cleanup bit defines - x86/speculation: Consolidate CPU whitelists - x86/speculation/mds: Add basic bug infrastructure for MDS - x86/speculation/mds: Add BUG_MSBDS_ONLY - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests - x86/speculation/mds: Add mds_clear_cpu_buffers() - x86/speculation/mds: Clear CPU buffers on exit to user - x86/kvm/vmx: Add MDS protection when L1D Flush is not active - x86/speculation/mds: Conditionally clear CPU buffers on idle entry - x86/speculation/mds: Add mitigation control for MDS - x86/speculation/mds: Add sysfs reporting for MDS - x86/speculation/mds: Add mitigation mode VMWERV - Documentation: Move L1TF to separate directory - Documentation: Add MDS vulnerability documentation - x86/speculation/mds: Add mds=full,nosmt cmdline option - x86/speculation: Move arch_smt_update() call to after mitigation decisions - x86/speculation/mds: Add SMT warning message - x86/speculation/mds: Fix comment - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off - x86/speculation/mds: Add 'mitigations=' support for MDS * CVE-2017-5715 // CVE-2017-5753 - s390/speculation: Support 'mitigations=' cmdline option * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639 - powerpc/speculation: Support 'mitigations=' cmdline option * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 // CVE-2018-3646 - cpu/speculation: Add 'mitigations=' cmdline option - x86/speculation: Support 'mitigations=' cmdline option * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log linux (4.15.0-49.53) bionic; urgency=medium * linux: 4.15.0-49.53 -proposed tracker (LP: #1826358) * Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) (LP: #1822870) - powerpc/64s: Add support for ori barrier_nospec patching - powerpc/64s: Patch barrier_nospec in modules - powerpc/64s: Enable barrier_nospec based on firmware settings - powerpc: Use barrier_nospec in copy_from_user() - powerpc/64: Use barrier_nospec in syscall entry - powerpc/64s: Enhance the information in cpu_show_spectre_v1() - powerpc/64: Disable the speculation barrier from the command line - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC - powerpc/64: Call setup_barrier_nospec() from setup_arch() - powerpc/64: Make meltdown reporting Book3S 64 specific - powerpc/lib/code-patching: refactor patch_instruction() - powerpc/lib/feature-fixups: use raw_patch_instruction() - powerpc/asm: Add a patch_site macro & helpers for patching instructions - powerpc/64s: Add new security feature flags for count cache flush - powerpc/64s: Add support for software count cache flush - powerpc/pseries: Query hypervisor for count cache flush settings - powerpc/powernv: Query firmware for count cache flush settings - powerpc/fsl: Add nospectre_v2 command line argument - KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char() - [Config] Add CONFIG_PPC_BARRIER_NOSPEC * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log * autopkgtests run too often, too much and don't skip enough (LP: #1823056) - [Debian] Set +x on rebuild testcase. - [Debian] Skip rebuild test, for regression-suite deps. - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels. - [Debian] make rebuild use skippable error codes when skipping. - [Debian] Only run regression-suite, if requested to. * bionic: fork out linux-snapdragon into its own topic kernel (LP: #1820868) - [Packaging] remove arm64 snapdragon from getabis - [Config] config changes for snapdragon split - packaging: arm64: disable building the snapdragon flavour - [Packaging] arm64: Drop snapdragon from kernel-versions * CVE-2017-5753 - KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_get_irq() - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs - sysvipc/sem: mitigate semnum index against spectre v1 - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() - s390/keyboard: sanitize array index in do_kdsk_ioctl - arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() - KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr() - pktcdvd: Fix possible Spectre-v1 for pkt_devs - net: socket: fix potential spectre v1 gadget in socketcall - net: socket: Fix potential spectre v1 gadget in sock_is_registered - drm/amdgpu/pm: Fix potential Spectre v1 - netlink: Fix spectre v1 gadget in netlink_create() - ext4: fix spectre gadget in ext4_mb_regular_allocator() - drm/i915/kvmgt: Fix potential Spectre v1 - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() - fs/quota: Fix spectre gadget in do_quotactl - hwmon: (nct6775) Fix potential Spectre v1 - mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom - switchtec: Fix Spectre v1 vulnerability - misc: hmc6352: fix potential Spectre v1 - tty: vt_ioctl: fix potential Spectre v1 - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds - IB/ucm: Fix Spectre v1 vulnerability - RDMA/ucma: Fix Spectre v1 vulnerability - drm/bufs: Fix Spectre v1 vulnerability - usb: gadget: storage: Fix Spectre v1 vulnerability - ptp: fix Spectre v1 vulnerability - HID: hiddev: fix potential Spectre v1 - vhost: Fix Spectre V1 vulnerability - drivers/misc/sgi-gru: fix Spectre v1 vulnerability - ipv4: Fix potential Spectre v1 vulnerability - aio: fix spectre gadget in lookup_ioctx - ALSA: emux: Fix potential Spectre v1 vulnerabilities - ALSA: pcm: Fix potential Spectre v1 vulnerability - ip6mr: Fix potential Spectre v1 vulnerability - ALSA: rme9652: Fix potential Spectre v1 vulnerability - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities - KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq() - drm/ioctl: Fix Spectre v1 vulnerabilities - char/mwave: fix potential Spectre v1 vulnerability - applicom: Fix potential Spectre v1 vulnerabilities - ipmi: msghandler: Fix potential Spectre v1 vulnerabilities - powerpc/ptrace: Mitigate potential Spectre v1 - cfg80211: prevent speculation on cfg80211_classify8021d() return - ALSA: rawmidi: Fix potential Spectre v1 vulnerability - ALSA: seq: oss: Fix Spectre v1 vulnerability * Bionic: Sync to Xenial (Spectre) (LP: #1822760) - x86/speculation/l1tf: Suggest what to do on systems with too much RAM - KVM: SVM: Add MSR-based feature support for serializing LFENCE - KVM: VMX: fixes for vmentry_l1d_flush module parameter - KVM: X86: Allow userspace to define the microcode version - SAUCE: [Fix] x86/KVM/VMX: Add L1D flush logic - SAUCE: [Fix] x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry * [SRU] [B/OEM] Fix ACPI bug that causes boot failure (LP: #1819921) - SAUCE: ACPI / bus: Add some Lenovo laptops in list of acpi table term list * Bionic update: upstream stable patchset for fuse 2019-04-12 (LP: #1824553) - fuse: fix double request_end() - fuse: fix unlocked access to processing queue - fuse: umount should wait for all requests - fuse: Fix oops at process_init_reply() - fuse: Don't access pipe->buffers without pipe_lock() - fuse: Fix use-after-free in fuse_dev_do_read() - fuse: Fix use-after-free in fuse_dev_do_write() - fuse: set FR_SENT while locked - fuse: fix blocked_waitq wakeup - fuse: fix leaked notify reply - fuse: fix possibly missed wake-up after abort - fuse: fix use-after-free in fuse_direct_IO() - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS - fuse: handle zero sized retrieve correctly - fuse: call pipe_buf_release() under pipe lock - fuse: decrement NR_WRITEBACK_TEMP on the right page * Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) (LP: #1822870) // Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) (LP: #1822870) - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 - powerpc/fsl: Fix spectre_v2 mitigations reporting - powerpc: Avoid code patching freed init sections * Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) (LP: #1822870) // Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) (LP: #1822870) // Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) (LP: #1822870) - powerpc/security: Fix spectre_v2 reporting * CVE-2019-3874 - sctp: use sk_wmem_queued to check for writable space - sctp: implement memory accounting on tx path - sctp: implement memory accounting on rx path * NULL pointer dereference when using z3fold and zswap (LP: #1814874) - z3fold: fix possible reclaim races * Kprobe event argument syntax in ftrace from ubuntu_kernel_selftests failed on B PowerPC (LP: #1812809) - selftests/ftrace: Add ppc support for kprobe args tests * The Realtek card reader does not enter PCIe 1.1/1.2 (LP: #1825487) - misc: rtsx: make various functions static - misc: rtsx: Enable OCP for rts522a rts524a rts525a rts5260 - SAUCE: misc: rtsx: Fixed rts5260 power saving parameter and sd glitch * headset-mic doesn't work on two Dell laptops. (LP: #1825272) - ALSA: hda/realtek - add two more pin configuration sets to quirk table * CVE-2018-16884 - sunrpc: use SVC_NET() in svcauth_gss_* functions - sunrpc: use-after-free in svc_process_common() * sky2 ethernet card don't work after returning from suspension (LP: #1798921) - sky2: Increase D3 delay again * CVE-2019-9500 - brcmfmac: assure SSID length from firmware is limited * CVE-2019-9503 - brcmfmac: add subtype check for event handling in data path * CVE-2019-3882 - vfio/type1: Limit DMA mappings per container * Intel I210 Ethernet card not working after hotplug [8086:1533] (LP: #1818490) - igb: Fix WARN_ONCE on runtime suspend * bionic, xenial/hwe: misses "fuse: fix initial parallel dirops" patch (LP: #1823972) - fuse: fix initial parallel dirops * amdgpu resume failure: failed to allocate wb slot (LP: #1825074) - drm/amdgpu: fix&cleanups for wb_clear * Pop noise when headset is plugged in or removed from GHS/Line-out jack (LP: #1821290) - ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 - ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO - ALSA: hda/realtek - Add support headset mode for New DELL WYSE NB * mac80211_hwsim unable to handle kernel NULL pointer dereference at0000000000000000 (LP: #1825058) - mac80211_hwsim: Timer should be initialized before device registered * [regression][snd_hda_codec_realtek] repeating crackling noise after 19.04 upgrade (LP: #1821663) - ALSA: hda: Add Intel NUC7i3BNB to the power_save blacklist - ALSA: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist - ALSA: hda - Add two more machines to the power_save_blacklist * ubuntu_nbd_smoke_test failed on P9 with Bionic kernel (LP: #1822247) - nbd: fix how we set bd_invalidated * TSC clocksource not available in nested guests (LP: #1822821) - kvmclock: fix TSC calibration for nested guests * 4.15 kernel ip_vs --ops causes performance and hang problem (LP: #1819786) - ipvs: fix refcount usage for conns in ops mode * systemd cause kernel trace "BUG: unable to handle kernel paging request at 6db23a14" on Cosmic i386 (LP: #1813244) // systemd cause kernel trace "BUG: unable to handle kernel paging request at 6db23a14" on Cosmic i386 (LP: #1813244) - openvswitch: fix flow actions reallocation -- Stefan Bader <stefan.ba...@canonical.com> Mon, 06 May 2019 18:59:24 +0200 ** Changed in: linux (Ubuntu Bionic) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5753 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12126 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12127 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12130 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16884 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3620 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3646 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-3874 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-3882 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9500 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9503 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-oem in Ubuntu. https://bugs.launchpad.net/bugs/1819921 Title: [SRU] [B/OEM] Fix ACPI bug that causes boot failure Status in HWE Next: New Status in linux package in Ubuntu: Incomplete Status in linux-oem package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux-oem source package in Bionic: Fix Released Bug description: V2: Fix non-x86 building error. [Impact] Some lenovo laptops failed to boot at a very early stage, only blackscreen shown. [Fix] Some system BIOS set definition in if statement, it would be deferred to be loaded. Some devices would not work properly and cause a system lockup. add a quirk for these laptops to execute all acpi tables and make system work properly. [Test] Tested on several laptops, the laptop that failed to boot boots well. Other laptops still works fine. [Regression Potential] SAUCE patch.Low, specific changes depends on hardware. Upstream fix: commit 5a8361f7ecceaed64b4064000d16cb703462be49 Author: Schmauss, Erik <erik.schma...@intel.com> Date: Thu Feb 15 13:09:30 2018 -0800 ACPICA: Integrate package handling with module-level code Due to the lots of changes in this commit and other regressions concern So made a sauce patch in Bionic kernel with the specific BIOS series. Verified on several laptops. Fix boot failure and no regression found. The upstream fix is in 4.17-rc1, so only Bionic/OEM 4.15 kernels need it. To manage notifications about this bug go to: https://bugs.launchpad.net/hwe-next/+bug/1819921/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp