This bug was fixed in the package linux-gcp - 5.0.0-1025.26~18.04.1 --------------- linux-gcp (5.0.0-1025.26~18.04.1) bionic; urgency=medium
[ Ubuntu: 5.0.0-1025.26 ] * CVE-2019-11135 - [Config] gcp: Disable TSX by default when possible * [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout setting (LP: #1849682) - SAUCE: Fix revert "md/raid0: avoid RAID0 data corruption due to layout confusion." * refcount underflow and type confusion in shiftfs (LP: #1850867) // CVE-2019-15793 - SAUCE: shiftfs: Correct id translation for lower fs operations - SAUCE: shiftfs: prevent type confusion - SAUCE: shiftfs: Fix refcount underflow in btrfs ioctl handling * CVE-2018-12207 - kvm: Convert kvm_lock to a mutex - kvm: x86: Do not release the page inside mmu_set_spte() - KVM: x86: make FNAME(fetch) and __direct_map more similar - KVM: x86: remove now unneeded hugepage gfn adjustment - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON - KVM: x86: add tracepoints around __direct_map and FNAME(fetch) - kvm: x86, powerpc: do not allow clearing largepages debugfs entry - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation - SAUCE: kvm: Add helper function for creating VM worker threads - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT * CVE-2019-11135 - KVM: x86: use Intel speculation bugs and features as derived in generic x86 code - x86/msr: Add the IA32_TSX_CTRL MSR - x86/cpu: Add a helper function x86_read_arch_cap_msr() - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default - x86/speculation/taa: Add mitigation for TSX Async Abort - x86/speculation/taa: Add sysfs reporting for TSX Async Abort - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled - x86/tsx: Add "auto" option to the tsx= cmdline parameter - x86/speculation/taa: Add documentation for TSX Async Abort - x86/tsx: Add config options to set tsx=on|off|auto - SAUCE: x86/speculation/taa: Call tsx_init() - [Config] Disable TSX by default when possible * CVE-2019-0154 - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA * CVE-2019-0155 - SAUCE: drm/i915: Rename gen7 cmdparser tables - SAUCE: drm/i915: Disable Secure Batches for gen6+ - SAUCE: drm/i915: Remove Master tables from cmdparser - SAUCE: drm/i915: Add support for mandatory cmdparsing - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers - SAUCE: drm/i915: Allow parsing of unsized batches - SAUCE: drm/i915: Add gen9 BCS cmdparsing - SAUCE: drm/i915/cmdparser: Use explicit goto for error paths - SAUCE: drm/i915/cmdparser: Add support for backward jumps - SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching * disco/linux: <version to be filled> -proposed tracker (LP: #1850574) * [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout setting (LP: #1849682) - Revert "md/raid0: avoid RAID0 data corruption due to layout confusion." linux-gcp (5.0.0-1024.24~18.04.1) bionic; urgency=medium * bionic/linux-gcp: 5.0.0-1024.24~18.04.1 -proposed tracker (LP: #1848992) [ Ubuntu: 5.0.0-1024.24 ] * disco/linux-gcp: 5.0.0-1024.24 -proposed tracker (LP: #1848995) * Disco update: upstream stable patchset 2019-10-18 (LP: #1848817) - [Config] updateconfigs for SOUNDWIRE * CONFIG_ANDROID_BINDER_IPC=m is missing in the GCP rolling kernel for bionic (LP: #1849493) - [Config] Enable binder and ashmem as modules * disco/linux: 5.0.0-33.35 -proposed tracker (LP: #1849003) * Disco update: upstream stable patchset 2019-10-18 (LP: #1848817) - tpm: use tpm_try_get_ops() in tpm-sysfs.c. - drm/bridge: tc358767: Increase AUX transfer length limit - drm/panel: simple: fix AUO g185han01 horizontal blanking - video: ssd1307fb: Start page range at page_offset - drm/stm: attach gem fence to atomic state - drm/panel: check failure cases in the probe func - drm/rockchip: Check for fast link training before enabling psr - drm/radeon: Fix EEH during kexec - gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() - PCI: rpaphp: Avoid a sometimes-uninitialized warning - ipmi_si: Only schedule continuously in the thread in maintenance mode - clk: qoriq: Fix -Wunused-const-variable - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks - drm/amd/display: fix issue where 252-255 values are clipped - drm/amd/display: reprogram VM config when system resume - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window - clk: actions: Don't reference clk_init_data after registration - clk: sirf: Don't reference clk_init_data after registration - clk: sprd: Don't reference clk_init_data after registration - clk: zx296718: Don't reference clk_init_data after registration - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL - powerpc/rtas: use device model APIs and serialization during LPM - powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function - powerpc/pseries/mobility: use cond_resched when updating device tree - pinctrl: tegra: Fix write barrier placement in pmx_writel - powerpc/eeh: Clear stale EEH_DEV_NO_HANDLER flag - vfio_pci: Restore original state on release - drm/nouveau/volt: Fix for some cards having 0 maximum voltage - pinctrl: amd: disable spurious-firing GPIO IRQs - clk: renesas: mstp: Set GENPD_FLAG_ALWAYS_ON for clock domain - clk: renesas: cpg-mssr: Set GENPD_FLAG_ALWAYS_ON for clock domain - drm/amd/display: support spdif - drm/amdgpu/si: fix ASIC tests - powerpc/64s/exception: machine check use correct cfar for late handler - pstore: fs superblock limits - clk: qcom: gcc-sdm845: Use floor ops for sdcc clks - powerpc/pseries: correctly track irq state in default idle - pinctrl: meson-gxbb: Fix wrong pinning definition for uart_c - arm64: fix unreachable code issue with cmpxchg - clk: at91: select parent if main oscillator or bypass is enabled - powerpc: dump kernel log before carrying out fadump or kdump - mbox: qcom: add APCS child device for QCS404 - clk: sprd: add missing kfree - scsi: core: Reduce memory required for SCSI logging - dma-buf/sw_sync: Synchronize signal vs syncpt free - ext4: fix potential use after free after remounting with noblock_validity - MIPS: Ingenic: Disable broken BTB lookup optimization. - MIPS: tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean - i2c-cht-wc: Fix lockdep warning - PCI: tegra: Fix OF node reference leak - HID: wacom: Fix several minor compiler warnings - livepatch: Nullify obj->mod in klp_module_coming()'s error path - ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes - soundwire: intel: fix channel number reported by hardware - ARM: 8875/1: Kconfig: default to AEABI w/ Clang - rtc: snvs: fix possible race condition - rtc: pcf85363/pcf85263: fix regmap error in set_time - HID: apple: Fix stuck function keys when using FN - PCI: rockchip: Propagate errors for optional regulators - PCI: histb: Propagate errors for optional regulators - PCI: imx6: Propagate errors for optional regulators - PCI: exynos: Propagate errors for optional PHYs - security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb() - ARM: 8903/1: ensure that usable memory in bank 0 starts from a PMD-aligned address - fat: work around race with userspace's read via blockdev while mounting - pktcdvd: remove warning on attempting to register non-passthrough dev - hypfs: Fix error number left in struct pointer member - crypto: hisilicon - Fix double free in sec_free_hw_sgl() - kbuild: clean compressed initramfs image - ocfs2: wait for recovering done after direct unlock request - kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K - arm64: consider stack randomization for mmap base only when necessary - mips: properly account for stack randomization and stack guard gap - arm: properly account for stack randomization and stack guard gap - arm: use STACK_TOP when computing mmap base address - bpf: fix use after free in prog symbol exposure - cxgb4:Fix out-of-bounds MSI-X info array access - erspan: remove the incorrect mtu limit for erspan - hso: fix NULL-deref on tty open - ipv6: drop incoming packets having a v4mapped source address - ipv6: Handle missing host route in __ipv6_ifa_notify - net: ipv4: avoid mixed n_redirects and rate_tokens usage - net: qlogic: Fix memory leak in ql_alloc_large_buffers - net: Unpublish sk from sk_reuseport_cb before call_rcu - nfc: fix memory leak in llcp_sock_bind() - qmi_wwan: add support for Cinterion CLS8 devices - rxrpc: Fix rxrpc_recvmsg tracepoint - sch_dsmark: fix potential NULL deref in dsmark_init() - udp: fix gso_segs calculations - vsock: Fix a lockdep warning in __vsock_release() - net: dsa: rtl8366: Check VLAN ID and not ports - udp: only do GSO if # of segs > 1 - net/rds: Fix error handling in rds_ib_add_one() - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() - tipc: fix unlimited bundling of small messages - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash - soundwire: Kconfig: fix help format - soundwire: fix regmap dependencies and align with other serial links - Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set - smack: use GFP_NOFS while holding inode_smack::smk_lock - NFC: fix attrs checks in netlink interface - kexec: bail out upon SIGKILL when allocating memory. - 9p/cache.c: Fix memory leak in v9fs_cache_session_get_cookie - drm/vkms: Fix crc worker races - drm/vkms: Avoid assigning 0 for possible_crtc - drm/amd/display: add monitor patch to add T7 delay - drm/tinydrm/Kconfig: drivers: Select BACKLIGHT_CLASS_DEVICE - clk: imx8mq: Mark AHB clock as critical - drm/amd/display: Fix frames_to_insert math - clk: meson: axg-audio: Don't reference clk_init_data after registration - powerpc/64s/radix: Fix memory hotplug section page table creation - selftests/powerpc: Retry on host facility unavailable - powerpc/eeh: Clean up EEH PEs after recovery finishes - mailbox: mediatek: cmdq: clear the event in cmdq initial flow - clk: Make clk_bulk_get_all() return a valid "id" - f2fs: fix to drop meta/node pages during umount - MIPS: Don't use bc_false uninitialized in __mm_isBranchInstr - PCI: pci-hyperv: Fix build errors on non-SYSFS config - PCI: Add pci_info_ratelimited() to ratelimit PCI separately - PCI: Use static const struct, not const static struct - ARM: 8905/1: Emit __gnu_mcount_nc when using Clang 10.0.0 or newer - KVM: hyperv: Fix Direct Synthetic timers assert an interrupt w/o lapic_in_kernel - clk: ingenic/jz4740: Fix "pll half" divider not read/written properly - clk: sunxi: Don't call clk_hw_get_name() on a hw that isn't registered - ARM: dts: dir685: Drop spi-cpol from the display - mm: add dummy can_do_mlock() helper - [Config] updateconfigs for SOUNDWIRE * [CML] New device IDs for CML-U (LP: #1843774) - spi-nor: intel-spi: Add support for Intel Comet Lake SPI serial flash * [CML-U] Comet lake platform need ISH driver support (LP: #1843775) - HID: intel-ish-hid: Add Comet Lake PCI device ID * CVE-2019-17666 - SAUCE: rtlwifi: rtl8822b: Fix potential overflow on P2P code - SAUCE: rtlwifi: Fix potential overflow on P2P code * md raid0/linear doesn't show error state if an array member is removed and allows successful writes (LP: #1847773) - md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone * seccomp: add SECCOMP_USER_NOTIF_FLAG_CONTINUE (LP: #1847744) - SAUCE: seccomp: add SECCOMP_USER_NOTIF_FLAG_CONTINUE - SAUCE: seccomp: test SECCOMP_USER_NOTIF_FLAG_CONTINUE * Change Config Option CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE for s390x from yes to no (LP: #1848492) - [Config] Change Config Option CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE for s390x from yes to no * fdatasync performance regression on 5.0 kernels (LP: #1847641) - blk-wbt: fix performance regression in wbt scale_up/scale_down * bcache: Performance degradation when querying priority_stats (LP: #1840043) - bcache: add cond_resched() in __bch_cache_cmp() * Add installer support for iwlmvm adapters (LP: #1848236) - d-i: Add iwlmvm to nic-modules * Check for CPU Measurement sampling (LP: #1847590) - s390/cpumsf: Check for CPU Measurement sampling * Disco update: upstream stable patchset 2019-10-16 (LP: #1848367) - arcnet: provide a buffer big enough to actually receive packets - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize - macsec: drop skb sk before calling gro_cells_receive - net/phy: fix DP83865 10 Mbps HDX loopback disable function - net: qrtr: Stop rx_worker before freeing node - net/sched: act_sample: don't push mac header on ip6gre ingress - net_sched: add max len check for TCA_KIND - nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC - ppp: Fix memory leak in ppp_write - sch_netem: fix a divide by zero in tabledist() - skge: fix checksum byte order - usbnet: ignore endpoints with invalid wMaxPacketSize - usbnet: sanity checking of packet sizes and device mtu - net: sched: fix possible crash in tcf_action_destroy() - tcp: better handle TCP_USER_TIMEOUT in SYN_SENT state - net/mlx5: Add device ID of upcoming BlueField-2 - nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs - ALSA: hda: Flush interrupts on disabling - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg - ASoC: tlv320aic31xx: suppress error message for EPROBE_DEFER - ASoC: sgtl5000: Fix of unmute outputs on probe - ASoC: sgtl5000: Fix charge pump source assignment - firmware: qcom_scm: Use proper types for dma mappings - dmaengine: bcm2835: Print error in case setting DMA mask fails - leds: leds-lp5562 allow firmware files up to the maximum length - media: dib0700: fix link error for dibx000_i2c_set_speed - media: mtk-cir: lower de-glitch counter for rc-mm protocol - media: exynos4-is: fix leaked of_node references - media: hdpvr: Add device num check and handling - media: i2c: ov5640: Check for devm_gpiod_get_optional() error - time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint - sched/fair: Fix imbalance due to CPU affinity - sched/core: Fix CPU controller for !RT_GROUP_SCHED - x86/apic: Make apic_pending_intr_clear() more robust - sched/deadline: Fix bandwidth accounting at all levels after offline migration - x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails - x86/apic: Soft disable APIC before initializing it - ALSA: hda - Show the fatal CORB/RIRB error more clearly - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() - EDAC/mc: Fix grain_bits calculation - media: iguanair: add sanity checks - base: soc: Export soc_device_register/unregister APIs - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid - ia64:unwind: fix double free for mod->arch.init_unw_table - EDAC/altera: Use the proper type for the IRQ status bits - ASoC: rsnd: don't call clk_get_rate() under atomic context - arm64/prefetch: fix a -Wtype-limits warning - md/raid1: end bio when the device faulty - md: don't call spare_active in md_reap_sync_thread if all member devices can't work - md: don't set In_sync if array is frozen - media: media/platform: fsl-viu.c: fix build for MICROBLAZE - ACPI / processor: don't print errors for processorIDs == 0xff - loop: Add LOOP_SET_DIRECT_IO to compat ioctl - EDAC, pnd2: Fix ioremap() size in dnv_rd_reg() - efi: cper: print AER info of PCIe fatal error - firmware: arm_scmi: Check if platform has released shmem before using - sched/fair: Use rq_lock/unlock in online_fair_sched_group - idle: Prevent late-arriving interrupts from disrupting offline - media: gspca: zero usb_buf on error - perf config: Honour $PERF_CONFIG env var to specify alternate .perfconfig - perf test vfs_getname: Disable ~/.perfconfig to get default output - media: mtk-mdp: fix reference count on old device tree - media: fdp1: Reduce FCP not found message level to debug - media: em28xx: modules workqueue not inited for 2nd device - media: rc: imon: Allow iMON RC protocol for ffdc 7e device - dmaengine: iop-adma: use correct printk format strings - perf record: Support aarch64 random socket_id assignment - media: vsp1: fix memory leak of dl on error return path - media: i2c: ov5645: Fix power sequence - media: omap3isp: Don't set streaming state on random subdevs - media: imx: mipi csi-2: Don't fail if initial state times-out - net: lpc-enet: fix printk format strings - m68k: Prevent some compiler warnings in Coldfire builds - ARM: dts: imx7d: cl-som-imx7: make ethernet work again - ARM: dts: imx7-colibri: disable HS400 - media: radio/si470x: kill urb on error - media: hdpvr: add terminating 0 at end of string - ASoC: uniphier: Fix double reset assersion when transitioning to suspend state - tools headers: Fixup bitsperlong per arch includes - ASoC: sun4i-i2s: Don't use the oversample to calculate BCLK - led: triggers: Fix a memory leak bug - nbd: add missing config put - media: mceusb: fix (eliminate) TX IR signal length limit - media: dvb-frontends: use ida for pll number - posix-cpu-timers: Sanitize bogus WARNONS - media: dvb-core: fix a memory leak bug - libperf: Fix alignment trap with xyarray contents in 'perf stat' - EDAC/amd64: Recognize DRAM device type ECC capability - EDAC/amd64: Decode syndrome before translating address - PM / devfreq: passive: Use non-devm notifiers - PM / devfreq: exynos-bus: Correct clock enable sequence - media: cec-notifier: clear cec_adap in cec_notifier_unregister - media: saa7146: add cleanup in hexium_attach() - media: cpia2_usb: fix memory leaks - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() - perf trace beauty ioctl: Fix off-by-one error in cmd->string table - media: ov9650: add a sanity check - ASoC: es8316: fix headphone mixer volume table - ACPI / CPPC: do not require the _PSD method - sched/cpufreq: Align trace event behavior of fast switching - x86/apic/vector: Warn when vector space exhaustion breaks affinity - arm64: kpti: ensure patched kernel text is fetched from PoU - x86/mm/pti: Do not invoke PTI functions when PTI is disabled - ASoC: fsl_ssi: Fix clock control issue in master mode - x86/mm/pti: Handle unaligned address gracefully in pti_clone_pagetable() - nvmet: fix data units read and written counters in SMART log - nvme-multipath: fix ana log nsid lookup when nsid is not found - ALSA: firewire-motu: add support for MOTU 4pre - iommu/amd: Silence warnings under memory pressure - libata/ahci: Drop PCS quirk for Denverton and beyond - iommu/iova: Avoid false sharing on fq_timer_on - libtraceevent: Change users plugin directory - ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks - ACPI: custom_method: fix memory leaks - ACPI / PCI: fix acpi_pci_irq_enable() memory leak - closures: fix a race on wakeup from closure_sync - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' - md/raid1: fail run raid1 array when active disk less than one - dmaengine: ti: edma: Do not reset reserved paRAM slots - kprobes: Prohibit probing on BUG() and WARN() address - s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding - x86/cpu: Add Tiger Lake to Intel family - platform/x86: intel_pmc_core: Do not ioremap RAM - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set - raid5: don't set STRIPE_HANDLE to stripe which is in batch list - mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD - mmc: sdhci: Fix incorrect switch to HS mode - mmc: core: Add helper function to indicate if SDIO IRQs is enabled - mmc: dw_mmc: Re-store SDIO IRQs mask at system resume - raid5: don't increment read_errors on EILSEQ return - libertas: Add missing sentinel at end of if_usb.c fw_table - ALSA: hda - Drop unsol event handler for Intel HDMI codecs - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 - btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type - media: omap3isp: Set device on omap3isp subdevs - PM / devfreq: passive: fix compiler warning - iwlwifi: fw: don't send GEO_TX_POWER_LIMIT command to FW version 36 - ALSA: firewire-tascam: handle error code when getting current source of clock - ALSA: firewire-tascam: check intermediate state of clock status and retry - scsi: scsi_dh_rdac: zero cdb in send_mode_select() - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag - printk: Do not lose last line in kmsg buffer dump - IB/mlx5: Free mpi in mp_slave mode - IB/hfi1: Define variables as unsigned long to fix KASAN warning - randstruct: Check member structs in is_pure_ops_struct() - Revert "ceph: use ceph_evict_inode to cleanup inode's resource" - ceph: use ceph_evict_inode to cleanup inode's resource - ALSA: hda/realtek - PCI quirk for Medion E4254 - blk-mq: add callback of .cleanup_rq - scsi: implement .cleanup_rq callback - powerpc/imc: Dont create debugfs files for cpu-less nodes - fuse: fix missing unlock_page in fuse_writepage() - parisc: Disable HP HSC-PCI Cards to prevent kernel crash - KVM: x86: always stop emulation on page fault - KVM: x86: set ctxt->have_exception in x86_decode_insn() - KVM: x86: Manually calculate reserved bits when loading PDPTRS - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table - media: don't drop front-end reference count for ->detach - binfmt_elf: Do not move brk for INTERP-less ET_EXEC - ASoC: Intel: NHLT: Fix debug print format - ASoC: Intel: Skylake: Use correct function to access iomem space - ASoC: Intel: Fix use of potentially uninitialized variable - ARM: samsung: Fix system restart on S3C6410 - ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up - arm64: tlb: Ensure we execute an ISB following walk cache invalidation - arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328 - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP - regulator: Defer init completion for a while after late_initcall - efifb: BGRT: Improve efifb_bgrt_sanity_check - gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps - memcg, oom: don't require __GFP_FS when invoking memcg OOM killer - memcg, kmem: do not fail __GFP_NOFAIL charges - i40e: check __I40E_VF_DISABLE bit in i40e_sync_filters_subtask - block: fix null pointer dereference in blk_mq_rq_timed_out() - smb3: allow disabling requesting leases - ovl: Fix dereferencing possible ERR_PTR() - ovl: filter of trusted xattr results in audit - btrfs: fix allocation of free space cache v1 bitmap pages - Btrfs: fix use-after-free when using the tree modification log - btrfs: Relinquish CPUs in btrfs_compare_trees - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls - Btrfs: fix race setting up and completing qgroup rescan workers - md/raid6: Set R5_ReadError when there is read failure on parity disk - md: don't report active array_state until after revalidate_disk() completes. - md: only call set_in_sync() when it is expected to succeed. - cfg80211: Purge frame registrations on iftype change - /dev/mem: Bail out upon SIGKILL. - ext4: fix warning inside ext4_convert_unwritten_extents_endio - ext4: fix punch hole for inline_data file systems - quota: fix wrong condition in is_quota_modification() - hwrng: core - don't wait on add_early_randomness() - i2c: riic: Clear NACK in tend isr - CIFS: fix max ea value size - CIFS: Fix oplock handling for SMB 2.1+ protocols - md/raid0: avoid RAID0 data corruption due to layout confusion. - fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock - mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone - drm/amd/display: Restore backlight brightness after system resume - selftests: Update fib_tests to handle missing ping6 - vrf: Do not attempt to create IPv6 mcast rule if IPv6 is disabled - net/mlx5e: Fix traffic duplication in ethtool steering - media: vivid:add sanity check to avoid divide error and set value to 1 if 0. - media: vb2: reorder checks in vb2_poll() - media: vivid: work around high stack usage with clang - rcu/tree: Call setschedule() gp ktread to SCHED_FIFO outside of atomic region - arm64: mm: free the initrd reserved memblock in a aligned manner - soc: amlogic: meson-clk-measure: protect measure with a mutex - RAS: Build debugfs.o only when enabled in Kconfig - ASoC: hdac_hda: fix page fault issue by removing race - perf tools: Fix paths in include statements - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling - media: i2c: tda1997x: prevent potential NULL pointer access - arm64/efi: Move variable assignments after SECTIONS - ARM: xscale: fix multi-cpu compilation - kasan/arm64: fix CONFIG_KASAN_SW_TAGS && KASAN_INLINE - x86/platform/intel/iosf_mbi Rewrite locking - powerpc/Makefile: Always pass --synthetic to nm if supported - ACPI / APEI: Release resources if gen_pool_add() fails - ARM: at91: move platform-specific asm-offset.h to arch/arm/mach-at91 - soc: renesas: rmobile-sysc: Set GENPD_FLAG_ALWAYS_ON for always-on domain - soc: renesas: Enable ARM_ERRATA_754322 for affected Cortex-A9 - PM / devfreq: Fix kernel oops on governor module load - media: aspeed-video: address a protential usage of an unitialized var - ASoC: Intel: Haswell: Adjust machine device private context - x86/amd_nb: Add PCI device IDs for family 17h, model 70h - hwmon: (k10temp) Add support for AMD family 17h, model 70h CPUs - block: make rq sector size accessible for block stats - mmc: mtk-sd: Re-store SDIO IRQs mask at system resume - drm: fix module name in edid_firmware log message - zd1211rw: remove false assertion from zd_mac_clear() - btrfs: delayed-inode: Kill the BUG_ON() in btrfs_delete_delayed_dir_index() - kvm: Nested KVM MMUs need PAE root too - ARM: dts: logicpd-torpedo-baseboard: Fix missing video - ARM: omap2plus_defconfig: Fix missing video - ARM: dts: am3517-evm: Fix missing video - rcu/tree: Fix SCHED_FIFO params - fuse: fix beyond-end-of-page access in fuse_parse_cache() - KVM: x86: Disable posted interrupts for non-standard IRQs delivery modes - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours - iommu/arm-smmu-v3: Disable detection of ATS and PRI - mt76: round up length on mt76_wr_copy - ath10k: fix channel info parsing for non tlv target - block: mq-deadline: Fix queue restart handling - btrfs: adjust dirty_metadata_bytes after writeback failure of extent buffer - SUNRPC: Fix buffer handling of GSS MIC without slack - ACPI / LPSS: Save/restore LPSS private registers also on Lynxpoint - fs: Export generic_fadvise() - mm: Handle MADV_WILLNEED through vfs_fadvise() - xfs: Fix stale data exposure when readahead races with hole punch - ipmi: move message error checking to avoid deadlock * ELAN469D touch pad not working (LP: #1795292) // Ubuntu won't boot on Dell Inspiron 7375 (LP: #1837688) // Disco update: upstream stable patchset 2019-10-16 (LP: #1848367) - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems * intel-lpss driver conflicts with write-combining MTRR region (LP: #1845584) - SAUCE: mfd: intel-lpss: add quirk for Dell XPS 13 7390 2-in-1 * Fix non-working Realtek USB ethernet after system resume (LP: #1847063) - r8152: remove extra action copying ethernet address - r8152: Refresh MAC address during USBDEVFS_RESET - r8152: Set macpassthru in reset_resume callback * overlayfs: allow with shiftfs as underlay (LP: #1846272) - SAUCE: overlayfs: allow with shiftfs as underlay * [regression] NoNewPrivileges incompatible with Apparmor (LP: #1844186) - SAUCE: apparmor: fix nnp subset test for unconfined * PM / hibernate: fix potential memory corruption (LP: #1847118) - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation * xHCI on AMD Stoney Ridge cannot detect USB 2.0 or 1.1 devices. (LP: #1846470) - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect * CVE-2019-17056 - nfc: enforce CAP_NET_RAW for raw sockets * CVE-2019-17055 - mISDN: enforce CAP_NET_RAW for raw sockets * CVE-2019-17054 - appletalk: enforce CAP_NET_RAW for raw sockets * CVE-2019-17053 - ieee802154: enforce CAP_NET_RAW for raw sockets * CVE-2019-17052 - ax25: enforce CAP_NET_RAW for raw sockets * CVE-2019-15098 - ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() * Disco update: upstream stable patchset 2019-10-10 (LP: #1847663) - Revert "Bluetooth: validate BLE connection interval updates" - net/ibmvnic: free reset work of removed device from queue - powerpc/xive: Fix bogus error code returned by OPAL - drm/amd/display: readd -msse2 to prevent Clang from emitting libcalls to undefined SW FP routines - HID: prodikeys: Fix general protection fault during probe - HID: sony: Fix memory corruption issue on cleanup. - HID: logitech: Fix general protection fault caused by Logitech driver - HID: hidraw: Fix invalid read in hidraw_ioctl - HID: Add quirk for HP X500 PIXART OEM mouse - mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword() - crypto: talitos - fix missing break in switch statement - CIFS: fix deadlock in cached root handling - ASoC: Intel: cht_bsw_max98090_ti: Enable codec clock once and keep it enabled - ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt() - ALSA: usb-audio: Add Hiby device family to quirks for native DSD support - ALSA: usb-audio: Add DSD support for EVGA NU Audio - ALSA: dice: fix wrong packet parameter for Alesis iO26 - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop - ALSA: hda - Apply AMD controller workaround for Raven platform - objtool: Clobber user CFLAGS variable - irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices - f2fs: check all the data segments against all node ones - PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() - initramfs: don't free a non-existent initrd - Revert "f2fs: avoid out-of-range memory access" - dm zoned: fix invalid memory access - net/ibmvnic: Fix missing { in __ibmvnic_reset - f2fs: fix to do sanity check on segment bitmap of LFS curseg - drm: Flush output polling on shutdown - net: don't warn in inet diag when IPV6 is disabled - Bluetooth: btrtl: HCI reset on close for Realtek BT chip - ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35 - drm/nouveau/disp/nv50-: fix center/aspect-corrected scaling - xfs: don't crash on null attr fork xfs_bmapi_read - netfilter: nft_socket: fix erroneous socket assignment - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices - net_sched: check cops->tcf_block in tc_bind_tclass() - net/rds: An rds_sock is added too early to the hash table - net/rds: Check laddr_check before calling it - f2fs: use generic EFSBADCRC/EFSCORRUPTED - phy: qcom-qmp: Raise qcom_qmp_phy_enable() polling delay - drm/amd/display: Allow cursor async updates for framebuffer swaps - drm/amd/display: Skip determining update type for async updates - drm/amd/display: Don't replace the dc_state for fast updates - platform/x86: i2c-multi-instantiate: Derive the device name from parent - drm/dp: Add DP_DPCD_QUIRK_NO_SINK_COUNT - xfrm: policy: avoid warning splat when merging nodes * Disco update: upstream stable patchset 2019-10-01 (LP: #1846277) - netfilter: nf_flow_table: set default timeout after successful insertion - HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID - powerpc/mm/radix: Use the right page size for vmemmap mapping - USB: usbcore: Fix slab-out-of-bounds bug during device reset - media: tm6000: double free if usb disconnect while streaming - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current - ip6_gre: fix a dst leak in ip6erspan_tunnel_xmit - udp: correct reuseport selection with connected sockets - xen-netfront: do not assume sk_buff_head list is empty in error handling - net_sched: let qdisc_put() accept NULL pointer - firmware: google: check if size is valid when decoding VPD data - serial: sprd: correct the wrong sequence of arguments - tty/serial: atmel: reschedule TX after RX was started - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds - ieee802154: hwsim: Fix error handle path in hwsim_init_module - ieee802154: hwsim: unregister hw while hwsim_subscribe_all_others fails - ARM: dts: am57xx: Disable voltage switching for SD card - ARM: OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss - bus: ti-sysc: Fix using configured sysc mask value - s390/bpf: fix lcgr instruction encoding - ARM: OMAP2+: Fix omap4 errata warning on other SoCs - ARM: dts: dra74x: Fix iodelay configuration for mmc3 - ARM: OMAP1: ams-delta-fiq: Fix missing irq_ack - bus: ti-sysc: Simplify cleanup upon failures in sysc_probe() - s390/bpf: use 32-bit index for tail calls - selftests/bpf: fix "bind{4, 6} deny specific IP & port" on s390 - tools: bpftool: close prog FD before exit on showing a single program - fpga: altera-ps-spi: Fix getting of optional confd gpio - netfilter: ebtables: Fix argument order to ADD_COUNTER - netfilter: nft_flow_offload: missing netlink attribute policy - netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info - NFSv4: Fix return values for nfs4_file_open() - NFSv4: Fix return value in nfs_finish_open() - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup - Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105 - xdp: unpin xdp umem pages in error path - qed: Add cleanup in qed_slowpath_start() - ARM: 8874/1: mm: only adjust sections of valid mm structures - batman-adv: Only read OGM2 tvlv_len after buffer len check - bpf: allow narrow loads of some sk_reuseport_md fields with offset > 0 - r8152: Set memory to all 0xFFs on failed reg reads - x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines - netfilter: xt_physdev: Fix spurious error message in physdev_mt_check - netfilter: nf_conntrack_ftp: Fix debug output - NFSv2: Fix eof handling - NFSv2: Fix write regression - kallsyms: Don't let kallsyms_lookup_size_offset() fail on retrieving the first symbol - cifs: set domainName when a domain-key is used in multiuser - cifs: Use kzfree() to zero out the password - usb: host: xhci-tegra: Set DMA mask correctly - ARM: 8901/1: add a criteria for pfn_valid of arm - ibmvnic: Do not process reset during or after device removal - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) - i2c: designware: Synchronize IRQs when unregistering slave client - perf/x86/intel: Restrict period on Nehalem - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops - amd-xgbe: Fix error path in xgbe_mod_init() - tools/power x86_energy_perf_policy: Fix "uninitialized variable" warnings at -O2 - tools/power x86_energy_perf_policy: Fix argument parsing - tools/power turbostat: fix buffer overrun - net: aquantia: fix out of memory condition on rx side - net: seeq: Fix the function used to release some memory in an error handling path - dmaengine: ti: dma-crossbar: Fix a memory leak bug - dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe() - x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation - x86/hyper-v: Fix overflow bug in fill_gva_list() - keys: Fix missing null pointer check in request_key_auth_describe() - iommu/amd: Flush old domains in kdump kernel - iommu/amd: Fix race in increase_address_space() - ovl: fix regression caused by overlapping layers detection - floppy: fix usercopy direction - binfmt_elf: move brk out of mmap when doing direct loader exec - SUNRPC: Handle connection breakages correctly in call_status() - nfs: disable client side deduplication - net: aquantia: fix limit of vlan filters - net: dsa: Fix load order between DSA drivers and taggers - ARM: dts: Fix flags for gpio7 - bus: ti-sysc: Handle devices with no control registers - ARM: dts: Fix incorrect dcan register mapping for am3, am4 and dra7 - ARM: dts: am335x: Fix UARTs length - ARM: dts: Fix incomplete dts data for am3 and am4 mmc - selftests/bpf: fix test_cgroup_storage on s390 - flow_dissector: Fix potential use-after-free on BPF_PROG_DETACH - drm/amdgpu: fix dma_fence_wait without reference - netfilter: conntrack: make sysctls per-namespace again - drm/amd/powerplay: correct Vega20 dpm level related settings - libceph: don't call crypto_free_sync_skcipher() on a NULL tfm - i2c: iproc: Stop advertising support of SMBUS quick cmd - netfilter: nf_flow_table: clear skb tstamp before xmit - tools/power turbostat: Fix Haswell Core systems - net: aquantia: fix removal of vlan 0 - net: aquantia: reapply vlan filters on up - arm64: dts: renesas: r8a77995: draak: Fix backlight regulator name - dmaengine: sprd: Fix the DMA link-list configuration - dmaengine: rcar-dmac: Fix DMACHCLR handling if iommu is mapped - Revert "arm64: Remove unnecessary ISBs from set_{pte,pmd,pud}" -- Stefan Bader <stefan.ba...@canonical.com> Mon, 11 Nov 2019 13:52:26 +0100 ** Changed in: linux-gcp (Ubuntu Bionic) Status: Confirmed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12207 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-0154 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-0155 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11135 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-15098 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-15793 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-17052 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-17053 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-17054 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-17055 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-17056 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-17666 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-gcp in Ubuntu. https://bugs.launchpad.net/bugs/1848992 Title: bionic/linux-gcp: 5.0.0-1024.24~18.04.1 -proposed tracker Status in Kernel SRU Workflow: In Progress Status in Kernel SRU Workflow automated-testing series: Fix Released Status in Kernel SRU Workflow certification-testing series: Invalid Status in Kernel SRU Workflow prepare-package series: Fix Released Status in Kernel SRU Workflow prepare-package-lrm series: Fix Released Status in Kernel SRU Workflow prepare-package-meta series: Fix Released Status in Kernel SRU Workflow prepare-package-signed series: Fix Released Status in Kernel SRU Workflow promote-to-proposed series: Fix Released Status in Kernel SRU Workflow promote-to-security series: New Status in Kernel SRU Workflow promote-to-updates series: New Status in Kernel SRU Workflow regression-testing series: Fix Released Status in Kernel SRU Workflow security-signoff series: Fix Released Status in Kernel SRU Workflow verification-testing series: Fix Released Status in linux-gcp package in Ubuntu: Invalid Status in linux-gcp source package in Bionic: Fix Released Bug description: This bug will contain status and test results related to a kernel source (or snap) as stated in the title. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true kernel-stable-master-bug: 1848995 packages: lrm: linux-restricted-modules-gcp main: linux-gcp meta: linux-meta-gcp signed: linux-signed-gcp phase: Holding before Promote to Updates phase-changed: Monday, 11. November 2019 16:55 UTC proposed-announcement-sent: true proposed-testing-requested: true trackers: bionic/linux-gcp-edge: bug 1848991 bionic/linux-gcp/gcp-kernel: bug 1848990 variant: debs To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1848992/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp