This bug was fixed in the package linux - 5.3.0-64.58 --------------- linux (5.3.0-64.58) eoan; urgency=medium
* eoan/linux: 5.3.0-64.58 -proposed tracker (LP: #1887088) * linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668) - SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups" linux (5.3.0-63.57) eoan; urgency=medium * eoan/linux: 5.3.0-63.57 -proposed tracker (LP: #1885495) * seccomp_bpf fails on powerpc (LP: #1885757) - SAUCE: selftests/seccomp: fix ptrace tests on powerpc * The thread level parallelism would be a bottleneck when searching for the shared pmd by using hugetlbfs (LP: #1882039) - hugetlbfs: take read_lock on i_mmap for PMD sharing * Eoan update: upstream stable patchset 2020-06-30 (LP: #1885775) - ipv6: fix IPV6_ADDRFORM operation logic - net_failover: fixed rollback in net_failover_open() - bridge: Avoid infinite loop when suppressing NS messages with invalid options - vxlan: Avoid infinite loop when suppressing NS messages with invalid options - tun: correct header offsets in napi frags mode - Input: mms114 - fix handling of mms345l - ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook - sched/fair: Don't NUMA balance for kthreads - Input: synaptics - add a second working PNP_ID for Lenovo T470s - drivers/net/ibmvnic: Update VNIC protocol version reporting - powerpc/xive: Clear the page tables for the ESB IO mapping - ath9k_htc: Silence undersized packet warnings - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated - x86/cpu/amd: Make erratum #1054 a legacy erratum - perf probe: Accept the instance number of kretprobe event - mm: add kvfree_sensitive() for freeing sensitive data objects - aio: fix async fsync creds - x86_64: Fix jiffies ODR violation - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs - x86/speculation: Prevent rogue cross-process SSBD shutdown - x86/reboot/quirks: Add MacBook6,1 reboot quirk - efi/efivars: Add missing kobject_put() in sysfs entry creation error path - ALSA: es1688: Add the missed snd_card_free() - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines - ALSA: usb-audio: Fix inconsistent card PM state after resume - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() - ACPI: GED: add support for _Exx / _Lxx handler methods - ACPI: PM: Avoid using power resources if there are none for D0 - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() - spi: dw: Fix controller unregister order - spi: bcm2835aux: Fix controller unregister order - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 - PM: runtime: clk: Fix clk_pm_runtime_get() error path - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated - ALSA: pcm: disallow linking stream to itself - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned - KVM: x86: Fix APIC page invalidation race - KVM: x86/mmu: Consolidate "is MMIO SPTE" code - KVM: x86: only do L1TF workaround on affected processors - x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. - x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. - spi: Fix controller unregister order - spi: pxa2xx: Fix controller unregister order - spi: bcm2835: Fix controller unregister order - spi: pxa2xx: Fix runtime PM ref imbalance on probe error - crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() - selftests/net: in rxtimestamp getopt_long needs terminating null entry - ovl: initialize error in ovl_copy_xattr - proc: Use new_inode not new_inode_pseudo - video: fbdev: w100fb: Fix a potential double free. - KVM: nSVM: fix condition for filtering async PF - KVM: nSVM: leave ASID aside in copy_vmcb_control_area - KVM: nVMX: Consult only the "basic" exit reason when routing nested exit - KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data) - KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts - scsi: megaraid_sas: TM command refire leads to controller firmware crash - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb - Smack: slab-out-of-bounds in vsscanf - drm/vkms: Hold gem object while still in-use - mm/slub: fix a memory leak in sysfs_slab_add() - fat: don't allow to mount if the FAT length == 0 - perf: Add cond_resched() to task_function_call() - agp/intel: Reinforce the barrier after GTT updates - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning - ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() - xen/pvcalls-back: test for errors when calling backend_connect() - KVM: arm64: Synchronize sysreg state on injecting an AArch32 exception - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling - drm: bridge: adv7511: Extend list of audio sample rates - crypto: ccp -- don't "select" CONFIG_DMADEVICES - media: si2157: Better check for running tuner in init - objtool: Ignore empty alternatives - spi: pxa2xx: Apply CS clk quirk to BXT - net: atlantic: make hw_get_regs optional - net: ena: fix error returning in ena_com_get_hash_function() - efi/libstub/x86: Work around LLVM ELF quirk build regression - arm64: cacheflush: Fix KGDB trap detection - spi: dw: Zero DMA Tx and Rx configurations on stack - arm64: insn: Fix two bugs in encoding 32-bit logical immediates - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K - MIPS: Loongson: Build ATI Radeon GPU driver as module - Bluetooth: Add SCO fallback for invalid LMP parameters error - kgdb: Disable WARN_CONSOLE_UNLOCKED for all kgdb - kgdb: Prevent infinite recursive entries to the debugger - spi: dw: Enable interrupts in accordance with DMA xfer mode - clocksource: dw_apb_timer: Make CPU-affiliation being optional - clocksource: dw_apb_timer_of: Fix missing clockevent timers - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums - ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE - batman-adv: Revert "disable ethtool link speed detection when auto negotiation off" - mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error - spi: dw: Fix Rx-only DMA transfers - x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() - staging: android: ion: use vmap instead of vm_map_ram - brcmfmac: fix wrong location to get firmware feature - tools api fs: Make xxx__mountpoint() more scalable - e1000: Distribute switch variables for initialization - dt-bindings: display: mediatek: control dpi pins mode to avoid leakage - audit: fix a net reference leak in audit_send_reply() - media: dvb: return -EREMOTEIO on i2c transfer failure. - media: platform: fcp: Set appropriate DMA parameters - MIPS: Make sparse_init() using top-down allocation - Bluetooth: btbcm: Add 2 missing models to subver tables - audit: fix a net reference leak in audit_list_rules_send() - netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported - selftests/bpf: Fix memory leak in extract_build_id() - net: bcmgenet: set Rx mode before starting netif - lib/mpi: Fix 64-bit MIPS build with Clang - exit: Move preemption fixup up, move blocking operations down - sched/core: Fix illegal RCU from offline CPUs - drivers/perf: hisi: Fix typo in events attribute array - net: lpc-enet: fix error return code in lpc_mii_init() - media: cec: silence shift wrapping warning in __cec_s_log_addrs() - net: allwinner: Fix use correct return type for ndo_start_xmit() - powerpc/spufs: fix copy_to_user while atomic - xfs: clean up the error handling in xfs_swap_extents - Crypto/chcr: fix for ccm(aes) failed test - MIPS: Truncate link address into 32bit for 32bit kernel - mips: cm: Fix an invalid error code of INTVN_*_ERR - kgdb: Fix spurious true from in_dbg_master() - xfs: reset buffer write failure state on successful completion - xfs: fix duplicate verification from xfs_qm_dqflush() - platform/x86: intel-vbtn: Use acpi_evaluate_integer() - platform/x86: intel-vbtn: Split keymap into buttons and switches parts - platform/x86: intel-vbtn: Do not advertise switches to userspace if they are not there - platform/x86: intel-vbtn: Also handle tablet-mode switch on "Detachable" and "Portable" chassis-types - nvme: refine the Qemu Identify CNS quirk - ath10k: Remove msdu from idr when management pkt send fails - wcn36xx: Fix error handling path in 'wcn36xx_probe()' - net: qed*: Reduce RX and TX default ring count when running inside kdump kernel - mt76: avoid rx reorder buffer overflow - md: don't flush workqueue unconditionally in md_open - veth: Adjust hard_start offset on redirect XDP frames - net/mlx5e: IPoIB, Drop multicast packets that this interface sent - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() - mwifiex: Fix memory corruption in dump_station - x86/boot: Correct relocation destination on old linkers - mips: MAAR: Use more precise address mask - mips: Add udelay lpj numbers adjustment - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() - crypto: stm32/crc32 - fix run-time self test issue. - crypto: stm32/crc32 - fix multi-instance - x86/mm: Stop printing BRK addresses - m68k: mac: Don't call via_flush_cache() on Mac IIfx - btrfs: qgroup: mark qgroup inconsistent if we're inherting snapshot to a new qgroup - macvlan: Skip loopback packets in RX handler - PCI: Don't disable decoding when mmio_always_on is set - MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe() - bcache: fix refcount underflow in bcache_device_free() - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk - staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core - mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core - ixgbe: fix signed-integer-overflow warning - mmc: sdhci-esdhc-imx: fix the mask for tuning start point - spi: dw: Return any value retrieved from the dma_transfer callback - cpuidle: Fix three reference count leaks - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() - platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015) - platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / "Laptop" chasis-type - string.h: fix incompatibility between FORTIFY_SOURCE and KASAN - btrfs: include non-missing as a qualifier for the latest_bdev - btrfs: send: emit file capabilities after chown - mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() - mm: initialize deferred pages with interrupts enabled - ima: Fix ima digest hash table key calculation - ima: Directly assign the ima_default_policy pointer to ima_rules - evm: Fix possible memory leak in evm_calc_hmac_or_hash() - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max - ext4: fix error pointer dereference - ext4: fix race between ext4_sync_parent() and rename() - PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect - PCI: Add ACS quirk for iProc PAXB - PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints - PCI: mediatek: Add controller support for MT7629 - ALSA: lx6464es - add support for LX6464ESe pci express variant - PCI: Add Genesys Logic, Inc. Vendor ID - PCI: Add Amazon's Annapurna Labs vendor ID - PCI: vmd: Add device id for VMD device 8086:9A0B - x86/amd_nb: Add Family 19h PCI IDs - PCI: Add Loongson vendor ID - serial: 8250_pci: Move Pericom IDs to pci_ids.h - btrfs: fix error handling when submitting direct I/O bio - btrfs: fix wrong file range cleanup after an error filling dealloc range - ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() - PCI: Program MPS for RCiEP devices - e1000e: Relax condition to trigger reset for ME workaround - carl9170: remove P2P_GO support - media: go7007: fix a miss of snd_card_free - Bluetooth: hci_bcm: fix freeing not-requested IRQ - b43legacy: Fix case where channel status is corrupted - b43: Fix connection problem with WPA3 - b43_legacy: Fix connection problem with WPA3 - media: ov5640: fix use of destroyed mutex - igb: Report speed and duplex as unknown when device is runtime suspended - power: vexpress: add suppress_bind_attrs to true - pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210 - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs - gnss: sirf: fix error return code in sirf_probe() - sparc32: fix register window handling in genregs32_[gs]et() - sparc64: fix misuses of access_process_vm() in genregs32_[sg]et() - dm crypt: avoid truncating the logical block size - alpha: fix memory barriers so that they conform to the specification - kernel/cpu_pm: Fix uninitted local in cpu_pm - ARM: tegra: Correct PL310 Auxiliary Control Register initialization - ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus - ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin - ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries - drivers/macintosh: Fix memleak in windfarm_pm112 driver - powerpc/64s: Don't let DT CPU features set FSCR_DSCR - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init - kbuild: force to build vmlinux if CONFIG_MODVERSION=y - sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations. - sunrpc: clean up properly in gss_mech_unregister() - mtd: rawnand: brcmnand: fix hamming oob layout - mtd: rawnand: pasemi: Fix the probe error path - w1: omap-hdq: cleanup to add missing newline for some dev_dbg - perf probe: Do not show the skipped events - perf probe: Fix to check blacklist address correctly - perf probe: Check address correctness by map instead of _etext - perf symbols: Fix debuginfo search for Ubuntu - mlxsw: core: Use different get_trend() callbacks for different thermal zones - elfnote: mark all .note sections SHF_ALLOC - csky: Fixup abiv2 syscall_trace break a4 & a5 - gfs2: Even more gfs2_find_jhead fixes - spi: dw: Fix native CS being unset - s390/pci: Log new handle in clp_disable_fh() - PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay - selftests: fix flower parent qdisc - fanotify: fix ignore mask logic for events on child and on dir - perf/x86/intel: Add more available bits for OFFCORE_RESPONSE of Intel Tremont - KVM: x86: respect singlestep when emulating instruction - powerpc/ptdump: Properly handle non standard page size - ASoC: max9867: fix volume controls - io_uring: use kvfree() in io_sqe_buffer_register() - smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K - smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl - watchdog: imx_sc_wdt: Fix reboot on crash - ALSA: fireface: fix configuration error for nominal sampling transfer frequency - ALSA: pcm: fix snd_pcm_link() lockdep splat - arm64: acpi: fix UBSAN warning - lib/lzo: fix ambiguous encoding bug in lzo-rle - spi: bcm-qspi: Handle clock probe deferral - gup: document and work around "COW can break either way" issue - crypto: algapi - Avoid spurious modprobe on LOADED - crypto: drbg - fix error return code in drbg_alloc_state() - firmware: imx: warn on unexpected RX - firmware: imx-scu: Support one TX and one RX - firmware: imx: scu: Fix corruption of header - dccp: Fix possible memleak in dccp_init and dccp_fini - net/mlx5: drain health workqueue in case of driver load error - net/mlx5: Fix fatal error handling during device load - net/mlx5e: Fix repeated XSK usage on one channel - remoteproc: Fall back to using parent memory pool if no dedicated available - remoteproc: Fix and restore the parenting hierarchy for vdev - cpufreq: Fix up cpufreq_boost_set_sw() - EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable - video: vt8500lcdfb: fix fallthrough warning - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 - KVM: arm64: Stop writing aarch32's CSSELR into ACTLR - selftests/ftrace: Return unsupported if no error_log file - mmc: mmci_sdmmc: fix DMA API warning overlapping mappings - mmc: tmio: Further fixup runtime PM management at remove - mmc: uniphier-sd: call devm_request_irq() after tmio_mmc_host_probe() - mmc: sdio: Fix several potential memory leaks in mmc_sdio_init_card() - block/floppy: fix contended case in floppy_queue_rq() - KVM: arm64: Save the host's PtrAuth keys in non-preemptible context * Eoan update: upstream stable patchset 2020-06-24 (LP: #1885011) - devinet: fix memleak in inetdev_init() - l2tp: add sk_family checks to l2tp_validate_socket - l2tp: do not use inet_hash()/inet_unhash() - net: usb: qmi_wwan: add Telit LE910C1-EUX composition - NFC: st21nfca: add missed kfree_skb() in an error path - vsock: fix timeout in vsock_accept() - net: check untrusted gso_size at kernel entry - USB: serial: qcserial: add DW5816e QDL support - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors - USB: serial: option: add Telit LE910C1-EUX compositions - iio: vcnl4000: Fix i2c swapped word reading. - usb: musb: start session in resume for host port - usb: musb: Fix runtime PM imbalance on error - vt: keyboard: avoid signed integer overflow in k_ascii - tty: hvc_console, fix crashes on parallel open/close - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK - CDC-ACM: heed quirk also in error handling - nvmem: qfprom: remove incorrect write support - uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned - Revert "net/mlx5: Annotate mutex destroy for root ns" - net/mlx5: Fix crash upon suspend/resume - net: stmmac: enable timestamp snapshot for required PTP packets in dwmac v5.10a - nfp: flower: fix used time of merge flow statistics - net: be more gentle about silly gso requests coming from user - USB: serial: ch341: add basis for quirk detection - iio:chemical:sps30: Fix timestamp alignment - iio:chemical:pms7003: Fix timestamp alignment and prevent data leak. - iio: adc: stm32-adc: fix a wrong error message when probing interrupts * Eoan update: upstream stable patchset 2020-06-19 (LP: #1884296) - Revert "cgroup: Add memory barriers to plug cgroup_rstat_updated() race window" - HID: sony: Fix for broken buttons on DS3 USB dongles - HID: i2c-hid: add Schneider SCL142ALM to descriptor override - p54usb: add AirVasT USB stick device-id - mmc: fix compilation of user API - scsi: ufs: Release clock if DMA map fails - net: dsa: mt7530: set CPU port to fallback mode - airo: Fix read overflows sending packets - powerpc/powernv: Avoid re-registration of imc debugfs directory - s390/ftrace: save traced function caller - ARC: Fix ICCM & DCCM runtime size checks - ARC: [plat-eznps]: Restrict to CONFIG_ISA_ARCOMPACT - evm: Fix RCU list related warnings - i2c: altera: Fix race between xfer_msg and isr thread - x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables - net: bmac: Fix read of MAC address from ROM - drm/edid: Add Oculus Rift S to non-desktop list - s390/mm: fix set_huge_pte_at() for empty ptes - null_blk: return error for invalid zone size - net/ethernet/freescale: rework quiesce/activate for ucc_geth - net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x - net: smsc911x: Fix runtime PM imbalance on error - HID: multitouch: add support for the Smart Tech panel - HID: multitouch: enable multi-input as a quirk for some devices - mt76: mt76x02u: Add support for newer versions of the XBox One wifi adapter - media: Revert "staging: imgu: Address a compiler warning on alignment" - media: staging: ipu3-imgu: Move alignment attribute to field - ASoC: intel - fix the card names - RDMA/qedr: Fix qpids xarray api used - RDMA/qedr: Fix synchronization methods and memory leaks in qedr - io_uring: initialize ctx->sqo_wait earlier - selftests: mlxsw: qos_mc_aware: Specify arping timeout as an integer * Eoan update: upstream stable patchset 2020-06-09 (LP: #1882831) - ax25: fix setsockopt(SO_BINDTODEVICE) - dpaa_eth: fix usage as DSA master, try 3 - net: dsa: mt7530: fix roaming from DSA user ports - __netif_receive_skb_core: pass skb by reference - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* - net: ipip: fix wrong address family in init error path - net/mlx5: Add command entry handling completion - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() - net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" - net sched: fix reporting the first-time use timestamp - r8152: support additional Microsoft Surface Ethernet Adapter variant - sctp: Don't add the shutdown timer if its already been added - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed - net/mlx5e: Update netdev txq on completions during closure - net/mlx5: Annotate mutex destroy for root ns - net: sun: fix missing release regions in cas_init_one(). - net/mlx4_core: fix a memory leak bug. - mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails - ARM: dts: rockchip: fix phy nodename for rk3228-evb - arm64: dts: rockchip: fix status for &gmac2phy in rk3328-evb.dts - arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node - ARM: dts: rockchip: swap clock-names of gpu nodes - ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi - gpio: tegra: mask GPIO IRQs during IRQ shutdown - ALSA: usb-audio: add mapping for ASRock TRX40 Creator - net: microchip: encx24j600: add missed kthread_stop - gfs2: move privileged user check to gfs2_quota_lock_check - cachefiles: Fix race between read_waiter and read_copier involving op->to_do - usb: dwc3: pci: Enable extcon driver for Intel Merrifield - usb: gadget: legacy: fix redundant initialization warnings - net: freescale: select CONFIG_FIXED_PHY where needed - IB/i40iw: Remove bogus call to netdev_master_upper_dev_get() - riscv: stacktrace: Fix undefined reference to `walk_stackframe' - cifs: Fix null pointer check in cifs_read - samples: bpf: Fix build error - Input: usbtouchscreen - add support for BonXeon TP - Input: evdev - call input_flush_device() on release(), not flush() - Input: xpad - add custom init packet for Xbox One S controllers - Input: dlink-dir685-touchkeys - fix a typo in driver name - Input: i8042 - add ThinkPad S230u to i8042 reset list - Input: synaptics-rmi4 - really fix attn_data use-after-free - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() - ARM: 8970/1: decompressor: increase tag size - ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h - ARM: uaccess: integrate uaccess_save and uaccess_restore - ARM: uaccess: fix DACR mismatch with nested exceptions - gpio: exar: Fix bad handling for ida_simple_get error path - IB/qib: Call kobject_put() when kobject_init_and_add() fails - ARM: dts/imx6q-bx50v3: Set display interface clock parents - ARM: dts: bcm2835-rpi-zero-w: Fix led polarity - ARM: dts: bcm: HR2: Fix PPI interrupt types - mmc: block: Fix use-after-free issue for rpmb - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() - ALSA: hwdep: fix a left shifting 1 by 31 UB bug - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC - exec: Always set cap_ambient in cap_bprm_set_creds - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio - ALSA: hda/realtek - Add new codec supported for ALC287 - libceph: ignore pool overlay and cache logic on redirects - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() - include/asm-generic/topology.h: guard cpumask_of_node() macro argument - iommu: Fix reference count leak in iommu_group_alloc. - parisc: Fix kernel panic in mem_init() - RDMA/core: Fix double destruction of uobject - mac80211: mesh: fix discovery timer re-arming issue / crash - x86/dma: Fix max PFN arithmetic overflow on 32 bit systems - copy_xstate_to_kernel(): don't leave parts of destination uninitialized - xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input - xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output - xfrm interface: fix oops when deleting a x-netns interface - xfrm: fix a warning in xfrm_policy_insert_list - xfrm: fix a NULL-ptr deref in xfrm_local_error - xfrm: fix error in comment - ip_vti: receive ipip packet by calling ip_tunnel_rcv - netfilter: nft_reject_bridge: enable reject with bridge vlan - netfilter: ipset: Fix subcounter update skip - netfilter: nfnetlink_cthelper: unbreak userspace helper support - netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code - esp6: get the right proto for transport mode in esp6_gso_encap - bnxt_en: Fix accumulation of bp->net_stats_prev. - xsk: Add overflow check for u64 division, stored into u32 - qlcnic: fix missing release in qlcnic_83xx_interrupt_test. - crypto: chelsio/chtls: properly set tp->lsndtime - bonding: Fix reference count leak in bond_sysfs_slave_add. - netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build - net: don't return invalid table id error when we fall back to PF_UNSPEC - net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend - net: mvpp2: fix RX hashing for non-10G ports - net: nlmsg_cancel() if put fails for nhmsg - net/tls: fix race condition causing kernel panic - nexthop: Fix attribute checking for groups - tipc: block BH before using dst_cache - net/mlx5e: kTLS, Destroy key object after destroying the TIS - net/mlx5e: Fix inner tirs handling - net/mlx5: Fix memory leak in mlx5_events_init - net/mlx5: Fix error flow in case of function_setup failure - net/tls: fix encryption error checking - net/tls: free record only on encryption error - gfs2: Grab glock reference sooner in gfs2_add_revoke - drm/amd/powerplay: perform PG ungate prior to CG ungate - usb: phy: twl6030-usb: Fix a resource leak in an error handling path in 'twl6030_usb_probe()' - clk: ti: am33xx: fix RTC clock parent - csky: Fixup msa highest 3 bits mask - csky: Fixup perf callchain unwind - csky: Fixup remove duplicate irq_disable - csky: Fixup raw_copy_from_user() - arm64: dts: mt8173: fix vcodec-enc clock - soc: mediatek: cmdq: return send msg error code - gpu/drm: Ingenic: Fix opaque pointer casted to wrong type - gpio: pxa: Fix return value of pxa_gpio_probe() - gpio: bcm-kona: Fix return value of bcm_kona_gpio_probe() - ceph: flush release queue when handling caps for unknown inode - drm/amd/display: drop cursor position check in atomic test - Revert "block: end bio with BLK_STS_AGAIN in case of non-mq devs and REQ_NOWAIT" - gpio: fix locking open drain IRQ lines - xfrm: do pskb_pull properly in __xfrm_transport_prep - xfrm: remove the xfrm_state_put call becofe going to out_reset - netfilter: conntrack: make conntrack userspace helpers work again - ieee80211: Fix incorrect mask for default PE duration - nexthops: Move code from remove_nexthop_from_groups to remove_nh_grp_entry - nexthops: don't modify published nexthop groups - nexthop: Expand nexthop_is_multipath in a few places - ipv4: nexthop version of fib_info_nh_uses_dev - netfilter: conntrack: comparison of unsigned in cthelper confirmation - netfilter: conntrack: Pass value of ctinfo to __nf_conntrack_update - perf: Make perf able to build with latest libbfd * shiftfs: O_TMPFILE reports ESTALE (LP: #1872757) - SAUCE: shiftfs: prevent ESTALE for LOOKUP_JUMP lookups * shiftfs: fix btrfs regression (LP: #1884767) - SAUCE: Revert "UBUNTU: SAUCE: shiftfs: fix dentry revalidation" * Update lockdown patches (LP: #1884159) - efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN - efi: Restrict efivar_ssdt_load when the kernel is locked down - powerpc/xmon: Restrict when kernel is locked down - SAUCE: acpi: disallow loading configfs acpi tables when locked down * ip_defrag.sh in net from ubuntu_kernel_selftests failed with 5.0 / 5.3 / 5.4 kernel (LP: #1826848) - SAUCE: selftests: net: ip_defrag: limit packet to 1000 fragments - selftests: net: ip_defrag: ignore EPERM * CVE-2020-10757 - mm: Fix mremap not considering huge pmd devmap * CVE-2020-11935 - SAUCE: aufs: do not call i_readcount_inc() - SAUCE: aufs: bugfix, IMA i_readcount * apparmor reference leak causes refcount_t overflow with af_alg_accept() (LP: #1883962) - apparmor: check/put label on apparmor_sk_clone_security() * CVE-2019-16089 - SAUCE: nbd_genl_status: null check for nla_nest_start * CVE-2019-19642 - kernel/relay.c: handle alloc_percpu returning NULL in relay_open -- Khalid Elmously <khalid.elmou...@canonical.com> Fri, 10 Jul 2020 15:22:34 -0400 ** Changed in: linux (Ubuntu Eoan) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-16089 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19642 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-10757 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11935 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1882831 Title: Eoan update: upstream stable patchset 2020-06-09 Status in linux package in Ubuntu: Confirmed Status in linux source package in Eoan: Fix Released Bug description: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The following upstream stable patches should be included in the Ubuntu kernel: upstream stable patchset 2020-06-09 Ported from the following upstream stable releases: v4.19.126, v5.4.44 from git://git.kernel.org/ ax25: fix setsockopt(SO_BINDTODEVICE) dpaa_eth: fix usage as DSA master, try 3 net: dsa: mt7530: fix roaming from DSA user ports __netif_receive_skb_core: pass skb by reference net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* net: ipip: fix wrong address family in init error path net/mlx5: Add command entry handling completion net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" net sched: fix reporting the first-time use timestamp r8152: support additional Microsoft Surface Ethernet Adapter variant sctp: Don't add the shutdown timer if its already been added sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed net/mlx5e: Update netdev txq on completions during closure net/mlx5: Annotate mutex destroy for root ns net: sun: fix missing release regions in cas_init_one(). net/mlx4_core: fix a memory leak bug. mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails ARM: dts: rockchip: fix phy nodename for rk3228-evb arm64: dts: rockchip: fix status for &gmac2phy in rk3328-evb.dts arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node ARM: dts: rockchip: swap clock-names of gpu nodes ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi gpio: tegra: mask GPIO IRQs during IRQ shutdown ALSA: usb-audio: add mapping for ASRock TRX40 Creator net: microchip: encx24j600: add missed kthread_stop gfs2: move privileged user check to gfs2_quota_lock_check cachefiles: Fix race between read_waiter and read_copier involving op->to_do usb: dwc3: pci: Enable extcon driver for Intel Merrifield usb: gadget: legacy: fix redundant initialization warnings net: freescale: select CONFIG_FIXED_PHY where needed IB/i40iw: Remove bogus call to netdev_master_upper_dev_get() riscv: stacktrace: Fix undefined reference to `walk_stackframe' cifs: Fix null pointer check in cifs_read samples: bpf: Fix build error Input: usbtouchscreen - add support for BonXeon TP Input: evdev - call input_flush_device() on release(), not flush() Input: xpad - add custom init packet for Xbox One S controllers Input: dlink-dir685-touchkeys - fix a typo in driver name Input: i8042 - add ThinkPad S230u to i8042 reset list Input: synaptics-rmi4 - really fix attn_data use-after-free Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() ARM: 8970/1: decompressor: increase tag size ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h ARM: uaccess: integrate uaccess_save and uaccess_restore ARM: uaccess: fix DACR mismatch with nested exceptions gpio: exar: Fix bad handling for ida_simple_get error path IB/qib: Call kobject_put() when kobject_init_and_add() fails ARM: dts/imx6q-bx50v3: Set display interface clock parents ARM: dts: bcm2835-rpi-zero-w: Fix led polarity ARM: dts: bcm: HR2: Fix PPI interrupt types mmc: block: Fix use-after-free issue for rpmb RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() ALSA: hwdep: fix a left shifting 1 by 31 UB bug ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC exec: Always set cap_ambient in cap_bprm_set_creds ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio ALSA: hda/realtek - Add new codec supported for ALC287 libceph: ignore pool overlay and cache logic on redirects IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() include/asm-generic/topology.h: guard cpumask_of_node() macro argument iommu: Fix reference count leak in iommu_group_alloc. parisc: Fix kernel panic in mem_init() RDMA/core: Fix double destruction of uobject mac80211: mesh: fix discovery timer re-arming issue / crash x86/dma: Fix max PFN arithmetic overflow on 32 bit systems copy_xstate_to_kernel(): don't leave parts of destination uninitialized xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output xfrm interface: fix oops when deleting a x-netns interface xfrm: fix a warning in xfrm_policy_insert_list xfrm: fix a NULL-ptr deref in xfrm_local_error xfrm: fix error in comment ip_vti: receive ipip packet by calling ip_tunnel_rcv netfilter: nft_reject_bridge: enable reject with bridge vlan netfilter: ipset: Fix subcounter update skip netfilter: nfnetlink_cthelper: unbreak userspace helper support netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code esp6: get the right proto for transport mode in esp6_gso_encap bnxt_en: Fix accumulation of bp->net_stats_prev. xsk: Add overflow check for u64 division, stored into u32 qlcnic: fix missing release in qlcnic_83xx_interrupt_test. crypto: chelsio/chtls: properly set tp->lsndtime bonding: Fix reference count leak in bond_sysfs_slave_add. netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build net: don't return invalid table id error when we fall back to PF_UNSPEC net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend net: mvpp2: fix RX hashing for non-10G ports net: nlmsg_cancel() if put fails for nhmsg net/tls: fix race condition causing kernel panic nexthop: Fix attribute checking for groups tipc: block BH before using dst_cache net/mlx5e: kTLS, Destroy key object after destroying the TIS net/mlx5e: Fix inner tirs handling net/mlx5: Fix memory leak in mlx5_events_init net/mlx5: Fix error flow in case of function_setup failure net/tls: fix encryption error checking net/tls: free record only on encryption error gfs2: Grab glock reference sooner in gfs2_add_revoke drm/amd/powerplay: perform PG ungate prior to CG ungate usb: phy: twl6030-usb: Fix a resource leak in an error handling path in 'twl6030_usb_probe()' clk: ti: am33xx: fix RTC clock parent csky: Fixup msa highest 3 bits mask csky: Fixup perf callchain unwind csky: Fixup remove duplicate irq_disable csky: Fixup raw_copy_from_user() arm64: dts: mt8173: fix vcodec-enc clock soc: mediatek: cmdq: return send msg error code gpu/drm: Ingenic: Fix opaque pointer casted to wrong type gpio: pxa: Fix return value of pxa_gpio_probe() gpio: bcm-kona: Fix return value of bcm_kona_gpio_probe() ceph: flush release queue when handling caps for unknown inode drm/amd/display: drop cursor position check in atomic test Revert "block: end bio with BLK_STS_AGAIN in case of non-mq devs and REQ_NOWAIT" gpio: fix locking open drain IRQ lines xfrm: do pskb_pull properly in __xfrm_transport_prep xfrm: remove the xfrm_state_put call becofe going to out_reset netfilter: conntrack: make conntrack userspace helpers work again ieee80211: Fix incorrect mask for default PE duration nexthops: Move code from remove_nexthop_from_groups to remove_nh_grp_entry nexthops: don't modify published nexthop groups nexthop: Expand nexthop_is_multipath in a few places ipv4: nexthop version of fib_info_nh_uses_dev netfilter: conntrack: comparison of unsigned in cthelper confirmation netfilter: conntrack: Pass value of ctinfo to __nf_conntrack_update perf: Make perf able to build with latest libbfd UBUNTU: upstream stable to v4.19.126, v5.4.44 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1882831/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp